What were you trying to do that didn't work?

iptables or iptables-translate command does not support icmptype 15 and 16 

What is the impact of this issue to you?

When we are moving iptables to nftables, the rule with icmptype 15 and 16.

customer migration path from iptables rules to nftable rules depends on this.

They know these types are deprecated, but they are using in their setup so they feel if it can add such rules would be nice

Please provide the package NVR for which the bug is seen:

iptables-nft-1.8.10-11.el9_5

How reproducible is this bug?:

1. execute the below

[root@www ~]# iptables -t filter -N CHAIN1
[root@www ~]#  iptables -t filter -N CHAIN2
[root@www ~]# iptables -t filter -I CHAIN1 1 -s 1.1.1.1/32 -d 2.2.2.2/32 -p icmp -m icmp --icmp-type 15 -j CHAIN2
[root@www ~]# nft -n list ruleset

1. Warning: table ip filter is managed by iptables-nft, do not touch!
   table ip filter {
       chain CHAIN1 {         ip saddr 1.1.1.1 ip daddr 2.2.2.2 ip protocol 1 xt match "icmp" counter packets 0 bytes 0 jump CHAIN2  <<< icmp type 15 is missing     }

    chain CHAIN2

}

Expected results

icmp type 15 is not added

Actual results

Rule gets added without icmp type