Firewalld icmptype destinations

Some firewalld icmptype files contain one destination: either ipv4 or ipv6.
Some have ipv4=yes, others ipv4=no, yet others ipv6=yes or ipv6=no.
Some files have both ipv4 and ipv6 and any permutations of no and yes.
What does it mean when there is only one vs when there are both?
In other words, does ipv4=yes alone mean the same as ipv4=yes and ipv6=no?

Can someone please take a look?
This area is very sparsely documented, so chances of me finding information on my own are slim.

man firewalld.icmptype
Is an optional empty-element tag and can be used only once. The destination tag specifies if an icmptype
entry is available for IPv4 and/or IPv6. The default is IPv4 and IPv6, where this tag can be missing.

   ipv4="bool"
       Describes if the icmptype is available for IPv4.

   ipv6="bool"
       Describes if the icmptype is available for IPv6.

Some additional info here: FreeKB - Firewalld firewall-cmd - allow or deny ICMP

You can check with sudo firewall-cmd --info-icmptype=source-quench

This appears to work like:
default both yes
If just one is set the other will be no

I probably do not know enough to realize right away whether that answers my question or not. Let me rephrase my question:

If an ICMP type has IPv4=yes and IPv6=no, is it the same as if it only contained IPv4=yes?
If it contains IPv4=no and IPv6=yes, it is the same as if it only contained IPv6=yes?
If it contains IPv4=yes and IPv6=yes, it is the same as no destinations at all?
If there are no destinations at all, is it the same as IPv4=yes and IPv6=yes, or is it the same as IPv4=no and IPv6=no?

If an ICMP type has IPv4=yes and IPv6=no, is it the same as if it only contained IPv4=yes?

Yes,
destination: ipv4

If it contains IPv4=no and IPv6=yes, it is the same as if it only contained IPv6=yes?

Yes,
destination: ipv6

If it contains IPv4=yes and IPv6=yes, it is the same as no destinations at all?

Yes,
destination: ipv4 ipv6

If there are no destinations at all, is it the same as IPv4=yes and IPv6=yes, or is it the same as IPv4=no and IPv6=no?

Same as yes yes

1 Like

Now it is super-clear!