[pve-devel] applied: [PATCH firewall 2/3] fix wrong icmpv6 types

Thomas Lamprecht t.lamprecht at proxmox.com
Mon May 4 14:15:54 CEST 2020


On 4/29/20 3:45 PM, Mira Limbeck wrote:
> This removes icmpv6-type 'any' as it is not supported by ip6tables. Also
> introduced new icmpv6 types 'beyond-scope', 'failed-policy' and
> 'reject-route'. These values were taken from 'ip6tables -p icmpv6 -h'.
> 
> Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
> ---
>  src/PVE/Firewall.pm | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index 39f1bfc..0cae9d8 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -785,12 +785,14 @@ my $icmp_type_names = {
>  # ip6tables -p icmpv6 -h
>  
>  my $icmpv6_type_names = {
> -    'any' => 1,
>      'destination-unreachable' => 1,
>      'no-route' => 1,
>      'communication-prohibited' => 1,
> +    'beyond-scope' => 1,
>      'address-unreachable' => 1,
>      'port-unreachable' => 1,
> +    'failed-policy' => 1,
> +    'reject-route' => 1,
>      'packet-too-big' => 1,
>      'time-exceeded' => 1,
>      'ttl-zero-during-transit' => 1,
> 

applied, thanks!




More information about the pve-devel mailing list