diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-30 18:34:14 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-30 18:34:14 -0800 |
| commit | 5d5878b28e5bb42ec2219d1ad6abd02a11d49819 (patch) | |
| tree | 4ff40d6cdaa1a9e6513d8e4675056c5f50d2316b /lib/Vyatta/IpTables/Rule.pm | |
| parent | 2afd0c3322bffa345b7239e410119409ea1c7a99 (diff) | |
| download | vyatta-cfg-firewall-5d5878b28e5bb42ec2219d1ad6abd02a11d49819.tar.gz vyatta-cfg-firewall-5d5878b28e5bb42ec2219d1ad6abd02a11d49819.zip | |
Fix Bug 2741 ENH: filter based on ICMP Type/code by name
Diffstat (limited to 'lib/Vyatta/IpTables/Rule.pm')
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index ff645b2..6fb2a13 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -21,6 +21,7 @@ my %fields = ( _tcp_flags => undef, _icmp_code => undef, _icmp_type => undef, + _icmp_name => undef, _mod_mark => undef, _mod_dscp => undef, _ipsec => undef, @@ -70,6 +71,7 @@ my %dummy_rule = ( _tcp_flags => undef, _icmp_code => undef, _icmp_type => undef, + _icmp_name => undef, _mod_mark => undef, _mod_dscp => undef, _ipsec => undef, @@ -145,6 +147,7 @@ sub setup { $self->{_tcp_flags} = $config->returnValue("tcp flags"); $self->{_icmp_code} = $config->returnValue("icmp code"); $self->{_icmp_type} = $config->returnValue("icmp type"); + $self->{_icmp_name} = $config->returnValue("icmp type-name"); $self->{_mod_mark} = $config->returnValue("modify mark"); $self->{_mod_dscp} = $config->returnValue("modify dscp"); $self->{_ipsec} = $config->exists("ipsec match-ipsec"); @@ -207,6 +210,7 @@ sub setupOrig { $self->{_tcp_flags} = $config->returnOrigValue("tcp flags"); $self->{_icmp_code} = $config->returnOrigValue("icmp code"); $self->{_icmp_type} = $config->returnOrigValue("icmp type"); + $self->{_icmp_name} = $config->returnOrigValue("icmp type-name"); $self->{_mod_mark} = $config->returnOrigValue("modify mark"); $self->{_mod_dscp} = $config->returnOrigValue("modify dscp"); $self->{_ipsec} = $config->existsOrig("ipsec match-ipsec"); @@ -364,18 +368,23 @@ sub rule { # set the icmp code and type if applicable if (($self->{_protocol} eq "icmp") || ($self->{_protocol} eq "1")) { - if (defined $self->{_icmp_type}) { + if (defined $self->{_icmp_name}) { + if (defined($self->{_icmp_type}) || defined($self->{_icmp_code})){ + return ("Cannot use ICMP type/code with ICMP type-name", ); + } + $rule .= "--icmp-type $self->{_icmp_name} "; + } elsif (defined $self->{_icmp_type}) { $rule .= "--icmp-type $self->{_icmp_type}"; if (defined $self->{_icmp_code}) { $rule .= "/$self->{_icmp_code}"; } $rule .= " "; - } elsif (defined $self->{_icmp_code}) { + } elsif (defined $self->{_icmp_code}) { return ("ICMP code can only be defined if ICMP type is defined", ); - - } - } elsif (defined($self->{_icmp_type}) || defined($self->{_icmp_code})) { - return ("ICMP type/code can only be defined if protocol is ICMP", ); + } + } elsif (defined($self->{_icmp_type}) || defined($self->{_icmp_code}) + || defined($self->{_icmp_name})) { + return ("ICMP type/code or type-name can only be defined if protocol is ICMP", ); } # add the source and destination rules |