| commit | a9978630ff14bf59be2e74b9b8e241ed7b261344 | |
| author | Faidon Liambotis <paravoid@debian.org> | |
| Mon, 11 Jul 2011 13:46:37 +0000 (11 16:46 +0300) | ||
| committer | Max Kellermann <max@duempel.org> | |
| Sun, 17 Jul 2011 14:54:44 +0000 (17 16:54 +0200) | ||
| tree | 2b5201d06c929baa9c6235d4ff96ac14b1bc73c5 | treesnapshot (tar.gz zip) |
| parent | c384434909a099666798a96808ef1681d24534fa | commitdiff |
Map ICMP to ICMP6 in REJECT's reject-with
Ferm currently allows the use of "icmp-type" in ip6 domains and
automatically maps it to icmp6-type.
That's not the case for REJECT's target --reject-with, which would be
especially useful for constructs like:
domain (ip ip6) chain INPUT {
proto tcp dport 22 REJECT reject-with icmp-admin-prohibited;
}
Implement the above and try to also be (too?) smart and map all the
possible iptables arguments to their respective ip6tables, which is not
always a 1:1 mapping.
Ferm currently allows the use of "icmp-type" in ip6 domains and
automatically maps it to icmp6-type.
That's not the case for REJECT's target --reject-with, which would be
especially useful for constructs like:
domain (ip ip6) chain INPUT {
proto tcp dport 22 REJECT reject-with icmp-admin-prohibited;
}
Implement the above and try to also be (too?) smart and map all the
possible iptables arguments to their respective ip6tables, which is not
always a 1:1 mapping.
| src/ferm | diffblobblamehistory | |
| test/ipv6/icmp.ferm | diffblobblamehistory | |
| test/ipv6/icmp.result | diffblobblamehistory |