Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Jan 2007 15:00:37 +0000
From:      bob.middaugh@comcast.net (Bob Middaugh)
To:        Joe Vender <jvender@owensboro.net>, freebsd-questions@freebsd.org
Subject:   Re: How to stealth ports 0 and 1 on FBSD 6.2
Message-ID:  <013120071500.3735.45C0AF15000B498600000E97220699849908099A0E0B0B0703D20D010D@comcast.net>

Next in thread | Raw E-Mail | Index | Archive | Help
From: Joe Vender <jvender@owensboro.net>
> I've enabled the firewall in /etc/rc.conf via:
> firewall_enable="YES"
> firewall_type="client"
> 
> But, ports 0 and 1 show as CLOSED, not STEALTHED at grc.com shieldsup! scan. 
> I'm on a standalone desktop computer with no LAN and am using a dialup 
> connection to access the internet. I've set the firewall type to "client". 
> What changes do I need to make to the firewall configuration file in order to 
> stealth the ports without causing any local problems?
> 
> Joe Vender
> 
Hi Joe,
It's been awhile since I used FreeBSD as a firewall, but I believe I had to enable the following sysctl's:

As root, do:

sysctl net.inet.udp.blackhole=1

do the same for:
net.inet.tcp.blackhole=2

You can use either a "1" or "2" for TCP.  I would use a "2".

man blackhole - for more details. 

If they work for you , add them to /etc/sysctl.conf  as just: net.inet.tcp.blackhole=2; so they'll be turned on when you reboot.

Bob



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?013120071500.3735.45C0AF15000B498600000E97220699849908099A0E0B0B0703D20D010D>