The IPFIREWALL (IPFW) is a FreeBSD sponsored firewall software application authored and maintained by FreeBSD volunteer staff members. It uses the legacy stateless rules and a legacy rule coding technique to achieve what is referred to as Simple Stateful logic.
The IPFW sample ruleset (found in /etc/rc.firewall and /etc/rc.firewall6) in the standard FreeBSD install is rather simple and it is not expected to be used directly without modifications. The example does not use stateful filtering, which is beneficial in most setups, so it will not be used as base for this section.
1- To stop or start the firewall,type the command:
# /etc/rc.d/ipfw stop/start
2- To enable the firewall with the systemboot add this to /etc/rc.conf
<strong>firewall_enable="YES"</strong><br /><strong>firewall_script="/usr/local/etc/ipfw.rules"</strong>
In this file you can make the rulles to open or close ports like ftp ssh http or others
IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# open port ftp (20,21), ssh (22), mail (25) http (80), etc....
$IPF 150 allow tcp from any to any 21 in
$IPF 151 allow tcp from any to any 21 out
$IPF 160 allow tcp from any to any 22 in
$IPF 161 allow tcp from any to any 22 out
$IPF 170 allow tcp from any to any 25 in
$IPF 171 allow tcp from any to any 25 out
$IPF 180 allow tcp from any to any 80 in
$IPF 181 allow tcp from any to any 80 out
For any new changes you can start the new rules with
sh /usr/local/etc/ipfw.rules
For more option please the help command
ipfw -help