Configure IPWF firewall in FreeBSD

The IPFIREWALL (IPFW) is a FreeBSD sponsored firewall software application authored and maintained by FreeBSD volunteer staff members. It uses the legacy stateless rules and a legacy rule coding technique to achieve what is referred to as Simple Stateful logic.

 

 

The IPFW sample ruleset (found in /etc/rc.firewall and /etc/rc.firewall6) in the standard FreeBSD install is rather simple and it is not expected to be used directly without modifications. The example does not use stateful filtering, which is beneficial in most setups, so it will not be used as base for this section.

1- To stop or  start  the firewall,type the command:

 


# /etc/rc.d/ipfw stop/start

 

2- To  enable  the  firewall with the  systemboot  add  this  to  /etc/rc.conf


<strong>firewall_enable="YES"</strong><br /><strong>firewall_script="/usr/local/etc/ipfw.rules"</strong>

 

In this  file  you can make the  rulles   to  open or  close  ports like   ftp  ssh  http  or  others

 IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# open port ftp (20,21), ssh (22), mail (25) http (80), etc....
$IPF 150 allow tcp from any to any 21 in
$IPF 151 allow tcp from any to any 21 out
$IPF 160 allow tcp from any to any 22 in
$IPF 161 allow tcp from any to any 22 out
$IPF 170 allow tcp from any to any 25 in
$IPF 171 allow tcp from any to any 25 out
$IPF 180 allow tcp from any to any 80 in
$IPF 181 allow tcp from any to any 80 out

For any new changes you can start the new rules with



sh /usr/local/etc/ipfw.rules

 

For  more option please the  help command

ipfw -help