Revision be6d4417
Added by Jim Pingle over 2 years ago
| src/etc/inc/easyrule.inc | ||
|---|---|---|
| 331 | 331 |
unset($filterent['protocol']); |
| 332 | 332 |
} |
| 333 | 333 |
|
| 334 |
if ((strtolower($proto) == "icmp6") || (strtolower($proto) == "icmpv6")) {
|
|
| 335 |
$filterent['protocol'] = "icmp"; |
|
| 336 |
} |
|
| 337 |
|
|
| 334 | 338 |
/* Default to only allow echo requests, since that's what most people want and |
| 335 | 339 |
* it should be a safe choice. */ |
| 336 | 340 |
if ($proto == "icmp") {
|
| 337 | 341 |
$filterent['icmptype'] = 'echoreq'; |
| 338 | 342 |
} |
| 339 | 343 |
|
| 340 |
if ((strtolower($proto) == "icmp6") || (strtolower($proto) == "icmpv6")) {
|
|
| 341 |
$filterent['protocol'] = "icmp"; |
|
| 342 |
} |
|
| 343 |
|
|
| 344 | 344 |
if (is_subnet($srchost)) {
|
| 345 | 345 |
list($srchost, $srcmask) = explode("/", $srchost);
|
| 346 | 346 |
} elseif (is_specialnet($srchost)) {
|
| ... | ... | |
| 505 | 505 |
if ($int === false) {
|
| 506 | 506 |
return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
|
| 507 | 507 |
} |
| 508 |
if ((strtolower($proto) == "icmp6") || (strtolower($proto) == "icmpv6")) {
|
|
| 509 |
$proto = "icmp"; |
|
| 510 |
} |
|
| 508 | 511 |
if (($proto != 'any') && |
| 509 | 512 |
(getprotobyname($proto) === false) && |
| 510 |
(getprotobynumber($proto) === false)) {
|
|
| 513 |
(!is_numericint($proto) || (getprotobynumber($proto) === false))) {
|
|
| 511 | 514 |
return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
|
| 512 | 515 |
} |
| 513 | 516 |
if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
|
Also available in: Unified diff
Fix EasyRule ICMP6 and invalid protos. Fixes #14037