Changes in 71746a4: Remove shellsession and fix route-map config Remove shellsession tag, fix route-map IPv6 prefix-list syntax, add deny-all import route-map to GRC config

				howto/vyos1.4.x.md
			
          @@ -354,37 +354,37 @@ set policy prefix-list6 DN42-Network-v6 rule 10 le '128'

           set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'

          -

          -

           ##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.

           set policy route-map Default-Peering rule 10 action 'deny'

           set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'

           set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'

           set policy route-map Default-Peering rule 11 action 'deny'

           set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'

          -set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'

          +set policy route-map Default-Peering rule 11 match ipv6 address prefix-list 'BlockIPConflicts-v6'

           set policy route-map Default-Peering rule 20 action 'permit'

           set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'

          -set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'

          +set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network'

           set policy route-map Default-Peering rule 21 action 'permit'

           set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'

          -set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'

          +set policy route-map Default-Peering rule 21 match ipv6 address prefix-list 'DN42-Network-v6'

           set policy route-map Default-Peering rule 99 action 'deny'

           ##Apply the route-map on import/export

          -set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'

          -set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'

          -set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'

          -set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering' 

          +set protocols bgp peer-group dn42 address-family ipv4-unicast route-map export 'Default-Peering'

          +set protocols bgp peer-group dn42 address-family ipv4-unicast route-map import 'Default-Peering'

          +set protocols bgp peer-group dn42 address-family ipv6-unicast route-map export 'Default-Peering'

          +set protocols bgp peer-group dn42 address-family ipv6-unicast route-map import 'Default-Peering' 

           ```

           # Add your VyOS router to the [Global Route Collector](/services/Route-Collector)!

           ```

          -set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast

          -set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast

          +# The route collector should never export routes, so let's make a route-map to reject them if it does.

          +set policy route-map Deny-All rule 1 action deny

          +set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast route-map import 'Deny-All'

          +set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast route-map import 'Deny-All'

           set protocols bgp neighbor fd42:4242:2601:ac12::1 description 'https://lg.collector.dn42'

           set protocols bgp neighbor fd42:4242:2601:ac12::1 ebgp-multihop '10'

           set protocols bgp neighbor fd42:4242:2601:ac12::1 remote-as '4242422602'

...	...	@@ -354,37 +354,37 @@ set policy prefix-list6 DN42-Network-v6 rule 10 le '128'
354	354	set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'
355	355
356	356
357		-
358		-
359	357	##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.
360	358	set policy route-map Default-Peering rule 10 action 'deny'
361	359	set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'
362	360	set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'
363	361	set policy route-map Default-Peering rule 11 action 'deny'
364	362	set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'
365		-set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'
	363	+set policy route-map Default-Peering rule 11 match ipv6 address prefix-list 'BlockIPConflicts-v6'
366	364	set policy route-map Default-Peering rule 20 action 'permit'
367	365	set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'
368		-set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'
	366	+set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network'
369	367	set policy route-map Default-Peering rule 21 action 'permit'
370	368	set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'
371		-set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'
	369	+set policy route-map Default-Peering rule 21 match ipv6 address prefix-list 'DN42-Network-v6'
372	370	set policy route-map Default-Peering rule 99 action 'deny'
373	371
374	372
375	373	##Apply the route-map on import/export
376	374
377		-set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'
378		-set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'
379		-set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'
380		-set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'
	375	+set protocols bgp peer-group dn42 address-family ipv4-unicast route-map export 'Default-Peering'
	376	+set protocols bgp peer-group dn42 address-family ipv4-unicast route-map import 'Default-Peering'
	377	+set protocols bgp peer-group dn42 address-family ipv6-unicast route-map export 'Default-Peering'
	378	+set protocols bgp peer-group dn42 address-family ipv6-unicast route-map import 'Default-Peering'
381	379	```
382	380
383	381
384	382	# Add your VyOS router to the [Global Route Collector](/services/Route-Collector)!
385	383	```
386		-set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast
387		-set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast
	384	+# The route collector should never export routes, so let's make a route-map to reject them if it does.
	385	+set policy route-map Deny-All rule 1 action deny
	386	+set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast route-map import 'Deny-All'
	387	+set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast route-map import 'Deny-All'
388	388	set protocols bgp neighbor fd42:4242:2601:ac12::1 description 'https://lg.collector.dn42'
389	389	set protocols bgp neighbor fd42:4242:2601:ac12::1 ebgp-multihop '10'
390	390	set protocols bgp neighbor fd42:4242:2601:ac12::1 remote-as '4242422602'