Hi Daniel,
If you try to protect a host itself and block all invalid packets then the first rule is the way to go.
Regarding spoofing, you have all kinds of spoofing but i assume you are talking about IP address spoofing. You might want to block packets claiming to come from your local network or from your host itself on interfaces not connected to that network.
I find the above link usefull to give you more details on how to block bad address attacks.
But there might be a whole lot more that you want to look into.
the rp_filter is another way to tackle these kind of packets.
Kind Regards,
David