Project

General

Profile

Actions

Bug #7118

closed

ICMP rule with ICMP type "any" fails to load

Added by Tobias Wigand over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
01/13/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:
amd64

Description

Creating a pass rule with ICMP and ICMP type any prevents the ruleset from being loaded.
The following rule is generated and fails:

pass  in  quick  on $LAN inet proto icmp  from 192.168.1.0/24 to any icmp-type any tracker 1484287460 keep state  label "USER_RULE: Allow ICMP " 

I think "icmp-type any" is wrong and should be left out to match all ICMP traffic.

The rule should look like it does in 2.3:

pass  in  quick  on $LAN inet proto icmp  from 192.168.1.0/24 to any tracker 1416374361 keep state  label "USER_RULE: Allow ICMP" 

Actions #2

Updated by Tobias Wigand over 5 years ago

Works fine now. Many thanks, Phil!

Actions #3

Updated by Phillip Davis over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Jim Pingle over 5 years ago

  • Status changed from Feedback to New

This still fails for me after a gitsync.

There were error(s) loading the rules: /tmp/rules.debug:189: syntax error - The line in question reads [189]: pass in quick on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto icmp from any to 1.2.3.4 icmp-type any tracker 1484267245 keep state label "USER_RULE"

Actions #5

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Resolved

OK, nevermind, I ran it again and it's fine. The sync didn't pick that up.

github has been spazzing out today, the first sync probably didn't get anything new.

Actions

Also available in: Atom PDF