From 6e8cf3d66dc3b477414b6751e16157338fea7f33 Mon Sep 17 00:00:00 2001
From: swaggboi <swaggboi@gangstalking.agency>
Date: Sun, 23 Mar 2025 22:06:27 -0400
Subject: [PATCH] Filter ICMP by types

---
 my_etc/npf.conf | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/my_etc/npf.conf b/my_etc/npf.conf
index 6032ddf..0dd7e84 100644
--- a/my_etc/npf.conf
+++ b/my_etc/npf.conf
@@ -1,18 +1,26 @@
-# TODO: Allow in ICMP(v6) by message type
 # TODO: Rate-limit ssh
 
-$services = { mdns, ssh }
+$services = { ssh, mdns }
+
+group "services" in {
+      pass stateful proto { tcp, udp } to any port $services
+}
+
+group "icmp" in {
+      pass stateful proto icmp icmp-type echo all
+
+      pass stateful proto ipv6-icmp icmp-type rtsol all
+      pass stateful proto ipv6-icmp icmp-type rtadv all
+      pass stateful proto ipv6-icmp icmp-type neighsol all
+      pass stateful proto ipv6-icmp icmp-type neighadv all
+}
 
 group "localhost" in on lo0 {
       pass stateful all
 }
 
 group default {
-      # Default rule
       block all
 
-      pass stateful in proto { tcp, udp } to any port $services
-
-      # Let it goooooo
       pass stateful out all
 }