diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 59b51b70a..70bed0fb7 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2056,7 +2056,7 @@ sub do_proto( $$$;$ ) last PROTO; } if ( $proto == ICMP ) { - fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; + fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; #User specified proto 1 rather than 'icmp' if ( $ports ne '' ) { $invert = $ports =~ s/^!// ? '! ' : ''; fatal_error 'Multiple ICMP types are not permitted' if $ports =~ /,/; diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 35e45aef1..66292b0d8 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -73,7 +73,7 @@ our @EXPORT = qw( ALLIPv4 validate_icmp6 ); our @EXPORT_OK = qw( ); -our $VERSION = '4.4_11'; +our $VERSION = '4.4_12'; # # Some IPv4/6 useful stuff @@ -87,6 +87,7 @@ our $validate_address; our $validate_net; our $validate_range; our $validate_host; +our $family; use constant { ALLIPv4 => '0.0.0.0/0' , ALLIPv6 => '::/0' , @@ -292,6 +293,11 @@ sub resolve_proto( $ ) { $number = numeric_value ( $proto ); defined $number && $number <= 65535 ? $number : undef; } else { + # + # Allow 'icmp' as a synonym for 'ipv6-icmp' in IPv6 compilations + # + $proto= 'ipv6-icmp' if $proto eq 'icmp' && $family == F_IPV6; + defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto; } } @@ -682,7 +688,7 @@ sub validate_host ($$ ) { # able to re-initialize its dependent modules' state. # sub initialize( $ ) { - my $family = shift; + $family = shift; if ( $family == F_IPV4 ) { $allip = ALLIPv4; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 9fbcc652b..48bd2aedf 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -16,6 +16,8 @@ Changes in Shorewall 4.4.12 8) Add COMPLETE option. +9) Make ICMP a synonym for IPV6-ICMP in ipv6 configs. + Changes in Shorewall 4.4.11 1) Apply patch from Gabriel. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 4bc339611..096cedf93 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -296,7 +296,10 @@ None. is '+' o That interface is assigned to a zone. o You have no CONTINUE policies or rules. - + +4) 'icmp' is now accepted as a synonym for 'ipv6-icmp' in IPv6 + compilations. + ---------------------------------------------------------------------------- V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S I N P R I O R R E L E A S E S