TCP/UDP firewall rules

When has to be defined a firewall rule for a port both TCP and UDP you need to define two rules (one for TCP and one for UDP) or it is enough to define one single rule for TCP ?
And what means exactly “Protocol IP” ?

You need one rule per protocol.

Kind of describes itself, it’s for filtering by protocol number rather than by TCP:port or UDP:port. I could filter all IPv6 by just filtering protocol number 6. Or for example if I wanted to prevent the use of 6to4 tunnels I’d filter protocol 41. Use cases for this are perhaps a bit more nuanced and less common depending on your environment.

1 Like

Thank you WillJones for clarifications !