Ah!  I was looking for it somewhere in config (like the services) but there it is in code!  I KNEW it wasn't magic.  🙂

Also, your comment about the iptables icmptype(s) led me to `iptables -p icmp -h` so I appreciate that.  I'm sure the mechanics behind that are located inside iptables' code, but I think I have what I need, at this point.

Thanks very much for taking the time to reply.

Scott

From: Eric Garver <egarver@redhat.com>
Sent: August 29, 2020 8:42 AM
To: Scott A. Wozny <sawozny@hotmail.com>
Cc: firewalld-users@lists.fedorahosted.org <firewalld-users@lists.fedorahosted.org>
Subject: Re: Firewalld ICMP types
 
On Fri, Aug 28, 2020 at 10:56:30PM -0000, Scott A. Wozny wrote:
> Where does firewalld map it's ICMP types located in
> /usr/lib/firewalld/icmptypes to actual ICMP types like these:
> https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
>
> For example, I don't see anything in echo-request.xml indicating it's
> ICMP type 8, so how does the firewall know when filtering ICMP
> packets?

For the iptables backend the icmptype name is passed verbatim to
iptables. firewalld's icmptype names are actually derived from iptables.

For nftables they're translated [1] into nftables's names and/or
type/code.

[1]: https://github.com/firewalld/firewalld/blob/956db5ecc15be55d49611e05c23c1e3e245d9e47/src/firewall/core/nftables.py#L91-L157