At the moment I'm creating a new firewall using IPFW, and I'd like some advise.

First of all, what kind of ICMP messages do I block? I'd like to ping my machine, so I guess I need ICMP-8? Furthermore, I read somewhere that ICMP REDIRECT and UNREACH (5 and 3) are used for DoS exclusively - is that right (and can I block hem)? Is it wise to just block everything altogether except 8 (and possibly 0) and be done with it, or do I need to be a bit more specific? What do you suggest?

The machine acts as a NAT-gateway, WWW-server, sendmail host and runs MySQL, but only for applications on the machine itself. So far, I did this (consider the last 3 lines work-in-progress):

Code:
#for NAT
00050 divert 8668 ip from any to any via fxp1

00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any

# allow SSHd traffic
01000 allow tcp from any to any 22 in
01050 allow tcp from any 22 to any out established

# allow webserver traffic 
01800 allow tcp from any to any 80 in
01850 allow tcp from any 80 to any out established

# here starts logging, the allow ip from any to any has yet to be changed to 'deny'
06400 allow log ip from any to any
65000 allow ip from any to any
65535 deny ip from any to any
Any suggestions?