After trying firestarter and finding that Kppp (KDE's dialer) doesn't work well with it (and I have to be root to run firestarter at all, which is a pain), I have decided to drop that and I learned a bit about IPTables. I tested this all at GRC.com's Shield's Up, which does a rather nice job testing things. Here's how I stealthed my Red Hat 9 (clone) system - I have iptables installed as well as lokkit. You need to be root to do all this stuff.
NOTE That this is for desktop systems that depend on modem (dial-up) internet connections via ppp0.
Also, when I say to type something at the shell prompt, do NOT type the preceeding # as that is just there to show it's a shell prompt.
STEP 1: Going Stealth on all ports
Here's the /etc/sysconfig/iptables file content:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -m state --state INVALID -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1055 --syn -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 1720 --syn -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 5000 --syn -j DROP
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1055 -j DROP
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j DROP
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1720 -j DROP
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 5000 -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j DROP
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j DROP
Note the line -A RH-Lokkit-0-50-INPUT -m state --state INVALID -j DROP, this line is necessary because port 0 will always show up in Shield's Up as closed, but it shows up, giving away the fact you're on the internet.
This line will make that port not respond. Port 0 is a U*ix "null" port that is basicall "invalid" (thus the state name). GRC.com says it's used by some programmers as a test port to test development of applications that use ports of some kind. If you test your system there and click on the 0 port link, it'll give you more information on this.
Next, type the following at the shell prompt:
STEP 2: Stopping PINGS
Another nasty is pings. Here is how you can make it so that your system will not respond to pings at all. Simply edit (as root) the /etc/sysctl.conf file. Find these lines:
# Controls source route verification
Now add these two lines:
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
Next at the shell prompt type this:
STEP 3: Masking Reverse DNS lookup
Wherever you go on the internet, you're machine name (or rather your ISP's machine name which looks like a URL path of some kind) is given out. Clever people could use that to personally identify you, I think the GRC.com site says. By not allowing your system to give this away, you further can protect your privacy. To do this, type at the shell prompt:
# echo "1" > /procs/sys/net/ipv4/ip_forward
STEP 4: Tell them off! LOL!
While this might not really be necessary if you have your system pretty well stealthed, it still might be a good measure anyway. When you boot Linux and log in, some distributions will show what distro you're using along with the Linux Kernel version. If you're using an older kernel for some reason, you definitely don't want a potential intruder to find this out! That's IF you get hacked (which they'd have to find you in the first place and if you did the above, it'd be pretty hard to find your machine on the internet!) But anyway, you can back up your /etc/issue and /etc/issue.net files, then edit the non-backups to say something like:
** WARNING!! **
This is a private closed system.
Any and all activity is logged.
** GO AWAY!! **
Or whatever to let someone who finds their way to log in to know they aren't welcome.
STEP 5: Allowing Hosts?
Lastly, you can edit your /etc/hosts.allow and /etc/hosts.deny files as so:
(after the comments put the following line)
(after the comments put the following line)
Now you're all set! You shouldn't need to reboot the computer but if for some reason things haven't yet started working the way you expected, a reboot is a good idea before trying to further diagnose things.
Hope this helps some of those out there on dial-up connections. If you're running a network, don't have Lokkit or RH9 distro, you'll have to make some changes. Hopefully this will give some basics to get started.