Starting with the 4.x series FreeBSD included a built-in firewall called ipfw. ipfw is packet filtering firewall and in this how to I will show you how to install ipfw on your server. Here are the basic steps:
1) Recompile kernel with ipfw
2) Add configuration options to rc.conf
3) Add firewall rules
1) If this is your first time recompiling your kernel I suggest you reading my tutorials on cvsup. While it is not necessary if you upgrade your system laster these settings could be removed during a upgrade.
We are now going to build a custom kernel with some basic firewall options.
host# cd /usr/src/sys/i386/conf
host# cp GENERIC FIREWALL
Add the following lines to the new custom kernel called FIREWALL
host# ee FIREWALL
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=15
Now we are going to compile the new kernel
host# cd /usr/src
host# make kernel KERNCONF=FIREWALL
2) Now we are going to tell the system to start the firewall on boot and where the firewall rules are located.
host# ee /etc/rc.conf
firewall_enable="YES"
firewall_type="/usr/local/etc/firewall.rules"
firewall_flags="-p cpp"
3) Now we need to create the firewall.rules file. I have attached a sample file you could use as a start. If you want to see what you have open right now run this command and modify to make your own firewall.rules file.
host# sockstat -4
If you are using my sample firewall.rules.txt file just download and open in your favorite text editor. Then copy that into the next command.
host# ee /usr/local/etc/firewall.rules
host# shutdown -r now
Check to make sure ipfw is working
host# ipfw -list
Thanks for rhoekman, Xuru for also lending their help with this.
1) Recompile kernel with ipfw
2) Add configuration options to rc.conf
3) Add firewall rules
1) If this is your first time recompiling your kernel I suggest you reading my tutorials on cvsup. While it is not necessary if you upgrade your system laster these settings could be removed during a upgrade.
We are now going to build a custom kernel with some basic firewall options.
host# cd /usr/src/sys/i386/conf
host# cp GENERIC FIREWALL
Add the following lines to the new custom kernel called FIREWALL
host# ee FIREWALL
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=15
Now we are going to compile the new kernel
host# cd /usr/src
host# make kernel KERNCONF=FIREWALL
2) Now we are going to tell the system to start the firewall on boot and where the firewall rules are located.
host# ee /etc/rc.conf
firewall_enable="YES"
firewall_type="/usr/local/etc/firewall.rules"
firewall_flags="-p cpp"
3) Now we need to create the firewall.rules file. I have attached a sample file you could use as a start. If you want to see what you have open right now run this command and modify to make your own firewall.rules file.
host# sockstat -4
If you are using my sample firewall.rules.txt file just download and open in your favorite text editor. Then copy that into the next command.
host# ee /usr/local/etc/firewall.rules
host# shutdown -r now
Check to make sure ipfw is working
host# ipfw -list
Thanks for rhoekman, Xuru for also lending their help with this.
Attachments
Last edited: