timeformat protocol iso long;

#log "bird.log" all;
# debug protocols all;

define ffrl_nat_address = {{ ffrl_ip4 }};

define ffmyk_as = 65032; # private AS of ffmyk
define ffrl_as = 201701; # public AS of rheinland

router id ffrl_nat_address;

ipv4 table ffrl4;
ipv6 table ffrl6;

function is_default4() {
    return net ~ [
        0.0.0.0/0
    ];
}

function is_default6() {
    return net ~ [
        ::/0
    ];
}

function is_ffrl_nat4() {
    return net ~ [
        {{ ffrl_ip4 }}/32
    ];
}

function is_ffrl_public_nets6() {
    return net ~ [
        2a03:2260:1016::/48{48,56}
    ];
}

function is_ffrl_tunnel_nets4() {
    return net ~ [
        100.64.0.0/10
    ];
}

function is_ffrl_tunnel_nets6() {
    return net ~ [
        2a03:2260:0::/48
    ];
}

# BGP Import Filter für Rheinland
filter ebgp_ffrl_import_filter4 {
    if is_default4() then accept;
    reject;
}

# BGP Export Filter für Rheinland
filter ebgp_ffrl_export_filter4 {
    if is_ffrl_nat4() then accept;
    reject;
}

filter ebgp_ffrl_import_filter6 {
    if is_default6() then accept;
    reject;
}

filter ebgp_ffrl_export_filter6 {
    if is_ffrl_public_nets6() then accept;
    reject;
}

protocol device {
	scan time 10;
}

# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
protocol static ffrl_uplink_hostroute4 {
    ipv4 { table ffrl4; };
    route {{ ffrl_ip4 }}/32 reject;
}

protocol static ffrl_public_routes6 {
    ipv6 { table ffrl6; };
    route 2a03:2260:1016::/48 reject;
    route {{ wireguard_vpn_client_range }} reject;
}

# Wir legen die Transfernetze in die interne BIRD Routing Table
#protocol direct {
#    ipv4;
#    table ffrl4;
#    interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
#    import where is_ffrl_tunnel_nets4();
#}

# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
protocol kernel kernel_ffrl4 {
    scan time 30;
    ipv4 {
		import none;
		export filter {
			krt_prefsrc = ffrl_nat_address;
			accept;
		};
		table ffrl4;
	};
    kernel table 42;
};

protocol kernel kernel_ffrl6 {
    scan time 30;
	ipv6 {
		import none;
		export filter {
			if is_default6() then accept;
			reject;
		};
		table ffrl6;
	};
    kernel table 42;
};

# BGP Template für Rheinland Peerings
template bgp ffrl_uplink4 {
    local as ffmyk_as;
    ipv4 {
		table ffrl4;
		import keep filtered;
		import filter ebgp_ffrl_import_filter4;
		export filter ebgp_ffrl_export_filter4;
		next hop self;
	};
    direct;
};

template bgp ffrl_uplink6 {
    local as ffmyk_as;
    ipv6 {
		table ffrl6;
		import keep filtered;
		import filter ebgp_ffrl_import_filter6;
		export filter ebgp_ffrl_export_filter6;
		next hop self;
	};
    direct;
};

{% for peer in ffrl_peers %}
protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
    source address {{ peer.ip4 }};
    neighbor {{ peer.peer_ip4 }} as 201701;
};

protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
    source address {{ peer.ip6 }};
    neighbor {{ peer.peer_ip6 }} as 201701;
}

{% endfor %}