# ipfw settings setup help



## Jim WH (Nov 10, 2020)

I have tried several diiferent way to Sunday to configure the ipfw firewall with a simple example to allow localhost, internet, etc. I read the FreeBSD handbook, watched Youtubes, and read posts but my settings still blocked everything. I setup this file:

```
$ cat /etc/ipf.rules  
add check-state                                  
add allow udf from any to any 67 setup keep-state
add allow udf from any to any 68 setup keep-state
add allow tcp from any to any 53 setup keep-state
add allow udp from any to any 53 keep-state
add allow tcp from any to any 22 setup keep-state
add allow tcp from any to any 80 setup keep-state
add allow tcp from any to any 443 setup keep-state
add allow tcp from any to any 110 setup keep-state
add allow tcp from any to any 25 setup keep-state
add deny log all from any to any
```
the iwfw list looks like this:  ... I don't know how this affects my above settings

```
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65535 deny ip from any to any
```

my rc.conf last was set as follows ... I had firewall_type="/etc/ipf.rules"

```
firewall_enable="YES"
firewall_type="22/tcp 443/tcp 110/tcp 80/tcp https"
clamav_freshclam_enable="YES"
firewall_quiet="YES"
firewall_myservices="any"
firewall_logdeny="YES"
```
I new to FreeBSD and have spent days trying to figure this out. I really don't trust a script but having a hard time understand which files I need to create or what to do. I am frustrated but don't want to give up. Help please


----------



## SirDice (Nov 10, 2020)

Set `firewall_type` to `client` or `workstation`. That will use a pre-defined ruleset: 
	

			30.4. IPFW
		


That /etc/ipf.rules file is for a different firewall (IPFilter). There are three different firewalls to choose from, PF, IPFW and IPFilter. Don't mix them up.


----------



## chrbr (Nov 10, 2020)

Dear Jim WH,
if /etc/ipfw.rules you missed the leading ipfw command and mistyped udp by udf a few times. I guess this are just typing mistakes.The output of `ipfw list` shows that almost everything is blocked. Regarding /etc/rc.conf firewall_type and firewall_myservices are mixed. Below is what I have in my /etc/rc.conf regarding firewall:

```
firewall_enable="yes"
firewall_type="workstation"
firewall_logging="yes"
firewall_myservices="ssh/tcp"
firewall_allowservices="192.168.0.0/24"
```
Please have a look at /etc/rc.firewall for explanations. Before using the configuration my `firewall_type` I have tried a self written file, too. If have changed to the method using the pre-configured sets because they are written by people with more knowledge than me . But basically it is very good to study how things work. I wish you sucess in finding your best path to understand and configure firewalls. I am no expert at all...


----------

