Digi TransPort WR31 User Manual page 706

Configure security settings
The following two rules are equivalent:
pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-
type 0
pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-
type echorep
Both of these rules allow echo replies to come in from interface ppp 0 if they are addressed to our
example local network address (10.1.2.*).
In addition to having a type, ICMP packets also include an ICMP code field. The filter syntax allows
specifying an optional code field after the ICMP type. When specified, the code field must also
match. Specify the ICMP code field with a decimal number.
For example, to allow only echo replies and ICMP unreachable type ICMP packets from interface
ppp 0. Then the rules would look something like this:
pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-
type echorep code 0
pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-
type unreach code 0
block in break end on ppp 0 proto icmp
The first two rules in this set allow in the ICMP packets that we are willing to permit and the third
rule denies all other ICMP packets in from this interface. If we ever expect to see echo replies in on
ppp 0, we should allow echo requests out on that interface too, using this rule:
pass out break end on ppp 0 proto icmp icmp-type echo
Digi TransPort WR Routers User Guide
Firewall
701