PC-BSD uses the PF firewall to protect your system. By default, the firewall is configured to let your system make Internet connections, use the ping utility, and to communicate with other Windows and Unix-like systems.
Advanced users who are already familiar with pf will find the default rulebase in /etc/pf.conf. Users who aren't familiar with directly editing this file can instead use the Firewall Manager GUI utility to view and modify the existing firewall rules.
Note: typically it is not necessary to change the firewall rules. If you disable the firewall or remove the nat rule, ports jail will cease to work. You should not remove any existing rules unless you fully understand what the rule does. Similarly, you should only add rules if you understand the security implications of doing so.
To access the Firewall Manager, go to Application Launcher -> System Settings -> Firewall. Figure 7.1a shows the initial screen when you launch this utility:
Figure 7.1a: Firewall Manager Utility
The General Settings tab of this utility allows you to:
- determine whether or not the firewall starts when the system boots; unless you have a reason to do so and understand the security implications, this box should remain checked so your system is protected by the firewall
- start, stop, or restart the firewall: if you add, delete, or modify a firewall rule, you should restart the firewall for your changes to take effect
- restore default configuration: this button allows you to return to the original, working configuration should you not like the changes you make to your firewall rules
To view or modify the firewall rules, click on the Exceptions tab, seen in Figure 7.1b:
Figure 7.1b: Adding a New Firewall Rule