rpms/iptables
6
0
Fork 0
Code Issues Pull Requests Releases Activity
b277d9bafb
iptables/0006-extensions-icmp-Support-info-request-reply-type-name.patch
Phil Sutter b277d9bafb iptables-1.8.11-9.el10 
* Wed Apr 23 2025 Phil Sutter <psutter@redhat.com> [1.8.11-9.el10]
- xshared: Accept an option if any given command allows it (Phil Sutter) [RHEL-72061]
- extensions: icmp: Support info-request/-reply type names (Phil Sutter) [RHEL-85286]
Resolves: RHEL-72061, RHEL-85286
2025-04-23 23:18:56 +02:00

54 lines
2.0 KiB
Diff
Raw Blame History

From 1b704fe3dc715a10cc995e14b3fe1da44e827eee Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 23 Apr 2025 23:11:59 +0200
Subject: [PATCH] extensions: icmp: Support info-request/-reply type names
JIRA: https://issues.redhat.com/browse/RHEL-85286
Upstream Status: iptables commit 1e6a2812971a268428b04b03520cd68cb61d76e3
commit 1e6a2812971a268428b04b03520cd68cb61d76e3
Author: Phil Sutter <phil@nwl.cc>
Date: Fri Mar 28 17:35:04 2025 +0100
extensions: icmp: Support info-request/-reply type names
The intended side-effect here is that iptables-translate will accept
them too. In nftables, the names are supported since basically day 1.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
extensions/libipt_icmp.txlate | 6 ++++++
extensions/libxt_icmp.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/extensions/libipt_icmp.txlate b/extensions/libipt_icmp.txlate
index e7208d8..4315875 100644
--- a/extensions/libipt_icmp.txlate
+++ b/extensions/libipt_icmp.txlate
@@ -9,3 +9,9 @@ nft 'add rule ip filter INPUT icmp type != destination-unreachable counter accep
iptables-translate -t filter -A INPUT -m icmp --icmp-type any -j ACCEPT
nft 'add rule ip filter INPUT ip protocol icmp counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type info-request -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-request counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type 16 -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-reply counter accept'
diff --git a/extensions/libxt_icmp.h b/extensions/libxt_icmp.h
index 7a45b4b..c44aa4b 100644
--- a/extensions/libxt_icmp.h
+++ b/extensions/libxt_icmp.h
@@ -52,6 +52,9 @@ static const struct xt_icmp_names {
{ "timestamp-reply", 14, 0, 0xFF },
+ { "info-request", 15, 0, 0xFF },
+ { "info-reply", 16, 0, 0xFF },
+
{ "address-mask-request", 17, 0, 0xFF },
{ "address-mask-reply", 18, 0, 0xFF }
Reference in New Issue View Git Blame Copy Permalink