aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2021-05-05 17:42:33 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2021-05-05 17:42:33 +0300
commitd34e447b684a3f29ea81a1304272c6837d11cffb (patch)
tree64fd96099043f18257bfef971d5b7042d3fe4c3a
parentb5d29401aa25dbc29ab75fd6a9336559617c5612 (diff)
downloadawall-d34e447b684a3f29ea81a1304272c6837d11cffb.tar.gz
awall-d34e447b684a3f29ea81a1304272c6837d11cffb.tar.bz2
awall-d34e447b684a3f29ea81a1304272c6837d11cffb.tar.xz
fix related ICMPv6 rulesv1.9.1
-rw-r--r--awall/modules/filter.lua4
-rw-r--r--test/output/address/dump6
-rw-r--r--test/output/address/rules6-save6
-rw-r--r--test/output/custom/dump6
-rw-r--r--test/output/custom/rules6-save6
-rw-r--r--test/output/dedicated/dump6
-rw-r--r--test/output/dedicated/rules6-save6
-rw-r--r--test/output/filter-dnat/dump6
-rw-r--r--test/output/filter-dnat/rules6-save6
-rw-r--r--test/output/filter-limit/dump6
-rw-r--r--test/output/filter-limit/rules6-save6
-rw-r--r--test/output/filter-log/dump6
-rw-r--r--test/output/filter-log/rules6-save6
-rw-r--r--test/output/filter/dump6
-rw-r--r--test/output/filter/rules6-save6
-rw-r--r--test/output/ipset/dump6
-rw-r--r--test/output/ipset/rules6-save6
-rw-r--r--test/output/nat/dump6
-rw-r--r--test/output/nat/rules6-save6
-rw-r--r--test/output/no-track/dump6
-rw-r--r--test/output/no-track/rules6-save6
-rw-r--r--test/output/route-track/dump6
-rw-r--r--test/output/route-track/rules6-save6
-rw-r--r--test/output/tproxy/dump6
-rw-r--r--test/output/tproxy/rules6-save6
25 files changed, 75 insertions, 73 deletions
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index 3076f49..c76fbf4 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -440,7 +440,9 @@ local function stateful(config)
{
{match='-m conntrack --ctstate ESTABLISHED', target='ACCEPT'},
{
- match='-p icmp -m conntrack --ctstate RELATED',
+ match='-p '..(
+ {inet='icmp', inet6='icmpv6'}
+ )[family]..' -m conntrack --ctstate RELATED',
target='icmp-routing'
}
}
diff --git a/test/output/address/dump b/test/output/address/dump
index 10f0c80..889aef3 100644
--- a/test/output/address/dump
+++ b/test/output/address/dump
@@ -12575,7 +12575,7 @@ COMMIT
:logpass-92 - [0:0]
:logpass-93 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD
-A FORWARD -j logaccept-0
@@ -12876,7 +12876,7 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT
@@ -13062,7 +13062,7 @@ COMMIT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT
diff --git a/test/output/address/rules6-save b/test/output/address/rules6-save
index 71bcc74..ae6fe5f 100644
--- a/test/output/address/rules6-save
+++ b/test/output/address/rules6-save
@@ -243,7 +243,7 @@
:logpass-92 - [0:0]
:logpass-93 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD
-A FORWARD -j logaccept-0
@@ -544,7 +544,7 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT
@@ -730,7 +730,7 @@
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT
diff --git a/test/output/custom/dump b/test/output/custom/dump
index a673e04..ceb6bba 100644
--- a/test/output/custom/dump
+++ b/test/output/custom/dump
@@ -597,7 +597,7 @@ COMMIT
:custom:foo - [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -j custom:foo
-A FORWARD -i eth0 -j ACCEPT
@@ -630,14 +630,14 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -s fc00::/7 -j custom:foo
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -j ACCEPT
diff --git a/test/output/custom/rules6-save b/test/output/custom/rules6-save
index 586bc6e..2316528 100644
--- a/test/output/custom/rules6-save
+++ b/test/output/custom/rules6-save
@@ -6,7 +6,7 @@
:custom:foo - [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -j custom:foo
-A FORWARD -i eth0 -j ACCEPT
@@ -39,14 +39,14 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -s fc00::/7 -j custom:foo
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -j ACCEPT
diff --git a/test/output/dedicated/dump b/test/output/dedicated/dump
index 547760a..928b6db 100644
--- a/test/output/dedicated/dump
+++ b/test/output/dedicated/dump
@@ -603,7 +603,7 @@ COMMIT
-A INPUT -j awall-INPUT
-A OUTPUT -j awall-OUTPUT
-A awall-FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-FORWARD -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-FORWARD -i eth0 -j ACCEPT
-A awall-FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -634,13 +634,13 @@ COMMIT
-A awall-INPUT -j TEE --gateway fc00::2
-A awall-INPUT -m limit --limit 1/second -j LOG
-A awall-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-INPUT -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-INPUT -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-INPUT -i lo -j ACCEPT
-A awall-INPUT -i eth0 -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -p icmpv6 -j ACCEPT
-A awall-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-OUTPUT -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-OUTPUT -o lo -j ACCEPT
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/dedicated/rules6-save b/test/output/dedicated/rules6-save
index c065b4d..4b5a08d 100644
--- a/test/output/dedicated/rules6-save
+++ b/test/output/dedicated/rules6-save
@@ -11,7 +11,7 @@
-A INPUT -j awall-INPUT
-A OUTPUT -j awall-OUTPUT
-A awall-FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-FORWARD -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-FORWARD -i eth0 -j ACCEPT
-A awall-FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -42,13 +42,13 @@
-A awall-INPUT -j TEE --gateway fc00::2
-A awall-INPUT -m limit --limit 1/second -j LOG
-A awall-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-INPUT -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-INPUT -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-INPUT -i lo -j ACCEPT
-A awall-INPUT -i eth0 -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -p icmpv6 -j ACCEPT
-A awall-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A awall-OUTPUT -p icmp -m conntrack --ctstate RELATED -j awall-icmp-routing
+-A awall-OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j awall-icmp-routing
-A awall-OUTPUT -o lo -j ACCEPT
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/filter-dnat/dump b/test/output/filter-dnat/dump
index c59eb3b..0d59c48 100644
--- a/test/output/filter-dnat/dump
+++ b/test/output/filter-dnat/dump
@@ -598,7 +598,7 @@ COMMIT
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
@@ -630,14 +630,14 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/filter-dnat/rules6-save b/test/output/filter-dnat/rules6-save
index b36a21f..9fd959f 100644
--- a/test/output/filter-dnat/rules6-save
+++ b/test/output/filter-dnat/rules6-save
@@ -5,7 +5,7 @@
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
@@ -37,14 +37,14 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/filter-limit/dump b/test/output/filter-limit/dump
index db8a3fa..ba71f2c 100644
--- a/test/output/filter-limit/dump
+++ b/test/output/filter-limit/dump
@@ -153362,7 +153362,7 @@ COMMIT
-A FORWARD -j logdrop-2201
-A FORWARD -j logdrop-2200
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-0
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-1
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-2
@@ -157683,7 +157683,7 @@ COMMIT
-A INPUT -j logdrop-2201
-A INPUT -j logdrop-2200
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logaccept-final-0
@@ -161979,7 +161979,7 @@ COMMIT
-A OUTPUT -j logdrop-2201
-A OUTPUT -j logdrop-2200
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j logdrop-0
-A OUTPUT -o eth1 -d fc00::/7 -j logdrop-1
diff --git a/test/output/filter-limit/rules6-save b/test/output/filter-limit/rules6-save
index 904e51d..94085d5 100644
--- a/test/output/filter-limit/rules6-save
+++ b/test/output/filter-limit/rules6-save
@@ -10442,7 +10442,7 @@
-A FORWARD -j logdrop-2201
-A FORWARD -j logdrop-2200
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-0
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-1
-A FORWARD -o eth1 -d fc00::/7 -j logdrop-2
@@ -14763,7 +14763,7 @@
-A INPUT -j logdrop-2201
-A INPUT -j logdrop-2200
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logaccept-final-0
@@ -19059,7 +19059,7 @@
-A OUTPUT -j logdrop-2201
-A OUTPUT -j logdrop-2200
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j logdrop-0
-A OUTPUT -o eth1 -d fc00::/7 -j logdrop-1
diff --git a/test/output/filter-log/dump b/test/output/filter-log/dump
index 165e132..fb26e5c 100644
--- a/test/output/filter-log/dump
+++ b/test/output/filter-log/dump
@@ -951,7 +951,7 @@ COMMIT
:logpass-1 - [0:0]
:logpass-2 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
@@ -1005,7 +1005,7 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
@@ -1034,7 +1034,7 @@ COMMIT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
diff --git a/test/output/filter-log/rules6-save b/test/output/filter-log/rules6-save
index bf1ce29..c6aef0d 100644
--- a/test/output/filter-log/rules6-save
+++ b/test/output/filter-log/rules6-save
@@ -17,7 +17,7 @@
:logpass-1 - [0:0]
:logpass-2 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
@@ -71,7 +71,7 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
@@ -100,7 +100,7 @@
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
diff --git a/test/output/filter/dump b/test/output/filter/dump
index 77beee1..c8ec4ca 100644
--- a/test/output/filter/dump
+++ b/test/output/filter/dump
@@ -675,7 +675,7 @@ COMMIT
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
@@ -712,7 +712,7 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j ACCEPT
@@ -724,7 +724,7 @@ COMMIT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j ACCEPT
diff --git a/test/output/filter/rules6-save b/test/output/filter/rules6-save
index 162ec77..f6458f9 100644
--- a/test/output/filter/rules6-save
+++ b/test/output/filter/rules6-save
@@ -9,7 +9,7 @@
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
@@ -46,7 +46,7 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j ACCEPT
@@ -58,7 +58,7 @@
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j ACCEPT
diff --git a/test/output/ipset/dump b/test/output/ipset/dump
index c345156..5c31234 100644
--- a/test/output/ipset/dump
+++ b/test/output/ipset/dump
@@ -598,7 +598,7 @@ COMMIT
:icmp-routing - [0:0]
:logdrop-ssh-0 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -m set --match-set bar src -p tcp --dport 22 -j logdrop-ssh-0
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
@@ -630,14 +630,14 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m set --match-set bar src -p tcp --dport 22 -j logdrop-ssh-0
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/ipset/rules6-save b/test/output/ipset/rules6-save
index ecc2de0..5fc6388 100644
--- a/test/output/ipset/rules6-save
+++ b/test/output/ipset/rules6-save
@@ -6,7 +6,7 @@
:icmp-routing - [0:0]
:logdrop-ssh-0 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -m set --match-set bar src -p tcp --dport 22 -j logdrop-ssh-0
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
@@ -38,14 +38,14 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m set --match-set bar src -p tcp --dport 22 -j logdrop-ssh-0
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/nat/dump b/test/output/nat/dump
index 9a3dd43..43062b8 100644
--- a/test/output/nat/dump
+++ b/test/output/nat/dump
@@ -909,7 +909,7 @@ COMMIT
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -940,13 +940,13 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/nat/rules6-save b/test/output/nat/rules6-save
index cb63c6a..7d397cb 100644
--- a/test/output/nat/rules6-save
+++ b/test/output/nat/rules6-save
@@ -5,7 +5,7 @@
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -36,13 +36,13 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/no-track/dump b/test/output/no-track/dump
index 9e777a7..a53e59a 100644
--- a/test/output/no-track/dump
+++ b/test/output/no-track/dump
@@ -677,7 +677,7 @@ COMMIT
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -708,7 +708,7 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p esp -j ACCEPT
@@ -717,7 +717,7 @@ COMMIT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
diff --git a/test/output/no-track/rules6-save b/test/output/no-track/rules6-save
index 234cf99..0be16f2 100644
--- a/test/output/no-track/rules6-save
+++ b/test/output/no-track/rules6-save
@@ -5,7 +5,7 @@
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -36,7 +36,7 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p esp -j ACCEPT
@@ -45,7 +45,7 @@
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
diff --git a/test/output/route-track/dump b/test/output/route-track/dump
index f6385c9..d6acce7 100644
--- a/test/output/route-track/dump
+++ b/test/output/route-track/dump
@@ -587,7 +587,7 @@ COMMIT
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -618,13 +618,13 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/route-track/rules6-save b/test/output/route-track/rules6-save
index e030e52..5c929e8 100644
--- a/test/output/route-track/rules6-save
+++ b/test/output/route-track/rules6-save
@@ -5,7 +5,7 @@
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -36,13 +36,13 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/tproxy/dump b/test/output/tproxy/dump
index 564c817..ed75c7f 100644
--- a/test/output/tproxy/dump
+++ b/test/output/tproxy/dump
@@ -580,7 +580,7 @@ COMMIT
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -611,13 +611,13 @@ COMMIT
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
diff --git a/test/output/tproxy/rules6-save b/test/output/tproxy/rules6-save
index f2f50d8..17280ef 100644
--- a/test/output/tproxy/rules6-save
+++ b/test/output/tproxy/rules6-save
@@ -5,7 +5,7 @@
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A FORWARD -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -36,13 +36,13 @@
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
--A OUTPUT -p icmp -m conntrack --ctstate RELATED -j icmp-routing
+-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT