From 19527e47fdd0096370e93af71975be739bf274b3 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 5 Feb 2024 03:45:05 +0100
Subject: [PATCH] nixos-module/firewall: allow ospf on routers

---
 nix/nixos-module/firewall.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/nix/nixos-module/firewall.nix b/nix/nixos-module/firewall.nix
index 4d6b27e..a7fc034 100644
--- a/nix/nixos-module/firewall.nix
+++ b/nix/nixos-module/firewall.nix
@@ -1,9 +1,17 @@
 { hostName, config, lib, ... }:
 
-lib.mkIf config.site.hosts.${hostName}.firewall.enable {
+let
+  hostConfig = config.site.hosts.${hostName};
+
+in
+lib.mkIf hostConfig.firewall.enable {
   networking.firewall = {
     enable = true;
     extraCommands = ''
+      ${lib.optional hostConfig.isRouter ''
+        ip46tables -I nixos-fw -p ospfigp -j ACCEPT
+      ''}
+
       ip46tables -A FORWARD -i core -m state --state ESTABLISHED,RELATED -j ACCEPT
       ip46tables -A FORWARD -i core -j REJECT
     '';