Set up a firewall on FreeBSD

In this tutorial, I'll show you how to set up a firewall on FreeBSD.

The configuration of the firewall in “Workstation” mode is simple:

$: doas sysrc firewall_enable=yes
$: doas sysrc firewall_type=workstation

If we want to host some network services on our computer, we can simply declare them:

$: doas sysrc firewall_myservices="22/tcp 80/tcp 443/tcp"
$: doas sysrc firewall_allowservices=any

We avoid the list of loaded rules displayed during the boot process:

$: doas sysrc firewall_quiet=yes

So that the rejected packages logged in “/var/log/security”, we do the following:

$: doas sysrc firewall_logdeny=yes

To enable the firewall, we run this command:

$: doas service ipfw start

The different rules and their statistics are shown by ipfw show.

Discuss...