search

google / capirca

Multi-platform ACL generation system
Apache License 2.0
778 stars 209 forks source link

iptables does not generate any rules from protocol:: icmp icmpv6 #303

Open MEschenbacher opened 2 years ago

MEschenbacher commented 2 years ago

The iptables generator does not generate any rules from protocol:: icmp icmpv6 but packetfilter does.

header {
    target:: iptables INPUT DROP
    target:: packetfilter test-filter
}

term permit-icmp {
    protocol:: icmp icmpv6
    action:: accept
}

Output iptables

# Iptables INPUT Policy
# $Id:$
# $Date:$
# $Revision:$
# inet
-P INPUT DROP

Output packetfilter

# Packetfilter test-filter Policy
# $Id:$
# $Date:$
# $Revision:$
# inet

# term permit-icmp
pass quick inet proto { icmp ipv6-icmp } from { any } to { any } keep state