RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
based on discussion from
bug 1136801 comment 11 and
bug 1136801 comment 15

There came an idea to have possibility to include the only icmp types in icmp-blocks field instead of excluding them.

To have it as follows:
* 'icmp-blocks' becomes 'icmp-filter' - it should be backwards compatible with (possibly hidden) 'icmp-blocks' setting
* default behaviour stays the same
* rough description: the whole field can be negated (could use a '!'); from --list-all or --zone-info it's apparent what behaviour is currently set.
* behaviour is not dependent on 'default-target' of a zone (would be anti-UX) (this was in original idea)

Version-Release number of selected component (if applicable):
firewalld-0.3.9-14.el7

Additional info:
In el7 icmp-blocks are added one at a time, this might pose a problem with field's functional inversion

Fixed upstream:

https://github.com/t-woerner/firewalld/commit/c6a8b4c03f3b96c48dc06cf7cbb71297d03b6c58
https://github.com/t-woerner/firewalld/commit/e1bb04f488500ccaadb49249dc6b22d6daeb342a
https://github.com/t-woerner/firewalld/commit/fa589ebe36c24b515994f9cd5bd10285b9321c18
https://github.com/t-woerner/firewalld/commit/9ffa79f00b2964aff87b7a30fc261f0330c06f89
https://github.com/t-woerner/firewalld/commit/2f3cc927360842299640081a0b501e55259901d3
https://github.com/t-woerner/firewalld/commit/50431459987f26e8ea666320fcd433f3a6fa9457
https://github.com/t-woerner/firewalld/commit/26e23b8cd945720cfb2ff37e47b12435747a051b

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2597.html