From d676aa18e231b694ecd20dba8f5eca5a94145aaa Mon Sep 17 00:00:00 2001
From: Mira Limbeck <m.limbeck@proxmox.com>
Date: Wed, 29 Apr 2020 15:45:24 +0200
Subject: [PATCH] fix wrong icmpv6 types

This removes icmpv6-type 'any' as it is not supported by ip6tables. Also
introduced new icmpv6 types 'beyond-scope', 'failed-policy' and
'reject-route'. These values were taken from 'ip6tables -p icmpv6 -h'.

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
 src/PVE/Firewall.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index da1784c..5d1a584 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -785,12 +785,14 @@ my $icmp_type_names = {
 # ip6tables -p icmpv6 -h
 
 my $icmpv6_type_names = {
-    'any' => 1,
     'destination-unreachable' => 1,
     'no-route' => 1,
     'communication-prohibited' => 1,
+    'beyond-scope' => 1,
     'address-unreachable' => 1,
     'port-unreachable' => 1,
+    'failed-policy' => 1,
+    'reject-route' => 1,
     'packet-too-big' => 1,
     'time-exceeded' => 1,
     'ttl-zero-during-transit' => 1,
-- 
2.39.2