Filtering ICMPv6 Messages (RFC 4890)
-
I wonder if this RFC is also practically used to configure IPv6. So basically it lists traffic that must not be dropped for transit traffic and for local traffic. In short it says for transit traffic:
- Destination Unreachable (Type 1) - All codes
- Packet Too Big (Type 2)
- Time Exceeded (Type 3) - Code 0 only
- Parameter Problem (Type 4) - Codes 1 and 2 only
- Echo Request (Type 128)
- Echo Response (Type 129)
must not be dropped. In addition to these, for local traffic, there is another (a bit longer) list related to being a router e.g. router and neighbor solicitation and advertisement.
Related question: is it possible to specific the code of an ICMPv6 type in a rule ?
-
johnpoz LAYER 8 Global Moderatorlast edited by johnpoz Jul 13, 2021, 10:52 AM Jul 13, 2021, 10:50 AM
@metebalci said in Filtering ICMPv6 Messages (RFC 4890):
is it possible to specific the code of an ICMPv6 type in a rule ?
Yes
you can always look to the full rules to see what is allowed/blocked etc.. that might not be shown in the gui
https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.html
-
@johnpoz said in Filtering ICMPv6 Messages (RFC 4890):
@metebalci said in Filtering ICMPv6 Messages (RFC 4890):
is it possible to specific the code of an ICMPv6 type in a rule ?
Yes
This is type and it is how I do it, I wonder if it is possible to filter by code also.
@johnpoz said in Filtering ICMPv6 Messages (RFC 4890):
you can always look to the full rules to see what is allowed/blocked etc.. that might not be shown in the gui
https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.html
Thanks, I didnt know this, I will check.