#!/bin/sh # Flush out the list before we begin. ipfw -q -f flush # Set rules command prefix cmd="ipfw -q add" pif="epair0b" # interface name of NIC attached to Internet $cmd 00100 allow ip from any to any via lo0 $cmd 00200 deny ip from any to 127.0.0.0/8 $cmd 00300 deny ip from 127.0.0.0/8 to any $cmd 00400 deny ip from any to ::1 $cmd 00500 deny ip from ::1 to any $cmd 00600 allow ipv6-icmp from :: to ff02::/16 $cmd 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 $cmd 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 $cmd 00900 allow ipv6-icmp from any to any icmp6types 1 $cmd 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 $cmd 05000 reset ip from table(22) to me $cmd 65000 allow ip from any to any $cmd 65535 deny ip from any to any # https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html