* IPTImporter.cpp (IPTImporter::IPTImporter): fixed #1511, SF bug 3012953:

iptables import parse error icmp_type any

build_num

@@ -1 +1 @@
-#define BUILD_NUM 2962
+#define BUILD_NUM 2963

doc/ChangeLog

@@ -1,3 +1,8 @@
+2010-06-08  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* IPTImporter.cpp (IPTImporter::IPTImporter): fixed #1511, SF bug 3012953:
+	iptables import parse error icmp_type any
+
 2010-06-07  Vadim Kurland  <vadim@vk.crocodile.org>
 
 	* CompilerDriver_pix_run.cpp (CompilerDriver_pix::pixNetworkZoneChecks):

src/gui/IPTImporter.cpp

@@ -78,6 +78,8 @@ IPTImporter::IPTImporter(FWObject *lib,
 
     clear();
 
+    icmp_specs["any"] = std::pair<int,int>(-1, -1);
+
     icmp_specs["echo-reply"] = std::pair<int,int>(0, 0);
 
     // all "unreachables"

src/gui/unit_tests/ImporterTest/test_data/ipt.result

@@ -63,6 +63,8 @@ TCP Service object: tcp 202-202:
 TCP Service object: tcp 204-204:
 TCP Service object: tcp 206-206:
 TCP Service object: tcp 2222-2222:
+ICMP Service object: icmp 3/-1
+ICMP Service object: icmp 3/6
 Custom Service object: cust-1-: iptables: -m length --length 400:65535
 Custom Service object: cust-2-: iptables: -m recent --name badguy --rcheck --seconds 60 
 Custom Service object: cust-3-: iptables: -m recent --name badguy --set 

src/gui/unit_tests/ImporterTest/test_data/ipt.test

@@ -132,6 +132,11 @@
 -A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 548,201,202,204,206 -j ACCEPT
 -A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 2222 -j ACCEPT
 
+# icmp
+-A user_chain -p icmp -s 128.143.0.0/16 --icmp-type any  -j ACCEPT
+-A user_chain -p icmp -s 128.143.0.0/16 --icmp-type 3  -j ACCEPT
+-A user_chain -p icmp -s 128.143.0.0/16 --icmp-type network-unknown  -j ACCEPT
+
 
 # module length
 -A user_chain -m length --length 400:65535 -j DROP