Currently, I have this as one of my IPv4 firewall rules:
rule 20 {
action accept
icmp {
type-name any
}
protocol icmp
}
That’s nice and concise and appears to work fine. Now I’m adding some IPv6 firewall rules. But there doesn’t appear to be a “type-name any” for ICMPv6. So is the following sufficient to permit all ICMPv6 types?
rule 20 {
action accept
protocol icmpv6
}
Or am I stuck with making individual rules for every possible type, as follows?
rule 20 {
action accept
icmpv6 {
type destination-unreachable
}
protocol icmpv6
}
rule 21 {
action accept
icmpv6 {
type packet-too-big
}
protocol icmpv6
}
...
rule 29 {
action accept
icmpv6 {
type neighbor-advertisement
}
protocol icmpv6
}