onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 19:57:21 +01:00
Code Issues Releases Wiki Activity

should use "-p ipv6-icmp" for ipv6 rules

Browse Source
This commit is contained in:
Vadim Kurland 2008-06-27 18:50:25 +00:00
parent 91dbc67bec
commit 873aed4eab
3 changed files with 56 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,3 +1,8 @@
2008-06-27 Vadim Kurland <vadim@vk.crocodile.org>
* ../src/ipt/PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol):
should use "-p ipv6-icmp" for ipv6 rules.
2008-06-26 Vadim Kurland <vadim@vk.crocodile.org>
* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): using

8
src/ipt/PolicyCompiler_PrintRule.cpp
View File

@ -599,13 +599,14 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
!UserService::isA(srv)
)
{
string pn=srv->getProtocolName();
string pn = srv->getProtocolName();
if (pn=="ip") pn="all";
s= "-p " + pn + " ";
if (pn == "icmp")
{
if (ipt_comp->ipv6) s = "-p ipv6-icmp ";
else s = "-p icmp ";
if (ipt_comp->newIptables(version))
{
if (ipt_comp->ipv6) s += " -m icmp6";
@ -613,6 +614,7 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
}
} else
{
s = "-p " + pn + " ";
if (pn == "tcp") s += "-m tcp ";
if (pn == "udp") s += "-m udp ";
}

48
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1213152525" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1214592406" id="root">
<Library id="syslib001" name="User" comment="User defined objects" color="#d2ffd0">
<ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@ -24375,7 +24375,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1212115999" lastInstalled="0" lastModified="1212118783" platform="iptables" ro="False" version="">
<Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1212115999" lastInstalled="0" lastModified="1214592406" platform="iptables" ro="False" version="">
<NAT id="id4833F62F6131" name="NAT"/>
<Policy id="id483F5B7623190" name="Policy_ipv4"/>
<Policy id="id4833F62E6131" name="Policy">
@ -24599,6 +24599,46 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id80471535" action="Accept" direction="Both" disabled="False" log="False" position="11">
<Src neg="False">
<ObjectRef ref="id4833F6316131"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id80541535" action="Accept" direction="Both" disabled="False" log="False" position="12">
<Src neg="False">
<ObjectRef ref="id4833F6346131"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4833F6306131" name="Routing"/>
<Interface id="id4833F6316131" name="eth0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
@ -26626,6 +26666,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Interface id="id4848A43B4626" name="ppp0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
<IntervalRef ref="sysid2"/>
<IntervalRef ref="sysid2"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ServiceRef ref="sysid1"/>
<ServiceRef ref="sysid1"/>
</Library>
<Library id="id4387B43718346" name="transfer" color="#FFFFFF" ro="False">
<ObjectGroup id="id4387B43818346" name="Objects">