1. U

    IPFW reply-to dup-to in ipfw

    Hello everyone, I would like to know if anyone knows the syntax of ipfw for reply-to and dup-to of pf and if you could write me some examples. Thanks in advance
  2. H

    Discussing BPF + IPFW + TAG for L7 Filtering on FreeBSD

    Hello Forum, I am conducting tests on a L7 filter setup using BPF, IPFW, and TAG, based on the resource: Tutorial_NETGRAPH_A4_Slides.pdf. I am particularly interested in the section "BPF + IPFW + TAG = L7 Filter". During experiments on my FreeBSD system, I encountered an issue where packets do...
  3. U

    IPFW ipfw and pf

    Hello everyone, I would like to use pf and ipfw at the same time for different tasks, but I can not understand who is activated first (if there is an order) when a rule is received. Also trying to verify this, I can’t figure out where the pf and ipfw log files are located on both OPNsense and...
  4. K

    IPFW ipfw blocks outgoing carp advertisements when using pipe

    I want to rate limit all outgoing traffic. I'm able to do so by following these steps Add the following line to /boot/loader.conf: dummynet_load="YES" Add the following lines to /etc/rc.conf: firewall_enable="YES" firewall_script="/etc/ipfw.rules" The /etc/ipfw.rules file looks like this...
  5. I

    IPFW Packet tag leaks from connection setup packet (SYN) to connection refusal packet (RST)

    I'm experimenting with ipfw packet tagging (tag/untag/tagged keywords) and keep getting unexpected results in seemingly trivial cases. The configuration for this experiment is: # ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 count tag 3 in recv igb0 dst-ip not...
  6. I

    IPFW Why do ipfw rules have no effect on dhclient?

    I've run a simple experiment on FreeBSD 14.0 and the results are quite unexpected to me. Could you explain these results to me? Warning! The experiment MUST be run from console. Do not try to reproduce it over SSH as it will make the host inaccessible! Console log, with comments: # killall...
  7. plexinvise

    Solved Gateway, NAT (PAT). Cannot use external TFTP due to UDP port "unreachable"

    Hi there, I am trying to solve a problem with my gateway setup. My FreeBSD machine is basically a gateway RaspberryPI which has two NIC: ue0 (Connected to external network, let's call it Internet) and ue1 (is an interface for internal LAN, dhcpd and dnsmasq spinning on it). My current setup...
  8. D

    IPFW firewalling for bhyve host bypassing bhyve guests

    Hello, My objective is to protect services on a bhyve host, while allowing traffic to the bhyve guests to pass to them unprocessed, as these each have pf and their own firewall policies. The host running an up-to-date 13-stable. I know ipfw can process both layer 2 and layer 3 traffic, but pf...
  9. zigfrid

    IPFW ipfw blocks responses after FreeBSD upgrade

    Hello Since I upgraded my FreeBSD from 12.0 to 13.2, I have problems with ipfw. For example, if I send a http request from my laptop ( to the printer (, ipfw blocks the response from the printer: Oct 5 10:34:08 mail kernel: ipfw: 2199 Deny TCP
  10. D

    IPFW ipfw, logging, and dynamic rules

    I expected that if I log on a stateful firewall with a typical dynamic rule to allow ssh setup like: ipfw add 4000 skipto 9000 log logamount 0 tcp from any to $oip ssh in recv $oif setup keep-state that the setup match would be logged, the dynamic rule would be created, and I would see one log...
  11. dsatish

    IPFW FQ_PIE is not working in FreeBSD 13.1

    ipfw pipe 1 config bw 10Mbits/s delay 20ms ipfw sched 1 config pipe 1 type fq_pie ipfw queue 1 config sched 1" ipfw add 100 queue 1 ip from to I put these commands in my router which contains FreeBSD 13.1. My client and server is FreeBSD 13.1. I just used iperf3 to...
  12. aikorei

    Solved FreeBSD 13.1 fresh install, ssh timeout on log in

    I just did a fresh install of FreeBSD 13.1 with ionos.com cloud host. I cannot seem to ssh into the server at all, and it's driving me nuts (I've called ionos support probably 8 times today and they're stumped too). Here's what I have so far... - I can access my server via KVM console - Here is...
  13. subnetspider

    IPFW Failover possible with IPFW?

    Hello all, is there a way to get some kind of failover working with two hosts running the ipfw firewall? From what I have read there is no such thing as pfsync for ipfw (so states would be lost at failover). But is there still another way to achieve failover with ipfw? As I also want to use...
  14. S

    IPFW Is IPFW capable of filtering WebSockets flood?

    Is there a way to block WebSocket traffic on IPFW without blocking https traffic with the same destination and port? How to distinguish websockets from https?
  15. gotnull

    IPFW Does a book about IPFW exist ?

    Hi there, I would like to know if you guys have heard or read a book that is talking about IPFW ? I know there is at least one about PF (Book of PF - a no-nonsense guide to the openbsd firewall), but I can't find anything IPFW related so I wonder if someone can enlighten me on this. Thank you.
  16. T

    IPFW IPFW server, acting as a firewall (how to pass traffic ?)

    Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...
  17. HL1234

    Solved rc.firewall option "workstation" missing in manual / help of rc

    man rc or man rc.firewall There in chapter rc.firewall is written: But the option "workstation" is there not described. But this option I find in my /etc/rc.firewall file. And I use this option. What is wrong? The help file missing the option? Or has this changed anytime in the file with a...
  18. R

    Solved IPFW stops bhyve guest from getting IP address from DHCP server

    I'm trying to setup some bhyve guests for the first time on my 13.0-RELEASE system but the guests were unable to obtain IP addresses from the DHCP server on my router unless I disabled ipfw. It appears that ipfw was blocking the responses from the DHCP server. Google searches didn't come up...
  19. L

    Migrated JAILs from TrueNAS 11.3 to JAILS over FreeBSD 13 with VNET and now IPFW inside JAIL not work: kldload ipfw - not permitted

    In jail under TrueNAS 11, was mail server that can block IPs by IPFW rules. Now I move JAIL to FreeBSD 13.1, and detect that same JAIL with same settings, not allow to load IPFW inside jail. kldload ipfw kldload: can't load ipfw: Operation not permitted For JAILs managemnt use iocage...
  20. JozanOfAstora

    Solved [noob] pf, ipf and ipfw

    Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...