From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 8 Jun 2017 17:44:32 +0200
Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
 conflicting family

Only raise error for an ICMP block in a rich-rule if a family has been
specified and conflicts with the ICMP destination.

Fixes: RHBZ#1459921
---
 src/firewall/core/fw_zone.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 4f3f18c0..f47222e4 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
                     raise FirewallError(errors.INVALID_RULE,
                                         "IcmpBlock not usable with accept action")
                 if ict.destination and ipv not in ict.destination:
+                    if rule.family is None:
+                        # Add for IPv4 or IPv6 depending on ict.destination
+                        continue
                     raise FirewallError(
                         errors.INVALID_RULE,
                         "Icmp%s %s not usable with %s" % \