Firewall: Add icmp-group and icmpv6-groups
Open, NormalPublicFEATURE REQUEST
Actions

Assigned To

None

Authored By

	L0crian
	Aug 31 2025, 10:39 AM

Description

It could be useful to have firewall groups for ICMP Types. Particularly for IPv6 where you often need multiple types.

Proposed syntax:

set firewall group icmp-group type <name of ICMP type>
set firewall group icmpv6-group type <name of ICMPv6 type>

set firewall ipv4 input filter rule 10 icmp group <name of icmp-group>
set firewall ipv6 input filter rule 10 icmpv6 group <name of icmpv6-group>

It could allow for concatenation of the element so you can have the type/code pair, but I think that might make things messier and harder for user's to understand. If an explicit type/code pair wish to be matched, that would remain within a single firewall rule.

Details

Version: -
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Feature (new functionality)

Event Timeline

L0crian created this task.Aug 31 2025, 10:39 AM

pasik subscribed.Aug 31 2025, 10:46 AM

Viacheslav triaged this task as Normal priority.Sep 1 2025, 4:08 PM

tuxnet subscribed.Nov 1 2025, 6:22 PM

Firewall: Add icmp-group and icmpv6-groupsOpen, NormalPublicFEATURE REQUESTActions

Description

Proposed syntax:

Details

Event Timeline

Firewall: Add icmp-group and icmpv6-groups
Open, NormalPublicFEATURE REQUEST
Actions