qemu-daemon# ipfw show
00100     0       0 deny ip from table(1,1) port_table(1,5) to any
00200     0       0 deny ip from any to table(1,3) dst-port port_table(1,3)
00300     0       0 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     0       0 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     0       0 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20424 2346020 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# ipfw table 1 list
192.168.0.1/32 2
192.168.0.18/32 3
192.168.0.199/32 1
qemu-daemon# ipfw port_table 1 list
22 1
23 2
80 3
1000 5
1024-65535 4
qemu-daemon# nc -p 1000 192.168.0.18 22
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     0       0 deny ip from any to table(1,3) dst-port port_table(1,3)
00300     0       0 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     0       0 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     0       0 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20661 2367502 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# telnet 192.168.0.18 80
Trying 192.168.0.18...
telnet: connect to address 192.168.0.18: Permission denied
telnet: Unable to connect to remote host
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00300     0       0 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     0       0 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     0       0 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20746 2375625 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# ssh -l tsgan 192.168.0.18
Password:

qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00300    13    1908 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     0       0 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     0       0 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20862 2387753 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# ssh -l tsgan 192.168.0.1
ssh: connect to host 192.168.0.1 port 22: Permission denied
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00300    13    1908 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     1      60 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     0       0 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20902 2391711 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# telnet 192.168.0.18 23
Trying 192.168.0.18...
telnet: connect to address 192.168.0.18: Permission denied
telnet: Unable to connect to remote host
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00300    13    1908 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     1      60 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     1      60 deny ip from any to any dst-port port_table(1,2)
00600     0       0 allow ip from table(1,1) port_table(1,4) to any
65000 20978 2398885 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# telnet 192.168.0.18 514
Trying 192.168.0.18...
telnet: connect to address 192.168.0.18: Connection refused
telnet: Unable to connect to remote host
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00300    13    1908 allow ip from any to table(1,3) dst-port port_table(1,1)
00400     1      60 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     1      60 deny ip from any to any dst-port port_table(1,2)
00600     1      60 allow ip from table(1,1) port_table(1,4) to any
65000 21031 2403971 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# ipfw delete 300
qemu-daemon# ssh -l tsgan 192.168.0.18
Password:

qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00400     1      60 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     1      60 deny ip from any to any dst-port port_table(1,2)
00600    14    1968 allow ip from table(1,1) port_table(1,4) to any
65000 21150 2417083 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon# ssh -l tsgan 192.168.0.1
ssh: connect to host 192.168.0.1 port 22: Permission denied
qemu-daemon# ipfw show
00100     1      60 deny ip from table(1,1) port_table(1,5) to any
00200     1      60 deny ip from any to table(1,3) dst-port port_table(1,3)
00400     2     120 deny ip from any to table(1,2) dst-port port_table(1,1)
00500     1      60 deny ip from any to any dst-port port_table(1,2)
00600    14    1968 allow ip from table(1,1) port_table(1,4) to any
65000 21209 2423221 allow ip from any to any
65535     0       0 deny ip from any to any
qemu-daemon#