Guest Network IPv6 notes and questions

I recently got a Guest Network with IPv6 working. I found that the Basic script worked great as a starting point, but I have one question there. The basic script has these lines when setting up the DHCP firewall rule for IPv4:

uci set firewall.guest_dhcp.src_port="68"
uci set firewall.guest_dhcp.dest_port="67"

but I found other examples online with only one line:

uci set firewall.guest_dhcp.dest_port="67-68"

Question 1: Why do both of these work, and is one preferred?

Then, when setting up IPv6, I tried to follow Guest Wifi Extras -- but found it assumed a lot of knowledge I didn't have. I got lost. After reading lots of forum posts, I found that adding three more firewall rules was necessary -- and then my Guest Wifi worked with IPv6:

config rule
        option name 'Allow-Guest-Ping-v6'
        list proto 'icmp'
        list icmp_type 'echo-request'
        option src 'guest'
        option target 'ACCEPT'

config rule
        option name 'Allow-Guest-MLD'
        list proto 'icmp'
        option src_ip 'fe80::/10'
        option src 'guest'
        option target 'ACCEPT'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        list icmp_type '151/0'
        list icmp_type '152/0'
        list icmp_type '153/0'

config rule
        option target 'ACCEPT'
        option name 'Allow-Guest-SLAAC'
        option family 'ipv6'
        option src 'guest'
        option proto 'icmp'
        list icmp_type 'router-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'neighbour-advertisement'
        list icmp_type '141'
        list icmp_type '142'
        list icmp_type '148'
        list icmp_type '149'

Question 2: I noticed each of these rules opens a different set of icmp types in the same icmp protocol. I also empirically found that just one rule with no types works fine. My question is: is there any risk in NOT limiting the icmp command by types -- given that this is a Guest network. Here is the candidate one rule replacement:

config rule
        option name 'Allow-Guest-ICMP'
        list proto 'icmp'
        option src_ip 'fe80::/10'
        option src 'guest'
        option target 'ACCEPT'

Question 3: Then belatedly I found this code in the guest Wifi Extras. It is even more general, apparently allowing any zone to do anything it wants re ICMP. Is this riskier than either of the solutions in #2? If not, I guess it would be preferred solution, because its simplest.

uci rename firewall.@rule[1]="icmp"
uci rename firewall.@rule[5]="icmp6"
uci set firewall.icmp.src="*"
uci set firewall.icmp6.src="*"
uci commit firewall
/etc/init.d/firewall restart

To re-iterate, everything is working. I am just trying to understand and learn from what I did along the way.

thanks,

jeremy

As a short answer not going into to much technical detail: many icmp codes are required that IPv6 works at all so they need to be allowed. One example is neighbor discovery which uses icmpv6. Best would be to just stick with the OpenWrt defaults which are sane.
My personal opinion on icmp filtering: most people who are scared of icmp just copypasted the same FUD arguments from over 20 years ago.
Back to IPv6: if you are interested have a look at i.e. https://www.rfc-editor.org/rfc/rfc4890#section-4.3 Recommendations for ICMPv6 Transit Traffic
For a brief introduction have a look at the Wikipedia https://en.m.wikipedia.org/wiki/ICMPv6

In the second case it is using both 67 and 68 for destination, which is not necessary. 68 is the client port and 67 the server port.