Ipfw
From Teknologisk videncenter
Contents
ipfw -- IP firewall and traffic shaper control program
Add to /etc/rc.conf
#IPFW enable firewall
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"Add to /etc/sysctl.conf
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5/etc/ipfw.rules script
############### start of example ipfw rules script #############
#http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
ipfw -q -f flush # Delete all rules
# Set defaults
oif="vr1" # out interface
cmd="ipfw -q add " # build rule prefix
ks="keep-state" # just too lazy to key this each time
$cmd 00100 allow ip from any to any via lo0
$cmd 00200 deny ip from any to 127.0.0.0/8
$cmd 00300 deny ip from 127.0.0.0/8 to any
$cmd 00301 deny log ip from 118.175.0.0/16 to any #Log til /var/log/security via syslog
$cmd 65000 allow ip from any to any
################### End of example ipfw rules script ############Status
[root@mars etc]#<input>ipfw list</input>
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00301 deny log logamount 5 ip from 118.175.0.0/16 to any
01000 allow ip from any to any
65535 deny ip from any to any