From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 31 15:14:58 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4A3A616A400
	for <freebsd-questions@freebsd.org>;
	Wed, 31 Jan 2007 15:14:58 +0000 (UTC)
	(envelope-from bob.middaugh@comcast.net)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.192.83])
	by mx1.freebsd.org (Postfix) with ESMTP id 394EE13C491
	for <freebsd-questions@freebsd.org>;
	Wed, 31 Jan 2007 15:14:58 +0000 (UTC)
	(envelope-from bob.middaugh@comcast.net)
Received: from rmailcenter19.comcast.net ([204.127.197.129])
	by comcast.net (rwcrmhc13) with SMTP
	id <20070131150038m1300pesege>; Wed, 31 Jan 2007 15:00:38 +0000
Received: from [199.20.117.221] by rmailcenter19.comcast.net;
	Wed, 31 Jan 2007 15:00:37 +0000
From: bob.middaugh@comcast.net (Bob Middaugh)
To: Joe Vender <jvender@owensboro.net>, freebsd-questions@freebsd.org
Date: Wed, 31 Jan 2007 15:00:37 +0000
Message-Id: <013120071500.3735.45C0AF15000B498600000E97220699849908099A0E0B0B0703D20D010D@comcast.net>
X-Mailer: AT&T Message Center Version 1 (Oct  4 2006)
X-Authenticated-Sender: Ym9iLm1pZGRhdWdoQGNvbWNhc3QubmV0
Cc: 
Subject: Re: How to stealth ports 0 and 1 on FBSD 6.2
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2007 15:14:58 -0000

From: Joe Vender <jvender@owensboro.net>
> I've enabled the firewall in /etc/rc.conf via:
> firewall_enable="YES"
> firewall_type="client"
> 
> But, ports 0 and 1 show as CLOSED, not STEALTHED at grc.com shieldsup! scan. 
> I'm on a standalone desktop computer with no LAN and am using a dialup 
> connection to access the internet. I've set the firewall type to "client". 
> What changes do I need to make to the firewall configuration file in order to 
> stealth the ports without causing any local problems?
> 
> Joe Vender
> 
Hi Joe,
It's been awhile since I used FreeBSD as a firewall, but I believe I had to enable the following sysctl's:

As root, do:

sysctl net.inet.udp.blackhole=1

do the same for:
net.inet.tcp.blackhole=2

You can use either a "1" or "2" for TCP.  I would use a "2".

man blackhole - for more details. 

If they work for you , add them to /etc/sysctl.conf  as just: net.inet.tcp.blackhole=2; so they'll be turned on when you reboot.

Bob