pentru metin se foloseste ipfw si setarile de mai jos :
- vi /etc/rc.conf
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
- vi /usr/local/etc/ipfw.rules
PF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
# SYN
$IPF 102 deny tcp from any to any tcpflags syn,fin
$IPF 104 deny tcp from any to any tcpflags syn,rst
# SSH
$IPF 110 allow tcp from 109.197.81.13 to any 22 in
$IPF 120 allow tcp from 109.197.81.13 to any 22 out
- start firewall :sh /usr/local/etc/ipfw.rules
