Filter ICMP by types

my_etc/npf.conf

@@ -1,18 +1,26 @@
-# TODO: Allow in ICMP(v6) by message type
 # TODO: Rate-limit ssh
 
-$services = { mdns, ssh }
+$services = { ssh, mdns }
+
+group "services" in {
+      pass stateful proto { tcp, udp } to any port $services
+}
+
+group "icmp" in {
+      pass stateful proto icmp icmp-type echo all
+
+      pass stateful proto ipv6-icmp icmp-type rtsol all
+      pass stateful proto ipv6-icmp icmp-type rtadv all
+      pass stateful proto ipv6-icmp icmp-type neighsol all
+      pass stateful proto ipv6-icmp icmp-type neighadv all
+}
 
 group "localhost" in on lo0 {
       pass stateful all
 }
 
 group default {
-      # Default rule
       block all
 
-      pass stateful in proto { tcp, udp } to any port $services
-
-      # Let it goooooo
       pass stateful out all
 }