The init callback sets things up for us, not specifying --icmp-type
results in an '--icmp-type any' match which seems perfectly fine.
Fixes: 1b8db4f4ca250 ("libip[6]t_icmp: use guided option parser")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libipt_icmp.c | 2 +-
extensions/libipt_icmp.t | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 171b3b3949e54..29c9e1a6cd727 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -31,7 +31,7 @@ static void icmp_help(void)
static const struct xt_option_entry icmp_opts[] = {
{.name = "icmp-type", .id = O_ICMP_TYPE, .type = XTTYPE_STRING,
- .flags = XTOPT_MAND | XTOPT_INVERT},
+ .flags = XTOPT_INVERT},
XTOPT_TABLEEND,
};
diff --git a/extensions/libipt_icmp.t b/extensions/libipt_icmp.t
index ce4a33f9633b5..08692900dba12 100644
--- a/extensions/libipt_icmp.t
+++ b/extensions/libipt_icmp.t
@@ -10,8 +10,6 @@
# ERROR: cannot load: iptables -A INPUT -p icmp -m icmp --icmp-type destination-unreachable/network-unreachable
# -p icmp -m icmp --icmp-type destination-unreachable/network-unreachable;=;OK
-m icmp;;FAIL
-# we accept "iptables -I INPUT -p tcp -m tcp", why not this below?
-# ERROR: cannot load: iptables -A INPUT -p icmp -m icmp
-# -p icmp -m icmp;=;OK
+-p icmp -m icmp;-p icmp -m icmp --icmp-type any;OK
-p icmp -m icmp --icmp-type 255/255;=;OK
-p icmp -m icmp --icmp-type 255/0:255;-p icmp -m icmp --icmp-type any;OK
--
2.40.0
