Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations

2010-08-02 08:04:55 -07:00 · 2010-08-02 08:04:55 -07:00 · 2774ee1bd6
commit 2774ee1bd6
parent c0dcb0edbf
4 changed files with 15 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -2056,7 +2056,7 @@ sub do_proto( $$$;$ )
 		    last PROTO;	}

 		if ( $proto == ICMP ) {
-		    fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6;
+		    fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; #User specified proto 1 rather than 'icmp'
 		    if ( $ports ne '' ) {
 			$invert = $ports =~ s/^!// ? '! ' : '';
 			fatal_error 'Multiple ICMP types are not permitted' if $ports =~ /,/;
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -73,7 +73,7 @@ our @EXPORT = qw( ALLIPv4
 		  validate_icmp6
 		 );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_11';
+our $VERSION = '4.4_12';

 #
 # Some IPv4/6 useful stuff
@ -87,6 +87,7 @@ our $validate_address;
 our $validate_net;
 our $validate_range;
 our $validate_host;
+our $family;

 use constant { ALLIPv4             => '0.0.0.0/0' ,
 	       ALLIPv6             => '::/0' ,
@ -292,6 +293,11 @@ sub resolve_proto( $ ) {
 	$number = numeric_value ( $proto );
 	defined $number && $number <= 65535 ? $number : undef;
    } else {
+	#
+	# Allow 'icmp' as a synonym for 'ipv6-icmp' in IPv6 compilations
+	#
+	$proto= 'ipv6-icmp' if $proto eq 'icmp' && $family == F_IPV6;
+	
 	defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto;
    }
 }
@ -682,7 +688,7 @@ sub validate_host ($$ ) {
 #      able to re-initialize its dependent modules' state.
 #
 sub initialize( $ ) {
-    my $family = shift;
+    $family = shift;

    if ( $family == F_IPV4 ) {
 	$allip            = ALLIPv4;
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -16,6 +16,8 @@ Changes in Shorewall 4.4.12

 8)  Add COMPLETE option.

+9)  Make ICMP a synonym for IPV6-ICMP in ipv6 configs.
+
 Changes in Shorewall 4.4.11

 1)  Apply patch from Gabriel.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -296,7 +296,10 @@ None.
        is '+'
      o That interface is assigned to a zone.
      o You have no CONTINUE policies or rules.
-    
+
+4)  'icmp' is now accepted as a synonym for 'ipv6-icmp' in IPv6
+    compilations.
+
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
      I N   P R I O R  R E L E A S E S