Recently switched firewall from Smoothwall to IP Cop but not happy about IP Cop firewall responding to pings even though all ports closed.

However now looking at using Monowall, so my Q is this
In smoothwall there is a facility to drop ICMP, IGMP pings and something to do with SYN cookies.

How does one do this with Monowall.
( yes I have RTFM, but I dont really understand how Monowall does this )

floppy

I usually heavily discourage people from doing any of these unless they have a specific reason for doing so. Turning these options on (or off depending on how you look at it) should only be used in response to certain attacks on your routers or firewalls. Turning them on all the time can cause all kinds of random annoying problems that you may or may not notice.

A point to think about here is if they really felt these options would be beneficial to the Internet community, why wouldn't they default to "off" ? In my experience, don't bother turning them off unless you are being attacked.

I am on dial-up, which means I have a different IP address everytime on the net. However I am usually on the net for up to 4 -5 hours per day.

In my snort logs on an average day I would usually be scanned by some idiot using Cyberkit or nmap - four or five times at least, so I would consider running in true stealth to be very beneficial.
Responding to pings is not my idea of stealth.

Browsing through the Security forum here at LQ, one sees a lot of people complaining of being cracked, I really don't intend to be one of them if I can avoid it. In my experience enabling these options before you are attacked is better than picking up the pieces later.

floppy

Couldn't you just manually modify the firewall rules script to drop ICMP traffic?

Again, I know I'm not answering the original question, but I think a little more study on why these options exist in the first place would really help further my point. "Stealth" doesn't mean a whole lot when there are 50 other way of verifying that something exist at the other end of the line. ICMP responses are valuable to your ISP and may be required by many services you HAVE requested such as online gaming plus a hundred other things. If you provide ZERO services from your network, there is no difference between "stealth" and "closed" ports.

To try to answer the question, each of these options are easily added my typing them in to the command line. I would guess that the IPCop developers are smart enough to know when these services are valuable and when they aren't so it's possible they set them automatically. Just a guess.

Again, I'm certainly not trying to get under your skin by my responses. Just remember that if you have issues with certain sites or services, these should be on your lists of things to remember.