How to configure CentOS firewalld to allow quagga ospf messages

Question

I have a 4 node spine leaf topology with tow host connected. One host each connected to the leaves. Each host is also hosting quagga and capable of operating as a router.

On the (CentOS 7) host OSPF will not converge until I disable firewalld. The status below is present on the leaf.

Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
5.5.5.5           1 Init/DROther      37.933s 10.6.1.2        swp3:10.6.1.1            0     0     0

The host remains in the init state and only converges after disabling firewalld. I don't want to stop firewalld; How can I configure firewalld to allow ospf messages?

score 1 · Accepted Answer · answered Dec 28 '18 at 15:34

1

OSPF is IP protocol 89, so you need to allow this protocol:

firewall-cmd --add-protocol=ospf [--permanent] [--zone=whatever]

answered Dec 28 '18 at 15:34

Michael Hampton

244,070
43
506
972

score 0 · Answer 2 · answered Jun 01 '20 at 20:34

0

I had the following issue with the previous answer:

firewall-cmd --add-protocol=ospf
Error: INVALID_PROTOCOL: ospf

So after pulling some hairs, I found this solution:

firewall-cmd --add-protocol=89

Which does work

answered Jun 01 '20 at 20:34

tkteun

101

How to configure CentOS firewalld to allow quagga ospf messages

2 Answers2