diff options
| author | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-12 18:07:30 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-12 18:07:30 -0800 |
| commit | 7c9ee1f612ff874eb6ebce3d68d3815db74da93a (patch) | |
| tree | 1f050020590f59c85490cd0f54e6cc49900d2f90 /templates | |
| parent | 6c9b63d77208edc15f2c70ffb845662a8a2ab845 (diff) | |
| parent | 5e820945c90bd220f32f6ad7798bcd64ff52b5b6 (diff) | |
| download | vyatta-cfg-firewall-7c9ee1f612ff874eb6ebce3d68d3815db74da93a.tar.gz vyatta-cfg-firewall-7c9ee1f612ff874eb6ebce3d68d3815db74da93a.zip | |
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def | 47 | ||||
| -rw-r--r-- | templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def | 47 |
2 files changed, 70 insertions, 24 deletions
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def index 0ad5e97..f61945c 100644 --- a/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def +++ b/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def @@ -1,15 +1,38 @@ type: txt help: Set icmp type-name to match -allowed: sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}' +allowed: +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +echo -n ${array[@]} + syntax:expression: exec " - icmp_type_array=($(sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}')) - icmp_type_array_len=${#icmp_type_array[*]} - i=0 - while [ $i -lt $icmp_type_array_len ]; do - if [ \"${icmp_type_array[$i]}\" == \"$VAR(@)\" ] ; then - exit 0 - fi - let i++ - done - echo Invalid ICMP type-name [$VAR(@)] - exit 1 " +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + if [ \"${array[$i]}\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ +done +echo Invalid ICMP type-name [$VAR(@)] +exit 1 " diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def index 0ad5e97..f61945c 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def @@ -1,15 +1,38 @@ type: txt help: Set icmp type-name to match -allowed: sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}' +allowed: +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +echo -n ${array[@]} + syntax:expression: exec " - icmp_type_array=($(sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}')) - icmp_type_array_len=${#icmp_type_array[*]} - i=0 - while [ $i -lt $icmp_type_array_len ]; do - if [ \"${icmp_type_array[$i]}\" == \"$VAR(@)\" ] ; then - exit 0 - fi - let i++ - done - echo Invalid ICMP type-name [$VAR(@)] - exit 1 " +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + if [ \"${array[$i]}\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ +done +echo Invalid ICMP type-name [$VAR(@)] +exit 1 " |