> I am running 1.3.2 and a simple ICMP block from the examples 
> works great and doesn't interfere with any of my running services.

Note that if you turn on MTU discovery, or correspond with hosts which
do, ICMP blocks *will* interfere with many of your services, because
MTU discovery depends on the ability of systems to send and receive
certain ICMP error messages -- specifically, destination
unreachable/fragmentation needed.

					- Bill