This is because there isn't a protocol identifier in the IP part of IPv6, just a next-header pointer. Therefore the firewall filter operates on looking for the appropriate next-header:
term ssh {
from {
source-prefix-list {
inet6-mgmt-hosts;
}
next-header tcp;
port ssh;
}
then accept;
}
Hope that helps!
David
This is because there isn't a protocol identifier in the IP part of IPv6, just a next-header pointer. Therefore the firewall filter operates on looking for the appropriate next-header:
term ssh {
from {
source-prefix-list {
inet6-mgmt-hosts;
}
next-header tcp;
port ssh;
}
then accept;
}
Hope that helps!
David