Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx> wrote: > Ah thanks. I overread the "protocol" keyword on the wiki page. > > So you have to add protocol before "icmp" if you do not want to specify > an icmp type (or tcp/udp port). > > Is there any motivation for that? Different things. "ip protocol icmp" is short for "ip protocol = icmp". "icmp type x" is short for "icmp type = x". So, "icmp type" is short for "icmp type =", i.e., the compare lacks right-hand-side.
