firewall: adjust for parseReplace() for icmp-type "skip"; closes #9738

Direction was a little tricky.  Would be nice to have tests for this.  ;)
This commit is contained in:
Franco Fichtner 2026-02-05 21:26:00 +01:00
parent b84bd68b29
commit a09fab2c8d
2 changed files with 13 additions and 12 deletions

View file

@ -54,7 +54,7 @@ class FilterRule extends Rule
'os' => 'parsePlain, os {","}',
'to' => 'parsePlainCurly,to ',
'to_port' => 'parsePlainCurly, port ',
'icmp-type' => 'parsePlain,icmp-type {,}',
'icmp-type' => 'parseReplaceSimple,skip:"skip",icmp-type {,}',
'icmp6-type' => 'parsePlain,icmp6-type {,}',
'flags' => 'parsePlain, flags ',
'state' => 'parseState',

View file

@ -1,7 +1,7 @@
<?php
/*
* Copyright (C) 2017-2023 Deciso B.V.
* Copyright (C) 2017-2026 Deciso B.V.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -228,27 +228,28 @@ abstract class Rule
}
/**
* parse data, use replace map
* @param string $value field value
* parse data, use replace map for CSV values
* @param string $values combined field values
* @param string $map
* @param string $prefix
* @param string $suffix
* @return string
*/
protected function parseReplaceSimple($value, $map, $prefix = "", $suffix = "")
protected function parseReplaceSimple($values, $map, $prefix = '', $suffix = '')
{
$retval = $value;
$retvals = !is_null($values) && strlen($values) ? explode(',', $values) : [];
foreach (explode('|', $map) as $item) {
$tmp = explode(':', $item);
if ($tmp[0] == $value) {
$retval = $tmp[1] . " ";
break;
if (in_array($tmp[0], $retvals)) {
$retvals[array_search($tmp[0], $retvals)] = $tmp[1];
} elseif (!count($retvals) && $tmp[0] === '') {
$retvals[] = $tmp[1];
}
}
if (!empty($retval)) {
return $prefix . $retval . $suffix . " ";
if (count($retvals)) {
return $prefix . join(',', $retvals) . $suffix . ' ';
} else {
return "";
return '';
}
}