How to use IPFW to setup a Firewall on FreeBSD?

IPFW is included in basic FreeBSD installs as a loadable module. The system will load the kernel module when the rc.conf comment firewall_enable="YES" is enabled. You will not need to compile IPFW unless you want NAT functionality.

1. To enable the firewall:

# vi /etc/rc.conf

2. Enable these settings:


3. Save and close:

# :wq! (ex mode in vi)

4. Create firewall rules script:

# vi /usr/local/etc/ipfw.rules

You have now created a script called ipfw.rules in /usr/local/etc/.

5. Enter the following:

ipfw="ipfw -q add"
ipfw -q -f flush

From here you will be able to create your rules using command ipfw. These rules can be entered in this ruleset format: ipfw add from to

Here's an example of entering a rule:

  • ipfw 0100 allow tcp from any to any 22 in
  • ipfw 0110 allow tcp from any to any 22 out

Once all your rules are mapped out, please save and close the file. When it's saved you can either reboot your box or reload the rules by entering this command line:

# sh /usr/local/etc/ipfw.rules

You can list all the rules by entering:

# ipfw list