[pve-devel] [PATCH pve-firewall] allow numeric icmp types

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Oct 23 11:35:29 CEST 2015


---
 src/PVE/Firewall.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 2597891..08ca3c1 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1702,11 +1702,13 @@ sub ruleset_generate_cmdstr {
 	if ($rule->{dport}) {
 	    if ($rule->{proto} && $rule->{proto} eq 'icmp') {
 		# Note: we use dport to store --icmp-type
-		die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+		die "unknown icmp-type '$rule->{dport}'\n"
+		    if $rule->{dport} !~ /^\d+$/ && !defined($icmp_type_names->{$rule->{dport}});
 		push @cmd, "-m icmp --icmp-type $rule->{dport}";
 	    } elsif ($rule->{proto} && $rule->{proto} eq 'icmpv6') {
 		# Note: we use dport to store --icmpv6-type
-		die "unknown icmpv6-type '$rule->{dport}'\n" if !defined($icmpv6_type_names->{$rule->{dport}});
+		die "unknown icmpv6-type '$rule->{dport}'\n"
+		    if $rule->{dport} !~ /^\d+$/ && !defined($icmpv6_type_names->{$rule->{dport}});
 		push @cmd, "-m icmpv6 --icmpv6-type $rule->{dport}";
 	    } else {
 		if ($nbdport > 1) {
-- 
2.1.4




More information about the pve-devel mailing list