diff options
| -rwxr-xr-x | src/conf_mode/firewall.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index 82223d60b..358b938e3 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -184,6 +184,12 @@ def verify_rule(firewall, rule_conf, ipv6): if duplicates: raise ConfigError(f'Cannot match a tcp flag as set and not set') + if 'protocol' in rule_conf: + if rule_conf['protocol'] == 'icmp' and ipv6: + raise ConfigError(f'Cannot match IPv4 ICMP protocol on IPv6, use ipv6-icmp') + if rule_conf['protocol'] == 'ipv6-icmp' and not ipv6: + raise ConfigError(f'Cannot match IPv6 ICMP protocol on IPv4, use icmp') + for side in ['destination', 'source']: if side in rule_conf: side_conf = rule_conf[side] |