diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-02-28 22:30:23 +0200 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-02-28 22:31:20 +0200 |
| commit | a12bd0c0110bd4d77ae195522555ca75805a5cfc (patch) | |
| tree | 7a9141f627a9bf3ed3decea9c711368d73263a73 | |
| parent | 9fdf8d723edcd8e90232e519cb3b10556b171e1b (diff) | |
| download | awall-a12bd0c0110bd4d77ae195522555ca75805a5cfc.tar.bz2 awall-a12bd0c0110bd4d77ae195522555ca75805a5cfc.tar.xz | |
properly handle stateless ICMP rulesv0.3.5
fixes #2714
| -rw-r--r-- | awall/model.lua | 10 | ||||
| -rw-r--r-- | json/services.json | 4 |
2 files changed, 9 insertions, 5 deletions
diff --git a/awall/model.lua b/awall/model.lua index b766532..5ed6fb5 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -1,6 +1,6 @@ --[[ Base data model for Alpine Wall -Copyright (C) 2012-2013 Kaarle Ritvanen +Copyright (C) 2012-2014 Kaarle Ritvanen See LICENSE file for license details ]]-- @@ -264,7 +264,7 @@ function Rule:servoptfrags() elseif util.contains({58, 'ipv6-icmp', 'icmpv6'}, sdef.proto) then family = 'inet6' oname = 'icmpv6-type' - elseif sdef.type then + elseif sdef.type or sdef['reverse-type'] then self:error('Type specification not valid with '..sdef.proto) end @@ -277,7 +277,11 @@ function Rule:servoptfrags() end end - if sdef.type then opts = opts..' --'..oname..' '..sdef.type end + if sdef.type then + opts = opts..' --'..oname..' '..( + self.reverse and sdef['reverse-type'] or sdef.type + ) + end table.insert(res, {family=family, opts=opts}) end end diff --git a/json/services.json b/json/services.json index c193ce9..1eef980 100644 --- a/json/services.json +++ b/json/services.json @@ -82,8 +82,8 @@ "ospf": { "proto": "ospf" }, "pgsql": { "proto": "tcp", "port": 5432 }, "ping": [ - { "proto": "icmp", "type": 8 }, - { "proto": "icmpv6", "type": 128 } + { "proto": "icmp", "type": 8, "reverse-type": 0 }, + { "proto": "icmpv6", "type": 128, "reverse-type": 129 } ], "radius": [ { "proto": "udp", "port": 1812 }, |