Set up a basic firewall on FreeBSD

🕐 1 minutes

📅 2022-01-20

The configuration of the firewall in “Workstation” mode is simple:

$: doas sysrc firewall_enable=yes
$: doas sysrc firewall_type=workstation

If we want to host some network services on our computer, we can simply declare them:

$: doas sysrc firewall_myservices="22/tcp 80/tcp 443/tcp"
$: doas sysrc firewall_allowservices=any

We avoid that the list of loaded rules displayed during the boot process:

$: doas sysrc firewall_quiet=yes

So that the rejected packages logged in “/var/log/security”, we do the following:

$: doas sysrc firewall_logdeny=yes

To enable the firewall, we run this command:

$: doas service ipfw start

The different rules and their statistics shown by ipfw show.