[pve-devel] [PATCH firewall 2/3] fix wrong icmpv6 types
Mira Limbeck
m.limbeck at proxmox.com
Wed Apr 29 15:45:24 CEST 2020
This removes icmpv6-type 'any' as it is not supported by ip6tables. Also
introduced new icmpv6 types 'beyond-scope', 'failed-policy' and
'reject-route'. These values were taken from 'ip6tables -p icmpv6 -h'.
Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
src/PVE/Firewall.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 39f1bfc..0cae9d8 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -785,12 +785,14 @@ my $icmp_type_names = {
# ip6tables -p icmpv6 -h
my $icmpv6_type_names = {
- 'any' => 1,
'destination-unreachable' => 1,
'no-route' => 1,
'communication-prohibited' => 1,
+ 'beyond-scope' => 1,
'address-unreachable' => 1,
'port-unreachable' => 1,
+ 'failed-policy' => 1,
+ 'reject-route' => 1,
'packet-too-big' => 1,
'time-exceeded' => 1,
'ttl-zero-during-transit' => 1,
--
2.20.1
More information about the pve-devel
mailing list