pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-03-05 18:26:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix icmp when ports disabled

Browse Source 
Fixes #247
This commit is contained in:
Owen
2026-03-03 16:38:11 -08:00
parent 7920295b8c
commit e474866f84
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
netstack2/subnet_lookup.go
View File

@@ -167,10 +167,13 @@ func (sl *SubnetLookup) Match(srcIP, dstIP netip.Addr, port uint16, proto tcpip.
// Step 3: Check each rule for ICMP and port restrictions
for _, rule := range rules {
// Check if ICMP is disabled for this rule
if rule.DisableIcmp && (proto == header.ICMPv4ProtocolNumber || proto == header.ICMPv6ProtocolNumber) {
// ICMP is disabled for this subnet
return nil
// Handle ICMP before port range check ICMP has no ports
if proto == header.ICMPv4ProtocolNumber || proto == header.ICMPv6ProtocolNumber {
if rule.DisableIcmp {
return nil
}
// ICMP is allowed; port ranges don't apply to ICMP
return rule
}
// Check port restrictions