From 572ae8a665754e75e838ffbc7d5d61440d153a90 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 30 May 2024 14:48:38 +0200
Subject: [PATCH] interfaces: in SLAAC tracking prevent footshooting

---
 src/etc/inc/interfaces.inc                           | 4 ++++
 src/opnsense/scripts/interfaces/rtsold_resolvconf.sh | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index eaa02f853..0a29b0b80 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -2868,6 +2868,10 @@ if [ -z "\${1}" ]; then
     echo "Nothing to do."
     exit 0
 fi
+if grep -q "^interface \${1} " /var/etc/radvd.conf; then
+       echo "Rejecting own configuration."
+       exit 0
+fi
 if [ -n "\${2}" ]; then
     # Note that the router file can be written by ppp-linkup.sh or
     # this script so do not clear the file as it may already exist.
diff --git a/src/opnsense/scripts/interfaces/rtsold_resolvconf.sh b/src/opnsense/scripts/interfaces/rtsold_resolvconf.sh
index bd32e051a..4350f8cb7 100755
--- a/src/opnsense/scripts/interfaces/rtsold_resolvconf.sh
+++ b/src/opnsense/scripts/interfaces/rtsold_resolvconf.sh
@@ -40,6 +40,11 @@ ifname=${2%%:[*}
 rasrca=${2##*:[}
 rasrca=${rasrca%]}
 
+if grep -q "^interface ${ifname%%:slaac} " /var/etc/radvd.conf; then
+	echo "Rejecting own configuration."
+	exit 0
+fi
+
 # ${1} indicates whether DNS information should be added or deleted.
 
 if [ "${1}" = "-a" ]; then