Pf

pf is packet filter for BSD variants like FreeBSD.

Here is a sample ruleset that does nothing much except block one IP address to the web server on port 80.

ext\_if="em0"    # replace with actual external interface name i.e., dc0
int\_if="em1"    # replace with actual internal interface name i.e., dc1
internal\_net="192.168.1/24"
scrub in all
pass in all
pass out all
block in quick on $ext\_if proto tcp from 210.209.119.212/32 to any port 80

Start pf with the ruleset above (in /etc/pf.conf)

pf -F -f /etc/pf.conf

On FreeBSD you can use the rc script, assumes proper settings in /etc/rc.conf

/etc/rc.d/pf start

View the ruleset matches

pfctl -v -s rules