diff options
-rw-r--r-- | extensions/libipt_icmp.c | 3 | ||||
-rw-r--r-- | extensions/libipt_icmp.t | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index b0318aeb..171b3b39 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -108,7 +108,8 @@ static void icmp_save(const void *ip, const struct xt_entry_match *match) printf(" !"); /* special hack for 'any' case */ - if (icmp->type == 0xFF) { + if (icmp->type == 0xFF && + icmp->code[0] == 0 && icmp->code[1] == 0xFF) { printf(" --icmp-type any"); } else { printf(" --icmp-type %u", icmp->type); diff --git a/extensions/libipt_icmp.t b/extensions/libipt_icmp.t index f4ba65c2..ce4a33f9 100644 --- a/extensions/libipt_icmp.t +++ b/extensions/libipt_icmp.t @@ -13,3 +13,5 @@ # we accept "iptables -I INPUT -p tcp -m tcp", why not this below? # ERROR: cannot load: iptables -A INPUT -p icmp -m icmp # -p icmp -m icmp;=;OK +-p icmp -m icmp --icmp-type 255/255;=;OK +-p icmp -m icmp --icmp-type 255/0:255;-p icmp -m icmp --icmp-type any;OK |