You don't have to set a sysctl for source checking with IPFW. You can do:
Off the top of my head,
Code:
ipfw add 00010 deny log ip from any to any not verrevpath
or
At the beginning which I believe does the same thing? Please anyone correct me if I'm wrong. The info is in the man page too.
As far as icmp types, check out this website for an example ruleset where the author explains which ones he's allowed etc.
http://securosis.com/blog/help-build...ules-sets-ever