This command will deny all packets from the host evil.crackers.org to the telnet port of the host nice.people.org by being forwarded by the router:
ipfw add deny tcp from evil.crackers.org to nice.people.org 23
The next example denies and logs any TCP traffic from the entire crackers.org network (a class C) to the nice.people.org machine (any port).
ipfw add deny log tcp from evil.crackers.org/24 to nice.people.org
If you do not want people sending X sessions to your internal network (a subnet of a class C), the following command will do the necessary filtering:
ipfw add deny tcp from any to my.org/28 6000 setup
To see the accounting records:
ipfw -a list
or in the short form
ipfw -a l
You can also see the last time a chain entry was matched with
ipfw -at l