The intended side-effect here is that iptables-translate will accept
them too. In nftables, the names are supported since basically day 1.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libipt_icmp.txlate | 6 ++++++
extensions/libxt_icmp.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/extensions/libipt_icmp.txlate b/extensions/libipt_icmp.txlate
index e7208d8b874c7..4315875bb1eb7 100644
--- a/extensions/libipt_icmp.txlate
+++ b/extensions/libipt_icmp.txlate
@@ -9,3 +9,9 @@ nft 'add rule ip filter INPUT icmp type != destination-unreachable counter accep
iptables-translate -t filter -A INPUT -m icmp --icmp-type any -j ACCEPT
nft 'add rule ip filter INPUT ip protocol icmp counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type info-request -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-request counter accept'
+
+iptables-translate -t filter -A INPUT -m icmp --icmp-type 16 -j ACCEPT
+nft 'add rule ip filter INPUT icmp type info-reply counter accept'
diff --git a/extensions/libxt_icmp.h b/extensions/libxt_icmp.h
index 7a45b4bd2ec6d..c44aa4b106557 100644
--- a/extensions/libxt_icmp.h
+++ b/extensions/libxt_icmp.h
@@ -52,6 +52,9 @@ static const struct xt_icmp_names {
{ "timestamp-reply", 14, 0, 0xFF },
+ { "info-request", 15, 0, 0xFF },
+ { "info-reply", 16, 0, 0xFF },
+
{ "address-mask-request", 17, 0, 0xFF },
{ "address-mask-reply", 18, 0, 0xFF }
--
2.48.1
