]> git.proxmox.com Git - pve-firewall.git/commit - src/PVE/Firewall.pm
projects / pve-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42a7fbe) | patch
fix #4730: add safeguards to prevent ICMP type misuse
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Tue, 16 May 2023 09:09:24 +0000 (11:09 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 16 May 2023 09:15:15 +0000 (11:15 +0200)
commit4d1ca18ee6799b42aefdf3cfb016cd8bba848174
treee9cb6b727eef705b1b6f390c75fd317f42406ebctree
parent42a7fbe0a44de333dc5cd8ab09a4263f85db9c93commit | diff
fix #4730: add safeguards to prevent ICMP type misuse

without this additional conditions, it's possible to break the firewall by
setting an ICMP-type value as dport for non-ICMP protocols, e.g. 'any' for
'tcp'.

by rejecting the invalid rule/parameter, the rest of the ruleset is still
applied properly, and the error messages are a lot more informative as well.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
src/PVE/Firewall.pm diff | blob | blame | history
Firewall test scripts