diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops index e2b9a6bb782..e6d77aa2a3d 100755 --- a/scripts/vm/hypervisor/xenserver/vmops +++ b/scripts/vm/hypervisor/xenserver/vmops @@ -1286,7 +1286,7 @@ def network_rules(session, args): range = start + "/" + end if start == "-1": range = "any" - iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', keyword, ipsetname, 'src', '-j', 'ACCEPT'] + iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', keyword, ipsetname, 'src', '-j', 'ACCEPT'] cmds.append(iptables) util.SMlog(iptables) @@ -1297,7 +1297,7 @@ def network_rules(session, args): range = start + "/" + end if start == "-1": range = "any" - iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT'] + iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT'] cmds.append(iptables) util.SMlog(iptables) diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index f73491cf8a3..e18fb49e673 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -564,8 +564,11 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG if (icmpType == -1 && icmpCode != -1) { throw new InvalidParameterValueException("Invalid icmp type range"); } - if (icmpCode > 255) { - throw new InvalidParameterValueException("Invalid icmp code "); + if (icmpType != -1 && icmpCode == -1) { + throw new InvalidParameterValueException("Invalid icmp code: need non-negative icmp code "); + } + if (icmpCode > 255 || icmpType > 255 || icmpCode < -1 || icmpType < -1) { + throw new InvalidParameterValueException("Invalid icmp type/code "); } startPortOrType = icmpType; endPortOrCode = icmpCode;