Commit a12bd0c0 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

properly handle stateless ICMP rules

fixes #2714
parent 9fdf8d72
--[[
Base data model for Alpine Wall
Copyright (C) 2012-2013 Kaarle Ritvanen
Copyright (C) 2012-2014 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -264,7 +264,7 @@ function Rule:servoptfrags()
elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then
family = 'inet6'
oname = 'icmpv6-type'
elseif sdef.type then
elseif sdef.type or sdef['reverse-type'] then
self:error('Type specification not valid with '..sdef.proto)
end
......@@ -277,7 +277,11 @@ function Rule:servoptfrags()
end
end
if sdef.type then opts = opts..' --'..oname..' '..sdef.type end
if sdef.type then
opts = opts..' --'..oname..' '..(
self.reverse and sdef['reverse-type'] or sdef.type
)
end
table.insert(res, {family=family, opts=opts})
end
end
......
......@@ -82,8 +82,8 @@
"ospf": { "proto": "ospf" },
"pgsql": { "proto": "tcp", "port": 5432 },
"ping": [
{ "proto": "icmp", "type": 8 },
{ "proto": "icmpv6", "type": 128 }
{ "proto": "icmp", "type": 8, "reverse-type": 0 },
{ "proto": "icmpv6", "type": 128, "reverse-type": 129 }
],
"radius": [
{ "proto": "udp", "port": 1812 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment