Support for --icmp-type and icmp6-type is missing

[MEschenbacher]

The following lines

-A FORWARD -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
-A FORWARD -p icmp --icmp-type 0 -j ACCEPT

produce errors

Error: failed to parse line, skipping rest " --icmpv6-type 1 -j ACCEPT" of the line: match modules "icmp6" is not implemented
Error: failed to parse line, skipping rest " 0 -j ACCEPT" of the line: unknown flag "--icmp-type" found

[leonnicolas]

yes the extension icmp6 is not implemented, but contributions welcome of course.

-A FORWARD -p icmp --icmp-type 0 -j ACCEPT

is this missing a -m icmp6? Otherwise the flag --icmp-type shouldn't be allowed (at least to what I can see in the man pages of man iptables-extensions)

[MEschenbacher]

The support for -p icmp6 is currently not very important, but just for the record.

The -A FORWARD -p icmp --icmp-type 0 -j ACCEPT should be allowed (and is currently deployed on hosts) according to my iptables-extensions(8)

   icmp (IPv4-specific)
       This extension can be used if `--protocol icmp' is specified. It provides the following option:

       [!] --icmp-type {type[/code]|typename}
              This  allows specification of the ICMP type, which can be a numeric ICMP type, type/code
              pair, or one of the ICMP type names shown by the command
               iptables -p icmp -h

[leonnicolas]

fixed with #17