From 60a7dfeb65b72e2ef26e071c007f9d11fe9aebc2 Mon Sep 17 00:00:00 2001
From: Félix Sipma <felix.sipma@no-log.org>
Date: Mon, 29 Feb 2016 09:20:24 +0100
Subject: Firewall: add ICMPTypeMatch

(cherry picked from commit 2214aca8f3ca92b9739b2884cb59274edad9170e)
---
 src/Propellor/Property/Firewall.hs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 62adf33a..05d70f45 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -11,6 +11,7 @@ module Propellor.Property.Firewall (
 	Proto(..),
 	Rules(..),
 	ConnectionState(..),
+	ICMPTypeMatch(..),
 	IPWithMask(..),
 	fromIPWithMask
 ) where
@@ -58,6 +59,11 @@ toIpTableArg (Ctstate states) =
 	, "conntrack"
 	, "--ctstate", intercalate "," (map show states)
 	]
+toIpTableArg (ICMPType i) =
+	[ "-m"
+	, "icmp"
+	, "--icmp-type", fromICMPTypeMatch i
+	]
 toIpTableArg (Source ipwm) =
 	[ "-s"
 	, intercalate "," (map fromIPWithMask ipwm)
@@ -164,6 +170,13 @@ data Proto = TCP | UDP | ICMP
 data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
 	deriving (Eq, Show)
 
+data ICMPTypeMatch = ICMPTypeName String | ICMPTypeCode Int
+	deriving (Eq, Show)
+
+fromICMPTypeMatch :: ICMPTypeMatch -> String
+fromICMPTypeMatch (ICMPTypeName t) = t
+fromICMPTypeMatch (ICMPTypeCode c) = show c
+
 data Rules
 	= Everything
 	| Proto Proto
@@ -174,6 +187,7 @@ data Rules
 	| InIFace Network.Interface
 	| OutIFace Network.Interface
 	| Ctstate [ ConnectionState ]
+	| ICMPType ICMPTypeMatch
 	| Source [ IPWithMask ]
 	| Destination [ IPWithMask ]
 	| Rules :- Rules   -- ^Combine two rules
-- 
cgit v1.3-2-g0d8e