In the logs I see an increasing amount of scans and attacks from virusses, worms and hackers. I've decided to diasable the ability to ping my server. I'm now able to ping myself (local to sme-server, or local to internet), but the server no longer replies to pings from the internet. To do this, I enabled the 'Stealth' option in the masq-configuration (using vi) and used the template mechanism, copied the file 40AllowICMPIn from /etc/e-smith/templates/etc/rc.d/init.d/masq to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq and changed the following:

{
 # We want to be very selective on the ICMPs we accept to stop
 # route hijacking

 # allow only the local network to ping when stealth=yes
 #
 my ($network, $broadcast) = esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);

 $OUT .= " /sbin/ipchains --append icmpIn --proto icmp --icmp-type echo-request --source $network/$LocalNetmask --jump ACCEPT";

 my @OKicmpTypes = (
    qw(
      echo-reply
      destination-unreachable
      source-quench
      time-exceeded
      parameter-problem
  ) );

 my %services = ( masq => $masq );
 my $stealth = db_get_prop(%services, 'masq', 'Stealth') || 'no';
 unless ($stealth eq 'yes')
 {
  push @OKicmpTypes, "echo-request";
 }
 foreach my $icmpType (@OKicmpTypes)
 {
 $OUT .= <  /sbin/ipchains --append icmpIn --proto icmp --icmp-type $icmpType --jump ACCEPT
HERE
 }
}

After this editing, expand the template:

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

restart masquerading:

/etc/rc.d/init.d/masq restart