T6221: Return default ip rule values after deleting VRF

Fix for restoring default ip rule values after deleting VRF Defult values: ``` $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default ``` After adding and deleting a VRF we get unexpected values: ``` $ ip rule 1000: from all lookup [l3mdev-table] 2000: from all lookup [l3mdev-table] unreachable 32765: from all lookup local 32766: from all lookup main 32767: from all lookup default ```
vyos · Apr 18, 2024 · ce0bc35 · ce0bc35
1 parent 24c997d
commit ce0bc35
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
@@ -315,6 +315,20 @@ def apply(vrf):
         for chain, rule in nftables_rules.items():
             cmd(f'nft flush chain inet vrf_zones {chain}')
 
+    # Return default ip rule values
+    if 'name' not in vrf:
+        for afi in ['-4', '-6']:
+            # move lookup local to pref 0 (from 32765)
+            if not has_rule(afi, 0, 'local'):
+                call(f'ip {afi} rule add pref 0 from all lookup local')
+            if has_rule(afi, 32765, 'local'):
+                call(f'ip {afi} rule del pref 32765 table local')
+
+            if has_rule(afi, 1000, 'l3mdev'):
+                call(f'ip {afi} rule del pref 1000 l3mdev protocol kernel')
+            if has_rule(afi, 2000, 'l3mdev'):
+                call(f'ip {afi} rule del pref 2000 l3mdev unreachable')
+
     # Apply FRR filters
     zebra_daemon = 'zebra'
     # Save original configuration prior to starting any commit actions