FWD_START_TEST([rich rule icmptypes with one family])

AT_KEYWORDS(rich icmp rhbz1855140)

FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore)

FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept'], 0, ignore)

FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept'], 0, ignore)

FWD_RELOAD

NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl

    table inet firewalld {

        chain filter_IN_public_allow {

            tcp dport 22 ct state new,untracked accept

            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept

            tcp dport 9090 ct state new,untracked accept

            icmp type echo-request accept

            icmpv6 type echo-request accept

            icmpv6 type nd-neighbor-advert accept

            icmp type timestamp-request accept

        }

    }

])

IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED

    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8

    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 13

])

IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl

    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED

    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED

    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED

    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128

    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136

])

FWD_END_TEST