Hide Forgot
Description of problem: It's not possible to use icmp-type (one of firewalld-internals) for actions in rich rules. This includes inability to log specific/non-specific icmp requests per sources or other constraints. Version-Release number of selected component (if applicable): firewalld-0.4.3.2-8.el7.noarch How reproducible: always Steps to Reproduce: rich rules don't accept icmp-type in their grammar icmp-block is available instead, which is useful only for blocking the types specified Expected results: proceed with rich rule action based on icmp-type (or multiple types?) Additional info:
Upstream patches: https://github.com/t-woerner/firewalld/commit/f2a5c68f9ef93e7e0166c9497f153de260118139 https://github.com/t-woerner/firewalld/commit/8b2d567db9b9096e70f75ff14eb194f2ad35ed5b https://github.com/t-woerner/firewalld/commit/c3c3f535e94e4971c0c7629b15a267180f5c12a7 https://github.com/t-woerner/firewalld/commit/63bc15c7b767658cb1ff86a2867b9d9582f6cbbf https://github.com/t-woerner/firewalld/commit/fe75e5282435407a1c5128b35276e37981290556 https://github.com/t-woerner/firewalld/commit/9f009926249e3e25aed312217c7acc3b68c64207
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1934