#!/bin/sh
# reset
ipfw -q -f flush
# macro
ext="em0"
int="em1"
dmz="em2"
cmd="ipfw -q add "
skip="skipto 2000 "
ssha=""
# kernel nat config
ipfw -q nat 1 config if em0 same_ports unreg_only \
redirect_port tcp XX.XX.XX.XX:443 443 \
redirect_port tcp XX.XX.XX.XX:25 25
# allow root ssh
$cmd 01 allow tcp from $ssha to me 74999 in via $ext setup limit src-addr 2
# drop ipv6
$cmd 050 deny ip6 from any to any
$cmd 060 deny udp from any to any dst-port 546,547
# enable loopback and local traffic
$cmd 080 allow ip4 from any to any via lo0,$int
# unnat incoming traffic
$cmd 090 nat 100 ip4 from any to any in via $ext
# mail
$cmd 091 allow tcp from any to XX.XX.XX.XX 443
$cmd 092 allow tcp from any to XX.XX.XX.XX 25
# check dynamic rules table
$cmd 0100 check-state
# nat
$cmd 0200 $skip tcp from any to any out via $ext setup keep-state
$cmd 0210 $skip icmp from any to any out via $ext keep-state
$cmd 0220 $skip udp from any to any out via $ext keep-state
# mail
$cmd 0223 $skip tcp from XX.XX.XX.XX 443 to any
$cmd 0224 $skip tcp from XX.XX.XX.XX 25 to any
# deny
$cmd 0500 deny log all from any to any in via $ext
$cmd 0510 deny log all from any to any out via $ext
# nat out point
$cmd 2000 nat 100 ip from any to any out via $ext
$cmd 3000 allow ip from any to any
# deny all other
$cmd 4000 deny log all from any to any
FreeBSD 10.4 has been End-of-Life since October 2018 and is not supported any more.
Topics about unsupported FreeBSD versions
Unsupported FreeBSD Releases
FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.www.freebsd.org
#!/bin/sh
# reset
ipfw -q -f flush
# macro
ext="em0"
int="em1"
dmz= "em2"
cmd="ipfw -q add "
skip="skipto 2000 "
ssha="X.X.X.X"
# kernel nat config
ipfw -q nat 1 config if em1 same_ports unreg_only
# allow root ssh
$cmd 01 allow tcp from $ssha to me 87111 in via $ext setup limit src-addr 1
# drop ipv6
$cmd 05 deny ip6 from any to any
$cmd 06 deny udp from any to any dst-port 546,547
# enable loopback and local traffic
$cmd 010 allow ip4 from any to any via lo0,$int
# unnat incoming traffic
$cmd 030 nat 1 ip4 from any to any in via $ext
# check dynamic rules table
$cmd 050 check-state
# nat
$cmd 0200 $skip tcp from any to any out via $ext setup keep-state
$cmd 0210 $skip icmp from any to any out via $ext keep-state
$cmd 0220 $skip udp from any to any out via $ext keep-state
# deny
$cmd 0500 deny log all from any to any in via $ext
$cmd 0510 deny log all from any to any out via $ext
# nat out point
$cmd 2000 nat 1 ip from any to any out via $ext
$cmd 3000 allow ip from any to any
# deny all other
$cmd 4000 deny log all from any to any
# IPFW
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/ipfw.rules"
Upgrade your system please. FreeBSD 12.1 is now end-of-life.FreeBSD 12.1