[pve-devel] [PATCH firewall 3/3] introduce new icmp-type parameter
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu May 28 17:15:47 CEST 2020
On 4/29/20 3:45 PM, Mira Limbeck wrote:
> Currently icmp types are handled via 'dport'. This is not documented
> anywhere except for a single line of comment in the code. To untangle
> the icmp-type handling from the dport handling a new 'icmp-type'
> parameter is introduced.
>
> The valid 'icmp-type' values are limited to either the names
> (icmp[v6]_type_names hash in the code, same as ip[6]tables provides) or
> the combination of type and optional code (e.g. '3/0' for network-unreachable).
> As both type and code can be values between 0 and 255, though not all
> valid combinations, the checks limit it to range between 0/0 and
> 255/255.
>
> Support for ipv6-icmp is added to icmp-type parameter handling. This makes it
> possible to specify icmpv6 types via the GUI.
>
> Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
> ---
> src/PVE/API2/Firewall/Rules.pm | 4 +++
> src/PVE/Firewall.pm | 63 ++++++++++++++++++++++++++++++++--
> 2 files changed, 64 insertions(+), 3 deletions(-)
>
Would you please rebase this on current master?
More information about the pve-devel
mailing list