diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-06-21 10:20:34 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-06-21 10:20:34 +0000 |
| commit | 4172f22feeb56cf5ac2d72da229ec1f9e7b5a167 (patch) | |
| tree | a98b0ea517be8d6fec45070c26ccc5a9873fd8f8 | |
| parent | 17f81f1065dd53e43e2ef748a8a9dfc16430b865 (diff) | |
| download | awall-0.1.3.tar.bz2 awall-0.1.3.tar.xz | |
filter out ICMPv4/6 rules per protocol family even when message type not definedv0.1.3
| -rw-r--r-- | awall/model.lua | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/awall/model.lua b/awall/model.lua index c6df76d..698a127 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -176,18 +176,18 @@ function Rule:servoptfrags() local opts = '-p '..sdef.proto local family = nil - if sdef.type then - -- TODO multiple ICMP types per rule - local oname - if util.contains({1, 'icmp'}, sdef.proto) then - family = 'inet' - oname = 'icmp-type' - elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then - family = 'inet6' - oname = 'icmpv6-type' - else error('Type specification not valid with '..sdef.proto) end - opts = opts..' --'..oname..' '..sdef.type + -- TODO multiple ICMP types per rule + local oname + if util.contains({1, 'icmp'}, sdef.proto) then + family = 'inet' + oname = 'icmp-type' + elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then + family = 'inet6' + oname = 'icmpv6-type' + elseif sdef.type then + error('Type specification not valid with '..sdef.proto) end + if sdef.type then opts = opts..' --'..oname..' '..sdef.type end table.insert(res, {family=family, opts=opts}) end |