[[!meta title="IPFW2 Documentation"]] [[!meta robots="index, follow"]] updated 4-Nov-2014 bycn82 v0.1 --- [[!toc levels=3]] # Introduction IPFW is a controlling utility for ipfw/ipacct facilities for FreeBSD 2.0 which released in November, 1994. After 20 years of evolution. it becomes a stateful firewall which supports Layer2 to Layer4. It is comprised of several components: the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, NAT, the dummynet(4) traffic shaper, a forward facility, a bridge facility, and an ipstealth facility. It is one of the most advanced opensource firewall. I am rewriting IPFW2 from scratch for DragonflyBSD, and IPFW2 will be in modular design. all the functionality are originally from loadable modules and should be not that difficult for normal users/developer to create a module in order to their own requirement. ## Brief notes on design Before user start to use the ipfw utility to add rules, the ipfw kernel should be enable/loaded into the kernel. by running below command kldload ipfw the basic ipfw module will be loaded into kernel, also the basic functionalities. in order to user more function which is implemented in other modules, users can run below command kldload ipfw_layer2 so the 'layer2' module will be loaded, for example in this scenario, user can start to fire below command ipfw add allow all from any to any layer2 it means user want to add add rule which allow all the layer2 traffic. when user fire the command in the console, actually in the back-end, it will do below things. 1. ipfw retrieve the module name list from the kernel 2. ipfw load the module accordingly 3. ipfw start to parse the parameters 4. inject into the kernel In the kernel space, when the traffic comes, it will filter again the rule, in each ipfw_insn has unique module + opcode. it will automatically link to the filter function which will be registered during the module was loaded. ## Processing Flow # Configuration # Modules ## Generic Module ## Layer2 Module ## Layer4 Module ## Connection Module # Development ## How to create a module # Roadmap