firewall_type="client"

code:ipfw_client.txt

00100 allow ip from any to any via lo0

00200 deny ip from any to 127.0.0.0/8

00300 deny ip from 127.0.0.0/8 to any

00400 deny ip from any to ::1

00500 deny ip from ::1 to any

00600 allow ipv6-icmp from :: to ff02::/16

00700 allow ipv6-icmp from fe80::/10 to fe80::/10

00800 allow ipv6-icmp from fe80::/10 to ff02::/16

00900 allow ipv6-icmp from any to any icmp6types 1

01000 allow ipv6-icmp from any to any icmp6types 2,135,136

01100 allow ip from 192.0.2.0/24 to 255.255.255.255

01200 allow ip from me to 192.0.2.0/24

01300 allow ip from 192.0.2.0/24 to me

01400 allow tcp from any to any established

01500 allow ip from any to any frag offset

01600 allow tcp from any to me 25 setup

01700 allow tcp from me to any setup

01800 deny tcp from any to any setup

01900 allow udp from me to any 53 keep-state :default

02000 allow udp from me to any 123 keep-state :default

65535 deny ip from any to any

TCP の内から外への通信はすべて許可。

UDP は NTP と DOMAIN のみ内から外で許可。

なぜか SMTP 25/TCP だけは外から内に開いている。