Which ICMP types (v4/v6) should not be blocked?
I have made a lot of research into this and have found that some references contradict each other.
IPV6 For example RFC4890 says the following types should be allowed for optimal functionality:
Type 1, 2, 3, 4, 128, 129 and for mobility assistance also 144, 145, 146 and 147.
However this source doesn't mention mobility assistance was required: (also type 1 and 4 are omitted)
Type 128, 129, 2, 3 and for NDP and SLAAC 133, 134, 135, 136 and 137
On the other hand the former reference said NDP and SLAAC don't need special attention, since they will be dropped anyway. So who is right? Is it best to allow all these mentioned by both sources to be on the safe side?
IPV4: Surpringly the reference doesn't have any recommendation for IPv4, but the other source says that types 8, 0, 3 and 11 are needed for IPv4. Are there any official reference that recommends which IPv4 ICMPs should be allowed?
UPDATE: While the answer is good, I find it too generic to accept it as a real solution to this. If blocking is not the answer, then rate limit must be the right way to provide a level of protection. I believe an answer with the correct code sample would be more assuring.
All of ICMP should not be blocked. Not by default, this can be a deny list rather than an allow list.
Start by rate limiting, but not otherwise filtering, ICMP.
Read RFC 4890 section 3 on the security considerations expected. Notably redirect diverting packets, but the standard requires those to be local, on link. Denial of service at high volume, but often that can be mitigated with rate limits. Maybe discovery of hosts, but that doesn't reveal much. ICMP is not very dangerous.