#243 icmp code is ignored on IOS firewalls

open
nobody
None
5
2012-12-04
2012-12-04
waelse
No

When filtering ICMP packets by type and code, the generated rules do not include the icmp code.

Example: I have defined a service named ICMP packet too big with type=3 and code=4
The resulting rule for an IOS ACL line is as follows. As you can see the code is missing.

ip access-list extended vlan17_in
!
! Rule 0 (global)
! enable path MTU, allow icmp packet too big (ICMP type 3, code 4)
permit icmp any any 3 log

Regards,
Arndt

Discussion