FreeBSD/jails/config/hub/ipfw.rules

#!/bin/sh
# Flush out the list before we begin.
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
pif="epair0b"     # interface name of NIC attached to Internet

$cmd 00100 allow ip from any to any via lo0
$cmd 00200 deny ip from any to 127.0.0.0/8
$cmd 00300 deny ip from 127.0.0.0/8 to any
$cmd 00400 deny ip from any to ::1
$cmd 00500 deny ip from ::1 to any
$cmd 00600 allow ipv6-icmp from :: to ff02::/16
$cmd 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
$cmd 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
$cmd 00900 allow ipv6-icmp from any to any icmp6types 1
$cmd 01000 allow ipv6-icmp from any to any icmp6types 2,135,136
$cmd 05000 reset ip from table(22) to me
$cmd 65000 allow ip from any to any
$cmd 65535 deny ip from any to any

# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
updated for FreeBSD 12.2 2021-02-13 11:38:38 -08:00			`#!/bin/sh`
			`# Flush out the list before we begin.`
			`ipfw -q -f flush`

			`# Set rules command prefix`
			`cmd="ipfw -q add"`
			`pif="epair0b" # interface name of NIC attached to Internet`

			`$cmd 00100 allow ip from any to any via lo0`
			`$cmd 00200 deny ip from any to 127.0.0.0/8`
			`$cmd 00300 deny ip from 127.0.0.0/8 to any`
			`$cmd 00400 deny ip from any to ::1`
			`$cmd 00500 deny ip from ::1 to any`
			`$cmd 00600 allow ipv6-icmp from :: to ff02::/16`
			`$cmd 00700 allow ipv6-icmp from fe80::/10 to fe80::/10`
			`$cmd 00800 allow ipv6-icmp from fe80::/10 to ff02::/16`
			`$cmd 00900 allow ipv6-icmp from any to any icmp6types 1`
			`$cmd 01000 allow ipv6-icmp from any to any icmp6types 2,135,136`
			`$cmd 05000 reset ip from table(22) to me`
			`$cmd 65000 allow ip from any to any`
			`$cmd 65535 deny ip from any to any`

			`# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html`