FRR ACCEPTFILTER sequence number fix. Issue #11686

pfsense · Feb 14, 2022 · 220928e · 220928e
1 parent d9e9265
commit 220928e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/net/pfSense-pkg-frr/Makefile b/net/pfSense-pkg-frr/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-frr
 PORTVERSION=	1.1.1
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/net/pfSense-pkg-frr/files/usr/local/pkg/frr/inc/frr_zebra.inc b/net/pfSense-pkg-frr/files/usr/local/pkg/frr/inc/frr_zebra.inc
@@ -698,6 +698,7 @@ function frr_zebra_generate_staticroutes() {
 /* Generate a convenience list of accept filters */
 function frr_zebra_generate_acceptfilters() {
 	global $config, $frr_config_base;
+	$seq = 10;
 
 	/* Check OSPF Interfaces for automatic accept filters */
 	if (is_array($config['installedpackages']['frrospfdinterfaces']['config'])) {
@@ -708,15 +709,16 @@ function frr_zebra_generate_acceptfilters() {
 			}
 			if (!empty($conf['acceptfilter']) && is_ipaddrv4($subnet) && is_numericint($interface_subnet)) {
 				$noaccept = $noaccept ?: "";
-				$noaccept .= "ip prefix-list ACCEPTFILTER deny {$subnet}/{$interface_subnet}\n";
-				$noaccept .= "ip prefix-list ACCEPTFILTER deny {$interface_ip}/32\n";
+				$noaccept .= "ip prefix-list ACCEPTFILTER seq {$seq} deny {$subnet}/{$interface_subnet}\n";
+				$seq += 10;
+				$noaccept .= "ip prefix-list ACCEPTFILTER seq {$seq} deny {$interface_ip}/32\n";
+				$seq += 10;
 			}
 		}
 	}
 
 	/* Check FRR configuration network list for accept filter entries */
 	if (is_array($config['installedpackages']['frr']['config'][0]['row'])) {
-		$seq = 10;
 		foreach ($config['installedpackages']['frr']['config'][0]['row'] as $redistr) {
 			if (isset($redistr['acceptfilter'])) {
 				$noaccept = $noaccept ?: "";