fix nftables + update frrouting config

rt-mep/frr.conf

@@ -1,10 +1,22 @@
-frr version 9.1
+!
+frr version 10.1.1
 frr defaults traditional
 hostname rt-mep
 log syslog informational
 service integrated-vtysh-config
 !
+ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
+ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
+ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
+ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
+ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
+ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
+ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
+ipv6 prefix-list allow-default seq 5 permit ::/0
+ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
+!
 ipv6 route 2a0e:fd45:2a0c::/64 eth1
+ipv6 route fd80::179/128 2a0e:fd40:103::1 eth0
 !
 interface lo
  description Loopback0
@@ -15,10 +27,6 @@ exit
 router bgp 213253
  bgp router-id 45.139.163.92
  no bgp suppress-duplicates
- neighbor 2a0e:fd45:2a00:1::6 remote-as 213253
- neighbor 2a0e:fd45:2a00:1::6 description core-dro
- neighbor 2a0e:fd45:2a00:1::9 remote-as 213253
- neighbor 2a0e:fd45:2a00:1::9 description edge-fra
  neighbor 2a0e:fd45:2a00:1::11 remote-as 213253
  neighbor 2a0e:fd45:2a00:1::11 description core-vel
  neighbor fd80::179 remote-as 44103
@@ -33,18 +41,6 @@ router bgp 213253
   network 2a0e:fd45:2a00::/40
   redistribute connected
   redistribute static
-  neighbor 2a0e:fd45:2a00:1::6 activate
-  neighbor 2a0e:fd45:2a00:1::6 addpath-tx-all-paths
-  neighbor 2a0e:fd45:2a00:1::6 next-hop-self
-  neighbor 2a0e:fd45:2a00:1::6 soft-reconfiguration inbound
-  neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only in
-  neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only out
-  neighbor 2a0e:fd45:2a00:1::9 activate
-  neighbor 2a0e:fd45:2a00:1::9 addpath-tx-all-paths
-  neighbor 2a0e:fd45:2a00:1::9 next-hop-self
-  neighbor 2a0e:fd45:2a00:1::9 soft-reconfiguration inbound
-  neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only in
-  neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only out
   neighbor 2a0e:fd45:2a00:1::11 activate
   neighbor 2a0e:fd45:2a00:1::11 addpath-tx-all-paths
   neighbor 2a0e:fd45:2a00:1::11 next-hop-self
@@ -57,16 +53,6 @@ router bgp 213253
  exit-address-family
 exit
 !
-ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
-ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
-ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
-ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
-ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
-ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
-ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
-ipv6 prefix-list allow-default seq 5 permit ::/0
-ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
-!
 route-map transit-44103-out-v6 permit 1
  match ipv6 address prefix-list origin-as213253
 exit
@@ -83,4 +69,5 @@ exit
 route-map igp-internal-only permit 10
  match ipv6 address prefix-list internal-as213253
 exit
-!
+!
+end

rt-mep/nftables.conf

@@ -10,10 +10,10 @@ define WAN_IP = 45.139.163.92
 define FRONT_HTTP = 10.100.2.254
 define RICK_VM = 10.100.2.252
 
-table inet nat {
+table ip nat {
     chain prerouting {
         type nat hook prerouting priority 0;
-	iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
+        iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
         iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
         iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
     }
@@ -28,7 +28,7 @@ table inet nat {
     }
 }
 
-table inet filter {
+table ip filter {
     chain input {
         type filter hook input priority 0;
     }