I am configuring Config Server Firewall and here is the default config for ICMP. I have read on the internet that disabling or limiting ICMP can cause huge headaches on your server. However I have also read it can help prevent some times of DDOS.
Do you think i should rate limit and if yes at what rate?
# Allow incoming PING
ICMP_IN = "1"
# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to "0"
ICMP_IN_RATE = "1/s"
# Allow outgoing PING
ICMP_OUT = "1"
# Set the per IP address outgoing ICMP packet rate (hits per second allowed),
# e.g. "1/s"
# To disable rate limiting set to "0"
ICMP_OUT_RATE = "0"
Yes - ICMP is an important protocol. Everything from pings to traceroutes to network unreachable are delivered as ICMP messages. Combine that with certain applications that first attempts to "ping" before establishing connectivity and other less-proper implementations of the technology and you may start to see that there are plenty of ICMP messages in-use.
I wouldn't recommend rate-limiting ICMP as a DDoS protection alone. There are plenty of other effective ways to DDoS your systems without resorting to ICMP. Similarly, if someone decides to flood your network, then the "how" doesn't really matter anymore (i.e. ICMP, UDP, TCP half-open). With that said, there may be good reasons to rate-limit ICMP. If you decide to block or rate limit ICMP, then I'd recommend establishing a baseline and tweaking from there. Also, document and communicate such changes because when things start to break, most people don't think twice about ICMP.