Example commands for ipfw

This is an archive of past FreeBSD releases; it's part of the FreeBSD Documentation Archive.

Example commands for ipfw FreeBSD Handbook : Users, groups and security : Firewalls : Example commands for ipfw
Previous: Configuring IPFW
Next: Building a packet filtering firewall

6.4.5. Example commands for ipfw

This command will deny all packets from the host evil.hacker.org to the telnet port of the host nice.people.org by being forwarded by the router:


ipfw add deny tcp from evil.hacker.org to nice.people.org 23

The next example denies and logs any TCP traffic from the entire hacker.org network (a class C) to the nice.people.org machine (any port).


ipfw add deny log tcp from evil.hacker.org/24 to nice.people.org

If you do not want people sending X sessions to your internal network (a subnet of a class C), the following command will do the necessary filtering:


ipfw add deny from any to my.org/28 6000 setup

To allow access to the SUP server on sup.FreeBSD.ORG, use the following command:


ipfw add accept from any to sup.FreeBSD.ORG 871

To see the accounting records:


ipfw -a list

or in the short form


ipfw -a l

You can also see the last time a chain entry was matched with


ipfw -at l

FreeBSD Handbook : Users, groups and security : Firewalls : Example commands for ipfw
Previous: Configuring IPFW
Next: Building a packet filtering firewall