ipfw is one of the first, if not _the_ first firewall in Open Source software. It was written first on FreeBSD and has been ported to NetBSD and Apple Mac OS X. It is a first-match-wins firewall meaning the first rule that matches a packet will be used in the pass/deny policy. At first it was not stateful, this has been added at a later time.
The following people implemented ipfw:
Ugen J. S. Antsilevich, Poul-Henning Kamp, Alex Nash, Archie Cobbs, Luigi Rizzo.
The ipfw command is used to add, delete, show rules.
To add a rule you would type the following:
# ipfw add 1 deny IP from 10.0.0.1 to any 00001 deny ip from 10.0.0.1 to any
To see the rules added to the system you would type the following (also note dynamic rules, these are open states):
# ipfw show 00001 0 0 deny ip from 10.0.0.1 to any ... 01400 46 3816 allow udp from me to any keep-state out ... ## Dynamic rules: 01400 1 80 (T 0, # 160) ty 0 udp, 18.104.22.168 49169 <-> xxx.xxx.173.124 53 01400 1 84 (T 0, # 161) ty 0 udp, 22.214.171.124 49168 <-> xxx.xxx.173.124 53 ...
To delete a rule you would type:
# ipfw delete 1 # ipfw show 1 ipfw: rule 1 does not exist
To flush the entire firewall rules you would type:
# ipfw flush Are you sure? [yn] n
If you are scripting a flush you may want to add the -q flag to ipfw, this will not prompt to flush the rules anymore and just flushes. Be very careful with this by default ipfw will deny all traffic unless the kernel is compiled with the IPFIREWALL_DEFAULT_TO_ACCEPT kernel option. When reloading rules in a script it's important to run it in the background or else the script will not complete loading the rules after the flush.
natd stands for network address translation daemon. It reads from an ipfw divert socket, does the translation and injects the translated packet back into the next firewall rule that processed it. Natd runs in userland not in kernel.