From owner-freebsd-questions  Sat Aug 11 14:46:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from jezebel.demon.co.uk (jezebel.demon.co.uk [158.152.38.143])
	by hub.freebsd.org (Postfix) with ESMTP id 5D61037B408
	for <FreeBSD-Questions@freebsd.org>; Sat, 11 Aug 2001 14:46:18 -0700 (PDT)
	(envelope-from rdls@jezebel.demon.co.uk)
Received: (from rdls@localhost)
	by jezebel.demon.co.uk (8.11.1/8.11.1) id f7BLhHl00760;
	Sat, 11 Aug 2001 22:43:17 +0100 (BST)
	(envelope-from rdls)
Date: Sat, 11 Aug 2001 22:43:16 +0100
From: Richard Smith <rdls@satamatics.com>
To: Walentyn@newsguy.com
Cc: FreeBSD-Questions@freebsd.org
Subject: Re: IPFW STEALTH
Message-ID: <20010811224316.A733@gaia.home.rdls.net>
References: <200108102043.NAA58331@newsguy.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200108102043.NAA58331@newsguy.com>; from Walentyn@newsguy.com on Fri, Aug 10, 2001 at 01:43:07PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, Aug 10, 2001 at 01:43:07PM -0700, Walentyn@newsguy.com wrote:
> After using IPFilter/IPNat and GBLight successfully on different boxes for a
> couple of years, I am trying and have set up a working IPFirewall/Natd
> firewall on another box.
> 
> One thing eludes me though, with either IPF/Nat or GBL you can easily set up
> invisible (stealth) firewalls.  How do I make the IPFW/NATD firewall stealth?
> 
> I have read Renaud Waldura most excellent IPFW how-to at:
> 
> http://renaud.waldura.com/doc/freebsd/firewall/
> 
> wherein he makes reference to a "DROP_SILENT knob" to IPFW.  However, I cannot
> find it anywhere.

I'm not sure exactly what you're looking for, but the kernel option:
	options IPSTEALTH

and the following sysctl's may help:
	net.inet.tcp.blackhole=2
	net.inet.udp.blackhole=1
	net.inet.ip.stealth=1

> 
> Any help would be appreciated.
> 
> Thanks in advance.
> 
> Walentyn
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 
Richard Smith
Network Systems Director
Satamatics Ltd
Green Lane, Tewkesbury, GL20 8HD, United Kingdom
Tel: +44 1684 278610
Fax: +44 1684 278611

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message