Ah! I was looking for it somewhere in config (like the services) but there it is in code!
I KNEW it wasn't magic. 🙂
Also, your comment about the iptables icmptype(s) led me to `iptables -p icmp -h` so I
appreciate that. I'm sure the mechanics behind that are located inside iptables'
code, but I think I have what I need, at this point.
Thanks very much for taking the time to reply.
Scott
________________________________
From: Eric Garver <egarver(a)redhat.com>
Sent: August 29, 2020 8:42 AM
To: Scott A. Wozny <sawozny(a)hotmail.com>
Cc: firewalld-users(a)lists.fedorahosted.org
<firewalld-users(a)lists.fedorahosted.org>
Subject: Re: Firewalld ICMP types
On Fri, Aug 28, 2020 at 10:56:30PM -0000, Scott A. Wozny wrote:
Where does firewalld map it's ICMP types located in
/usr/lib/firewalld/icmptypes to actual ICMP types like these:
https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml.
For example, I don't see anything in echo-request.xml indicating it's
ICMP type 8, so how does the firewall know when filtering ICMP
packets?
For the iptables backend the icmptype name is passed verbatim to
iptables. firewalld's icmptype names are actually derived from iptables.
For nftables they're translated [1] into nftables's names and/or
type/code.
[1]:
https://github.com/firewalld/firewalld/blob/956db5ecc15be55d49611e05c23c1...