echo '#!/usr/local/bin/bash
 
cmd="/sbin/ipfw -q"
$cmd -f flush
 
$cmd disable one_pass
$cmd add allow all from any to any via lo0
$cmd add deny all from any to 127.0.0.0/8
$cmd add deny all from 127.0.0.0/8 to any
$cmd add deny all from any to any frag

# ssh
$cmd table admin create missing
$cmd table admin add 10.1.1.0/24
$cmd table admin add 192.168.10.0/24
 
$cmd add check-state
#$cmd add allow tcp from any to any established
$cmd add allow all from any to any out keep-state

$cmd add allow ip from "table(admin)" to me 22
 
# Ping
$cmd add allow icmp from "table(admin)" to me in icmptype 8
$cmd add allow icmp from me to "table(admin)" out icmptype 0,8
 
$cmd add allow all from any to any
$cmd add deny log all from any to any' > /etc/ipfw.script

sysrc firewall_enable="YES"
sysrc firewall_script="/etc/ipfw.script"
sysrc firewall_logging="YES"