ipfw rules for modern FreeBSD?

方坤 quinefang at gmail.com
Fri Dec 29 09:21:36 UTC 2017


Dear ipfw maintainer,

I read the following from
https://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=freebsd-release-ports#end
.


>      The rule body has the following format:
>
> 	   [*proto* *from* *src* *to* *dst*] [*options*]
>
>      The first part (proto from	src to dst) is for backward compatibility with
>      earlier versions of FreeBSD.  In modern FreeBSD any match pattern
>      (including	MAC headers, IP	protocols, addresses and ports)	can be speci-
>      fied in the *options* section.
>
>
And, my firewall_script as follows:


>
#!/bin/sh

fwcmd="/sbin/ipfw -q"

${fwcmd} -f flush

${fwcmd} add allow proto tcp src-ip me setup keep-state :default

${fwcmd} add allow proto udp src-ip me keep-state :default



 And, I found these rules is not protecting my FreeBSD box.

Question: How can I write ipfw rules for modern FreeBSD only?


More information about the freebsd-ipfw mailing list