tandyuk/gist:15cc3343071e7e15b7ce

## gistfile1.txt
[2.1.5-RELEASE][root@pfsense.office.tandyukservers.co.uk]/root(26): cat /tmp/rules.debug | grep -i 'icmp'
# IPv6 ICMP is not auxilary, it is required for operation
# See man icmp6(4)
pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state
# Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep)
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {129,133,134,135,136} keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {129,133,134,135,136} keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state
# We need inet6 icmp for stateless autoconfig and dhcpv6
# We need inet6 icmp for stateless autoconfig and dhcpv6
pass log  on {  pppoe1  em0  re0_vlan90  em1  } inet6 proto ipv6-icmp  from any to any keep state  label "USER_RULE"
pass  in log  quick  on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp  from 2001:1b40:5000:fe7::2 to any keep state  label "USER_RULE"
pass  in log  quick  on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp  from 2001:1b40:5000:22::/64 to any keep state  label "USER_RULE"
pass  in  quick  on $WAN reply-to ( pppoe1 212.42.162.226 ) inet proto icmp  from any to 87.252.44.195 keep state  label "USER_RULE: allow inbound ping"
pass  in log  quick  on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp  from 2001:1b40:5000:22::/64 to 2a02:13a0:a006:1::/64 icmp6-type echoreq keep state  label "USER_RULE: Allow remote monitor ping"
pass  in  quick  on $WIFI inet proto icmp  from 10.0.0.1/24 to any keep state  label "USER_RULE: Allow WIFI ICMP"
pass  in  quick  on $WIFI inet6 proto ipv6-icmp  from 2a02:13a0:a006:2::/64 to any keep state  label "USER_RULE: Allow WIFI ICMP"
	[2.1.5-RELEASE][root@pfsense.office.tandyukservers.co.uk]/root(26): cat /tmp/rules.debug \| grep -i 'icmp'
	# IPv6 ICMP is not auxilary, it is required for operation
	# See man icmp6(4)
	pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state
	# Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep)
	pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {129,133,134,135,136} keep state
	pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {129,133,134,135,136} keep state
	pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state
	pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} keep state
	pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state
	# We need inet6 icmp for stateless autoconfig and dhcpv6
	# We need inet6 icmp for stateless autoconfig and dhcpv6
	pass log on { pppoe1 em0 re0_vlan90 em1 } inet6 proto ipv6-icmp from any to any keep state label "USER_RULE"
	pass in log quick on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp from 2001:1b40:5000:fe7::2 to any keep state label "USER_RULE"
	pass in log quick on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp from 2001:1b40:5000:22::/64 to any keep state label "USER_RULE"
	pass in quick on $WAN reply-to ( pppoe1 212.42.162.226 ) inet proto icmp from any to 87.252.44.195 keep state label "USER_RULE: allow inbound ping"
	pass in log quick on $WAN reply-to ( sge0 fe80::f2f7:55ff:fe0c:5700 ) inet6 proto ipv6-icmp from 2001:1b40:5000:22::/64 to 2a02:13a0:a006:1::/64 icmp6-type echoreq keep state label "USER_RULE: Allow remote monitor ping"
	pass in quick on $WIFI inet proto icmp from 10.0.0.1/24 to any keep state label "USER_RULE: Allow WIFI ICMP"
	pass in quick on $WIFI inet6 proto ipv6-icmp from 2a02:13a0:a006:2::/64 to any keep state label "USER_RULE: Allow WIFI ICMP"