Packet filtering in FreeBSD

FreeBSD got a packet filter like linux also, very simple to use 
and the rules are imo way more simple than those in linux.

First you gotta recompile your kernel with:

options IPFIREWALL

in it, when you boot the kernel EVERY KIND OF NETACTIVITY WILL 
BE BLOCKED, until you specify else,

ipfw add allow all from any to any

Will open the gates again.

This is done very simple, this is my former firewall script 
(Now i run OpenBSD as firewall)

---------------------------------------------------------------------
#!/bin/sh
fwcmd="/sbin/ipfw"
${fwcmd} -f flush

globip="80.196.157.241"

# Vi lader UDP komme både ind og ud, kan lave bedre og er 
bedre i min nye :)
${fwcmd} add pass udp from any to any

# Det samme med icmp, der vil man måske enten vælge at lukke 
helt eller blokere broadcasts m.m.
${fwcmd} add pass icmp from any to any
# Pakker fra TCP forbindelser som en gang er oprettet må godt 
komme igennem
${fwcmd} add pass tcp from any to any established
# Dele af fragmenterede pakker må godt komme igennm
${fwcmd} add pass all from any to any frag

# Allow setup of incoming connections
# Yes vi kører en irc server
${fwcmd} add pass tcp from any to ${globip} 6667 setup
# Localnet må ssh ind
${fwcmd} add pass tcp from 10.1.1.0/24 to ${globip} 22 setup
# Og verden må se vores hjemmeside
${fwcmd} add pass tcp from any to ${globip} 80 setup

# Dont restrict ourself , siger sig selv
${fwcmd} add pass tcp from 80.196.157.241 to any
${fwcmd} add pass tcp from 10.1.1.0/24 to any
${fwcmd} add pass tcp from localhost to any

# Allow ipv6
# Vi lader ipv6 komme igennem (Det render så direkte ind til 
ipv6 firewallen som du så self skal sætte op også)
${fwcmd} add pass ipv6 from any to any