'Ping' => [
{ action => 'PARAM', proto => 'icmpv6', dport => 'echo-request' },
],
+ 'NeighborDiscovery' => [
+ "IPv6 neighbor solicitation, neighbor and router advertisement",
+ { action => 'PARAM', proto => 'icmpv6', dport => 'router-advertisement' },
+ { action => 'PARAM', proto => 'icmpv6', dport => 'neighbor-solicitation' },
+ { action => 'PARAM', proto => 'icmpv6', dport => 'neighbor-advertisement' },
+ ],
+ 'DHCPv6' => [
+ { action => 'PARAM', proto => 'udp', dport => '546:547', sport => '546:547' },
+ ],
'Trcrt' => [
{ action => 'PARAM', proto => 'udp', dport => '33434:33524' },
{ action => 'PARAM', proto => 'icmpv6', dport => 'echo-request' },
'echo-reply' => 1,
'router-solicitation' => 1,
'router-advertisement' => 1,
+ 'neighbor-solicitation' => 1,
'neighbour-solicitation' => 1,
+ 'neighbor-advertisement' => 1,
'neighbour-advertisement' => 1,
'redirect' => 1,
};
if ($rule->{dport}) {
if ($rule->{proto} && $rule->{proto} eq 'icmp') {
# Note: we use dport to store --icmp-type
- die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+ die "unknown icmp-type '$rule->{dport}'\n"
+ if $rule->{dport} !~ /^\d+$/ && !defined($icmp_type_names->{$rule->{dport}});
push @cmd, "-m icmp --icmp-type $rule->{dport}";
} elsif ($rule->{proto} && $rule->{proto} eq 'icmpv6') {
# Note: we use dport to store --icmpv6-type
- die "unknown icmpv6-type '$rule->{dport}'\n" if !defined($icmpv6_type_names->{$rule->{dport}});
+ die "unknown icmpv6-type '$rule->{dport}'\n"
+ if $rule->{dport} !~ /^\d+$/ && !defined($icmpv6_type_names->{$rule->{dport}});
push @cmd, "-m icmpv6 --icmpv6-type $rule->{dport}";
} else {
if ($nbdport > 1) {