Rozdział 26. Firewalls

Contributed by Joseph J. Barbish.
Converted to SGML and updated by Brad Davis.
Spis treści
26.1. Introduction
26.2. Firewall Concepts
26.3. Firewall Packages
26.4. The OpenBSD Packet Filter (PF) and ALTQ
26.5. The IPFILTER (IPF) Firewall
26.6. IPFW

26.1. Introduction

Firewalls make it possible to filter incoming and outgoing traffic that flows through your system. A firewall can use one or more sets of "rules" to inspect the network packets as they come in or go out of your network connections and either allows the traffic through or blocks it. The rules of a firewall can inspect one or more characteristics of the packets, including but not limited to the protocol type, the source or destination host address, and the source or destination port.

Firewalls can greatly enhance the security of a host or a network. They can be used to do one or more of the following things:

  • To protect and insulate the applications, services and machines of your internal network from unwanted traffic coming in from the public Internet.

  • To limit or disable access from hosts of the internal network to services of the public Internet.

  • To support network address translation (NAT), which allows your internal network to use private IP addresses and share a single connection to the public Internet (either with a single IP address or by a shared pool of automatically assigned public addresses).

After reading this chapter, you will know:

  • How to properly define packet filtering rules.

  • The differences between the firewalls built into FreeBSD.

  • How to use and configure the OpenBSD PF firewall.

  • How to use and configure IPFILTER.

  • How to use and configure IPFW.

Before reading this chapter, you should:

  • Understand basic FreeBSD and Internet concepts.

All FreeBSD documents are available for download at

Questions that are not answered by the documentation may be sent to <>.
Send questions about this document to <>.