ipfw.rules

#!/bin/sh
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"
lan="vtnet0"
skip="skipto 500"

$cmd 00010 allow all from any to any via lo0 				# No restrictions on Loopback Interface
# $cmd 00015 divert natd ip from any to any in via $lan 			# NAT any inbound packets
# allows the packet through if it matches an existing entry in the dynamic rules table
$cmd 00020 check-state
$cmd 00030 allow all from any to any out via $lan setup keep-state 	# Allow all outbound connections
$cmd 00040 allow all from any to any via $vpn 				# Allow any connection to/from VPN interface
$cmd 00050 allow tcp from any to me 22 in via $lan setup limit src-addr 2 	# Allow inbound SSH connections
$cmd 00060 allow udp from any to me 500 in via $lan setup limit src-addr 2 	# Allow inbound VPN connections
$cmd 00100 deny log all from any to any in via $lan 			# deny and log all inbound to LAN interface
$cmd 00499 deny log all from any to any 				# Everything else is denied and logged
# $cmd 00500 divert natd ip from any to any out via $lan 			# skipto location for outbound stateful rules
# $cmd 00510 allow ip from any to any