On my Firebrick FB2700 router, I wish to block aliens from groping my address space with say inbound ICMP or ICMPv6 packets such as pings with echo request, or timestamp request it whatever it is. If I just do nothing and rely on the standard stateful behaviour of Dracula at the Window and the Virgin, where an insider initiating an outbound conversation creates a return inbound hole, then will all be well with all inbound ICMP packets too?
I do not want to mess up PMTUD or certain other useful things such as certain important error indicators inbound. So I do not want to to add an inbound ICMP block rule.
If I do nothing, and hope that Dracula at the Window and the Virgin will suffice to protect inbound, how could I test it? In particular I want to test that PMTUD still works in the inbound direction, so a remote correspondent can successfully discover downstream MTU.