On 20/08/15 at 11:16, Jan Engelhardt wrote: > > On Thursday 2015-08-20 11:06, Andreas Herz wrote: > > > >I just tested around and icmpv6 is already working but that's caused by > >rather optimistic parsing: > > > >> if (!xtables_strtoui(slash+1, NULL, &number, 0, UINT8_MAX)) > > > >So --icmpv6-type 1/255 is also possible. > > Specifying raw numbers for packet fields should always be possible, > exactly because some local name mapping database may be out of date or > because new things get invented at IETF over time. Sounds reasonable, so i will just add the names. Thanks for the explanation. The icmpv6 match was just something i looked into while i saw the issue with REJECT. So small patch incoming. > However, since you are concerned about the REJECT target, and > --reject-with takes a mnemonic that is only used to communicate with the > kernel module, rather than a value that is directly placed into a > network packet, the above would not apply. And i don't even have a chance to "cheat" (as i can with the raw numbers in the icmpv6 match) so i will work on that part to add those codes. -- Andreas Herz -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
