From owner-man-jp-reviewer@jp.freebsd.org  Thu Oct 26 00:38:27 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA28311;
	Thu, 26 Oct 2000 00:38:27 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from mgate08.so-net.ne.jp (mgate08.so-net.ne.jp [210.139.254.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA28306
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 26 Oct 2000 00:38:26 +0900 (JST)
	(envelope-from yt-kage@cb3.so-net.ne.jp)
Received: from mail.cb3.so-net.ne.jp (mail.cb3.so-net.ne.jp [210.139.254.37])
	by mgate08.so-net.ne.jp (8.8.8+3.0Wbeta9/3.6W00101717) with ESMTP id AAA29252
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 26 Oct 2000 00:38:42 +0900 (JST)
Received: from yayoi (p8483dd.ickw.ap.so-net.ne.jp [210.132.131.221])
	by mail.cb3.so-net.ne.jp (8.8.8/3.7W99081617) with SMTP id AAA05800
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 26 Oct 2000 00:38:38 +0900 (JST)
Date: Thu, 26 Oct 2000 00:37:56 +0900
From: Yoshiteru Kageyama <yt-kage@cb3.so-net.ne.jp>
To: man-jp-reviewer@jp.freebsd.org
Message-Id: <39F6FE543A2.26CFYT-KAGE@pop.cb3.so-net.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.25.07
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: man-jp-reviewer 3022
Subject: [man-jp-reviewer 3022] ip6fw.8
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: yt-kage@cb3.so-net.ne.jp

$B0~;3$G$9!#(B
$B$^$:$O!"(Bip6fw.8 $B$N=iLu$+$i!#(B
$BMQ8l$K$D$$$F$O!"BPLuI=$K$"$k$b$N$O$=$l$K9g$o$;$F(B
$B$"$j$^$9!#%W%m%H%3%k$N%a%C%;!<%8$N<oN`$K$D$$$F$O!"(B
$BF|K\8l$KCV$-49$($F$b$o$+$j$K$/$$$@$1$J$N$G$=$N$^$^$G$9!#(B
$B$"$H!":G8e$N$"$?$j$G!"(BWARNING!! $B$H0l9T$$$C$Q$$$K(B
$B$+$+$l$F$$$k$H$3$m$,$"$j$^$9$,!"$3$l$K$D$$$F$O!"(B
$B0l9T$G<}$^$k0L$K=L$a$F$"$j$^$9!#(B

.\"
.\" $FreeBSD: src/sbin/ip6fw/ip6fw.8,v 1.3.2.1 2000/05/04 17:35:17 phantom Exp $
.\"
.Dd March 13, 2000
.\" jpman %Id: ip6fw.8,v 0.0 2000/07/04 03:35:21 horikawa Stab %
.\" WORD:  modifier           $B=$>~;R(B [POSIX]
.\" WORD:  fragmented packet  $B%U%i%0%a%s%H%Q%1%C%H(B
.\" WORD:  encapsulating security payload $B0E9f%Z%$%m!<%I(B [IPv6]
.\" WORD:  no next header     $B<!%X%C%@$J$7(B [IPv6]
.\" WORD:  fine points        $BHyD4@0(B
.Dt IP6FW 8
.Os FreeBSD
.Sh $BL>>N(B
.Nm ip6fw
.Nd IPv6 $B%U%!%$%"%U%)!<%kMQ@)8f%f!<%F%#%j%F%#(B
.Sh $B=q<0(B
.Nm
.Ar file
.Nm ip6fw
.Op Fl f | Fl q
flush
.Nm ip6fw
.Op Fl q
zero
.Op Ar number ...
.Nm ip6fw
delete
.Ar number ...
.Nm ip6fw
.Op Fl aftN
list
.Op Ar number ...
.Nm ip6fw
.Op Fl ftN
show
.Op Ar number ...
.Nm ip6fw
.Op Fl q
add
.Op Ar number
.Ar action
.Op log
.Ar proto
>from
.Ar src
to
.Ar dst
.Op via Ar name | ipv6no
.Op Ar options
.Sh $B2r@b(B
$B=q<0$N9`$K$"$kNc$NBh(B 1 $B9TL\$N$h$&$K;HMQ$9$k$H!"(B
.Ar file
$B$,(B 1 $B9T$:$DFI$_9~$^$l!"(B
.Nm
$B%3%^%s%I$X$N0z?t$KE,MQ$5$l$^$9!#(B
.Pp
.Nm
$B%3!<%I$O!"3F%Q%1%C%H$KBP$7$F%^%C%A$9$k$b$N$,8+$D$+$k$^$G(B
$B%k!<%k%j%9%H$rAv::$9$k$3$H$K$h$C$FF0:n$7$^$9!#(B
$B%k!<%k$K$O$9$Y$F(B 2 $B$D$N4XO"$N$"$k%+%&%s%?$,$"$j$^$9!#(B
$B%Q%1%C%H%+%&%s%?$H%P%$%H%+%&%s%?$G$9!#(B
$B$3$l$i$N%+%&%s%?$O%Q%1%C%H$,%k!<%k$K%^%C%A$9$k$H$-$K(B
$B99?7$5$l$^$9!#(B
.Pp
$B%k!<%k$O!"(B
1 $B$+$i(B 65534 $B$^$G$N(B
.Dq $B9THV9f(B
$B$G=xNs$,$D$1$i$l$F$*$j!"(B
$B%k!<%k$r7h$a$?$j:o=|$7$?$j$9$k$N$K;HMQ$5$l$^$9!#(B
$B%k!<%k$O>:=g$G;n$5$l!"%Q%1%C%H$K:G=i$K%^%C%A$7$?%k!<%k$,(B
$BE,MQ$5$l$^$9!#(B
$BJ#?t$N%k!<%k$,F1$89THV9f$r6&M-$9$k$3$H$,$G$-$^$9!#(B
$B$3$N>l9g!"DI2C$7$?=gHV$G%k!<%k$,E,MQ$5$l$^$9!#(B
.Pp
$BHV9f$r$D$1$:$K%k!<%k$rB-$7$?>l9g!"$=$ND>A0$N%k!<%k$h$j$b(B
100 $BBg$-$$HV9f$,$D$1$i$l$^$9!#(B
$BDj5A$5$l$?%k!<%kHV9f$N:GBgCM$,(B 65434 $B$h$j$bBg$-$$>l9g!"(B
$B?7$7$/Dj5A$5$l$k%k!<%k$O!"%k!<%k$N:G8e$KDI2C$5$l$^$9!#(B
.Pp
$B:o=|A`:n$G$O!"$=$l$,B8:_$9$k>l9g$K$O!"(B
.Ar number
$B$r9THV9f$K$b$D:G=i$N%k!<%k$,:o=|$5$l$^$9!#(B
.Pp
list $B%3%^%s%I$O!"8=:_$N%k!<%k%;%C%H$r=PNO$7$^$9!#(B
.Pp
show $B%3%^%s%I$O(B `ip6fw -a list' $B$HEy2A$G$9!#(B
.Pp
zero $BA`:n$O!"%k!<%kHV9f(B
.Ar number
$B$K4XO"$E$1$i$l$?%+%&%s%?$r(B 0 $B$K$7$^$9!#(B
.Pp
flush $BA`:n$O!"$9$Y$F$N%k!<%k$r:o=|$7$^$9!#(B
.Pp
.Sq #
$B$G;O$^$k%3%^%s%I$*$h$S6uGr$@$1$N%3%^%s%I$O$_$J(B
$BL5;k$5$l$^$9!#(B
.Pp
$B%k!<%k$OI,$:(B 1 $B$D$"$j$^$9(B:
.Bd -literal -offset center
65535 $B$O!"$I$N%[%9%H$+$i$I$N%[%9%H$X$$$/%k!<%H$b5qH]$7$^$9!#(B
.Ed
.Pp
$B$3$N%k!<%k$O%G%U%)%k%H$N%]%j%7$G$9!#$9$J$o$A!"(B
$B2?$b5v$5$J$$$H$$$&$3$H$G$9!#%k!<%k$r@_Dj$9$k:]$K(B
$B$"$J$?$,$9$Y$-;E;v$O!"$3$N%]%j%7$rI,MW$K9g$o$;$F(B
$BJQ99$9$k$H$$$&$3$H$G$9!#(B
.Pp
$B<!$N$h$&$J%*%W%7%g%s$,;HMQ$G$-$^$9(B:
.Bl -tag -width flag
.It Fl a
$B%j%9%HCf$K!"%+%&%s%?CM$rI=<($7$^$9!#(B
.Dq show
$B%3%^%s%I$r;2>H$7$F$/$@$5$$!#(B
.It Fl f
$B4V0c$C$F;HMQ$9$k$HLdBj$r$R$-5/$3$92DG=@-$N$"$k(B
$B%3%^%s%I(B ($B$D$^$j!"(Bflush) $B$N3NG'$r$H$j$^$;$s!#(B
.Ar $BCm0U(B
$B%W%m%;%9$KC<Kv$,3d$jEv$F$i$l$F$$$J$$>l9g$O!"0EL[$N$&$A$K(B
$B$3$N%*%W%7%g%s$,;XDj$5$l$F$$$^$9!#(B
.It Fl q
add $BA`:n$d(B zero $BA`:n!"(Bflush $BA`:n$r9T$C$F$$$k:GCf$K!"(B
$B$=$N%"%/%7%g%s$KBP$7$F2?$bI=<($7$^$;$s(B ($B0EL[$N$&$A$K(B
'-f' $B$,;XDj$5$l$F$$$^$9(B)$B!#(B
$B$3$l$O!"%j%b!<%H%m%0%$%s;~$N%;%C%7%g%s$G(B
$B%9%/%j%W%HFb$GJ#?t$N(B ip6fw $B%3%^%s%I$r<B9T$7$?$j(B
($BNc$($P!"(Bsh /etc/rc.firewall $B$N$h$&$K(B)$B!"(B
$B$?$/$5$s$N(B ip6fw $B%k!<%k%U%!%$%k$r=hM}$7$?$j$9$k$3$H$G(B
$B%k!<%k$rD4@a$9$k$H$-$KJXMx$G$9!#(B
$BDL>o%b!<%I(B (verbose) $B$G(B flush $BA`:n$r9T$&$H!"%a%C%;!<%8$,=PNO(B
$B$5$l$^$9!#%k!<%k$,$9$Y$F(B flush $B$5$l$k$N$G!"%m%0%$%s%;%C%7%g%s$K(B
$B%a%C%;!<%8$rAw$k$3$H$,$G$-$:!"%m%0%$%s%;%C%7%g%s$bJD$8$F$7$^$$$^$9!#(B
$B$=$N$?$a!";D$j$N%k!<%k%;%C%H$O=hM}$5$l$J$/$J$C$F$7$^$$$^$9!#(B
$BI|5l$K$O!"%3%s%=!<%k$X$N%"%/%;%9$,I,MW$K$J$j$^$9!#(B
.It Fl t
list $B$7$F$$$k:GCf$K!":G8e$K%^%C%A$7$?$H$-$N%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
.It Fl N
$B=PNO$G!"%"%I%l%9$*$h$S%5!<%S%9L>$r2r7h$7$h$&$H$7$^$9!#(B
.El
.Pp
.Ar $B%"%/%7%g%s(B :
.Bl -hang -offset flag -width 1234567890123456
.It Ar allow
$B%k!<%k$K%^%C%A$7$?%Q%1%C%H$r5v2D$7$^$9!#(B
$B$=$7$FC5:w$r=*N;$7$^$9!#JLL>$O(B
.Ar pass ,
.Ar permit ,
.Ar accept
$B$G$9!#(B
.It Ar deny
$B%k!<%k$K%^%C%A$7$?%Q%1%C%H$r<N$F$^$9!#(B
$B$=$7$FC5:w$r=*N;$7$^$9!#(B
.Ar drop
$B$O(B
.Ar deny
$B$NJLL>$G$9!#(B
.It Ar reject
($BHs?d>)$G$9(B) $B%k!<%k$K%^%C%A$7$?%Q%1%C%H$r<N$F$F!"(B
ICMPv6 $B$N(B host unreachable notice $B%a%C%;!<%8$r(B
$BAw$m$&$H$7$^$9!#(B
$B$=$7$FC5:w$r=*N;$7$^$9!#(B
.It Ar unreach code
$B%k!<%k$K%^%C%A$7$?%Q%1%C%H$r<N$F$F!"(B
ICMPv6 $B$N(B
unreachable notice with code
.Ar code
$B%a%C%;!<%8$rAw$m$&$H$7$^$9!#$3$3$G!"(B
.Ar code
$B$O(B 0 $B$+$i(B 255 $B$^$G$NHV9f$b$7$/$O<!$NJLL>$N$&$A$N$$$:$l$+$G$9(B:
.Ar noroute ,
.Ar admin ,
.Ar notneighbor ,
.Ar addr ,
.Ar noport
$B!#(B
$B$=$7$FC5:w$r=*N;$7$^$9!#(B
.It Ar reset
TCP $B%Q%1%C%H$N$_$G$9!#(B
$B%k!<%k$K%^%C%A$7$?%Q%1%C%H$r<N$F$F!"(B
TCP reset (RST) notice $B%a%C%;!<%8$rAw$m$&$H$7$^$9!#(B
$B$=$7$FC5:w$r=*N;$7$^$9(B
.Em ($B$^$@F0:n$7$^$;$s(B)
$B!#(B
.It Ar count
$B%k!<%k$K%^%C%A$7$?$9$Y$F$N%Q%1%C%H$KBP$9$k%+%&%s%?$r(B
$B99?7$7$^$9!#(B
$BC5:w$O!"<!$N%k!<%k$X$H7QB3$7$^$9!#(B
.It Ar skipto number
.Ar number
$B$h$j$b>.$5$$HV9f$N$D$$$?%k!<%k$r%9%-%C%W$7$^$9!#(B
$BC5:w$O(B
.Ar number
$B0J>e$NHV9f$N$D$$$?%k!<%k$X$H7QB3$7$^$9!#(B
.El
.Pp
$B%+!<%M%k$r(B
.Dv IP6FIREWALL_VERBOSE
$B$D$-$G%3%s%Q%$%k$7$?>l9g!"%Q%1%C%H$,(B
.Dq log
$B%-!<%o!<%I$D$-$N%k!<%k$K%^%C%A$7$?$H$-$K$O(B
$B%3%s%=!<%k$K%a%C%;!<%8$,I=<($5$l$^$9!#(B
$B%+!<%M%k$r(B
.Dv IP6FIREWALL_VERBOSE_LIMIT
$B%*%W%7%g%s$D$-$G%3%s%Q%$%k$7$?>l9g!"(B
$BFCDj$N%A%'!<%s%(%s%H%j$KBP$7$F(B
$B$3$N%*%W%7%g%s$G;XDj$7$??t$@$1%Q%1%C%H$r<u$1<h$C$?8e$O(B
$B%m%0$r5-O?$7$^$;$s!#$3$N%(%s%H%j$KBP$9$k%+%&%s%?$r(B
$B%/%j%"$9$k$3$H$G%m%0$N5-O?$r:F3+$G$-$^$9!#(B
.Pp
$B%3%s%=!<%k$X$N%m%.%s%0$*$h$S%m%0$N@)8B$r(B
.Xr sysctl 8
$B%$%s%?%U%'!<%9$r2p$7$FF0E*$KD4@0$9$k$3$H$,$G$-$^$9!#(B
.Pp
.Ar proto :
.Bl -hang -offset flag -width 1234567890123456
.It Ar ipv6
$B$9$Y$F$N%Q%1%C%H$,%^%C%A$7$^$9!#(B
$BJLL>(B
.Ar all
$B$OF1$88z2L$r;}$A$^$9!#(B
.It Ar tcp
TCP $B%Q%1%C%H$@$1$,%^%C%A$7$^$9!#(B
.It Ar udp
UDP $B%Q%1%C%H$@$1$,%^%C%A$7$^$9!#(B
.It Ar ipv6-icmp
ICMPv6 $B%Q%1%C%H$@$1$,%^%C%A$7$^$9!#(B
.It Ar <number|name>
$B;XDj$7$?%W%m%H%3%k$@$1$,%^%C%A$7$^$9(B
($B40A4$J%j%9%H$O(B
.Pa /etc/protocols
$B$r;2>H$7$F$/$@$5$$(B)$B!#(B
.El
.Pp
.Ar src
$B$*$h$S(B
.Ar dst :
.Bl -hang -offset flag
.It Ar <address/prefixlen>
.Op Ar ports
.El
.Pp
.Em <address/prefixlen>
$B$O<!$N$h$&$K;XDj$G$-$^$9(B:
.Bl -hang -offset flag -width 1234567890123456
.It Ar ipv6no
An ipv6number of the form
.Li fec0::1:2:3:4
$B$H$$$&7A<0$N(B IPv6 $B%J%s%P!#(B
.It Ar ipv6no/prefixlen
.Li fec0::1:2:3:4/112
$B$N$h$&$J7A<0$N%W%l%U%#%C%/%9D9$r$b$C$?(B IPv6 $B%J%s%P!#(B
.El
.Pp
$B=$>~;R$r(B
.Dq $B;}$?$J$$(B
$B%"%I%l%9$rA0$K$D$1$k$3$H$G%^%C%A$N0UL#$rH?E>$5$;$k$3$H$,$G$-$^$9!#(B
$B$3$l$K$h$C$F!"B>$N$9$Y$F$N%"%I%l%9$,Be$o$j$K%^%C%A$9$k$h$&$K$J$j$^$9!#(B
$B$3$l$O!"%]!<%HHV9f$NA*Br$K$O1F6A$"$j$^$;$s!#(B
.Pp
TCP $B$*$h$S(B UDP $B%W%m%H%3%k$G$O!"%*%W%7%g%s$G(B
.Em ports
$B$,<!$N$h$&$K;XDj$G$-$^$9(B:
.Pp
.Bl -hang -offset flag
.It Ns {port|port-port} Ns Op ,port Ns Op ,...
.El
.Pp
(
.Pa /etc/services
$B$h$j(B) $B%5!<%S%9L>$r(B
$B?tCM$K$h$k%]!<%HHV9f$NBe$o$j$K;HMQ$9$k$3$H$,$G$-$^$9!#(B
$BHO0O$O:G=i$NCM$H$7$F$N$_;XDj$G$-!"%]!<%H%j%9%HD9$O(B
.Dv IP6_FW_MAX_PORTS
(
.Pa /usr/src/sys/netinet/ip6_fw.h
$B$G;XDj(B) $B$^$G$K@)8B$5$l$F$$$^$9!#(B
.Pp
0 $B$G$O$J$$%*%U%;%C%H$r;}$D(B ($B$9$J$o$A!":G=i$N%U%i%0%a%s%H$G$O$J$$(B)
$B%U%i%0%a%s%H%Q%1%C%H$O!"(B1 $B$D0J>e$N%]!<%H$,Ns5s$5$l$?%k!<%k$K$O(B
$B@dBP$K%^%C%A$7$^$;$s!#(B
$B%U%i%0%a%s%H%Q%1%C%H$N%^%C%A$K$D$$$F$N>\:Y$O(B
.Ar frag
$B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
.Pp
$B%k!<%k$O!"%Q%1%C%H$,F~NO$5$l$k$H$-!"$*$h$S=PNO$5$l$k$H$-!"(B
$B$"$k$$$O$=$NN>J}$H$b$G$"$k$H$-$KE,MQ$5$l$^$9!#(B
.Ar in
$B%-!<%o!<%I$O!"F~NO%Q%1%C%H$K$N$_%k!<%k$,%^%C%A$7$J$/$F$O(B
$B$J$i$J$$$3$H$r<($9$b$N$G$9!#(B
.Ar out
$B%-!<%o!<%I$O!"=PNO%Q%1%C%H$K$N$_%k!<%k$,%^%C%A$7$J$/$F$O(B
$B$J$i$J$$$3$H$r<($9$b$N$G$9!#(B
.Pp
$B$"$k%$%s%?%U%'!<%9$rDL$k%Q%1%C%H$K%^%C%A$9$k$?$a$K$O!"(B
.Ar via
$B$r;HMQ$7$F<!$N$h$&$K%$%s%?%U%'!<%9$r;XDj$7$F$/$@$5$$!#(B
.Bl -hang -offset flag -width 1234567890123456
.It Ar via ifX
$B%Q%1%C%H$O!"%$%s%?%U%'!<%9(B
.Ar ifX
$B$rDL$i$J$/$F$O$J$j$^$;$s!#(B
.It Ar via if*
$B%Q%1%C%H$O!"%$%s%?%U%'!<%9(B
.Ar ifX
$B$rDL$i$J$/$F$O$J$j$^$;$s!#$3$3$G!"(BX $B$OG$0U$N%f%K%C%HHV9f$G$9!#(B
.It Ar via any
$B%Q%1%C%H$O!"(B
.Em $B$$$/$D$+(B
$B%$%s%?%U%'!<%9$rDL$i$J$/$F$O$J$j$^$;$s!#(B
.It Ar via ipv6no
$B%Q%1%C%H$O!"(BIPv6 $B%"%I%l%9(B
.Ar ipv6no
$B$r;}$C$?%$%s%?%U%'!<%9$rDL$i$J$/$F$O$J$j$^$;$s!#(B
.El
.Pp
.Ar via
$B%-!<%o!<%I$r;HMQ$9$k$H!"3:Ev%$%s%?%U%'!<%9$O>o$K(B
$B%A%'%C%/$5$l$k$h$&$K$J$j$^$9!#(B
.Ar via
$B$NBe$o$j$K(B
.Ar recv
$B$"$k$$$O(B
.Ar xmit
$B$r;HMQ$9$k$H!"(B
($B$=$l$>$l(B) $B<u?.%$%s%?%U%'!<%9$^$?$OAw?.%$%s%?%U%'!<%9$@$1$,(B
$B%A%'%C%/$5$l$^$9!#(B
$BN>J}$r;XDj$9$k$3$H$G!"<u?.%$%s%?%U%'!<%9!"Aw?.%$%s%?%U%'!<%9$N(B
$BN>J}$H$b$K%Q%1%C%H$r%^%C%A$5$;$k$3$H$,$G$-$^$9!#(B
$BNc$($P!"<!$N$h$&$K$7$^$9!#(B
.Pp
.Dl "ip6fw add 100 deny ip from any to any out recv ed0 xmit ed1"
.Pp
.Ar recv
$B%$%s%?%U%'!<%9$O!"F~NO%Q%1%C%H$"$k$$$O=PNO%Q%1%C%H$N$I$A$i$+$G(B
$B%F%9%H$5$l$^$9!#$3$l$KBP$7$F!"(B
.Ar xmit
$B%$%s%?%U%'!<%9$O!"=PNO%Q%1%C%H$G$7$+%F%9%H$5$l$^$;$s!#(B
$B$=$N$?$a!"(B
.Ar xmit
$B$r;HMQ$9$k>l9g$O$$$D$G$b(B
.Ar out
$B$,I,MW$G$9(B ($B$=$7$F!"(B
.Ar in
$B$OIT@5$G$9(B)$B!#(B
.Ar xmit
$B$"$k$$$O(B
.Ar recv
$B$H0l=o$K(B
.Ar via
$B$r;XDj$9$k$N$OIT@5$G$9!#(B
.Pp
$B%Q%1%C%H$K$O!"<u?.%$%s%?%U%'!<%9$"$k$$$OAw?.%$%s%?%U%'!<%9$,$J$$(B
$B$+$b$7$l$^$;$s!#(Blocalhost $B$+$iAw?.$5$l$?%Q%1%C%H$K$O(B
$B<u?.%$%s%?%U%'!<%9$,$"$j$^$;$s!#$=$7$F!"(Blocalhost $B$X8~$1$F(B
$BAw?.$5$l$?%Q%1%C%H$K$OAw?.%$%s%?%U%'!<%9$,$"$j$^$;$s!#(B
.Pp
$BDI2C$N(B
.Ar options
$B$O<!$NDL$j$G$9!#(B
.Bl -hang -offset flag -width 1234567890123456
.It frag
$B%Q%1%C%H$,%U%i%0%a%s%H$G$"$j!"$7$+$b(B
$B%G!<%?%0%i%`$N:G=i$N%U%i%0%a%s%H$G$J$1$l$P%^%C%A$7$^$9!#(B
.Ar frag
$B$O!"(B
.Ar tcpflags
$B$"$k$$$O(B TCP/UDP $B%]!<%H$N;XDj$H0l=o$K$O;H$&$3$H$,$G$-$^$;$s!#(B
.It in
$B%Q%1%C%H$,F~$C$F$3$h$&$H$7$F$$$k>l9g$K%^%C%A$7$^$9!#(B
.It out
$B%Q%1%C%H$,=P$F$$$3$&$H$7$F$$$k>l9g$K%^%C%A$7$^$9!#(B
.It ipv6options Ar spec
IPv6 $B%X%C%@$K!"(B
.Ar spec
$B$G;XDj$5$l$?%+%s%^6h@Z$j$N%*%W%7%g%s%j%9%H$NMWAG$,4^$^$l$F(B
$B$$$l$P%^%C%A$7$^$9!#(B
$B%5%]!<%H$7$F$$$k(B IPv6 $B%*%W%7%g%s$O<!$NDL$j$G$9!#(B
.Ar hopopt
(hop-by-hop $B%*%W%7%g%s%X%C%@(B)$B!"(B
.Ar route
($B%k!<%F%#%s%0%X%C%@(B)$B!"(B
.Ar frag
($B%U%i%0%a%s%H%X%C%@(B)$B!"(B
.Ar esp
($B0E9f%Z%$%m!<%I(B)$B!"(B
.Ar ah
($BG'>Z%X%C%@(B)$B!"(B
.Ar nonxt
($B<!%X%C%@$J$7(B)$B!"$=$7$F(B
.Ar opts
($B%G%9%F%#%M!<%7%g%s%*%W%7%g%s%X%C%@(B) $B$G$9!#(B
$BFCDj$N%*%W%7%g%s$,$J$$$3$H$O!"(B
.Dq !
$B$GI=$7$^$9(B
.Em ($B$^$@F0:n$7$F$$$^$;$s(B)$B!#(B
.It established
RST $B$"$k$$$O(B ACK $B%S%C%H$,%;%C%H$5$l$F$$$k%Q%1%C%H$K(B
$B%^%C%A$7$^$9!#(B
.It setup
SYN $B%S%C%H$O%;%C%H$5$l$F$$$k$,(B ACK $B%S%C%H$,%;%C%H$5$l$F$$$J$$(B
$B%Q%1%C%H$K%^%C%A$7$^$9!#(B
.It tcpflags Ar spec
TCP $B%X%C%@$K!"(B
.Ar spec
$B$G;XDj$5$l$?%+%s%^6h@Z$j$N%U%i%0%j%9%H$NMWAG$,4^$^$l$F$$$l$P(B
$B%^%C%A$7$^$9!#(B
$B%5%]!<%H$7$F$$$k(B TCP $B%U%i%0$O0J2<$NDL$j$G$9!#(B
.Ar fin ,
.Ar syn ,
.Ar rst ,
.Ar psh ,
.Ar ack ,
$B$=$7$F(B
.Ar urg
$B$G$9!#(B
$BFCDj$N%U%i%0$,$J$$$3$H$O(B
.Dq !
$B$r;H$C$FI=$7$^$9!#(B
.Ar tcpflags
$B;XDj$r4^$s$@%k!<%k$O!"(B
0 $B$G$J$$%*%U%;%C%H$r;}$C$?%U%i%0%a%s%H%Q%1%C%H$K$O(B
$B@dBP$K%^%C%A$7$^$;$s!#(B
$B%U%i%0%a%s%H%Q%1%C%H$X$N%^%C%A$K4X$9$k>\:Y$O(B
.Ar frag
$B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
.It icmptypes Ar types
ICMPv6 $B$N%?%$%W$,(B
.Ar types
$B%j%9%HCf$K$"$l$P%^%C%A$7$^$9!#(B
$B%j%9%H$O!"$I$s$JHO0O$r9g$o$;$?$b$N$G$b;XDj$G$-!"$^$?!"(B
$B8D!9$N%?%$%W$r%+%s%^$G6h@Z$C$?$b$N$G$b;XDj$9$k$3$H$,$G$-$^$9(B
.El
.Sh $B%A%'%C%/%j%9%H(B
$B$3$3$K$O!"$"$J$?$,%k!<%k$r%G%6%$%s$9$k:]$K9MN8$9$Y$-(B
$B=EMW$J%]%$%s%H$r$$$/$D$+=R$Y$F$"$j$^$9!#(B
.Bl -bullet -hang -offset flag
.It
$BF~NO$*$h$S=PNO%Q%1%C%H$NN>J}$r%U%#%k%?$9$k$N$@$H$$$&$3$H$r(B
$BK:$l$J$$$G$/$@$5$$!#$[$H$s$I$N@\B3$K$ON>J}8~$N%Q%1%C%H$,(B
$BI,MW$G$9!#(B
.It
$B$H$F$bCm0U?<$/%F%9%H$9$k$N$rK:$l$J$$$G$/$@$5$$!#(B
$B%F%9%H$9$k:]$K$O%3%s%=!<%k$N6a$/$G9T$&$H$$$&$N$,NI$$%"%$%G%"$G$9!#(B
.It
$B%k!<%W%P%C%/%$%s%?%U%'!<%9$rK:$l$J$$$G$/$@$5$$!#(B
.El
.Sh $BHyD4@0(B
$B%U%!%$%"%&%)!<%k$r$$$D$G$bL5;k$9$k%Q%1%C%H$,(B 1 $B<oN`$"$j$^$9!#(B
$B$=$l$O!"%U%i%0%a%s%H%*%U%;%C%H(B 1 $B$r;}$C$?(B IPv6 $B%U%i%0%a%s%H$G$9!#(B
$B$3$l$O@5$7$$%Q%1%C%H$G$9$,!";HMQJ}K!$O(B 1 $B$D$@$1$G$9!#(B
$B$=$l$O!"%U%!%$%"%&%)!<%k$NH4$1F;$rC5$=$&$H$9$k$3$H$G$9!#(B
.Pp
$B%M%C%H%o!<%/1[$7$K%m%0%$%s$7$F$$$k>l9g$O!"(B
.Nm
$B$N(B KLD $B%P!<%8%g%s$r%m!<%I$9$k$N$O!"$*$=$i$/(B
$B$"$J$?$,;W$C$F$$$k$[$I$K$OD>@\E*$J$b$N$G$O$J$$$G$7$g$&(B
.Em ($B%5%]!<%H$5$l$F$$$^$;$s(B)$B!#(B
$B<!$N$h$&$J%3%^%s%I9T$r?d>)$7$^$9!#(B
.Bd -literal -offset center
kldload /modules/ip6fw_mod.o && \e
ip6fw add 32000 allow all from any to any
.Ed
.Pp
$BF1MM$N>u67$G!"F1$89T$G(B
.Bd -literal -offset center
ip6fw flush
.Ed
.Pp
$B$r9T$&$3$H$bNI$/$J$$%"%$%G%"$G$9!#(B
.Sh $B%Q%1%C%HJQ49(B
$B%5%]!<%H$5$l$F$$$^$;$s!#(B
.Sh $B;HMQNc(B
$B$3$N%3%^%s%I$O!"(B
.Em hacker.evil.org
$B$+$i(B
.Em wolf.tambov.su
$B$N(B telnet $B%]!<%H$X$N(B TCP $B%Q%1%C%H$9$Y$F$r!"$3$N%[%9%H$G(B
$B%U%)%o!<%I$7$J$$$h$&$K$7$^$9!#(B
.Pp
.Dl ip6fw add deny tcp from hacker.evil.org to wolf.tambov.su 23
.Pp
$B<!$N%3%^%s%I$O!"(Bhackers $B%M%C%H%o!<%/A4BN$+$i<+%[%9%H$X$N@\B3$r(B
$B2?$G$"$l6X;_$7$^$9!#(B
.Pp
.Dl ip6fw addf deny all from fec0::123:45:67:0/112 to my.host.org
.Pp
$B$3$l$O!"%+%&%s%HCM$N5-O?$H%?%$%`%9%?%s%W>pJs$rI=<($9$k$?$a$N(B
$B%j%9%H%3%^%s%I$NNI$$;HMQNc$G$9!#(B
.Pp
.Dl ip6fw -at l
.Pp
$B$"$k$$$O!"%?%$%`%9%?%s%W$J$7$N!"C;$$7A<0$N$b$N$O(B
.Pp
.Dl ip6fw -a l
$B$G$9!#(B
.Pp
.Sh $B4XO"%U%!%$%k(B
.Xr ip 4 ,
.Xr ipfirewall 4 ,
.Xr protocols 5 ,
.Xr services 5 ,
.Xr reboot 8 ,
.Xr sysctl 8 ,
.Xr syslogd 8
.Sh $B%P%0(B
.Pp
.Em $BCm0U(B !! $BCm0U(B !! $BCm0U(B !! $BCm0U(B !!
.Pp
$B$3$N%W%m%0%i%`$O!"$"$J$?$N%3%s%T%e!<%?$r$+$J$j;H$($J$$>uBV(B
$B$K$7$F$7$^$&2DG=@-$,$"$j$^$9!#=i$a$F;HMQ$9$k:]$K$O!"(B
$B%3%s%T%e!<%?$N%3%s%=!<%k$G:n6H$7$F$/$@$5$$!#$^$?!"(B
$BM}2r$7$F$$$J$$$3$H$O2?$b(B
.Em $B$7$J$$$G$/$@$5$$(B
$B!#(B
.Pp
$B%A%'!<%s%(%s%H%j$rA`:n(B / $BDI2C$9$k:]$K$O!"%5!<%S%9L>$*$h$S(B
$B%W%m%H%3%kL>$O<u$1IU$1$i$l$^$;$s!#(B
.Sh $B:n<T(B
.An Ugen J. S. Antsilevich ,
.An Poul-Henning Kamp ,
.An Alex Nash ,
.An Archie Cobbs
$B$G$9!#(B
$B%3!<%I$K4p$E$$$?(B API $B$O!"(BBSDI $B$N(B
.An Daniel Boulet
$B$,=q$-$^$7$?!#(B
.Sh $BNr;K(B
.Nm
$B$O:G=i$K(B
.Fx 4.0
$B$GEP>l$7$^$7$?!#(B

