>  When I reboot a system for some reason, I'd rather that anyone trying
>to access it just keep trying. Unfortunately, there is a window between
>ifconfig up, and starting the appropriate daemons when the system 
>will return an ICMP port unreachable.
>  I wonder if anyone has given any thought that perhaps one should not
>send this ICMP at all until a sysctl has been set? (Which would be done
>once all daemons are started)
>  Aside from helping during bootup, this might also be useful to permit
>a system to be someone more stealthy.

	how about an (additional) ipf rule during bootstrap?

itojun