From 3e4f2f577746608de6944d18d2b827811c81f70c Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Sun, 16 Jan 2022 15:13:22 +0000 Subject: Firewall: T4186: Correct icmp type-name options for firewall rules --- .../include/firewall/icmp-type-name.xml.i | 142 +++------------------ 1 file changed, 21 insertions(+), 121 deletions(-) (limited to 'interface-definitions/include/firewall') diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i index b45fb619b..585b387e2 100644 --- a/interface-definitions/include/firewall/icmp-type-name.xml.i +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -3,170 +3,70 @@ ICMP type-name - any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply + echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply info-request info-reply address-mask-request address-mask-reply - - any - Any ICMP type/code - echo-reply - ICMP type/code name - - - pong - ICMP type/code name + ICMP type 0: echo-reply destination-unreachable - ICMP type/code name - - - network-unreachable - ICMP type/code name - - - host-unreachable - ICMP type/code name - - - protocol-unreachable - ICMP type/code name - - - port-unreachable - ICMP type/code name - - - fragmentation-needed - ICMP type/code name - - - source-route-failed - ICMP type/code name - - - network-unknown - ICMP type/code name - - - host-unknown - ICMP type/code name - - - network-prohibited - ICMP type/code name - - - host-prohibited - ICMP type/code name - - - TOS-network-unreachable - ICMP type/code name - - - TOS-host-unreachable - ICMP type/code name - - - communication-prohibited - ICMP type/code name - - - host-precedence-violation - ICMP type/code name - - - precedence-cutoff - ICMP type/code name + ICMP type 3: destination-unreachable source-quench - ICMP type/code name + ICMP type 4: source-quench redirect - ICMP type/code name - - - network-redirect - ICMP type/code name - - - host-redirect - ICMP type/code name - - - TOS-network-redirect - ICMP type/code name - - - TOS host-redirect - ICMP type/code name + ICMP type 5: redirect echo-request - ICMP type/code name - - - ping - ICMP type/code name + ICMP type 8: echo-request router-advertisement - ICMP type/code name + ICMP type 9: router-advertisement router-solicitation - ICMP type/code name + ICMP type 10: router-solicitation time-exceeded - ICMP type/code name - - - ttl-exceeded - ICMP type/code name - - - ttl-zero-during-transit - ICMP type/code name - - - ttl-zero-during-reassembly - ICMP type/code name + ICMP type 11: time-exceeded parameter-problem - ICMP type/code name + ICMP type 12: parameter-problem - ip-header-bad - ICMP type/code name + timestamp-request + ICMP type 13: timestamp-request - required-option-missing - ICMP type/code name + timestamp-reply + ICMP type 14: timestamp-reply - timestamp-request - ICMP type/code name + info-request + ICMP type 15: info-request - timestamp-reply - ICMP type/code name + info-reply + ICMP type 16: info-reply address-mask-request - ICMP type/code name + ICMP type 17: address-mask-request address-mask-reply - ICMP type/code name + ICMP type 18: address-mask-replye - ^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply)$ + ^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$ -- cgit v1.2.3