IPFW rules

Odhiambo Washington odhiambo at gmail.com
Fri Apr 22 19:16:51 UTC 2016

On 22 April 2016 at 19:09, sathiyaraj v <sathiyarajmca at gmail.com> wrote:

> Hi Team,
>            I want to understand the IP firewall rules. Consider the below
> rule
> ipfw allow tcp/udp from any to me

> What this rule will do? what "me" refers here? Is it IP address of my
> system that apply firewall rules? or MAC address of the interface?

It will allow all packets from the wild destined to your IP address. Your
public IP address in this case. Assumming you do not need to protect your
host from your LAN hosts.

> I am using 4.2 freebsd stack.

I don't know what that is, sorry. Is it FreeBSD 4.2 or IPFW version?

> I am trying to deny the packets which doesn't contain the IP and port of my
> destiantion.

You do not have to worry about those. They will NOT reach your host if they
con't contain it's IP address!

> My source IP is
> My  Destination IP is :

What does that mean? Is .128 your default gateway or another host on the
same subnet you want to reach from .100?

> I want to deny the tcp/udp packets which does not contain destination IP?


> What rule should I use to deny the packets?

ipfw deny tcp/udp from any to !

> Already I have tried to configure the flags ACCEPT ,DSTMSK, dstip and port
> number as well. But the packets are not getting dropped.
> Can you please help me to achieve the above scenario? What flag I need to
> set to achieve this?
> if you want the source code of my rule setting I can share.
You really must RTFM.

Best regards,
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

More information about the freebsd-questions mailing list