Quagga: Add OSPFv2 firewall pass rules (#237)

* Quagga: Add OSPF firewall pass rules * fix typo
2026-05-22 18:44:07 -07:00 · 2017-08-31 15:54:48 +02:00
parent 3ca7864a0f
commit e7e5d7bb29
1 changed files with 37 additions and 0 deletions
@@ -26,6 +26,43 @@
    POSSIBILITY OF SUCH DAMAGE.
 */

+function ospfd_enabled()
+{
+    $model = new \OPNsense\Quagga\OSPF();
+    if ((string)$model->enabled == '1') {
+        return true;
+    }
+
+    return false;
+}
+
+function quagga_firewall($fw)
+{
+    if (ospfd_enabled()) {
+        $ospf = new \OPNsense\Quagga\OSPF();
+        foreach ($ospf->networks->network->__items as $network) {
+            if ((string)$network->enabled == '1') {
+                $fw->registerFilterRule(
+                    1, /* priority */
+                    array(
+                        'ipprotocol'     => 'inet',
+                        'protocol'       => 'ospf',
+                        'statetype'      => 'keep',
+                        'label'          => 'Pass OSPF (autogenerated)',
+                        'from'           => $network->ipaddr . '/' . $network->netmask,
+                        'to'             => '224.0.0.0/4',
+                        'direction'      => 'in',
+                        'type'           => 'pass',
+                        'disablereplyto' => 1,
+                        'quick'          => true
+                    ),
+                    null
+                );
+            }
+        }
+    }
+}
+
 function quagga_services()
 {
    global $config;