в /etc/rc.conf
прописываем
# SECURITY
tcp_extensions="NO"
tcp_drop_synfin="YES"
tcp_restrict_rst="YES"
icmp_drop_redirect="YES"
icmp_log_redirect="YES"
static_routes="0 1 2 3 4 5 6"
route_0="-net 10.0.0.0/8 -iface lo0 -blackhole"
route_1="-net 172.16.0.0/12 -iface lo0 -blackhole"
route_2="-net 192.168.0.0/16 -iface lo0 -blackhole"
route_3="-net 169.254.0.0/16 -iface lo0 -blackhole"
route_4="-net 192.0.2.0/24 -iface lo0 -blackhole"
route_5="-net 224.0.0.0/4 -iface lo0 -blackhole"
route_6="-net 240.0.0.0/4 -iface lo0 -blackhole"
firewall_enable="YES"