Topics

1

18.1 Legacy Series / ICMP Packet Too Big missing in Firewall Rules

« on: May 21, 2018, 07:42:16 pm »

Is it possible to add the ICMP (Type 2) - Packet Too Big type in the firewall rules pull down?  I see a lot of the other typical types such as destination unreachable, time exceeded, parameter problem, echo reply/request, and etc.  Packet Too Big would be very helpful because it is required for IPv6 MTU path discovery.  I'm trying to filter the ICMP types to reduce the attack vector on downstream devices.  I'm just missing this one type for IPv6 to accomplish that task.  I did upgrade the box from 18.1.6 to 18.1.8, and a lot of things work better for sure!!  But this ICMP type is still missing from the pull down, and I know that I can not make changes directly to the /tmp/rules.debug file.  They must be auto-generated because on reboot and etc, any changes disappear.  Thanks for any assistance!