Pejman Moghadam / FreeBSD

FreeBSD 6.3 - Simple Firewall with ipfw

Public domain

---

Kernel configuration

# vi /usr/src/sys/i386/conf/GENERIC
    options         IPFIREWALL
    options         IPFIREWALL_DEFAULT_TO_ACCEPT
    options         IPDIVERT
# cd /usr/src
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot

---

Firewall Script

# vi /usr/local/etc/ipfw.rules
    #!/bin/sh
    CLIENT="10.20.30.1 10.20.30.2"
    IPFW="ipfw -q add"
    ipfw -q -f flush
    for IP in $CLIENT; do
      $IPFW allow all from $IP to any out via tap*
      $IPFW allow all from any to $IP in via tap*
    done
    $IPFW divert natd all from any to any via extif0
    $IPFW deny all from any to any via tap*

---

Startup configuration

# vi /etc/rc.conf
    firewall_enable="YES"
    firewall_script="/usr/local/etc/ipfw.rules"
# reboot

---

BY: Pejman Moghadam
TAG: ipfw, firewall
DATE: 2008-06-13 10:26:57

---

Pejman Moghadam / FreeBSD [ TXT ]