From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 7 Apr 2014 06:32:29 +0000 (+0200)
Subject: allow icmp port names
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=041b7e8e058cb55e730d7ffc4cc94e5050e54a9e

allow icmp port names
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1b83334..9054648 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -694,6 +694,8 @@ sub parse_port_name_number_or_range {
 
     my $services = PVE::Firewall::get_etc_services();
     my $count = 0;
+    my $icmp_port = 0;
+
     foreach my $item (split(/,/, $str)) {
 	$count++;
 	if ($item =~ m/^(\d+):(\d+)$/) {
@@ -704,10 +706,16 @@ sub parse_port_name_number_or_range {
 	    my $port = $1;
 	    die "invalid port '$port'\n" if $port > 65535;
 	} else {
-	    die "invalid port '$item'\n" if !$services->{byname}->{$item}; 
+	    if ($icmp_type_names->{$item}) {
+		$icmp_port = 1;
+	    } else {
+		die "invalid port '$item'\n" if !$services->{byname}->{$item}; 
+	    }
 	}
     }
 
+    die "ICPM ports not allowed in port range\n" if $icmp_port && $count > 1;
+
     return $count;
 }