Trying to make some sense of the ipv6 icmp firewall settings and appreciate feedback whether my assumptions are correct or missing something:
MLD - management of downstream broadcast listeners/subscribers
config rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6 option target ACCEPT
Hence, if there are no listeners/subscribers client nodes downstream (that wish to receive multicast packets from upstream (W)WAN) the rule can be disabled for (W)WAN without any caveats/disturbance on the general ipv6 connectivity?
essential incoming IPv6 ICMP traffic
config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT
All the below listed are supposedly a response from a remote node to a connection attempt initiated the local router and thus seems non-essential in the fw (W)WAN context as already covered by conntrack (established) - as opposed to unsolicited ingress?