From e890c50da6ccf4eeac63b9705f40cead351b9995 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Wed, 25 Dec 2024 20:05:46 +0000
Subject: [PATCH] feat(firewall): support icmp rules

---
 internal/firewall/list.go      |  4 +++-
 internal/firewall/list_test.go | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/internal/firewall/list.go b/internal/firewall/list.go
index 14b612d76..25724250f 100644
--- a/internal/firewall/list.go
+++ b/internal/firewall/list.go
@@ -22,7 +22,7 @@ type chainRule struct {
 	packets         uint64
 	bytes           uint64
 	target          string       // "ACCEPT", "DROP", "REJECT" or "REDIRECT"
-	protocol        string       // "tcp", "udp" or "" for all protocols.
+	protocol        string       // "icmp", "tcp", "udp" or "" for all protocols.
 	inputInterface  string       // input interface, for example "tun0" or "*""
 	outputInterface string       // output interface, for example "eth0" or "*""
 	source          netip.Prefix // source IP CIDR, for example 0.0.0.0/0. Must be valid.
@@ -324,6 +324,8 @@ var ErrProtocolUnknown = errors.New("unknown protocol")
 func parseProtocol(s string) (protocol string, err error) {
 	switch s {
 	case "0":
+	case "1":
+		protocol = "icmp"
 	case "6":
 		protocol = "tcp"
 	case "17":
diff --git a/internal/firewall/list_test.go b/internal/firewall/list_test.go
index 7adcd7168..13953b9f5 100644
--- a/internal/firewall/list_test.go
+++ b/internal/firewall/list_test.go
@@ -56,7 +56,8 @@ num pkts bytes target     prot opt in     out     source               destinati
 num pkts bytes target     prot opt in     out     source               destination
 1   0     0 ACCEPT     17   --  tun0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:55405
 2   0     0 ACCEPT     6    --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:55405
-3   0     0 DROP       0    --  tun0   *       1.2.3.4              0.0.0.0/0
+3   0     0 ACCEPT     1    --  tun0   *       0.0.0.0/0            0.0.0.0/0
+4   0     0 DROP       0    --  tun0   *       1.2.3.4              0.0.0.0/0
 `,
 			table: chain{
 				name:    "INPUT",
@@ -92,6 +93,17 @@ num pkts bytes target     prot opt in     out     source               destinati
 						lineNumber:      3,
 						packets:         0,
 						bytes:           0,
+						target:          "ACCEPT",
+						protocol:        "icmp",
+						inputInterface:  "tun0",
+						outputInterface: "*",
+						source:          netip.MustParsePrefix("0.0.0.0/0"),
+						destination:     netip.MustParsePrefix("0.0.0.0/0"),
+					},
+					{
+						lineNumber:      4,
+						packets:         0,
+						bytes:           0,
 						target:          "DROP",
 						protocol:        "",
 						inputInterface:  "tun0",