[pve-devel] [PATCH firewall 3/3] introduce new icmp-type parameter

Thomas Lamprecht t.lamprecht at proxmox.com
Thu May 28 17:15:47 CEST 2020


On 4/29/20 3:45 PM, Mira Limbeck wrote:
> Currently icmp types are handled via 'dport'. This is not documented
> anywhere except for a single line of comment in the code. To untangle
> the icmp-type handling from the dport handling a new 'icmp-type'
> parameter is introduced.
> 
> The valid 'icmp-type' values are limited to either the names
> (icmp[v6]_type_names hash in the code, same as ip[6]tables provides) or
> the combination of type and optional code (e.g. '3/0' for network-unreachable).
> As both type and code can be values between 0 and 255, though not all
> valid combinations, the checks limit it to range between 0/0 and
> 255/255.
> 
> Support for ipv6-icmp is added to icmp-type parameter handling. This makes it
> possible to specify icmpv6 types via the GUI.
> 
> Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
> ---
>  src/PVE/API2/Firewall/Rules.pm |  4 +++
>  src/PVE/Firewall.pm            | 63 ++++++++++++++++++++++++++++++++--
>  2 files changed, 64 insertions(+), 3 deletions(-)
> 

Would you please rebase this on current master?





More information about the pve-devel mailing list