Like IPTABLES in Linux®, FreeBSD also offers a kernel level firewall; actually FreeBSD offers three firewalls:
IPFIREWALL or IPFW (the command to manage an IPFW ruleset is ipfw(8)) is the firewall developed and maintained by the FreeBSD developers. IPFW can be paired with dummynet(4) to provide traffic shaping capabilities and simulate different types of network connections.
Sample IPFW rule to allow SSH in:
ipfw add allow tcp from any to me 22 in via $ext_if
IPFILTER is the firewall application developed by Darren Reed. It is not specific to FreeBSD, and has been ported to several operating systems including NetBSD, OpenBSD, SunOS, HP/UX, and Solaris.
Sample IPFILTER command to allow SSH in:
pass in on $ext_if proto tcp from any to any port = 22
The last firewall application, PF, is developed by the OpenBSD project. PF was created as a replacement for IPFILTER. As such, the PF syntax is very similar to that of IPFILTER. PF can be paired with altq(4) to provide QoS features.
Sample PF command to allow SSH in:
pass in on $ext_if inet proto tcp from any to ($ext_if) port 22
This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.