diff options
| author | Phil Sutter <phil@nwl.cc> | 2025-03-28 17:35:04 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2025-04-23 18:06:37 +0200 |
| commit | 1e6a2812971a268428b04b03520cd68cb61d76e3 (patch) | |
| tree | 18b787b3616219f16d73f3cfdb5a302e7c1c2c98 /extensions | |
| parent | fdb541cddad0681ea3ab1fca8a3949dcf49fb194 (diff) | |
extensions: icmp: Support info-request/-reply type names
The intended side-effect here is that iptables-translate will accept
them too. In nftables, the names are supported since basically day 1.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libipt_icmp.txlate | 6 | ||||
| -rw-r--r-- | extensions/libxt_icmp.h | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/extensions/libipt_icmp.txlate b/extensions/libipt_icmp.txlate index e7208d8b..4315875b 100644 --- a/extensions/libipt_icmp.txlate +++ b/extensions/libipt_icmp.txlate @@ -9,3 +9,9 @@ nft 'add rule ip filter INPUT icmp type != destination-unreachable counter accep iptables-translate -t filter -A INPUT -m icmp --icmp-type any -j ACCEPT nft 'add rule ip filter INPUT ip protocol icmp counter accept' + +iptables-translate -t filter -A INPUT -m icmp --icmp-type info-request -j ACCEPT +nft 'add rule ip filter INPUT icmp type info-request counter accept' + +iptables-translate -t filter -A INPUT -m icmp --icmp-type 16 -j ACCEPT +nft 'add rule ip filter INPUT icmp type info-reply counter accept' diff --git a/extensions/libxt_icmp.h b/extensions/libxt_icmp.h index 7a45b4bd..c44aa4b1 100644 --- a/extensions/libxt_icmp.h +++ b/extensions/libxt_icmp.h @@ -52,6 +52,9 @@ static const struct xt_icmp_names { { "timestamp-reply", 14, 0, 0xFF }, + { "info-request", 15, 0, 0xFF }, + { "info-reply", 16, 0, 0xFF }, + { "address-mask-request", 17, 0, 0xFF }, { "address-mask-reply", 18, 0, 0xFF } |