CDNWiki - KnowledgeBase / FreeBSD / FirewallRedirect

Recompile your kernel and add:

options IPFIREWALL_FORWARD

Add the following rule to the kernel ipfw table:

add 60 forward 127.0.0.2 ip from not table(1) to not 172.16.45.0/24 via vr0 in

Replace 'table(1)' with your desired authorized list table.
Replace '172.16.45.0/24' with your LAN's private subnet.
Replace 'vr0' with the adapter connected to your LAN's private subnet.

All 'authorized' IP addresses go into table 1:

ipfw table 1 add 172.16.45.9/32

Replace '172.16.45.9/32' with the desired IP address.

To handle the Apache Nyah message without messing with your current config:

Instruct Apache to listen on 127.0.0.2
Set up an IP-based virtual host, whose 404 and 200 status messages are both the desired message, cuz you'll be getting a lot of strange URL requests.

<VirtualHost 127.0.0.2:80 >
  ErrorDocument 404 "j00 R t3h suxx0r!"
  ErrorDocument 200 "j00 R t3h suxx0r!"
</VirtualHost>

...or something like that.