allow numeric icmp types

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Tue, 16 Feb 2016 10:20:37 +0000 (11:20 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 16 Feb 2016 10:25:39 +0000 (11:25 +0100)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 16 Feb 2016 10:20:37 +0000 (11:20 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 16 Feb 2016 10:25:39 +0000 (11:25 +0100)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index 30b03c6ab4b6df3ff630ba9973761566ccac947c..a39cf6d46503dcded67f047387a8d50a3369fb36 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1675,11 +1675,13 @@ sub ruleset_generate_cmdstr {
         if ($rule->{dport}) {
             if ($rule->{proto} && $rule->{proto} eq 'icmp') {
                 # Note: we use dport to store --icmp-type
-               die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+               die "unknown icmp-type '$rule->{dport}'\n"
+                   if $rule->{dport} !~ /^\d+$/ && !defined($icmp_type_names->{$rule->{dport}});
                 push @cmd, "-m icmp --icmp-type $rule->{dport}";
             } elsif ($rule->{proto} && $rule->{proto} eq 'icmpv6') {
                 # Note: we use dport to store --icmpv6-type
-               die "unknown icmpv6-type '$rule->{dport}'\n" if !defined($icmpv6_type_names->{$rule->{dport}});
+               die "unknown icmpv6-type '$rule->{dport}'\n"
+                   if $rule->{dport} !~ /^\d+$/ && !defined($icmpv6_type_names->{$rule->{dport}});
                 push @cmd, "-m icmpv6 --icmpv6-type $rule->{dport}";
             } else {
                 if ($nbdport > 1) {
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Tue, 16 Feb 2016 10:20:37 +0000 (11:20 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 16 Feb 2016 10:25:39 +0000 (11:25 +0100)