Listing 3: Examples of firewall rules

# Add output rule for local -> Internet
ipfwadm -O -a accept -P tcp -S 194.109.13.150 -D 0.0.0.0/0

This rule defines an output rule for the Internet interface. It states
that a packet for any destination on the Internet  is allowed out. This
rule applies only to packets for the TCP protocol.

# Add input rules for cli# Add output rule for local -> Internet
ipfwadm -O -a accept -P tcp -S 194.109.13.150 -D 0.0.0.0/0

This rule defines an output rule for the Internet interface. It states
that a packet for any destination on the Internet  is allowed out. This
rule applies only to packets for the TCP protocol.

# Add input rules for clients -> Internet (will masquerade)
ipfwadm -I -a accept -P tcp -V 193.78.174.33 -S 193.78.174.34 -D 0.0.0.0/0
ipfwadm -I -a accept -P tcp -V 193.78.174.33 -S 193.78.174.35 -D 0.0.0.0/0

This rule describes packets sent by the hosts on the local net to
destinations on the Internet. These packets are  going to be masqueraded
by the forwarding rules. As you can see, these packets must be received
on the trusted  interface 193.78.174.33 (-V option).

The final example shows you a masquerading rule.

# Add forwarding rules for clients
ipfwadm -F -a masquerade -P tcp -S 193.78.174.34 -D 0.0.0.0/0
ipfwadm -F -a masquerade -P tcp -S 193.78.174.35 -D 0.0.0.0/0

As you can see, the policy here is masquerade, so these packets will be masqueraded.

You can find the complete list of firewall rules in the listing at the
end of this article.