# IPFW



## saeedpersa (Nov 27, 2018)

Dear Friends
I installed ShadowSocks VPN with Port: 59080 and Configured IPFW and ByPass this port
Here is my IPFW Configure:


```
IPF="ipfw -q add"
ipfw -q -f flush
TRUST="x.109.x.143"

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from $TRUST to any


$IPF 130 allow tcp from any to any 59080 in
$IPF 140 allow tcp from any to any 59080 out

$IPF 141 allow udp from any to any 59080 in
$IPF 142 allow udp from any to any 59080 out


#WEB Access
$IPF 200 allow tcp from any to any 80 in
$IPF 201 allow tcp from any to any 80 out

$IPF 202 allow tcp from any to any 443 in
$IPF 203 allow tcp from any to any 443 out

# deny and log everything
$IPF 500 deny log all from any to any
```

I use it With Shadowsocks version 4.2.1 for my Telegram
When I Start my IPFW  My Telegram would not upload anything just send texts 
When I Stop IPFW it uploads will be done 

And here is my Log:
ERROR: remote_send_send: Broken pipe
ERROR: getpeername: Socket is not connected


----------



## VladiBG (Nov 27, 2018)

Try without firewall first to check if the problem is in your firewall rules.

`ipfw firewall disable`

what is the output of
`ipfw list`

When you open the incoming port 59080 the outgoing may be on random upper port that's why you need to use the dynamic states with `setup keep-state` for tcp and `keep-state` for udp.

for example
`allow tcp from me to any setup keep-state
allow udp from me to any keep-state`


----------



## saeedpersa (Nov 29, 2018)

VladiBG said:


> Try without firewall first to check if the problem is in your firewall rules.
> 
> `ipfw firewall disable`
> 
> ...



*thanks @VladiBG But I have still this problem*


----------

