IPFW Rules and Games

RW fbsd06 at mlists.homeunix.com
Fri Nov 2 13:09:37 PDT 2007

On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett <jackbarnett at gmail.com> wrote:

> Lots of people play games here and basically a pain to keep trying to 
> get these stupid things to work with individual rules for each.
> I'm running FreeBSD 6.x with IPFW/natd
> I get a dynamic IP from my ISP and the internal nic is
> Everything inside the network is 192.168.17.xxx
> The setup is this:
> 192.168.17.x  <--> <[FreeBSD]> Dynamic IP <--> {Random
> Game Server on the Internets}
> [Internet Network(GAME)] <--> [FreeBSD] <--> {Internets}
> There are a bunch of games that send out TCP/UDP packets (and who
> knows what else) on different ports to different destinations and then
> receive data back on "random" ports.  Basically, anything on any 
> protocol from the internal network should be able to establish and
> setup connections out AND be allowed to receive data back from
> whomever they connected out to; but "random" hosts trying to connect
> in should be blocked.

You simply need to allow back traffic on the same socket connection
this will happen automatically with TCP if you are passing established
traffic, with UDP you will have to keep-state. You will probably find
that the games also require you to open one or more incoming ports too. 

If you are not very confident with ipfw I would suggest you switch to
pf. It's a very good firewall and generally easier to use. Also if you
are playing games, you'll want to do traffic prioritisation, which is a
pain with ipfw. 

More information about the freebsd-questions mailing list