diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-12 17:23:06 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-12 17:23:06 -0800 |
| commit | cab2ace4d9f56720a7d184900b8ead30e5e0a189 (patch) | |
| tree | 359e1deb15d0824275325634194436d7ff98e9d1 /templates | |
| parent | c1fcf5f5764e258663e6bc532783fa3c0a29d4a2 (diff) | |
| download | vyatta-cfg-firewall-cab2ace4d9f56720a7d184900b8ead30e5e0a189.tar.gz vyatta-cfg-firewall-cab2ace4d9f56720a7d184900b8ead30e5e0a189.zip | |
better off storing icmp type-names than depend on iptables help
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def | 52 | ||||
| -rw-r--r-- | templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def | 52 |
2 files changed, 80 insertions, 24 deletions
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def index 0ad5e97..413f817 100644 --- a/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def +++ b/templates/firewall/modify/node.tag/rule/node.tag/icmp/type-name/node.def @@ -1,15 +1,43 @@ type: txt help: Set icmp type-name to match -allowed: sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}' +allowed: +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + echo "${array[$i]}" + let i++ +done + syntax:expression: exec " - icmp_type_array=($(sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}')) - icmp_type_array_len=${#icmp_type_array[*]} - i=0 - while [ $i -lt $icmp_type_array_len ]; do - if [ \"${icmp_type_array[$i]}\" == \"$VAR(@)\" ] ; then - exit 0 - fi - let i++ - done - echo Invalid ICMP type-name [$VAR(@)] - exit 1 " +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + if [ \"${array[$i]}\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ +done +echo Invalid ICMP type-name [$VAR(@)] +exit 1 " diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def index 0ad5e97..413f817 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def @@ -1,15 +1,43 @@ type: txt help: Set icmp type-name to match -allowed: sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}' +allowed: +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + echo "${array[$i]}" + let i++ +done + syntax:expression: exec " - icmp_type_array=($(sudo /sbin/iptables -p icmp -h | awk 'NR>67 {print $1}')) - icmp_type_array_len=${#icmp_type_array[*]} - i=0 - while [ $i -lt $icmp_type_array_len ]; do - if [ \"${icmp_type_array[$i]}\" == \"$VAR(@)\" ] ; then - exit 0 - fi - let i++ - done - echo Invalid ICMP type-name [$VAR(@)] - exit 1 " +array=(any echo-reply destination-unreachable network-unreachable + host-unreachable protocol-unreachable port-unreachable + fragmentation-needed source-route-failed network-unknown host-unknown + network-prohibited host-prohibited TOS-network-unreachable + TOS-host-unreachable communication-prohibited host-precedence-violation + precedence-cutoff source-quench redirect network-redirect host-redirect + TOS-network-redirect TOS-host-redirect echo-request router-advertisement + router-solicitation time-exceeded ttl-zero-during-transit + ttl-zero-during-reassembly parameter-problem ip-header-bad + required-option-missing timestamp-request timestamp-reply + address-mask-request address-mask-reply) +len=${#array[*]} +i=0 +while [ $i -lt $len ]; do + if [ \"${array[$i]}\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ +done +echo Invalid ICMP type-name [$VAR(@)] +exit 1 " |