The firewall makes use of packet filters as an added means of protection. The packet filters are also critical to the operation of the application-level gateway, as they are used to prevent the UNIX TCP/IP stack from seeing packets that are handled by the gateway. The use of these packet filters is complex, and administrators are advised against customising the packet filters except in the case of blocking all access from a particular external host. To accomplish this, add a line of the form:
ipfw add 1 deny all from address
to the file /usr/local/custom/filters. The address may be in numeric or symbolic (domain name) form.
Alternatively, you can block access to a particular service to the host by using a line of the form:
ipfw add 1 deny tcp from address to any service
or, for UDP:
ipfw add 1 deny udp from address to any service
The service may be given by name or port number.