Configuring a simple web server firewall on FreeBSD 10.1

FreeBSD comes shipped with three software firewalls but personally I found that IPFW is pretty easy to configure and gets the job done nicely.

This quick post will help you configure your FreeBSD server protected with the IPFW firewall in just a few minutes.

First of all we need to enable the firewall, we do this by adding the following lines to our /etc/rc.conf file:

firewall_enable="YES"
firewall_quiet="YES"
firewall_type="workstation"
firewall_myservices="22 80 443"
firewall_allowservices="any"
firewall_logdeny="NO"

As you can see from the code snippet above, we’re using a base template (workstation) that provides some saine defaults and then we are allowing specific incoming TCP ports these being 22 (for SSH), 80 (for HTTP) and 443 (for HTTPS), if you require other ports simply add them there!

You may wish to log any denied requests, if so simply set ‘firewall_logdeny=”YES”‘ but given that I just want to make sure the server stays secure and don’t really want the added Disk IO I decided to disable that in the example above.

Once done, save the changes and then we can start the firewall using the following command:

sudo service ipfw start

Being a web server that really is only going to be serving web traffic over HTTP and HTTPS this configuration is a good starting point!

More information about IPFW and advanced configuration options can be found here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html

2 replies on “Configuring a simple web server firewall on FreeBSD 10.1”