Да, забыл конфиги, вот:
# Define the firewall command
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
#$fwcmd add divert natd all from any to any via fxp0
# Allow all data from network card and localhost.
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp1
$fwcmd add allow ip from any to any via tun0
# ICQ Banners reject
$fwcmd add reject tcp from 152.163.180.1/24 80 to any
$fwcmd add reject tcp from 205.188.248.0/24 80 to any
$fwcmd add reject tcp from 152.163.56.0/24 80 to any
$fwcmd add reject tcp from 205.188.140.0/24 80 to any
# Trusted servers
$fwcmd add allow tcp from тот.комую.даюдоступ to any
$fwcmd add allow tcp from тот.комую.даюдоступ to any
# Allow all connections that initiate.
$fwcmd add allow tcp from any to any out xmit fxp0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via fxp0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 25 setup
# SSH not work for all
#$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv fxp0
# Allow outgoing ICQ and DNS connection
$fwcmd add allow udp from any to any 53 out xmit fxp0
$fwcmd add allow udp from any to 205.188.1.1:255.255.0.0 4000 out xmit fxp0
# Allow them back in with the answers... :)
$fwcmd add allow udp from any 53 to any in recv fxp0
$fwcmd add allow udp from 205.188.1.1:255.255.0.0 4000 to any in recv fxp0
# Allow ftp connections to our host
$fwcmd add allow tcp from any 20 to any 1024-65535 in recv fxp0
# Allow ICMP (for ping and traceroute to work).
$fwcmd add 65435 allow icmp from any to any
# Deny all the rest.
$fwcmd add 65435 deny log ip from any to any