IPFW is a firewall and packet filtering utility for the FreeBSD operating system. This quick start guide lists some common commands related to IPFW, enabling system administrators to rapidly master its use.

Enabling and Operating IPFW:

# sysrc firewall_enable="YES"
# service ipfw start

Listing all active rules:

# ipfw list

Deleting all rules:

# ipfw -q -f flush

Disabling and stopping IPFW:

# service ipfw stop
# sysrc firewall_enable="NO"

Allowing SSH, blocking other access (assuming the system's IP address is 192.0.2.123):

# ipfw -q add allow all from 192.0.2.123 to any out
# ipfw -q add deny log all from any to any out
# ipfw -q add allow tcp from any to any established
# ipfw -q add allow all from any to any frag
# ipfw -q add allow tcp from any to 192.0.2.123 22 setup
# ipfw -q add deny log all from any to any

Permanent and Temporary Modes:

The temporary mode takes effect immediately after executing commands but will be nullified upon server reboot. Therefore, it is recommended to use the permanent mode for saving critical rules. To do this, save the rule code in the /etc/ipfw.conf file and add the following code to the /etc/rc.conf file.

firewall_enable="YES"
firewall_type="/etc/ipfw.conf"

The content of the rule code file /etc/ipfw.conf is as follows.

add allow all from 192.0.2.123 to any out
add deny log all from any to any out
add allow tcp from any to any established
add allow all from any to any frag
add allow tcp from any to 192.0.2.123 22 setup
add deny log all from any to any

For more information, refer to the official IPFW documentation.

https://www.freebsd.org/doc/handbook/firewalls-ipfw.html