Here are some notes of what to do to a stock install of FreeBSD 4.x in order to get it to be a firewall (bridging or natting) with an ntp server:
kernel options
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
## for natting:
options IPDIVERT # works with firewall, but not with bridge
## for bridging:
options BRIDGE # doesn't work with NAT, but works with firewall
rc.conf
gateway_enable="YES"
firewall_enable="YES"
firewall_type="Simple"
firewall_quiet="NO"
## for natting:
#natd_enable="YES"
#natd_interface="fxp0" # outside interface
#natd_flags=""
#natd_flags="-u" # unregistered only
ntpdate_enable="YES"
ntpdate_program="ntpdate"
ntpdate_flags="time.nist.gov"
xntpd_enable="YES"
xntpd_flags="-c /etc/ntp/conf -p /var/run/ntpd.pid"
/etc/sysctl.conf
## if bridge, add these to sysctl.conf
# net.link.ether.bridge=1
# net.link.ether.bridge_cfg=fxp0,fxp1
# net.link.ether.bridge_ipfw=1 # for ipfw to pay attention
/etc/ntp/conf
# default deny all packets
restrict default ignore
# allow packets from 127.0.0.1
restrict 127.0.0.1
## add allowed ntp clients like this:
#restrict x.x.x.x mask 255.255.255.0
driftfile /etc/ntp/drift
server tick.cs.unlv.edu
server tick.usno.navy.mil
server time-a.timefreq.bldrdoc.gov
server time.nist.gov
Then:
# echo 0 > /etc/ntp/drift
-and-
edit and customize /etc/rc.firewall in the Simple section