diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-08-01 23:28:20 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-08-04 15:10:49 +0200 |
| commit | 5b5430d627bbc227a2d51d4312c371f2015834c6 (patch) | |
| tree | cfb88106484cda558c49b6dda6f4c7f0f86d1775 /extensions/libipt_icmp.t | |
| parent | 9f98550d58a49fc95d529ebdc0173579d957b425 (diff) | |
extensions: libipt_icmp: Fix confusion between 255/255 and any
Per definition, ICMP type "any" is type 255 and the full range of codes
(0-255). Save callback though ignored the actual code values, printing
"any" for every type 255 match. This at least confuses users as they
can't find their rule added as '--icmp-type 255/255' anymore.
It is not entirely clear what the fixed commit was trying to establish,
but the save output is certainly not correct (especially since print
callback gets things right).
Reported-by: Amelia Downs <adowns@vmware.com>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1600
Fixes: fc9237da4e845 ("Fix '-p icmp -m icmp' issue (Closes: #37)")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libipt_icmp.t')
| -rw-r--r-- | extensions/libipt_icmp.t | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/libipt_icmp.t b/extensions/libipt_icmp.t index f4ba65c2..ce4a33f9 100644 --- a/extensions/libipt_icmp.t +++ b/extensions/libipt_icmp.t @@ -13,3 +13,5 @@ # we accept "iptables -I INPUT -p tcp -m tcp", why not this below? # ERROR: cannot load: iptables -A INPUT -p icmp -m icmp # -p icmp -m icmp;=;OK +-p icmp -m icmp --icmp-type 255/255;=;OK +-p icmp -m icmp --icmp-type 255/0:255;-p icmp -m icmp --icmp-type any;OK |