I've got 1.4.2 running on my ss5, under which I implement a relativly
standard ipf setup.  I'm interrested in having ipf (or
something) decrement TTL by 2, as opposed to the normal 1.  Here's why:

Consider a "standard" setup of a few machines sitting behind a
fireway.  Assume for the moment that the firewall has a few openings
(perhaps, unwisely, ICMP).  Trying a traceroute would show the router
which feeds me, perhaps my local router, a BLANK (i.e. "7: * * *") entry
for the firewall (since it probably is configured not to send ICMP
TTL expired messages back), and then a response from my internal host.

If I could make ipf (or something) decrement the TTL of an IP packet after
it has passed successfully through the filters, then it might appear to
the outside world that I have a firewall in place.  People using a
traceroute might see the blank entry (i.e. "7: * * *") and assume a
separate firewall is in place, when it's actually on the same box.  This
might make things a bit more confusing, or appear a bit different to joe
cracker than they really are.

Can we do this?  Might it already exist?  Or do I have my head up my a$$
and this suggestion is completely useless?

TIA.

-Jon
 --------------------------------------------------------------------
 "Okay, who hit the scram switch on my coffee machine?"