If you want to firewall potentially harmful ICMP packets, do this:

    # Deal with ICMP traffic
    ipchains -A fineth0 -p ICMP --icmp-type echo-reply -j ACCEPT
    ipchains -A fineth0 -p ICMP --icmp-type destination-unreachable -j ACCEPT
    ipchains -A fineth0 -p ICMP --icmp-type source-quench -j ACCEPT
    ipchains -A fineth0 -p ICMP --icmp-type echo-request -j ACCEPT
    ipchains -A fineth0 -p ICMP --icmp-type time-exceeded -j ACCEPT

    # Reject (and log) all other ICMP packets
    ipchains -A fineth0 -l -p ICMP -j REJECT

===========================================	Caldera
#! /bin/sh
 # packetfilter - Script to control packet filtering.
 # If no rules, do nothing. 
 [ -f /etc/ipchains.rules ] || exit 0
 case "$1" in 
 start) 
 echo -n "Turning on packet filtering:" 
 /sbin/ipchains-restore < /etc/ipchains.rules || exit 1 
 echo 1 > /proc/sys/net/ipv4/ip_forward 
 echo "."
 ;; 
 stop) 
 echo -n "Turning off packet filtering:" 
 echo 0 > /proc/sys/net/ipv4/ip_forward 
 /sbin/ipchains -X 
 /sbin/ipchains -F 
 /sbin/ipchains -P input ACCEPT
 /sbin/ipchains -P output ACCEPT
 /sbin/ipchains -P forward ACCEPT 
 echo "."
 ;; 
 *) 
 echo "Usage: /etc/init.d/packetfilter {start|stop}" 
 exit 1 
 ;; 
 esac
 exit 0
##### external IF = eth1
ipchains -P forward DENY
ipchains -A forward -i eth1 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
===========================================	
ipchains -A input -s IP_OF_BAD_GUY --destination-port 25 -j DENY
==========================================
/sbin/ipchains -M -S 7200 10 160	inactivity "hours long"