Firewall: What is the equivalent of "icmp type-name any" for icmpv6?


#1

Currently, I have this as one of my IPv4 firewall rules:

rule 20 { action accept icmp { type-name any } protocol icmp }

That’s nice and concise and appears to work fine. Now I’m adding some IPv6 firewall rules. But there doesn’t appear to be a “type-name any” for ICMPv6. So is the following sufficient to permit all ICMPv6 types?

rule 20 { action accept protocol icmpv6 }

Or am I stuck with making individual rules for every possible type, as follows?

rule 20 { action accept icmpv6 { type destination-unreachable } protocol icmpv6 } rule 21 { action accept icmpv6 { type packet-too-big } protocol icmpv6 } ... rule 29 { action accept icmpv6 { type neighbor-advertisement } protocol icmpv6 }