@catonic said in 2.4.4 ICMPv6 Firewall Rules?:
because ICMPv6 is not an option on the drop-down
Sure it is.. What do you think ICMP is when you select IPv6?
icmpv6.jpg
Here created a test rule
[23.05.1-RELEASE][admin@sg4860.local.lan]/root: cat /tmp/rules.debug | grep "test icmpv6"
pass in quick on $TEST inet6 proto ipv6-icmp from any to any ridentifier 1695465595 keep state label "USER_RULE: test icmpv6" label "id:1695465595"
[23.05.1-RELEASE][admin@sg4860.local.lan]/root
This thread is 3 some years old - if you are having a problem, it would be best if you actually give details of what your trying to accomplish, how and what you have done to test it.
There are also hidden rules that allow some icmpv6
# Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep)
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {129,133,134,135,136} ridentifier 1000000108 keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {129,133,134,135,136} ridentifier 1000000109 keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} ridentifier 1000000110 keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} ridentifier 1000000111 keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} ridentifier 1000000112 keep state
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type {128,133,134,135,136} ridentifier 1000000113 keep state
Here I created a icmpv6 echo request rule, then sent some ipv6 pings..
echreq.jpg
And the counter goes up.