allow numeric icmp types

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 2597891b327ed91818d934c8c38ac719a9dda8a0..08ca3c122161fca975cc93cd8ec2ce3a561161a4 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1702,11 +1702,13 @@ sub ruleset_generate_cmdstr {
        if ($rule->{dport}) {
            if ($rule->{proto} && $rule->{proto} eq 'icmp') {
                # Note: we use dport to store --icmp-type
-               die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+               die "unknown icmp-type '$rule->{dport}'\n"
+                   if $rule->{dport} !~ /^\d+$/ && !defined($icmp_type_names->{$rule->{dport}});
                push @cmd, "-m icmp --icmp-type $rule->{dport}";
            } elsif ($rule->{proto} && $rule->{proto} eq 'icmpv6') {
                # Note: we use dport to store --icmpv6-type
-               die "unknown icmpv6-type '$rule->{dport}'\n" if !defined($icmpv6_type_names->{$rule->{dport}});
+               die "unknown icmpv6-type '$rule->{dport}'\n"
+                   if $rule->{dport} !~ /^\d+$/ && !defined($icmpv6_type_names->{$rule->{dport}});
                push @cmd, "-m icmpv6 --icmpv6-type $rule->{dport}";
            } else {
                if ($nbdport > 1) {