OpenBSD / FreeBSD / NetBSD / Mac OS X: PF Firewall List Rules

http://www.cyberciti.biz/faq/howto-pf-firewall-list-firewall-rules

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf.conf&arch=i386

http://www.openbsd.org/faq/pf/example1.html

Linux Advanced Routing & Traffic Control Guide

The letters lartc stands for: Linux Advanced Routing & Traffic Control

The website is: http://lartc.org

Here you can find: The Linux Advanced Routing & Traffic Control HOWTO

HTML: http://lartc.org/howto

One page: http://lartc.org/lartc.html

TXT: http://lartc.org/lartc.txt

PS: http://lartc.org/lartc.ps

PDF: http://lartc.org/lartc.pdf

Iptables howto and guides, with all the tricks (for Linux)

An good discripted guide and how to for managing the iptables, can be found on:
https://help.ubuntu.com/community/IptablesHowTo

Step-By-Step configuration of NAT with iptables:
https://www.howtoforge.com/nat_iptables

An other clear guide can be found on:
http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial

20 iptables examples for new system administrators:
http://www.cyberciti.biz/tips/linux-iptables-examples.html

How to configure IPv6 ip6tables firewall:
http://www.cyberciti.biz/faq/redhat-fedora-ip6tables-firewall-configuration

How to build a simple linux firewall for dsl/cable/fiber connection with iptables:
http://www.cyberciti.biz/tips/how-do-i-build-a-simple-linux-firewall-for-dsldial-up-connection.html

Block port numbers with iptables:
http://www.cyberciti.biz/faq/iptables-block-port

How to block particular ip addresses or host with iptables:
http://www.cyberciti.biz/faq/linux-iptables-drop

Block by country in iptables:
http://www.cyberciti.biz/faq/block-entier-country-using-iptables

Block remote X windows server connections with iptables:
http://www.cyberciti.biz/tips/iptables-block-remote-x-window-server-connection.html

Block all network traffic with iptables:
http://www.cyberciti.biz/tips/linux-iptables-2-how-to-block-all-network-traffic.html

Block common attacks with iptables:
http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html

Block outgoing network access for a single user with iptables:
http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html

Restricting network access by time of the day with iptables:
http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

Restrict SSH acces with iptables:
http://www.cyberciti.biz/faq/restrict-ssh-access-use-iptable

Block incoming access from select or specific ip-address and/or port with iptables:
http://www.cyberciti.biz/tips/howto-block-ipaddress-with-iptables-firewall.html

Block outgoing access to select or specific ip-address and/or port with iptables:
http://www.cyberciti.biz/tips/linux-iptables-6-how-to-block-outgoing-access-to-selectedspecific-ip-address.html

How to unblock / delete an ip addresses or host listed in iptables:
http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall

How to block or open http/web-services port 80 & 443:
http://www.cyberciti.biz/tips/linux-iptables-11-how-to-block-or-open-httpweb-service.html

Allow or block icmp ping requests with iptables:
http://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html

Allow NFS-clients to access the NFS server with iptables:
http://www.cyberciti.biz/faq/centos-fedora-rhel-iptables-open-nfs-server-ports

Allow SOCKS incoming client requests with iptables:
http://www.cyberciti.biz/tips/linux-iptables-allow-socks-incoming-client-request.html

Allow Squid proxy incoming client requests for iptables:
http://www.cyberciti.biz/tips/linux-iptables-allow-squid-proxy-incoming-client-request.html

Allow Pop3 server requests for iptables:
http://www.cyberciti.biz/tips/linux-iptables-14-how-to-allow-pop3-serverprotocol-request.html

Block or allow mail server / smtp protocol for iptables:
http://www.cyberciti.biz/tips/linux-iptables-15-how-to-block-or-open-mail-serversmtp-protocol.html

Open ports for LDAP server in iptables:
http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server

Allow or deny samba services with iptables:
http://www.cyberciti.biz/faq/configure-iptables-to-allow-deny-access-to-samba

Open TCP ports for bittorrent with iptables:
http://www.cyberciti.biz/tips/linux-iptables-open-bittorrent-tcp-ports-6881-to-6889.html

Allow CIPE connection request for iptables:
http://www.cyberciti.biz/tips/iptables-allow-cipe-connection-request.html

Allow or block DNS / Bind service for iptables:
http://www.cyberciti.biz/tips/linux-iptables-12-how-to-block-or-open-dnsbind-service-port-53.html

Allow incoming VNC connection for iptables:
http://www.cyberciti.biz/faq/linux-iptables-open-vncserver-port-6000-5800-5900

Allow traffic to pass via venet0 to all vps containers (OpenVZ) with iptables:
http://www.cyberciti.biz/faq/centos-rhel-linux-openvz-hardware-node-iptables-firewall

Iptables port redirection examples:
http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables

Forward multiple ports in iptables:
http://www.cyberciti.biz/faq/linux-iptables-multiport-range

Fixing ip_conntrack table full dropping packet error for iptables:
http://www.cyberciti.biz/faq/ip_conntrack-table-ful-dropping-packet-error

How to use the connection tracking feature with iptables:
http://www.cyberciti.biz/tips/how-do-i-use-iptables-connection-tracking-feature.html

Limit the number of incoming TCP connections / syn-flood attacks for iptables:
http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html

Find/check banned ip addresses in iptables from the command-line:
http://www.cyberciti.biz/faq/linux-howto-check-ip-blocked-against-iptables

Iptables limit maximum connections per IP:
http://www.cyberciti.biz/faq/iptables-connection-limits-howto

List and show all NAT tables rules from iptables:
http://www.cyberciti.biz/faq/howto-iptables-show-nat-rules

Force iptables to log to a different log-file:
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html

Log messages from iptables in the log module:
http://www.cyberciti.biz/tips/how-can-i-enable-or-setup-log-message-in-the-iptables-firewall.html

Use mac address filtering in iptables:
http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html

Read a list of ip addresses from a file and block with iptables:
http://www.cyberciti.biz/faq/iptables-read-and-block-ips-subnets-from-text-file

Setup masquerading in iptabes:
http://www.cyberciti.biz/faq/iptables-setup-masquerading-for-linux-firewall

Configure network address translation (NAT) with iptables:
http://www.cyberciti.biz/faq/howto-configure-network-address-translation-or-nat

Monitor bandwidth with iptables:
http://www.cyberciti.biz/faq/linux-configuring-ip-traffic-accounting

Log ip or TCP packet header with iptables:
http://www.cyberciti.biz/tips/iptables-log-network-layer-ip-tcp-headers.html

Ipset administration tool for ipsets and iptables:
http://www.cyberciti.biz/faq/centos-rhel-install-ipset-administration-tool-for-ip-sets-and-iptables

Setup port knocking with knockd and iptables:
http://www.cyberciti.biz/faq/debian-ubuntu-linux-iptables-knockd-port-knocking-tutorial

Using iptables and tcp wrappers to secure portmap service:
http://www.cyberciti.biz/faq/linux-secure-portmap-with-iptables-tcp-wrappers

How to start iptables automatically when your system boot up:
http://www.cyberciti.biz/faq/starting-iptables-firewall-at-boot

Save and/or restore iptables rules:
http://www.cyberciti.biz/faq/how-to-save-restore-iptables-firewall-config-ubuntu
http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings

Avoid ip spoofing and bad address attacks with a shell script for iptables:
http://www.cyberciti.biz/tips/linux-iptables-8-how-to-avoid-spoofing-and-bad-addresses-attack.html

Test iptables script remotely:
http://www.cyberciti.biz/faq/test-iptables-script-remotely

Iptables firewall shell script for standalone server:
http://bash.cyberciti.biz/firewall/linux-iptables-firewall-shell-script-for-standalone-server

IPv6 firewall script for iptables:
http://bash.cyberciti.biz/firewall/centos-debian-rhel-ipv6-iptables

How to run a firewall script as soon as eth0 interface the connection brings up:
http://www.cyberciti.biz/tips/how-do-i-run-firewall-script-as-soon-as-eth0-interface-brings-up.html

Security shell script to block ip addresses in iptables:
http://bash.cyberciti.biz/firewall/iptables-block-ip-address

Add or delete an ip address remotely using a shell script for iptables:
http://www.cyberciti.biz/faq/linux-iptables-add-delete-ip-address

Simple shell script to stop and flush all iptables rules:
http://bash.cyberciti.biz/security/shell-script-to-stop-linux-firewall

Configure network interface as a bridge / network switch:
http://www.cyberciti.biz/faq/debian-network-interfaces-bridge-eth0-eth1-eth2

Setup a firewall for a web server with iptables:
http://www.cyberciti.biz/faq/linux-web-server-firewall-tutorial

Fix neighbour  table overflow error:
http://www.cyberciti.biz/faq/centos-redhat-debian-linux-neighbor-table-overflow

Detect and block port scan attacks in real-time with psad:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks

Easy firewall generator for iptables:
http://easyfwgen.morizot.net/gen/index.php

A more advanced firewall generator is Firewall Builder
Introduction: http://www.cyberciti.biz/tips/introduction-to-firewall-builder-4-0.html
Part1: http://www.cyberciti.biz/tips/firewall-builder4-webserver-cluster-tutorial.html
Part2: http://www.cyberciti.biz/tips/creating-firewall-cluster-objects-in-firewall-builder.html
Part3: http://www.cyberciti.biz/tips/linux-cluster-building-firewall-rules.html
Part4: http://www.cyberciti.biz/tips/openbsd-pf-firewall-builder-configuration.html

Firewall Builder can also bu used create and build firewall setups for Mac OS X, OpenBSD, FreeBSD and some more systems.
Iptables does work for Mac OS X systems, they can their firewall settings with the command: “pfctl” and us the command: “man pfctl” for instructions