https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Ipfw Ipfw - Versionsgeschichte 2026-06-29T16:53:41Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=Ipfw&diff=14967&oldid=prev Thomas: Die Seite wurde neu angelegt: „ =rc.conf= firewall_enable="YES" firewall_script="/etc/ipfw.rules" =/etc/ipfw.rules= <pre> #!/bin/sh # Flush out the list before we begin. ipfw -q -f flush…“ 2017-10-31T10:47:57Z <p>Die Seite wurde neu angelegt: „ =rc.conf= firewall_enable=&quot;YES&quot; firewall_script=&quot;/etc/ipfw.rules&quot; =/etc/ipfw.rules= &lt;pre&gt; #!/bin/sh # Flush out the list before we begin. ipfw -q -f flush…“</p> <p><b>Neue Seite</b></p><div><br /> =rc.conf=<br /> firewall_enable=&quot;YES&quot;<br /> firewall_script=&quot;/etc/ipfw.rules&quot;<br /> =/etc/ipfw.rules=<br /> &lt;pre&gt;<br /> #!/bin/sh<br /> # Flush out the list before we begin.<br /> ipfw -q -f flush<br /> <br /> # Set rules command prefix<br /> wan=&quot;re0&quot;<br /> lan=&quot;re1&quot;<br /> <br /> # Change xl0 to LAN NIC interface name<br /> ipfw -q add 00005 allow all from any to any via $lan<br /> ipfw -q add 00005 allow all from any to any via $wan<br /> <br /> # No restrictions on Loopback Interface<br /> ipfw -q add 00010 allow all from any to any via lo0<br /> <br /> ipfw -q add 00101 check-state<br /> ipfw -q add 00102 allow tcp from any to any established<br /> ipfw -q add 00102 allow tcp from any to any established<br /> ipfw -q add 00103 allow icmp from any to any<br /> &lt;/pre&gt;<br /> <br /> =with nat=<br /> &lt;pre&gt;<br /> #!/bin/sh<br /> wan=&quot;re0&quot;<br /> lan=&quot;re1&quot;<br /> ipfw -q -f flush<br /> <br /> ipfw -q add 005 allow all from any to any via $lan # exclude LAN traffic<br /> ipfw -q add 010 allow all from any to any via lo0 # exclude loopback traffic<br /> ipfw -q add 100 divert natd ip from any to any in via $wan # NAT any inbound packets<br /> # Allow the packet through if it has an existing entry in the dynamic rules table<br /> ipfw -q add 101 check-state<br /> <br /> # Authorized outbound packets<br /> ipfw -q add 120 skipto 500 udp from any to any 53 out via $wan keep-state<br /> ipfw -q add 121 skipto 500 udp from any to any 67 out via $wan keep-state<br /> ipfw -q add 125 skipto 500 tcp from any to any 22,25,53,80,443,110 out via $wan setup keep-state<br /> ipfw -q add 130 skipto 500 icmp from any to any out via $wan keep-state<br /> <br /> ipfw -q add 499 deny log all from any to any<br /> ipfw -q add 500 divert natd ip from any to any out via $wan # skipto location for outbound stateful rules<br /> ipfw -q add 510 allow ip from any to any<br /> &lt;pre&gt;<br /> <br /> =links=<br /> *https://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/<br /> *https://www.freebsd.org/doc/de_DE.ISO8859-1/books/handbook/firewalls-ipfw.html</div> Thomas