From 142325765bbd02c0e8412fbd576b915291c116ff Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 29 Apr 2023 14:39:40 +0000
Subject: [PATCH] pf: Don't allow ospf packets on fsol gw hosts

---
 roles/pf/files/pf.conf.gw_fsol | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/pf/files/pf.conf.gw_fsol b/roles/pf/files/pf.conf.gw_fsol
index 5f3a715..c6bfb1b 100644
--- a/roles/pf/files/pf.conf.gw_fsol
+++ b/roles/pf/files/pf.conf.gw_fsol
@@ -50,8 +50,6 @@ pass out quick on $ext_if from self to any keep state (no-sync)
 pass quick on $sync_if proto pfsync keep state (no-sync)
 
 # fsol (router) network
-pass in quick on $fsol_if proto ospf from any to any
-pass out quick on $fsol_if proto ospf from self to any
 pass in quick on $fsol_if inet from any to $dmz_net
 pass out quick on $fsol_if inet from $dmz_net to any
 pass out quick on $fsol_if inet from self to any