said by JoelC707:
I do have ICMP enabled for v4 and v6. At the moment I dont have any services i want to open up on the lan for v6 (yet). If youre doing vlan or host based security then that makes more sense.
Yeah, when you're dealing with VLANs, you scoot the rules back to the VLAN interfaces (eg. LAN, Voice) because you don't want traffic passing between the VLANs without rules in place.
For this reason, I've always been taught it's best to put the firewall/ACL as close to the network you want to protect as possible.