From 3e4f2f577746608de6944d18d2b827811c81f70c Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Sun, 16 Jan 2022 15:13:22 +0000 Subject: Firewall: T4186: Correct icmp type-name options for firewall rules --- .../include/firewall/icmp-type-name.xml.i | 142 +++------------------ 1 file changed, 21 insertions(+), 121 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i index b45fb619b..585b387e2 100644 --- a/interface-definitions/include/firewall/icmp-type-name.xml.i +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -3,170 +3,70 @@ ICMP type-name - any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply + echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply info-request info-reply address-mask-request address-mask-reply - - any - Any ICMP type/code - echo-reply - ICMP type/code name - - - pong - ICMP type/code name + ICMP type 0: echo-reply destination-unreachable - ICMP type/code name - - - network-unreachable - ICMP type/code name - - - host-unreachable - ICMP type/code name - - - protocol-unreachable - ICMP type/code name - - - port-unreachable - ICMP type/code name - - - fragmentation-needed - ICMP type/code name - - - source-route-failed - ICMP type/code name - - - network-unknown - ICMP type/code name - - - host-unknown - ICMP type/code name - - - network-prohibited - ICMP type/code name - - - host-prohibited - ICMP type/code name - - - TOS-network-unreachable - ICMP type/code name - - - TOS-host-unreachable - ICMP type/code name - - - communication-prohibited - ICMP type/code name - - - host-precedence-violation - ICMP type/code name - - - precedence-cutoff - ICMP type/code name + ICMP type 3: destination-unreachable source-quench - ICMP type/code name + ICMP type 4: source-quench redirect - ICMP type/code name - - - network-redirect - ICMP type/code name - - - host-redirect - ICMP type/code name - - - TOS-network-redirect - ICMP type/code name - - - TOS host-redirect - ICMP type/code name + ICMP type 5: redirect echo-request - ICMP type/code name - - - ping - ICMP type/code name + ICMP type 8: echo-request router-advertisement - ICMP type/code name + ICMP type 9: router-advertisement router-solicitation - ICMP type/code name + ICMP type 10: router-solicitation time-exceeded - ICMP type/code name - - - ttl-exceeded - ICMP type/code name - - - ttl-zero-during-transit - ICMP type/code name - - - ttl-zero-during-reassembly - ICMP type/code name + ICMP type 11: time-exceeded parameter-problem - ICMP type/code name + ICMP type 12: parameter-problem - ip-header-bad - ICMP type/code name + timestamp-request + ICMP type 13: timestamp-request - required-option-missing - ICMP type/code name + timestamp-reply + ICMP type 14: timestamp-reply - timestamp-request - ICMP type/code name + info-request + ICMP type 15: info-request - timestamp-reply - ICMP type/code name + info-reply + ICMP type 16: info-reply address-mask-request - ICMP type/code name + ICMP type 17: address-mask-request address-mask-reply - ICMP type/code name + ICMP type 18: address-mask-replye - ^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply)$ + ^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$ -- cgit v1.2.3 From d0cfd9758bab25c14a4389488f1f8dcef01ecd45 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Sun, 16 Jan 2022 15:35:23 +0000 Subject: Firewall: T4186: typo correction on address-mask-reply description --- interface-definitions/include/firewall/icmp-type-name.xml.i | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'interface-definitions') diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i index 585b387e2..f57def3e1 100644 --- a/interface-definitions/include/firewall/icmp-type-name.xml.i +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -63,7 +63,7 @@ address-mask-reply - ICMP type 18: address-mask-replye + ICMP type 18: address-mask-reply ^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$ -- cgit v1.2.3 From 3e55af0ccdf01a7707bd81d7b329f57848e6cd2f Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 21 Jan 2022 16:58:50 +0000 Subject: Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done for icmp --- interface-definitions/firewall.xml.in | 181 ++------------------- .../include/firewall/icmpv6-type-name.xml.i | 73 +++++++++ 2 files changed, 88 insertions(+), 166 deletions(-) create mode 100644 interface-definitions/include/firewall/icmpv6-type-name.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 987ccaca6..f38bcfd9c 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -329,182 +329,31 @@ ICMPv6 type and code information - + - ICMP type-name - - any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big - - - any - Any ICMP type/code - - - echo-reply - ICMP type/code name - - - pong - ICMP type/code name - - - destination-unreachable - ICMP type/code name - - - network-unreachable - ICMP type/code name - + ICMPv6 code (0-255) - host-unreachable - ICMP type/code name - - - protocol-unreachable - ICMP type/code name - - - port-unreachable - ICMP type/code name - - - fragmentation-needed - ICMP type/code name - - - source-route-failed - ICMP type/code name - - - network-unknown - ICMP type/code name - - - host-unknown - ICMP type/code name - - - network-prohibited - ICMP type/code name - - - host-prohibited - ICMP type/code name - - - TOS-network-unreachable - ICMP type/code name - - - TOS-host-unreachable - ICMP type/code name - - - communication-prohibited - ICMP type/code name - - - host-precedence-violation - ICMP type/code name - - - precedence-cutoff - ICMP type/code name - - - source-quench - ICMP type/code name - - - redirect - ICMP type/code name - - - network-redirect - ICMP type/code name - - - host-redirect - ICMP type/code name - - - TOS-network-redirect - ICMP type/code name - - - TOS host-redirect - ICMP type/code name - - - echo-request - ICMP type/code name - - - ping - ICMP type/code name - - - router-advertisement - ICMP type/code name - - - router-solicitation - ICMP type/code name - - - time-exceeded - ICMP type/code name - - - ttl-exceeded - ICMP type/code name - - - ttl-zero-during-transit - ICMP type/code name - - - ttl-zero-during-reassembly - ICMP type/code name - - - parameter-problem - ICMP type/code name - - - ip-header-bad - ICMP type/code name - - - required-option-missing - ICMP type/code name - - - timestamp-request - ICMP type/code name - - - timestamp-reply - ICMP type/code name - - - address-mask-request - ICMP type/code name - - - address-mask-reply - ICMP type/code name + u32:0-255 + ICMPv6 code (0-255) + + + + + + + + ICMPv6 type (0-255) - packet-too-big - ICMP type/code name + u32:0-255 + ICMPv6 type (0-255) - ^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)$ + #include diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i new file mode 100644 index 000000000..b13cf02c4 --- /dev/null +++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i @@ -0,0 +1,73 @@ + + + + ICMPv6 type-name + + destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering + + + destination-unreachable + ICMPv6 type 1: destination-unreachable + + + packet-too-big + ICMPv6 type 2: packet-too-big + + + time-exceeded + ICMPv6 type 3: time-exceeded + + + echo-request + ICMPv6 type 128: echo-request + + + echo-reply + ICMPv6 type 129: echo-reply + + + mld-listener-query + ICMPv6 type 130: mld-listener-query + + + mld-listener-report + ICMPv6 type 131: mld-listener-report + + + mld-listener-reduction + ICMPv6 type 132: mld-listener-reduction + + + nd-router-solicit + ICMPv6 type 133: nd-router-solicit + + + nd-router-advert + ICMPv6 type 134: nd-router-advert + + + nd-neighbor-solicit + ICMPv6 type 135: nd-neighbor-solicit + + + nd-neighbor-advert + ICMPv6 type 136: nd-neighbor-advert + + + nd-redirect + ICMPv6 type 137: nd-redirect + + + parameter-problem + ICMPv6 type 4: parameter-problem + + + router-renumbering + ICMPv6 type 138: router-renumbering + + + ^(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)$ + + + + -- cgit v1.2.3