gce: fix icmpv6 in firewalls

IPv6 in firewalls must use icmpv6, not icmp. Remap in our ipv6 generator for simplicity.
2023-04-25 20:59:47 -04:00 · 2023-04-25 20:59:47 -04:00 · b835184ea4
parent 5d9ce2716a
commit b835184ea4
1 changed files with 9 additions and 0 deletions
--- a/pkg/model/gcemodel/firewall.go
+++ b/pkg/model/gcemodel/firewall.go
@ -198,5 +198,14 @@ func (b *GCEModelContext) AddFirewallRulesTasks(c *fi.CloudupModelBuilderContext
 		ipv6.Disabled = true
 		ipv6.SourceRanges = []string{"::/0"}
 	}
+	var ipv6Allowed []string
+	for _, allowed := range ipv6.Allowed {
+		// Map icmp to icmpv6; easier than maintaining separate lists
+		if allowed == "icmp" {
+			allowed = "58" // 58 == the IANA protocol number for ICMPv6
+		}
+		ipv6Allowed = append(ipv6Allowed, allowed)
+	}
+	ipv6.Allowed = ipv6Allowed
 	c.AddTask(&ipv6)
 }