X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=a39cf6d46503dcded67f047387a8d50a3369fb36;hp=30b03c6ab4b6df3ff630ba9973761566ccac947c;hb=a86e183a06daea8268fb7424c74077ce5d98a3be;hpb=3f61519470a9bbb74f3b815b436cd10c3ee042c7

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 30b03c6..a39cf6d 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1675,11 +1675,13 @@ sub ruleset_generate_cmdstr {
 	if ($rule->{dport}) {
 	    if ($rule->{proto} && $rule->{proto} eq 'icmp') {
 		# Note: we use dport to store --icmp-type
-		die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+		die "unknown icmp-type '$rule->{dport}'\n"
+		    if $rule->{dport} !~ /^\d+$/ && !defined($icmp_type_names->{$rule->{dport}});
 		push @cmd, "-m icmp --icmp-type $rule->{dport}";
 	    } elsif ($rule->{proto} && $rule->{proto} eq 'icmpv6') {
 		# Note: we use dport to store --icmpv6-type
-		die "unknown icmpv6-type '$rule->{dport}'\n" if !defined($icmpv6_type_names->{$rule->{dport}});
+		die "unknown icmpv6-type '$rule->{dport}'\n"
+		    if $rule->{dport} !~ /^\d+$/ && !defined($icmpv6_type_names->{$rule->{dport}});
 		push @cmd, "-m icmpv6 --icmpv6-type $rule->{dport}";
 	    } else {
 		if ($nbdport > 1) {