IPFilter (commonly referred to as ipf) is an open-source firewall available on several operating systems, including FreeBSD, NetBSD, OpenBSD, and Solaris. IPFILTER is included in the basic FreeBSD install as a kernel loadable module. This quickstart guide provides a few helpful commands and techniques to assist debugging IPFilter.
# service ipfilter start
ipf -F a
# service ipfilter stop
Add the following to
/etc/ipf.conf for a trivial firewall that blocks everything except SSH (port 22) for an example IP 192.0.2.123.
block in on any all pass in quick on any proto tcp from any to 192.0.2.123/32 port = 22 keep state
See the ipf documentation for more details.