extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 10:18:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow the 'open' and 'close' commands to handle icmp

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-03-16 16:25:32 -07:00
parent 79d8d73e02
commit fdc36747ad
1 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
Shorewall-core/lib.cli
View File

@ -2089,6 +2089,8 @@ delete_command() {
open_close_command() { open_close_command() {
local command local command
local desc local desc
local proto
local icmptype
open_close_setup() { open_close_setup() {
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
@ -2152,7 +2154,11 @@ open_close_command() {
desc="from $1 to $2" desc="from $1 to $2"
if [ $# -ge 3 ]; then if [ $# -ge 3 ]; then
command="$command -p $3" proto=$3
[ $proto = icmp -a $g_family -eq 6 ] && proto=58
command="$command -p $proto"
case $3 in case $3 in
[0-9]*) [0-9]*)
@ -2162,10 +2168,44 @@ open_close_command() {
desc="$desc $3" desc="$desc $3"
;; ;;
esac esac
if [ $g_family -eq 4 ]; then
if [ $proto = 6 -o $proto = icmp ]; then
proto=icmp
icmptype='--icmp-type'
fi
else
if [ $proto = 58 -o $proto = ipv6-icmp ]; then
proto=icmp
icmptype='--icmpv6-type'
fi
fi
fi fi
if [ $# -eq 4 ]; then if [ $# -eq 4 ]; then
if [ $proto = icmp ]; then
case $4 in
*,*)
fatal_error "Only a single ICMP type may be specified"
;;
[0-9]*)
desc="$desc type $4"
;;
*)
desc="$desc $4"
;;
esac
command="$command $icmptype $4"
else
case $4 in
*,*)
command="$command -m multiport --dports $4" command="$command -m multiport --dports $4"
;;
*)
command="$command --dport $4"
;;
esac
case $4 in case $4 in
[0-9]*,) [0-9]*,)
@ -2179,6 +2219,7 @@ open_close_command() {
;; ;;
esac esac
fi fi
fi
command="$command -j ACCEPT" command="$command -j ACCEPT"