Open Cohen-J-Omer opened 3 months ago
@Cohen-J-Omer I'm lacking some background in this. Could you give an example of a permit list rule that leverages these ICMP types and codes?
Hey @seankimkdy,
IBM security group rules support ICMP types and codes.
Extending the existing PermitListRule
interface will allow:
As far as I know, the other clouds don't support specifying the type and code for ICMP packets in rules, so I think unless there is a strong need for this from users, we should just default to matching on all types and codes.
As suggested here, we should consider extending
PermitListRule
to support ICMP types and codes.If you believe it's a worthwhile effort, we should make sure the data type of the ICMP
type
andcode
fields will be a string rather than an integer, since the default value of an integer (0) represents an existing ICMP type(echo reply) and code(unreachable network).