How to stealth ports 0 and 1 on FBSD 6.2

Bob Middaugh bob.middaugh at comcast.net
Wed Jan 31 15:14:58 UTC 2007


From: Joe Vender <jvender at owensboro.net>
> I've enabled the firewall in /etc/rc.conf via:
> firewall_enable="YES"
> firewall_type="client"
> 
> But, ports 0 and 1 show as CLOSED, not STEALTHED at grc.com shieldsup! scan. 
> I'm on a standalone desktop computer with no LAN and am using a dialup 
> connection to access the internet. I've set the firewall type to "client". 
> What changes do I need to make to the firewall configuration file in order to 
> stealth the ports without causing any local problems?
> 
> Joe Vender
> 
Hi Joe,
It's been awhile since I used FreeBSD as a firewall, but I believe I had to enable the following sysctl's:

As root, do:

sysctl net.inet.udp.blackhole=1

do the same for:
net.inet.tcp.blackhole=2

You can use either a "1" or "2" for TCP.  I would use a "2".

man blackhole - for more details. 

If they work for you , add them to /etc/sysctl.conf  as just: net.inet.tcp.blackhole=2; so they'll be turned on when you reboot.

Bob


More information about the freebsd-questions mailing list