#!/bin/bash
%for num_int in %%range(0, %%int(%%nombre_interfaces))
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type destination-unreachable -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type network-unreachable -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type source-quench -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type fragmentation-needed -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type time-exceeded -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type parameter-problem -j ACCEPT
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type echo-reply -j ACCEPT
 %if %%getVar('restrict_ping_request', 'non') == 'oui'
  %if %%getVar('admin_eth' + %%str(%%num_int), 'non') == 'oui'
   %for %%ip_admin in %%getVar('ip_admin_eth' + %%str(%%num_int))
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type echo-request -s %%ip_admin/%%getattr(%%ip_admin, 'netmask_admin_eth' + %%str(%%num_int)) -j ACCEPT
   %end for
  %end if
 %else
/sbin/iptables -A eth%%num_int-root -p icmp --icmp-type echo-request -j ACCEPT
 %end if
%end for
