Firewalls do not need to see PXE VLANs

[Gerrit91]

Follow-up of discussion in #99.

From @robertvolkmann

To prevent this, we should use something like:

 address-family ipv4 unicast
  redistribute connected route-map LOOPBACKS
  redistribute connected route-map VLAN4000
  neighbor FIREWALL allowas-in 2
  neighbor FIREWALL route-map LOOPBACKS out
  {{- range $k, $f := .Ports.Firewalls }}
  neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in
  {{- end }}
 exit-address-family
 !
...
route-map LOOPBACKS permit 10
  match interface Loopback0
!
ip prefix-list VLAN4000 seq 10 permit <local PXE Vlan CIDR>
route-map VLAN4000 permit 10
  match ip address prefix-list VLAN4000
!

[mwindower]

@robertvolkmann
In the example the route-map with sequence number 10 is used twice: for VLAN4000 and LOOPBACKS.
Could you retry with a sample like this:

address-family ipv4 unicast
  redistribute connected route-map LOOPBACKS
  neighbor FIREWALL allowas-in 2
  neighbor FIREWALL route-map FW_OUT out
  {{- range $k, $f := .Ports.Firewalls }}
  neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in
  {{- end }}
 exit-address-family
 !
...
route-map FW_OUT permit 10
  match interface Loopback0
!
ip prefix-list VLAN4000 seq 10 permit <local PXE Vlan CIDR>
route-map FW_OUT deny 15
  match ip address prefix-list VLAN4000
!

Mind the deny statement for the second route-map entry.