diff --git a/geant/gap_ansible/roles/base_config/tasks/merge_variables.yaml b/geant/gap_ansible/roles/base_config/tasks/merge_variables.yaml
index 3ccef82c09cbc925fe2559e83358fcd53829fb10..32d9a3f21857063022aa6d0b4e10956f803d2383 100644
--- a/geant/gap_ansible/roles/base_config/tasks/merge_variables.yaml
+++ b/geant/gap_ansible/roles/base_config/tasks/merge_variables.yaml
@@ -27,3 +27,15 @@
- name: Merge Nokia CPM filters
ansible.builtin.set_fact:
cpm_filters: "{{ lookup('community.general.merge_variables', 'cpmf__to_merge', pattern_type='suffix') }}"
+
+- name: Prepare PE-specific vars
+ when: promote_to_pe | ansible.builtin.bool # FIX: check the exact verb / keyword
+ block:
+ - name: Merge Nokia PE CPM filters
+ ansible.builtin.set_fact:
+ pe_cpm: "{{ lookup('community.general.merge_variables', 'cpm_pe__to_merge') }}"
+
+ - name: Combine P and PE CPM filters
+ ansible.builtin.set_fact:
+ cpm_filters: "{{ [cpm_filters, pe_cpm] | community.general.lists_mergeby('family',
+ list_merge='append') }}"
diff --git a/geant/gap_ansible/roles/base_config/templates/routers/nokia/filters/fw_filters.j2 b/geant/gap_ansible/roles/base_config/templates/routers/nokia/filters/fw_filters.j2
index 1e8a84642033b188245af6e99b6aa2344a10d1af..410f156b2359fb8bd3ce701b65e94689ff90d529 100644
--- a/geant/gap_ansible/roles/base_config/templates/routers/nokia/filters/fw_filters.j2
+++ b/geant/gap_ansible/roles/base_config/templates/routers/nokia/filters/fw_filters.j2
@@ -17,10 +17,16 @@
<admin-state>{{ filter.admin_state }}</admin-state>
{% endif %}
{% for term in filter.terms %}
+ {% if term.offset is defined %}
+ {% set ns3 = namespace(entry_id = term.offset | int) %}
+ {% endif %}
{% if term.from is not defined %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<action>
<{{term.action}}></{{term.action}}>
</action>
@@ -29,10 +35,13 @@
{% if term.from is defined %}
{# This is the case for TCP_ESTABLISHED #}
- {% if term.from.protocol == "tcp" and term.from.tcp_flag is defined %}
+ {% if term.from.protocol is defined and term.from.protocol == "tcp" and term.from.tcp_flag is defined %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
{% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol>
@@ -50,11 +59,14 @@
{% set ns3.entry_id = ns3.entry_id + 10 %}
{% endif %}
{# This is to cover CPM-ipv6 ND case where dst_prefix_list is defined, but not src_prefix_list #}
- {% if term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %}
+ {% if term.from.protocol is defined and term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %}
{% for dst_prefix_list_item in term.from.dst_prefix_list %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
<next-header>{{ term.from.protocol }}</next-header>
<dst-ip>
@@ -69,12 +81,15 @@
{% endfor %}
{% endif %}
{# Generic ICMP filters with ICMP types #}
- {% if term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp" %}
+ {% if term.from.protocol is defined and (term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp") %}
{% if term.from.icmp_types is defined %}
{% for icmp_type in term.from.icmp_types %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
{% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol>
@@ -94,10 +109,13 @@
{% endif %}
{% endif %}
{# Case when only need to match on protocol, e.g. PIM #}
- {% if term.from.protocol == 'pim' %}
+ {% if term.from.protocol is defined and term.from.protocol == 'pim' %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
{% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol>
@@ -120,6 +138,9 @@
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
{% if term.from.protocol is defined %}
{% if filter.family == "ipv4" %}
@@ -155,6 +176,9 @@
<entry>
<entry-id> {{ ns3.entry_id }} </entry-id>
<description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
<match>
{% if term.from.protocol is defined %}
{% if filter.family == "ipv4" %}
@@ -180,6 +204,39 @@
{% endif %}
{% endfor %}
{% endif %}
+ {# Case where only DST prefix list is defined #}
+ {% if term.from.dst_prefix_list is defined %}
+ {% for dst_prefix_list_item in term.from.dst_prefix_list %}
+ <entry>
+ <entry-id>{{ ns3.entry_id }}</entry-id>
+ <description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
+ <match>
+ {% if term.from.protocol is defined %}
+ {% if filter.family == "ipv4" %}
+ <protocol>{{term.from.protocol}}</protocol>
+ {% else %}
+ <next-header>{{ term.from.protocol }}</next-header>
+ {% endif %}
+ {% endif %}
+ {% include 'port_list_entries.j2' %}
+ <dst-ip>
+ {% if filter.family == "ipv4" %}
+ <ip-prefix-list>{{term.from.dst_prefix_list[loop.index0]}}</ip-prefix-list>
+ {% else %}
+ <ipv6-prefix-list>{{term.from.dst_prefix_list[loop.index0]}}</ipv6-prefix-list>
+ {% endif %}
+ </dst-ip>
+ </match>
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
+ <action>
+ <{{term.action}}></{{term.action}}>
+ </action>
+ </entry>
+ {% endfor %}
+ {% endif %}
{% endif %}
{% endfor %}
{# Terms end #}