Date: Wed, 31 Jan 2007 15:00:37 +0000 From: bob.middaugh@comcast.net (Bob Middaugh) To: Joe Vender <jvender@owensboro.net>, freebsd-questions@freebsd.org Subject: Re: How to stealth ports 0 and 1 on FBSD 6.2 Message-ID: <013120071500.3735.45C0AF15000B498600000E97220699849908099A0E0B0B0703D20D010D@comcast.net>
next in thread | raw e-mail | index | archive | help
From: Joe Vender <jvender@owensboro.net> > I've enabled the firewall in /etc/rc.conf via: > firewall_enable="YES" > firewall_type="client" > > But, ports 0 and 1 show as CLOSED, not STEALTHED at grc.com shieldsup! scan. > I'm on a standalone desktop computer with no LAN and am using a dialup > connection to access the internet. I've set the firewall type to "client". > What changes do I need to make to the firewall configuration file in order to > stealth the ports without causing any local problems? > > Joe Vender > Hi Joe, It's been awhile since I used FreeBSD as a firewall, but I believe I had to enable the following sysctl's: As root, do: sysctl net.inet.udp.blackhole=1 do the same for: net.inet.tcp.blackhole=2 You can use either a "1" or "2" for TCP. I would use a "2". man blackhole - for more details. If they work for you , add them to /etc/sysctl.conf as just: net.inet.tcp.blackhole=2; so they'll be turned on when you reboot. Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013120071500.3735.45C0AF15000B498600000E97220699849908099A0E0B0B0703D20D010D>