Other Filter Rule Examples

ICMP Rules

Allowing ICMP for both IPv4 and IPv6 can be counter-intuitive because even though they are both generally called ICMP, they each have different protocol names and numbers.

The following rule allows ICMP for both IPv4 and ICMP6 for IPv6 in all directions:

tnsr(config-vpf-filter-ruleset)# rule 200
tnsr(config-vpf-filter-rule)# description Allow IPv4/IPv6 ICMP inbound
tnsr(config-vpf-filter-rule)# pass
tnsr(config-vpf-filter-rule)# stateful
tnsr(config-vpf-filter-rule)# protocol icmp ipv6-icmp
tnsr(config-vpf-filter-rule)# exit

Note

The protocol matches any of the given names, so this rule will match packets using either protocol. The lack of ip-version on the rule means the rule can match both IPv4 and IPv6 packets.