fastd: get rid of no_peer flag

and only add non gw peers to gateways

fastd/fastd.conf

@@ -61,16 +61,19 @@ peer limit {{ peer_limit }};
 
 #
 # Set up Inter-Gw-VPN link to all nodes of this site
+  {%- set node_is_gw = True if grains.id.startswith('gw') else False %}
   {%- for peer, peer_config in salt['pillar.get']('nodes').items ()|sort if peer != grains.id %}
-    {%- if site not in peer_config.get ('sites', {}) or 'fastd' not in peer_config %}
-      {%- continue %}
-    {%- endif %}
-    {%- set no_peer = peer_config.get('fastd', {}).get('no_peer', False) %}
+    {%- if site not in peer_config.get ('sites', {}) %}{% continue %}{% endif %}
+    {%- if 'fastd' not in peer_config %}{% continue %}{% endif %}
+
+    {#- non gw nodes are only allowed to connect to gw peers #}
+    {%- set peer_is_gw = True if peer.startswith('gw') else False %}
+    {%- if not node_is_gw and not peer_is_gw %}{% continue %}{% endif %}
 
 # Peer config for {{ peer }}
 peer "{{ peer }}" {
 	key "{{ peer_config.get('fastd', {}).get('intergw_pubkey') }}";
-    {%- if not no_peer %}
+    {%- if peer_is_gw %}
       {%- set ips = salt['ffho_net.get_node_iface_ips'](peer_config, 'vrf_external') %}
 
       {#- set peer IPv4 address #}