% pfilter - packet filtering for GNU/Linux
%
% pfilter ruleset for ping service

% Copyright 2003 Neil Gorsuch
%
% This file is part of pfilter.
%
% pfilter is free software; you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation; either version 2 of the License, or
% (at your option) any later version.
%
% pfilter is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with this program; if not, write to the Free Software
% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

% This service is defined because it is an icmp type and therefore
% will not be automatically parsed from /etc/services or /etc/protocols,
% and because we want to allow broadcast pings also

%macro service-ping-open src_address dest_address src_int dest_int src_bcast dest_bcast
%open_protocol_port% %src_address% %dest_address% %src_int% ANY icmp 0
%open_protocol_port% %src_address% %dest_address% %src_int% ANY icmp 8
%open_protocol_port% %src_address% %src_bcast% %src_int% ANY icmp 0 %if %src_bcast% != UNKNOWN
%open_protocol_port% %src_address% %src_bcast% %src_int% ANY icmp 8 %if %src_bcast% != UNKNOWN
%endmacro

%macro service-multicast-close src_address dest_address src_int dest_int src_bcast dest_bcast
%close_protocol_port% %src_address% %dest_address% %src_int% ANY icmp 0
%close_protocol_port% %src_address% %dest_address% %src_int% ANY icmp 8
%close_protocol_port% %src_address% %src_bcast% %src_int% ANY icmp 0 %if %src_bcast% != UNKNOWN
%close_protocol_port% %src_address% %src_bcast% %src_int% ANY icmp 8 %if %src_bcast% != UNKNOWN
%endmacro

