diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index c128062bdaa..5734e1cef07 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -2106,7 +2106,9 @@ def network_rules(session, args):
                 range = start + "/" + end
                 if start == "-1":
                     range = "any"
-                    iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
+                elif end == "-1":
+                    range = start
+                iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
             util.pread2(iptables)
             util.SMlog(iptables)
         
@@ -2117,7 +2119,9 @@ def network_rules(session, args):
                 range = start + "/" + end
                 if start == "-1":
                     range = "any"
-                    iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
+                elif end == "-1":
+                    range = start
+                iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
             util.pread2(iptables)
             util.SMlog(iptables)
             
diff --git a/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java b/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java
index 940105b54d7..c748028301a 100644
--- a/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java
+++ b/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java
@@ -101,9 +101,10 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd {
         	if (icmpType == -1 && icmpCode != -1) {
         		throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid icmp type range" );
         	} 
-        	if (icmpCode > 255) {
+        	if (icmpCode > 15) {
         		throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid icmp code " );
         	}
+        	
         	startPortOrType = icmpType;
         	endPortOrCode= icmpCode;
         } else if (protocol.equals("all")) {
@@ -195,6 +196,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd {
                     s_logger.debug( "Invalid cidr (" + cidr + ") given, unable to authorize ingress.");	
                     throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid cidr (" + cidr + ") given, unable to authorize ingress.");	
         		}
+        		
         		authorizedCidrs.add(cidr);
         	}
         }
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index d47f4db47e8..b899d84b51b 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -407,6 +407,9 @@ public class NetUtils {
         
         if (cidrSizeNum < 0 || cidrSizeNum > 32) return false;
         
+        if (cidrAddress.equals("0.0.0.0") && cidrSizeNum != 0) 
+        	return false;
+        
         return true;
 	}