It's a kernel option that disables the normal behavior for a router to decrement the TTL field in each forwarded IP packet. Apparently, some evil ISPs reduce the TTL of packets to their customers to 1, so that they can't simply plug in a router and share the Internet connection with multiple computers (the router would decrement the TTL field to zero and then discard each packet).
By itself, the IPSTEALTH option does nothing. It needs to be enabled by putting the line
<shellcmd>sysctl net.inet.ip.stealth=1</shellcmd>
in config.xml just before the </system> tag, and then rebooting.
Topic: IPstealth