iptables is both easy and fun
basically it works like this:
The kernel has tables to which you can add entries telling it how to behave when it sees a packet
INPUT
OUTPUT
FORWARD
The names should be self explanatory.
Flushing the tables turns on a basic "Do whatever the packet says" mode.
/sbin/iptables -F {table name}
After flushing your tables, you need to add a default policy (Don't stick with the linux defaults of "accept")
/sbin/iptables -P {table name} {policy}
where policy can be drop or accept
then just add chains to the table
/sbin/iptables -A {table name} {opts}
so to deny your ping requests:
/sbin/iptables -A INPUT -i eth0 -p icmp --icmp-type destination-unreachable -j DROP
/sbin/iptables -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j DROP
/sbin/iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j DROP
should do the trick