pass inet proto icmp from any to any
Pro: makes debugging easier
Con: may reveal too much about your network
Note: some ICMP traffic piggybacks on keep state