Firewall for FreeBSD jails


Another note for my future self - this is more or less stolen from Daniel Schmid's blog entry.

Just using a firewall is not security. However, having a firewall in place doesn't hurt. This is one way to use a firewall on a FreeBSD jail.

Update firewall_myservices and firewall_allowservices to your preferences. This is done in your jail, given that you use VNET.

  sysrc firewall_type="workstation"
  sysrc firewall_allowservices="any"
  sysrc firewall_logdeny="yes"
  sysrc firewall_quiet="yes"
  sysrc firewall_enable="yes"
  sysrc firewall_myservices="80/tcp 443/tcp"
  service ipfw restart