From owner-man-jp-reviewer@jp.freebsd.org  Wed Sep  5 13:35:48 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA99400;
	Wed, 5 Sep 2001 13:35:48 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from smtp1.interramp.com (smtp1.interramp.com [38.8.45.2])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA99395
	for <man-jp-reviewer@jp.freebsd.org>; Wed, 5 Sep 2001 13:35:46 +0900 (JST)
	(envelope-from horikawa@psinet.com)
Received: from [205.164.250.27] (helo=localhost)
	by smtp1.interramp.com with esmtp (Exim 1.90 #1)
	for man-jp-reviewer@jp.freebsd.org
	id 15eUPZ-0004Cu-00; Wed, 5 Sep 2001 00:35:37 -0400
Date: Wed, 05 Sep 2001 00:34:28 -0400 (EDT)
Message-Id: <20010905.003428.85410804.horikawa@psinet.com>
To: man-jp-reviewer@jp.freebsd.org
From: Kazuo Horikawa <horikawa@psinet.com>
X-Mailer: Mew version 2.0 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: man-jp-reviewer 3776
Subject: [man-jp-reviewer 3776] (check) firewall.7
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: horikawa@psinet.com

 $BKY@n$G$9!#(B
 firewall.7 $B$r%A%'%C%/$7$^$7$?!#(B

 o$B!V%W%i%$%Y!<%H!W!V%0%m!<%P%k!W(B
   $B85$N=Q8l$K$"$o$;!"(Binternal $B$O!VFbIt!W$K!"(Bexposed $B$O!V30It$+$i8+$($k!W(B
   $BEy$H$7$^$7$?!#(B
 o $B%+!<%M%k%*%W%7%g%s$N$H$3$m$O!"0ULu$7$?$N$+$b$7$l$^$;$s$,!"86J80U$H(B
   $BBg$-$/N%$l$F$$$k$^$?$O8mLu$H46$8$k$N$G!"=$@5$7$^$7$?!#(B
   loophole $B$O!VH4$17j!W$H$$$&0UL#$G$9!#(B

   $B$3$N%U%!%$%"%&%)!<%k$O!"2?$b@_Dj$7$J$$$H$9$Y$F$N%Q%1%C%H$rDL2a$5$;(B
   $B$J$$$h$&$K$J$C$F$$$k$?$a!"%3%s%=!<%k$K?($k$3$H$,$G$-$J$$$N$J$i(B
   /etc/rc.conf $B$G!":F5/F0;~$KE,@Z$J%k!<%k%;%C%H$rFI$_9~$`$h$&$K$9$kI,(B
   $BMW$,$"$j$^$9!#$^$?!"?7$7$$%j%j!<%9$K@ZBX$($k>l9g$K$O!":F5/F0A0$K%+!<(B
   $B%M%k$r99?7$9$kI,MW$,$"$j$^$9!#$3$l$O(Bipfw(8) $B$,%P!<%8%g%sKh$N8_49@-(B
   $B$rJ]$C$F$$$J$$$3$H$,$"$k$?$a$G!"5/F0;~$K>c32$K$J$k62$l$,$"$j$^$9!#(B
   $B$3$N$?$a$K!"(BIPFIREWALL_DEFAULT_TO_ACCEPT $B$H$$$&%+!<%M%k%*%W%7%g%s$,(B
   $BMQ0U$5$l$F$*$j!"$3$l$K$h$C$F%U%!%$%"%&%)!<%k$N=i4|>uBV$r$9$Y$F$N%Q(B
   $B%1%C%H$rDL2a$5$;$k@_Dj$K$9$k$3$H$,$G$-$^$9!#$7$+$7!"$3$N%*%W%7%g%s(B
   $B$r@_Dj$9$k$3$H$O!"%7%9%F%`$,5/F0$9$k$^$G$N4V$r4m81$K$5$i$9$3$H$K$J(B
   $B$j$^$9!#$3$N%*%W%7%g%s$r;H$&$N$O!"(BFreeBSD $B$K$h$k%U%!%$%"%&%)!<%k$r(B
   $B<jAa$/9=C[$7$?$$;~$@$1$K$H$I$a!"(BFreeBSD $B$K$h$k%U%!%$%"%&%)!<%k5!9=(B
   $B$rMQ$$$F!"$I$N$h$&$K%k!<%W%P%C%/$K$h$k%;%-%e%j%F%#%[!<%k$rJD$8$k$+(B
   $B$rM}2r$7$?;~E@$G;HMQ$r$d$a$k$Y$-$G$9!#(B
    ->
   /etc/rc.conf $B$G!":F5/F0;~$KE,@Z$J%k!<%k%;%C%H$rFI$_9~$`$h$&$K$J$C$F(B
   $B$$$J$$$H!"%3%s%=!<%k$K?($k$3$H$,$G$-$J$$>l9g!"%^%7%s$K%"%/%;%9$9$i(B
   $B$G$-$J$/$J$j$^$9!#$^$?!"?7$7$$%j%j!<%9$N%+!<%M%k$K99?7$9$k;~$K!"%P(B
   $B%$%J%j(B ($BLuCm(B: $B%3%^%s%I$d%i%$%V%i%j$N$3$H(B) $B$r99?7$9$kA0$K%j%V!<%H$r(B
   $B<B9T$7$F$7$^$&$3$H$,$h$/$"$j$^$9!#$3$N7k2L(Bipfw(8) $B$H%+!<%M%k$,Hs8_(B
   $B49$K$J$C$F$7$^$$!"%V!<%H%7!<%1%s%9$G(Bipfw(8) $B$,F0:n$7$J$$$3$H$K$h$j!"(B
   $B%^%7%s$K%"%/%;%9$G$-$J$/$J$C$F$7$^$$$^$9!#$3$N$?$a$K!"(B
   IPFIREWALL_DEFAULT_TO_ACCEPT $B$H$$$&%+!<%M%k%*%W%7%g%s$,MQ0U$5$l$F$*(B
   $B$j!"$3$l$K$h$C$F%U%!%$%"%&%)!<%k$N=i4|>uBV$r$9$Y$F$N%Q%1%C%H$rDL2a(B
   $B$5$;$k@_Dj$K$9$k$3$H$,$G$-$^$9!#$7$+$7!"$3$N%*%W%7%g%s$r@_Dj$9$k$3(B
   $B$H$O!"%7%9%F%`$,5/F0$9$k$^$G$N4V$r4m81$K$5$i$9$3$H$K$J$j$^$9!#K\%*(B
   $B%W%7%g%s$N;HMQ$O!"(BFreeBSD $B%U%!%$%"%&%)!<%k$G2?$,JQ$o$C$?$N$+DI$$IU(B
   $B$/$^$G$N4V$@$1;HMQ$9$Y$-$G$9!#$I$N$h$&$KF0:n$9$k$+$9$Y$FJ,$+$C$?$i!"(B
   $B$3$l$r:o=|$7$F!"H4$17j$r:I$$$F$/$@$5$$!#(B

   $B86J8$O(B The kernel defaults its firewall to deny all packets by
   default, which means that if you do not load in a permissive
   ruleset via /etc/rc.conf, rebooting into your new kernel will take
   the network offline and will prevent you from being able to access
   it if you are not sitting at the console.  It is also quite common
   to update a kernel to a new release and reboot before updating the
   binaries.  This can result in an incompatibility between the
   ipfw(8) program and the kernel which prevents it from running in
   the boot sequence, also resulting in an inaccessible machine.
   Because of these problems the IPFIREWALL_DEFAULT_TO_ACCEPT kernel
   option is also available which changes the default firewall to pass
   through all packets.  Note, however, that this is a very dangerous
   option to set because it means your firewall is disabled during
   booting.  You should use this option while getting up to speed with
   FreeBSD firewalling, but get rid of it once you understand how it
   all works to close the loophole.

 o $B$^$?!"(BUDP $B%U%i%0%a%s%H$d!"$h$jBg$-$J%U%i%0%a%s%H$5$l$?(B 
   UDP $B%Q%1%C%H$bDL2a$5$;$kI,MW$,$"$j$^$9!#(B
   ->
   $B$^$?!"(BUDP $B%U%i%0%a%s%H$O5v2D$9$kI,MW$,$"$j$^$9!#(B
   $B$=$&$7$J$$$H!"%U%i%0%a%s%H$5$l$k$h$&$JBg$-$J(B UDP $B%Q%1%C%H$O(B
   $B%U%!%$%"%&%)!<%k$rDL2a$G$-$^$;$s!#(B

   $B85Lu$G$b8@$$$?$$$3$H$OF1$8$J$N$+$b$7$l$^$;$s$,!"86J8$X$NCi<BEY$,(B
   $B$d$dITB-$7$F$$$k$H46$8$?$N$G!"86J80U$K6a$E$1$^$7$?!#(B

   $B86J8$O(B
   # We have
   # to allow UDP fragments or larger fragmented UDP packets will
   # not survive the firewall.
   $B$G!"(Bor $B0J9_$O!"!V$=$&$7$J$$$H!A$K$J$C$F$7$^$&!W$H$$$&0UL#!#(B

 $B$=$NB>(B
 o 28 $B9TL\IU6a(B collocation facility $B$NLu$,H4$1$F$$$?$N$GJd=<(B
 o$B!VBS0h!W!V%P%s%II}!W$N:.:_$rE}0l(B
 o$B!V$f$/!W(B->$B!V9T$/!W(B
 o$B!V%$%s%?!<%U%'%$%9!W(B->$B!V%$%s%?%U%'!<%9!W(B

--- firewall.7.bak	Sat Sep  1 21:27:27 2001
+++ firewall.7	Sun Sep  2 18:16:56 2001
@@ -2,18 +2,18 @@
 .\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in
 .\" the source tree.
 .\"
-.\" $FreeBSD: src/share/man/man7/firewall.7,v 1.1.2.1 2001/05/27 23:17:50 dillon Exp $
+.\" $FreeBSD: src/share/man/man7/firewall.7,v 1.1.2.4 2001/08/17 13:08:49 ru Exp $
 .\" jpman %Id: firewall.7,v 1.2 2001/08/30 09:48:55 osana Stab %
 .\"
 .Dd May 26, 2001
 .Dt FIREWALL 7
-.Os FreeBSD
+.Os
 .Sh $BL>>N(B
 .Nm firewall
 .Nd FreeBSD $B$GF0:n$9$k4JC1$J%U%!%$%"%&%)!<%k(B
 .Sh $B%U%!%$%"%&%)!<%k$N4pAC(B
-$B%U%!%$%"%&%)!<%k$O0lHL$K!"30It$+$i9T$o$l$k%M%C%H%o!<%/FbIt$X$NIT@5$J%"%/(B
-$B%;%9$rKI$0$?$a$K;H$o$l$^$9!#$^$?!"(BLAN $BFb$@$1$G%5!<%S%9$5$l$k$Y$-(B NFS $B$d(B
+$B%U%!%$%"%&%)!<%k$O0lHL$K!"30It$+$i9T$o$l$k%M%C%H%o!<%/FbIt$X$NIT@5$J%"%/%;%9(B
+$B$rKI$0$?$a$K;H$o$l$^$9!#$^$?!"(BLAN $BFb$@$1$G%5!<%S%9$5$l$k$Y$-(B NFS $B$d(B
 SMBFS $B$N$h$&$J%5!<%S%9$KBP$7$F!"FbIt$N(B IP $B%"%I%l%9$r56Au$7$F30It$+$i9T$o(B
 $B$l$k967b$rKI$0$?$a$K$bMQ$$$i$l$^$9!#(B
 .Pp
@@ -21,108 +21,121 @@
 .Fx
 $B$N%U%!%$%"%&%)!<%k5!9=$O!"(B
 .Xr dummynet 4 
-$B$rMQ$$$?BS0h@)8B$r9T$&$3$H$b$G$-$^$9!#$3$N5!G=$OFC$K=EMW$JL\E*$N$?$a$KBS(B
-$B0hI}$rJ]>Z$7$?$$>l9g$J$I$KM-8z$G$7$g$&!#$?$H$($P!"%*%U%#%9$N(B T1
-(1.5Mbps) $B$rMQ$$$F%S%G%*2q5D$r9T$&>l9g$K!"B>$NDL?.$r(B1Mbps $B$^$G$K2!$($F!"(B
+$B$rMQ$$$?BS0h@)8B$r9T$&$3$H$b$G$-$^$9!#$3$N5!G=$OFC$K=EMW$JL\E*$N$?$a$K(B
+$BBS0hI}$rJ]>Z$7$?$$>l9g$J$I$KM-8z$G$7$g$&!#$?$H$($P!"%*%U%#%9$N(B T1
+(1.5Mbps) $B$rMQ$$$F%S%G%*2q5D$r9T$&>l9g$K!"B>$NDL?.$r(B 1Mbps $B$^$G$K2!$($F!"(B
 $B%S%G%*2q5DMQ$N%3%M%/%7%g%s$K:GDc$G$b(B 0.5Mbps $B$r3NJ]$9$k$3$H$,$G$-$^$9!#(B
-$B$^$?F1MM$K!"M-L>$J%&%'%V%5%$%H$d(B FTP $B%5%$%H$r1?MQ$7$F$$$k>l9g$K$O!"%W%m(B
-$B%P%$%@$+$i$N9b3[$JBS0h2]6b$rHr$1$k$?$a$K;H$&$3$H$b$G$-$^$9!#(B
+$B$^$?F1MM$K!"6&MQ5!4o$GM-L>$J%&%'%V%5%$%H$d(B FTP $B%5%$%H$r1?MQ$7$F$$$k>l9g$K$O!"(B
+$B%W%m%P%$%@$+$i$N9b3[$JBS0h2]6b$rHr$1$k$?$a$K;H$&$3$H$b$G$-$^$9!#(B
 .Pp
 $B$=$l$+$i!"(B
 .Fx
-$B$N%U%!%$%"%&%)!<%k5!9=$O%Q%1%C%H$,@5$7$$E~C#@h$K$f$/$h$&$K%Q%1%C%H$r(B 
-divert $B$7$?$j!"<!$N%[%C%W$N%"%I%l%9$rJQ99$7$?$j$9$k$3$H$b$G$-$^$9!#%Q%1%C(B
-$B%H$N(B divert $B$O<g$K!"%W%i%$%Y!<%H(B IP $B%"%I%l%96u4V$+$i30It$X$N%V%i%&%:$J$I(B
-$B$N%"%/%;%9$r2DG=$K$9$k(B NAT ($B%M%C%H%o!<%/%"%I%l%9JQ49(B) $B$r<B8=$9$k$?$a$KMQ(B
-$B$$$i$l$^$9!#(B
+$B$N%U%!%$%"%&%)!<%k5!9=$O%Q%1%C%H$,@5$7$$E~C#@h$K9T$/$h$&$K%Q%1%C%H$r(B 
+divert $B$7$?$j!"<!$N%[%C%W$N%"%I%l%9$rJQ99$7$?$j$9$k$3$H$b$G$-$^$9!#(B
+$B%Q%1%C%H$N(B divert $B$O<g$K!"%W%i%$%Y!<%H(B IP $B%"%I%l%96u4V$+$i30It$X$N%V%i%&%:$J$I(B
+$B$N%"%/%;%9$r2DG=$K$9$k(B NAT ($B%M%C%H%o!<%/%"%I%l%9JQ49(B) $B$r<B8=$9$k$?$a$K(B
+$BMQ$$$i$l$^$9!#(B
 .Pp
 $B%U%!%$%"%&%)!<%k$r9=C[$9$k$3$H$O4JC1$J$h$&$G$9$,!"B?$/$N?M$,4V0c$$$rHH$7(B
-$B$F$$$^$9!#:G$bB?$$4V0c$$$O!"Jq3gE*$J%U%!%$%"%&%)!<%k$G$J$/!"GSB>E*$J%U%!(B
-$B%$%"%&%)!<%k$r:n$C$F$7$^$&$3$H$G$9!#GSB>E*$J%U%!%$%"%&%)!<%k$O!"%k!<%k%;%C(B
-$B%H$KE,9g$7$J$+$C$?$9$Y$F$N%Q%1%C%H$rDL2a$5$;$k$b$N$G!"Jq3gE*$J%U%!%$%"%&%)!<(B
-$B%k$O%k!<%k%;%C%H$K%^%C%A$7$?%Q%1%C%H$@$1$rDL2a$5$;$^$9!#Jq3gE*$J%U%!%$%"(B
-$B%&%)!<%k$N$[$&$,!"GSB>E*$J$b$N$h$j$b$O$k$+$K0BA4$G$9$,!"@5$7$/F0$/$b$N$r(B
-$B:n$k$N$,Fq$7$/$J$j$^$9!#<!$KB?$$4V0c$$$O!"DL2a$5$;$?$/$J$$$b$N$9$Y$F$rGQ(B
-$B4~$7$F$7$^$&$3$H$G$9!#(BTCP/IP $B$,@5>o$KF0:n$9$k$?$a$K$O!"$?$H$($P(B MTU $B%G%#(B
-$B%9%+%P%j$N<BAu$N$h$&$K!"$$$/$D$+$N(B ICMP $B%(%i!<$rI,MW$H$7$^$9!#F1MM$K!"B?(B
-$B$/$N%G!<%b%s$O!"%3%M%/%7%g%s$rMW5a$9$k%f!<%6!<$rG'>Z$9$k$?$a$K!"(B
+$B$F$$$^$9!#:G$bB?$$4V0c$$$O!"Jq3gE*$J%U%!%$%"%&%)!<%k$G$J$/!"(B
+$BGSB>E*$J%U%!%$%"%&%)!<%k$r:n$C$F$7$^$&$3$H$G$9!#GSB>E*$J%U%!%$%"%&%)!<%k$O!"(B
+$B%k!<%k%;%C%H$KE,9g$7$J$+$C$?$9$Y$F$N%Q%1%C%H$rDL2a$5$;$k$b$N$G!"(B
+$BJq3gE*$J%U%!%$%"%&%)!<%k$O%k!<%k%;%C%H$K%^%C%A$7$?%Q%1%C%H$@$1$rDL2a$5$;$^$9!#(B
+$BJq3gE*$J%U%!%$%"%&%)!<%k$N$[$&$,!"GSB>E*$J$b$N$h$j$b$O$k$+$K0BA4$G$9$,!"(B
+$B@5$7$/F0$/$b$N$r(B
+$B:n$k$N$,Fq$7$/$J$j$^$9!#<!$KB?$$4V0c$$$O!"DL2a$5$;$?$/$J$$$b$N$9$Y$F$r(B
+$BGQ4~$7$F$7$^$&$3$H$G$9!#(BTCP/IP $B$,@5>o$KF0:n$9$k$?$a$K$O!"(B
+$B$?$H$($P(B MTU $B%G%#%9%+%P%j$N<BAu$N$h$&$K!"(B
+$B$$$/$D$+$N(B ICMP $B%(%i!<$rI,MW$H$7$^$9!#(B
+$BF1MM$K!"B?$/$N%G!<%b%s$O!"%3%M%/%7%g%s$rMW5a$9$k%f!<%6$rG'>Z$9$k$?$a$K!"(B
 .Sy auth
-$B%5!<%S%9$K5U8~$-$N%3%M%/%7%g%s$rD%$j$^$9!#(BAuth $B$O4m81$G$9$,!"@5$7$$BP1~(B
-$B$O$?$@%Q%1%C%H$rGQ4~$9$k$N$G$J$/!"(BTCP reset $B$rJV$9$h$&$K$9$k$3$H$G$9!#0J(B
-$B2<$G<($9!"%U%!%$%"%&%)!<%k$N%5%s%W%k$G$O$3$l$i$N;v9`$rK~$?$9$h$&$K$7$F$"(B
-$B$j$^$9!#(B
+$B%5!<%S%9$K5U8~$-$N%3%M%/%7%g%s$rD%$j$^$9!#(Bauth $B$O4m81$G$9$,!"@5$7$$BP1~(B
+$B$O$?$@%Q%1%C%H$rGQ4~$9$k$N$G$J$/!"(BTCP reset $B$rJV$9$h$&$K$9$k$3$H$G$9!#(B
+$B0J2<$G<($9!"%U%!%$%"%&%)!<%k$N%5%s%W%k$G$O$3$l$i$N;v9`$rK~$?$9$h$&$K(B
+$B$7$F$"$j$^$9!#(B
 .Sh IPFW $B$r;H$&$?$a$N%+!<%M%k$N@_Dj(B
 .Fx
 $B$N%U%!%$%"%&%)!<%k5!G=$r;HMQ$9$k$?$a$K$O!"(B
 .Sy IPFIREWALL
-$B%*%W%7%g%s$NF~$C$?%+%9%?%`%+!<%M%k$r9=C[$9$kI,MW$,$"$j$^$9!#$3$N%U%!%$%"(B
-$B%&%)!<%k$O!"2?$b@_Dj$7$J$$$H$9$Y$F$N%Q%1%C%H$rDL2a$5$;$J$$$h$&$K$J$C$F$$(B
-$B$k$?$a!"%3%s%=!<%k$K?($k$3$H$,$G$-$J$$$N$J$i(B
+$B%*%W%7%g%s$NF~$C$?%+%9%?%`%+!<%M%k$r9=C[$9$kI,MW$,$"$j$^$9!#(B
+$B$3$N%U%!%$%"%&%)!<%k$O!"2?$b@_Dj$7$J$$$H$9$Y$F$N%Q%1%C%H$rDL2a$5$;$J$$$h$&$K(B
+$B$J$C$F$$$^$9!#(B
 .Em /etc/rc.conf 
-$B$G!":F5/F0;~$KE,@Z$J%k!<%k%;%C%H$rFI$_9~$`$h$&$K$9$kI,MW$,$"$j$^$9!#(B
-$B$^$?!"?7$7$$%j%j!<%9$K@ZBX$($k>l9g$K$O!":F5/F0A0$K%+!<%M%k$r99?7$9$k(B
-$BI,MW$,$"$j$^$9!#$3$l$O(B
+$B$G!":F5/F0;~$KE,@Z$J%k!<%k%;%C%H$rFI$_9~$`$h$&$K$J$C$F$$$J$$$H!"(B
+$B%3%s%=!<%k$K?($k$3$H$,$G$-$J$$>l9g!"%^%7%s$K%"%/%;%9$9$i$G$-$J$/$J$j$^$9!#(B
+$B$^$?!"?7$7$$%j%j!<%9$N%+!<%M%k$K99?7$9$k;~$K!"(B
+$B%P%$%J%j(B ($BLuCm(B: $B%3%^%s%I$d%i%$%V%i%j$N$3$H(B) $B$r99?7$9$kA0$K(B
+$B%j%V!<%H$r<B9T$7$F$7$^$&$3$H$,$h$/$"$j$^$9!#(B
+$B$3$N7k2L(B
 .Xr ipfw 8
-$B$,%P!<%8%g%sKh$N8_49@-$rJ]$C$F$$$J$$$3$H$,$"$k$?$a$G!"5/F0;~$K>c32$K$J$k(B
-$B62$l$,$"$j$^$9!#$3$N$?$a$K!"(B
+$B$H%+!<%M%k$,Hs8_49$K$J$C$F$7$^$$!"%V!<%H%7!<%1%s%9$G(B
+.Xr ipfw 8
+$B$,F0:n$7$J$$$3$H$K$h$j!"%^%7%s$K%"%/%;%9$G$-$J$/$J$C$F$7$^$$$^$9!#(B
+$B$3$N$?$a$K!"(B
 .Sy IPFIREWALL_DEFAULT_TO_ACCEPT
 $B$H$$$&%+!<%M%k%*%W%7%g%s$,MQ0U$5$l$F$*$j!"$3$l$K$h$C$F%U%!%$%"%&%)!<%k$N(B
-$B=i4|>uBV$r$9$Y$F$N%Q%1%C%H$rDL2a$5$;$k@_Dj$K$9$k$3$H$,$G$-$^$9!#$7$+$7!"(B
+$B=i4|>uBV$r$9$Y$F$N%Q%1%C%H$rDL2a$5$;$k@_Dj$K$9$k$3$H$,$G$-$^$9!#(B
+$B$7$+$7!"(B
 $B$3$N%*%W%7%g%s$r@_Dj$9$k$3$H$O!"%7%9%F%`$,5/F0$9$k$^$G$N4V$r4m81$K$5$i$9(B
-$B$3$H$K$J$j$^$9!#$3$N%*%W%7%g%s$r;H$&$N$O!"(B
-.Fx
-$B$K$h$k%U%!%$%"%&%)!<%k$r<jAa$/9=C[$7$?$$;~$@$1$K$H$I$a!"(B
+$B$3$H$K$J$j$^$9!#(B
+$BK\%*%W%7%g%s$N;HMQ$O!"(B
 .Fx
-$B$K$h$k%U%!%$%"%&%)!<%k5!9=$rMQ$$$F!"$I$N$h$&$K%k!<%W%P%C%/$K$h$k%;%-%e%j(B
-$B%F%#%[!<%k$rJD$8$k$+$rM}2r$7$?;~E@$G;HMQ$r$d$a$k$Y$-$G$9!#;0HVL\$N%*%W%7%g(B
-$B%s$H$7$F!"(B
+$B%U%!%$%"%&%)!<%k$KDI$$IU$/$^$G$N4V$@$1;HMQ$9$Y$-$G$9!#(B
+$B$I$N$h$&$KF0:n$9$k$+$9$Y$FJ,$+$C$?$i!"$3$l$r:o=|$7$F!"H4$17j$r:I$$$F$/$@$5$$!#(B
+$BBh(B 3 $B$N%*%W%7%g%s$H$7$F!"(B
 .Sy IPDIVERT
 $B$,$"$j$^$9!#$3$l$O!"%U%!%$%"%&%)!<%k$,%Q%1%C%H$r%f!<%6%W%m%0%i%`$K(B 
 divert $B$9$k$3$H$,$G$-$k$h$&$K$9$k$b$N$G!"(B
 .Xr natd 8
 $B$K$h$C$F!"%W%i%$%Y!<%H%M%C%H%o!<%/$+$i30It$X%"%/%;%9$G$-$k$h$&$K$9$k$H$-(B
-$B$KI,MW$G$9!#%H%i%U%#%C%/$NBS0h@)8B$O!"(B
-.Sy DUMMYNET
-$B%*%W%7%g%s$rMQ$$!"$3$l$r(B
+$B$KI,MW$G$9!#(B
+$B%H%i%U%#%C%/%?%$%W$K$h$kBS0h@)8B$K$O!"(B
 .Em ipfw pipe
-$B%k!<%k$K$h$C$FM-8z$K$9$k$3$H$G<B8=$G$-$^$9!#(B
-.Pp
+$B%k!<%k$rM-8z$K$9$k$?$a$K!"(B
+.Sy DUMMYNET
+$B%*%W%7%g%s$,I,MW$G$9!#(B
 .Sh IPFW $B$K$h$k%U%!%$%"%&%)!<%k$NNc(B
-$B$3$3$K<($9$N$O!"(B3 $B$D$N%$%s%?!<%U%'%$%9%+!<%I$r$b$D%^%7%s$K(B ipfw $B$K$h$C$F(B
-$B%U%!%$%"%&%)!<%k$r9=C[$9$k>l9g$NNc$G$9!#(Bfxp0 $B$,!V30B&$N!W(BLAN $B$K@\B3$5$l(B
-$B$F$$$^$9!#$3$N(B LAN $B>e$N%^%7%s$O!"(B10. $B$G;O$^$k%W%i%$%Y!<%H$J(B IP $B%"%I%l%9(B
-$B$H!"$b$&$R$H$D$N%0%m!<%P%k$J(B IP $B%"%I%l%9$r;}$A$^$9!#$?$H$($P!"(B
-192.100.5.x $B$,%0%m!<%P%k$J(B IP $B%V%m%C%/$r;X$7!"(B10.x.x.x $B$,%W%i%$%Y!<%H%M%C(B
-$B%H%o!<%/$r;X$7$^$9!#Nc$N$h$&$G$J$$$H$7$F$b!"(B10.0.1.x $B$,(B fxp0 $B$N@\B3$5$l(B
-$B$F$$$k(B LAN $B$N%"%I%l%9!"(B10.0.2.x $B$,(B fxp1 $B$N@\B3$5$l$F$$$k(B LAN $B$N%"%I%l%9!"(B
+$B$3$3$K<($9$N$O!"(B3 $B$D$N%$%s%?%U%'!<%9%+!<%I$r$b$D%^%7%s$GF0:n$7$F$$$k(B
+ipfw $B%Y!<%9$N%U%!%$%"%&%)!<%k$NNc$G$9!#(B
+fxp0 $B$,!V30B&$N!W(BLAN $B$K@\B3$5$l$F$$$^$9!#(B
+$B$3$N(B LAN $B>e$N%^%7%s$O!"(B10. $B$G;O$^$kFbIt(B IP $B%"%I%l%9$H!"(B
+$B%$%s%?!<%M%C%H$K%k!<%F%#%s%0$5$l$k(B IP $B%"%I%l%9$r;}$A!"(B
+$B%G%e%"%k%[!<%`$H$J$C$F$$$^$9!#(B
+$B$?$H$($P!"(B
+192.100.5.x $B$,%$%s%?!<%M%C%H$K%k!<%F%#%s%0$5$l$k(B IP $B%V%m%C%/$r;X$7!"(B
+10.x.x.x $B$,FbIt%M%C%H%o!<%/$r;X$7$^$9!#(B
+$BNc$H$7$FE,@Z$G$O$J$$$+$b$7$l$^$;$s$,!"(B
+10.0.1.x $B$,(B fxp0 $B$N@\B3$5$l$F$$$k(B LAN $B$N%"%I%l%9!"(B
+10.0.2.x $B$,(B fxp1 $B$N@\B3$5$l$F$$$k(B LAN $B$N%"%I%l%9!"(B
 $B$=$7$F(B 10.0.3.x $B$,(B fxp2 $B$N$b$N$G$"$k$H$7$^$9!#(B
 .Pp
 $B$3$NNc$G$O!"(B3 $B$D$N(B LAN $B$9$Y$F$r%$%s%?!<%M%C%H$+$i3VN%$7!"$^$?$=$l$>$l$r(B
-$B$b3VN%$7$?$$$b$N$H$7$^$9!#F1;~$K!"$9$Y$F$N%W%i%$%Y!<%H%"%I%l%9$+$i!"$3$N(B
+$B$b3VN%$7$?$$$b$N$H$7$^$9!#F1;~$K!"$9$Y$F$NFbIt%"%I%l%9$+$i!"$3$N(B
 $B%^%7%s$GAv$C$F$$$k(B NAT $B%2!<%H%&%'%$$r7PM3$7$F%$%s%?!<%M%C%H$X%"%/%;%9$,(B
-$B2DG=$G$"$k$h$&$K$7$^$9!#(BNAT $B%2!<%H%&%'%$$rF0:n$5$;$k$?$a$K$O!"(Bfxp0 $B$KFb(B
-$BIt%"%I%l%9$N(B 10. $B$N$[$+$K!"%$%s%?!<%M%C%H$+$i%"%/%;%92DG=$J%"%I%l%9$r;}(B
-$B$?$;$kI,MW$,$"$j$^$9!#$3$N%"%I%l%9(B ($B$3$3$G$O<($7$F$$$^$;$s(B) $B$,!"$3$N%^%7(B
-$B%s$N8x<0$J%"%I%l%9$G$"$j!"$b$&$R$H$D$N30It$+$i%"%/%;%92DG=$J%"%I%l%9(B ($B$3(B
-$B$NNc$G$O(B 192.100.5.5 $B$G$9(B)$B$,(B NAT $B%2!<%H%&%'%$$H$7$F$N%"%I%l%9$H$J$j$^$9!#(B
-$B$3$NNc$O!"30It$+$i8+$($k(B LAN $B$K$b%W%i%$%Y!<%H$J%"%I%l%9$r3d$jEv$F$k$3$H(B
-$B$K$h$C$F!"$9$3$7J#;($K$J$C$F$$$^$9!#$7$+$7$3$NJ}K!$K$h$C$F!"%W%i%$%Y!<%H(B
-$B$J%5!<%S%9$O%W%i%$%Y!<%H$J%"%I%l%9$K$N$_%P%$%s%I$7!"%$%s%?!<%M%C%H$+$i<i(B
-$B$k$3$H$,$G$-$k$h$&$K$J$j$^$9!#%0%m!<%P%k$J(B IP $B%"%I%l%9$K%P%$%s%I$9$k%5!<(B
-$B%S%9$O!"%$%s%?!<%M%C%H$KBP$7$F8x3+$7$h$&$H$9$k$b$N$@$1$K$9$k$N$G$9!#(B
+$B2DG=$G$"$k$h$&$K$7$^$9!#(BNAT $B%2!<%H%&%'%$$rF0:n$5$;$k$?$a$K$O!"(Bfxp0 $B$K(B
+$BFbIt%"%I%l%9$N(B 10. $B$N$[$+$K!"%$%s%?!<%M%C%H$+$i8+$($k%"%I%l%9$r;}$?$;$k(B
+$BI,MW$,$"$j$^$9!#$3$N%"%I%l%9(B ($B$3$3$G$O<($7$F$$$^$;$s(B) $B$,!"$3$N%^%7%s$N(B
+$B8x<0$J%"%I%l%9$G$"$j!"$b$&$R$H$D$N30It$+$i8+$($k%"%I%l%9(B
+($B$3$NNc$G$O(B 192.100.5.5 $B$G$9(B) $B$,(B NAT $B%2!<%H%&%'%$$H$7$F$N%"%I%l%9$H$J$j$^$9!#(B
+$B$3$NNc$O!"30It$+$i8+$($k(B LAN $B$N%^%7%s$K$bFbIt%"%I%l%9(B 10.0.0.x $B$r3d$jEv$F$k$3$H(B
+$B$K$h$C$F!"$9$3$7J#;($K$J$C$F$$$^$9!#$7$+$7$3$NJ}K!$K$h$C$F!"(B
+$BFbIt%5!<%S%9$OFbIt%"%I%l%9$K$N$_%P%$%s%I$7!"%$%s%?!<%M%C%H$+$i<i$l$^$9!#(B
+$B30$+$i8+$($k(B IP $B%"%I%l%9$K%P%$%s%I$9$k(B
+$B%5!<%S%9$O!"%$%s%?!<%M%C%H$KBP$7$F8x3+$7$h$&$H$9$k$b$N$@$1$K$9$k$N$G$9!#(B
 .Pp
 $B$3$NNc$G$O!"%M%C%H%o!<%/(B 10.0.0.x $B$O%U%!%$%"%&%)!<%k$K$h$C$FJ]8n$5$l$F$$(B
-$B$^$;$s!#$3$N%M%C%H%o!<%/$r30It$+$i$N%"%I%l%956Au(B (spoofing) $B$+$i<i$k$?$a(B
-$B$K!"%k!<%?$K$h$kJ]8n$r3NG'$7$F2<$5$$!#$7$+$7!"$3$NJ}K!$K$h$C$F!"%0%m!<%P(B
-$B%k$J%M%C%H%o!<%/$K@\B3$5$l$F$$$k%[%9%H4V$G$b!"%W%i%$%Y!<%H$J%"%I%l%96u4V(B 
-(10.0.0.x) $B$rMQ$$$F<+M3$K%5!<%S%9$r9T$&$3$H$,$G$-$^$9!#$3$NJ}K!$K$O$$$/(B
-$B$i$+$N%;%-%e%j%F%#>e$N4m81$,H<$C$F$*$j!"%0%m!<%P%k$J%M%C%H%o!<%/$K@\B3$5(B
-$B$l$F$$$k%[%9%H$KLdBj$,$"$k>l9g$K$O2?$,5/$-$k$+$o$+$j$^$;$s!#$3$N4m81$r2s(B
-$BHr$9$k$?$a$K$O!"%k!<%k(B 01010 $B$H(B 01011 $B$r:o=|$7$F!"(BLAN0 $B7PM3$GF~$C$F$/$k(B
-$B$b$N$9$Y$F$r(B firewall $B$r7PM3$9$k$h$&$K$9$k$Y$-$G$9!#(B
+$B$^$;$s!#$3$N%M%C%H%o!<%/$r30It$+$i$N%"%I%l%956Au$+$i<i$k$?$a$K!"(B
+$B%$%s%?!<%M%C%H%k!<%?$K$h$kJ]8n$r3NG'$7$F2<$5$$!#(B
+$B$^$?Nc$G$O!"30It$+$i8+$($k%[%9%H$,(B
+$BFbIt(B IP $B%"%I%l%9$rDL$8$F%5!<%S%9$rA`:n$9$k>l9g!"(B
+$BFbIt$N%M%C%H%o!<%/$KHs>o$K<+M3$K%"%/%;%92DG=$H$7$F$$$^$9!#(B
+$B$3$NJ}K!$K$O$$$/$i$+$N%;%-%e%j%F%#>e$N4m81$,H<$C$F$*$j!"(B
+$B30It$+$i8+$($k%[%9%H$KLdBj$,$"$k>l9g$K$O2?$,5/$-$k$+$o$+$j$^$;$s!#(B
+$B$3$N4m81$r2sHr$9$k$?$a$K$O!"%k!<%k(B 01010 $B$H(B 01011 $B$r:o=|$7$F!"(B
+LAN0 $B7PM3$GF~$C$F$/$k$b$N$9$Y$F$r(B firewall $B$r7PM3$9$k$h$&$K$9$k$Y$-$G$9!#(B
 .Pp
-$B$^$?!"$3$NNc$G$OFbIt%"%I%l%96u4V$r;H$&$3$H$,%U%!%$%"%&%)!<%k$K$h$kJ]8n5!(B
-$B9=$N=EMW$JE@$G$"$k$3$H$KCeL\$7$F$/$@$5$$!#E,@Z$J%"%I%l%956AuBP:v$r9T$&$3(B
+$B$^$?!"$3$NNc$G$OFbIt%"%I%l%96u4V$r;H$&$3$H$,%U%!%$%"%&%)!<%k$K$h$kJ]8n5!9=(B
+$B$N=EMW$JE@$G$"$k$3$H$KCeL\$7$F$/$@$5$$!#E,@Z$J%"%I%l%956AuBP:v$r9T$&$3(B
 $B$H$K$h$j!"30It$+$i!"FbIt(B (LAN1 $B$*$h$S(B LAN2) $B$N%[%9%H$KD>@\%"%/%;%9$9$k$3(B
 $B$H$OIT2DG=$H$J$j$^$9!#(B
 .Bd -literal
@@ -134,11 +147,11 @@
 # $B%U%!%$%"%&%)!<%k$rDL2a$9$k0l;~E*$J%]!<%H3d$jEv$F$NHO0O$r@_Dj(B
 #
 # $BCm0U(B : $B%U%!%$%"%&%)!<%k$rDL$8$F9T$o$l$k%5!<%S%9$NIi2Y$,9b$$>l9g$K$O!"(B
-# $B$h$k9-$$%]!<%H3dEv$NHO0O$rI,MW$H$9$k$3$H$K$J$j$^$9!#$=$N$h$&$J:]$K$O(B
+# $B$h$j9-$$%]!<%H3dEv$NHO0O$rI,MW$H$9$k$3$H$K$J$j$^$9!#$=$N$h$&$J:]$K$O(B
 # 4000-10000 $B$d(B 4000-30000 $B$,$h$jNI$$A*Br$G$7$g$&!#(B
 ip_portrange_first=4000
 ip_portrange_last=5000
-...
+\&...
 .Ed
 .Pp
 .Bd -literal
@@ -148,11 +161,11 @@
 # LAN0	    10.0.0.X $B$H(B 192.100.5.X ($B%G%e%"%k%[!<%`(B)
 # LAN1	    10.0.1.X 
 # LAN2	    10.0.2.X
-# sw:	    $B%$!<%5%M%C%H%9%$%C%A(B
+# sw:	    $B%$!<%5%M%C%H%9%$%C%A(B ($B4IM}BP>]30(B)
 #
-# 192.100.5.x $B$O!"%0%m!<%P%k$J(B IP $B%"%I%l%9(B ($B30It$+$iD>@\E~C#2DG=$G$"$k$3(B
-# $B$H(B) $B$r0UL#$7$^$9!#(B10.x.x.x $B$O!"%W%i%$%Y!<%H$J(B IP $B%"%I%l%9(B ($B%$%s%?!<%M%C(B
-# $B%H$+$i$O8+$($J$$$3$H(B) $B$rI=$7$^$9!#(B
+# 192.100.5.x $B$O!"%$%s%?!<%M%C%H$+$i8+$($k(B IP $B%"%I%l%9(B ($B%$%s%?!<%M%C%H$+$i(B
+# $B%k!<%F%#%s%0$5$l$k(B) $B$r0UL#$7$^$9!#(B10.x.x.x $B$O!"FbIt(B IP $B%"%I%l%9(B
+# ($B30$+$i$O8+$($J$$(B) $B$rI=$7$^$9!#(B
 #
 #   [LAN1]
 #      ^
@@ -165,27 +178,28 @@
 #      +--> $B30B&$N%[%9%H(B B
 #      +--> $B30B&$N%[%9%H(B C
 #      |
-#   $B%k!<%?(B (2$BHVL\$N%U%!%$%"%&%)!<%k(B)
+#   $B%$%s%?!<%M%C%H%k!<%?(B (2 $BHVL\$N%U%!%$%"%&%)!<%k(B)
 #      |
 #    [$B%$%s%?!<%M%C%H(B]
 #
-# $BCm0U!*(B $B$3$3$K$O=q$+$l$F$$$^$;$s$,!"%k!<%?$OH/?.85%"%I%l%9$,(B 10.  $B$G$"(B
-# $B$k%Q%1%C%H$r!"(B 10.0.0.x $B%V%m%C%/$rJ]8n$9$k$?$a$K5v2D$7$J$$$h$&$K@_Dj$5(B
-# $B$l$kI,MW$,$"$j$^$9!#$^$?!"$3$N%V%m%C%/$N%[%9%H$G$O!"30It$+$i$N%"%/%;%9(B
-# $B$r5v2D$9$k%5!<%S%9$KBP$7$F$N$_!"%0%m!<%P%k$J%"%I%l%9$K%P%$%s%I$9$k$h$&(B
-# $B$K$9$k$Y$-$G$9!#(B
-#
-
-# NAT $B%2!<%H%&%'%$$O!"%W%i%$%Y!<%H$J(B IP $B%"%I%l%9$+$i30It$N(B IP $B%"%I%l%9$X(B
+# $BCm0U!*(B $B$3$3$K$O=q$+$l$F$$$^$;$s$,!"%$%s%?!<%M%C%H%k!<%?$OH/?.85%"%I%l%9$,(B
+# 10. $B$G$"$k%Q%1%C%H$r5v2D$7$J$$$h$&$K@_Dj$5$l$kI,MW$,$"$j$^$9!#(B
+# $B$3$l$O!"%G%e%"%k%[!<%`$N(B 10.0.0.x $B%V%m%C%/$rJ]8n$9$k$?$a$G$9!#(B
+# $B$=$&$G$J$1$l$P!"30It$+$i8+$($k%[%9%H$O!"$3$NNc$G$O<i$i$l$F$$$^$;$s!#(B
+# $B$3$l$i$N%[%9%H$O!"30It$K8+$;$k%5!<%S%9$N$_$r30It$+$i8+$($k%"%I%l%9$K(B
+# $B%P%$%s%I$9$Y$-$G$9!#FbIt%5!<%S%9$O!"0BA4$KFbIt%"%I%l%9$K%P%$%s%I2DG=$G$9!#(B
+# 
+# NAT $B%2!<%H%&%'%$$O!"FbIt$N(B IP $B%"%I%l%9$+$i30It$N(B IP $B%"%I%l%9$X(B
 # $B8~$1$FAw$i$l$k%Q%1%C%H$r!"%]!<%H(B 8668 $B$G(B listen $B$7$F$$$k(B natd $B$KE>Aw$9(B
-# $B$k$3$H$K$h$C$FF0:n$7$^$9!#$3$NF0:n$O%k!<%k(B 300 $B$K$h$C$F;XDj$5$l$F$$$^(B
-# $B$9!#(Bnatd $B$KJV$C$F$/$k%Q%1%C%H$bF1MM$K!"%k!<%k(B 301 $B$K$h$C$F(B natd $B$KAw$i(B
-# $B$l$^$9!#$3$NNc$NFCD'$O!"%0%m!<%P%k$J%[%9%H$KAw$i$l$k%W%i%$%Y!<%H$J%j%/(B
-# $B%(%9%H$O!"(BNAT $B$rDL$5$J$$(B ($B%k!<%k(B 00290) $B$h$&$K$7$F$$$k$3$H$G$9!#$3$l$O!"(B
-# $B%0%m!<%P%k$J%[%9%H$b%W%i%$%Y!<%H$J(B 10. $B%M%C%H%o!<%/$N$3$H$,$o$+$k$N$G(B
-# $B2DG=$G$"$j!"(Bnatd $B$NIi2Y$r7Z8:$9$k$3$H$,$G$-$^$9!#$^$?F1MM$K!"$$$:$l$b(B
-# $B%W%i%$%Y!<%H%M%C%H%o!<%/4V$N%H%i%U%#%C%/$b(B natd $B$r7PM3$7$J$$$h$&$K@_Dj(B
-# $B$7$F$"$j$^$9!#(B/etc/rc.local $B$+$i$O!"(Bnatd $B$O0J2<$N$h$&$K5/F0$5$l$^$9!#(B
+# $B$k$3$H$K$h$C$FF0:n$7$^$9!#$3$NF0:n$O%k!<%k(B 00300 $B$K$h$C$F;XDj$5$l$F$$$^$9!#(B
+# $B303&$+$i(B natd $B$KJV$C$F$/$k%Q%1%C%H$bF1MM$K!"%k!<%k(B 00301 $B$K$h$C$F(B natd $B$K(B
+# $BAw$i$l$^$9!#$3$NNc$G6=L#?<$$$N$O!"30$K8+$;$F$$$k%[%9%H$X$NFbIt$+$i$N(B
+# $B%j%/%(%9%H$O!"(Bnatd ($B%k!<%k(B 00290) $B$rDL$9I,MW$,$J$$$H$$$&$3$H$G$9!#(B
+# $B$3$l$O!"30It$K8+$;$F$$$k%[%9%H$bFbIt$N(B 10. $B%M%C%H%o!<%/$N$3$H$,$o$+$k$N$G(B
+# $B2DG=$G$"$j!"(Bnatd $B$NIi2Y$r7Z8:$9$k$3$H$,$G$-$^$9!#FbIt$N%H%i%U%#%C%/$b(B
+# natd $B$rDL$9I,MW$,$"$j$^$;$s!#$3$l$i$N%[%9%H$O!"FbIt$N(B 10. $B%M%C%H%o!<%/$N(B
+# $B%k!<%F%#%s%0$N$3$H$,$o$+$k$?$a$G$9!#(B
+# /etc/rc.local $B$+$i$O!"(Bnatd $B$O0J2<$N$h$&$K5/F0$5$l$^$9!#(B
 # natd $B$N%+!<%M%kAH$_9~$_7?$N%P!<%8%g%s$G$"$k(B ipnat $B$K$D$$$F$b;2>H$7$F$/(B
 # $B$@$5$$!#(B
 #
@@ -196,13 +210,13 @@
 add 00300 divert 8668 ip from 10.0.0.0/8 to not 10.0.0.0/8
 add 00301 divert 8668 ip from not 10.0.0.0/8 to 192.100.5.5
 
-# $B9b$$%P%s%II}$N%"%/%;%9$,%k!<%k%;%C%HA4BN$rDL2a$7$F$$$/$N$rKI$0$?$a$N%7%g!<(B
-# $B%H%+%C%H%k!<%k$r@_Dj$7$^$9!#$9$G$K3NN)$5$l$F$$$k(B TCP $B%3%M%/%7%g%s$O$=(B
-# $B$N$^$^DL$7!"$^$?30$X=P$k%Q%1%C%H$bF1MM$K$7$^$9!#%U%!%$%"%&%)!<%k$rDL$9(B
+# $B9b$$BS0h$N%"%/%;%9$,%k!<%k%;%C%HA4BN$rDL2a$7$F$$$/$N$rKI$0$?$a$N%7%g!<%H(B
+# $B%+%C%H%k!<%k$r@_Dj$7$^$9!#$9$G$K3NN)$5$l$F$$$k(B TCP $B%3%M%/%7%g%s$O$=$N$^$^(B
+# $BDL$7!"$^$?30$X=P$k%Q%1%C%H$bF1MM$K$7$^$9!#%U%!%$%"%&%)!<%k$rDL$9(B
 # $B$N$OF~NO%Q%1%C%H$@$1$K$7$^$9!#(B
 #
-# $B3NN)$5$l$?(B TCP $B%3%M%/%7%g%s$r$=$N$^$^DL$7$F$7$^$&$3$H$O>.$5$J%;%-%e%j(B
-# $B%F%#%[!<%k$K$J$j$^$9$,!"%U%!%$%"%&%)!<%k$N2a>j$JIi2Y$rHr$1$k0UL#$GI,MW(B
+# $B3NN)$5$l$?(B TCP $B%3%M%/%7%g%s$r$=$N$^$^DL$7$F$7$^$&$3$H$O>.$5$J%;%-%e%j%F%#(B
+# $B%[!<%k$K$J$j$^$9$,!"%U%!%$%"%&%)!<%k$N2a>j$JIi2Y$rHr$1$k0UL#$GI,MW(B
 # $B$K$J$k$3$H$b$"$j$^$9!#$b$7?4G[$J$i$P$3$N%k!<%k$r!"%"%I%l%956Au%A%'%C%/(B
 # $B$N$&$7$m$K0\F0$9$k$3$H$b$G$-$^$9!#(B
 #
@@ -211,9 +225,9 @@
 add 01001 allow all from any to any out via fxp1
 add 01001 allow all from any to any out via fxp2
 
-# $B%"%I%l%956AuKI;_$N%k!<%k$G$9!#$3$l$O!"%W%i%$%Y!<%H%M%C%H%o!<%/$N%Q%1%C(B
-# $B%H$r$I$l$/$i$$?.Mj$9$k$+$K$h$C$FJQ$o$C$F$-$^$9!#(Bfxp1 $B$r7PM3$9$k%Q%1%C(B
-# $B%H$OI,$:!"(B10.0.1.x $B$+$i$N$b$N$($J$1$l$P$J$j$^$;$s!#(Bfxp2 $B$r7PM3$9$k$b$N(B
+# $B%"%I%l%956AuKI;_$N%k!<%k$G$9!#$3$l$O!"FbIt%M%C%H%o!<%/$N%Q%1%C%H$r(B
+# $B$I$l$/$i$$?.Mj$9$k$+$K$h$C$FJQ$o$C$F$-$^$9!#(Bfxp1 $B$r7PM3$9$k%Q%1%C%H$OI,$:!"(B
+# 10.0.1.x $B$+$i$N$b$N$G$J$1$l$P$J$j$^$;$s!#(Bfxp2 $B$r7PM3$9$k$b$N(B
 # $B$O(B 10.0.2.x $B$+$i$G$9!#(Bfxp0 $B$r7PM3$9$k$b$N$,(B LAN1 $B$d(B LAN2 $B%V%m%C%/$+$i(B
 # $B$N$b$N$G$"$k$3$H$b$"$jF@$^$;$s!#$3$3$G$O(B 10.0.0.x $B$rJ]8n$9$k$3$H$O$G$-(B
 # $B$J$$$N$G!"%k!<%?$rE,@Z$K@_Dj$9$kI,MW$,$"$j$^$9!#(B
@@ -223,17 +237,15 @@
 add 01501 deny all from 10.0.1.0/24 in via fxp0
 add 01501 deny all from 10.0.2.0/24 in via fxp0
 
-# $B$3$NNc$N%k!<%k%;%C%H$G$O!"%0%m!<%P%k$J(B IP $B%"%I%l%9$rJ;$;;}$D$b$N(B ($B$3$l(B
-# $B$O%W%i%$%Y!<%H$J(B IP $B%"%I%l%9$b;}$C$F$$$^$9(B) $B$b4^$a$F!"%W%i%$%Y!<%H%M%C(B
-# $B%H%o!<%/>e$N%[%9%H4V$K$O2?$N@)Ls$b@_$1$F$$$^$;$s!#$3$l$O%;%-%e%j%F%#%[!<(B
-# $B%k$K$J$k2DG=@-$,$"$j$^$9(B ($B%0%m!<%P%k(B IP $B%"%I%l%9$H%W%i%$%Y!<%H(B IP $B%"%I(B
-# $B%l%9$NN>J}$r$b$D7W;;5!$K2?$+$,$"$C$?$i$I$&$J$k$G$7$g$&$+(B ?)$B!#$3$l$i(B 
-# 3 $B$D$N(B LAN $B$NDL?.$r$-$A$s$H@)8B$7$?$$$N$G$"$l$P!"0J2<$N$U$?$D$N%k!<%k(B
-# $B$r30$7$F2<$5$$!#(B
-#
-# LAN1 $B$H(B LAN2 $B$r8IN)$5$;$F!"$7$+$7%0%m!<%P%k$J(B IP $B%"%I%l%9$rJ;$;;}$D%[(B
-# $B%9%H$+$i$N<+M3$J%"%/%;%9$r5v$7$?$1$l$P!"%k!<%k(B 01010 $B$@$1$r:o=|$7$F!"(B
-# 01011 $B$O;D$7$F2<$5$$!#(B
+# $B$3$NNc$N%k!<%k%;%C%H$G$O!"FbIt%[%9%H4V$K$O2?$N@)Ls$b@_$1$F$$$^$;$s!#(B
+# $B30It$+$i8+$($k(B LAN $B>e$N%[%9%H$G$"$C$F$b!"FbIt(B IP $B%"%I%l%9$r;HMQ$9$k(B
+# $B8B$j$K$*$$$F$O$=$&$G$9!#$3$l$O%;%-%e%j%F%#%[!<%k$K$J$k2DG=@-$,$"$j$^$9(B
+# ($B30It$+$i8+$($k%[%9%H$K2?$+$,$"$C$?$i$I$&$J$k$G$7$g$&$+(B ?)$B!#$3$l$i(B 
+# 3 $B$D$N(B LAN $B$N4V$NDL?.$r40A4$K@)8B$7$?$$$N$G$"$l$P!"0J2<$N$U$?$D$N%k!<%k(B
+# $B$r:o=|$7$F$/$@$5$$!#(B
+#
+# LAN1 $B$H(B LAN2 $B$r8IN)$5$;$F!"$7$+$730It$+$i8+$($k%[%9%H4V$N<+M3$J%"%/%;%9$r(B
+# $B5v$7$?$1$l$P!"%k!<%k(B 01010 $B$@$1$r:o=|$7$F!"(B01011 $B$O;D$7$F2<$5$$!#(B
 #
 # ($B%3%a%s%H%"%&%H$7$F$"$j$^$9$,!"$h$j@)Ls$N>/$J$$%U%!%$%"%&%)!<%k$K$9$k(B
 # $B>l9g$O$3$l$i$rM-8z$K$7$F$/$@$5$$(B)
@@ -245,40 +257,41 @@
 #
 # $B$h$j@)Ls$N6/$$%U%!%$%"%&%)!<%k$r;H$&>l9g$K$O!"FCDj$N(B LAN $B$+$i%U%!%$%"(B
 # $B%&%)!<%k>e$GF0:n$7$F$$$kFCDj$N%5!<%S%9$K%"%/%;%9$G$-$k$h$&$K$9$k$3$H$K(B
-# $B$J$j$^$9!#$3$NNc$G$O!"(BLAN1 $B$,%U%!%$%"%&%)!<%k>e$GF0$$$F$$$k%U%!%$%k6&(B
-# $BM-$rI,MW$H$9$k$H2>Dj$7$^$9!#$b$7!"%k!<%k(B 01010 $B$,M-8z$K$J$C$F$$$k$h$&(B
-# $B$J!"@)Ls$N4K$$%U%!%$%"%&%)!<%k$G$"$l$P$3$l$i$N%k!<%k$OITMW$G$9!#(B
+# $B$J$j$^$9!#$3$NNc$G$O!"(BLAN1 $B$,%U%!%$%"%&%)!<%k>e$GF0$$$F$$$k%U%!%$%k6&M-(B
+# $B$rI,MW$H$9$k$H2>Dj$7$^$9!#$b$7!"%k!<%k(B 01010 $B$,M-8z$K$J$C$F$$$k$h$&$J!"(B
+# $B@)Ls$N4K$$%U%!%$%"%&%)!<%k$G$"$l$P$3$l$i$N%k!<%k$OITMW$G$9!#(B
 #
 add 01012 allow tcp from 10.0.1.0/8 to 10.0.1.1 139
 add 01012 allow udp from 10.0.1.0/8 to 10.0.1.1 137,138
 
-# $BFbIt!"30It$N(B LAN $B$KBP$7$F5v2D$9$k0lHLE*$J%5!<%S%9(B
+# $BFbIt$H30It$N(B LAN $B$N2#CG$r5v2D$9$k0lHLE*$J%5!<%S%9(B
 #
-# DNS $B;2>H!"(Bntalk, ntp $B$H$$$C$?(B UDP $B%5!<%S%9$ODL2a$5$;$^$9!#%W%i%$%Y!<%H(B
-# $B$J%5!<%S%9$O%"%I%l%956AuKI;_$N;EAH$_$K$h$C$FJ]8n$5$l$F$$$k$N$G!"$3$N%k!<(B
-# $B%k$O%0%m!<%P%k$J(B IP $B%"%I%l%9$K%P%$%s%I$5$l$F$$$k%5!<%S%9$KBP$7$F$N$_0UL#(B
-# $B$r;}$A$^$9!#$^$?!"(BUDP $B%U%i%0%a%s%H$d!"$h$jBg$-$J%U%i%0%a%s%H$5$l$?(B 
-# UDP $B%Q%1%C%H$bDL2a$5$;$kI,MW$,$"$j$^$9!#(B
-#
-# DNS $B;2>H$KBP$9$k1~Ez$J$I!"Bg$-$J%]!<%HHV9f$rMQ$$$?0l;~E*$J%5!<%S%9$r9T(B
-# $B$&I,MW$,$"$k$+$b$7$l$^$;$s!#$3$NNc$G$O$=$N$h$&$J%]!<%HHV9f$r(B 
-# 4000-65535 $B$H$7$F$*$j!"3:Ev$9$k3F%^%7%s$N(B /etc/rc.conf $B$NJQ?t$G%]!<%H(B
-# $BHV9f$NHO0O$rL@<(E*$K@_Dj$7$^$9(B ($B>e$N!"(Brc.conf $B$NNc$r;2>H$7$F$/$@$5$$(B)$B!#(B
+# DNS $B;2>H!"(Bntalk, ntp $B$H$$$C$?FCDj$N(B UDP $B%5!<%S%9$ODL2a$5$;$^$9!#(B
+# $BFbIt%5!<%S%9$O%"%I%l%956AuIT2D$NFbIt%"%I%l%9(B (10. $B%M%C%H(B) $B$r;}$D$3$H$K$h$j(B
+# $BJ]8n$5$l$F$$$k$N$G!"$3$l$i$N%k!<%k$O30It$+$i8+$($k(B IP $B%"%I%l%9$K%P%$%s%I(B
+# $B$5$l$F$$$k%5!<%S%9$KBP$7$F$N$_0UL#$r;}$A$^$9!#$^$?!"(BUDP $B%U%i%0%a%s%H$O(B
+# $B5v2D$9$kI,MW$,$"$j$^$9!#$=$&$7$J$$$H!"%U%i%0%a%s%H$5$l$k$h$&$JBg$-$J(B
+# UDP $B%Q%1%C%H$O%U%!%$%"%&%)!<%k$rDL2a$G$-$^$;$s!#(B
+#
+# DNS $B;2>H$KBP$9$k1~Ez$J$I!"Bg$-$J%]!<%HHV9f$rMQ$$$?0l;~E*$J%5!<%S%9$r(B
+# $B9T$&I,MW$,$"$k$+$b$7$l$^$;$s!#$3$NNc$G$O$=$N$h$&$J%]!<%HHV9f$r(B 
+# 4000-65535 $B$H$7$F$$$^$9!#30It$+$i8+$($kA4%^%7%s$,0l;~%]!<%H$r$3$N(B
+# $B30It$+$i8+$($k%]!<%H$K%P%$%s%I$9$k$h$&$K!"(B/etc/rc.conf $B$NJQ?t$G@_Dj(B
+# $B$7$F$$$^$9(B ($B>e$N!"(Brc.conf $B$NNc$r;2>H$7$F$/$@$5$$(B)$B!#(B
 #
 add 02000 allow udp from any to any 4000-65535,domain,ntalk,ntp
 add 02500 allow udp from any to any frag
 
-# $BF1MM$N%5!<%S%9$r(B TCP $B$K$D$$$F$b5v2D$7$^$9!#$3$3$G$b%0%m!<%P%k$J%5!<%S(B
-# $B%9$K%P%$%s%I$9$k%5!<%S%9$KCm0U$7$F2<$5$$!#$^$?!"$3$NNc$G$O(B 'auth' $B$5!<(B
-# $B$S$9$rDL2a$5$;$F$$$^$9$,!"<B:]$K$O(B identd $B$rF0:n$5$;$F$$$^$;$s!#$3$l$K(B
-# $B$h$C$F!"(Bauth $BMW5a$r<u$1<h$C$?%^%7%s$O(B TCP RESET $B$rH/9T$7$^$9!#%Q%1%C%H(B
-# $B$r<N$F$F$7$^$&$H!"(Bident $B;2>H$r9T$C$F$/$k%5!<%S%9$X$N@\B3$NCY1d$N860x$H(B
-# $B$J$j$^$9!#(B
-#
-
-# TCP $B%U%i%0%a%s%H$r5v2D$7$F$$$J$$$3$H$KCm0U$7$F2<$5$$!#(BUDP $B0J30$G$O!"0l(B
-# $BHL$K%U%i%0%a%s%H$r5v$5$J$$$N$G$9!#(BTCP $B$N!"(BMTU $B%G%#%9%+%P%j%W%m%H%3%k$K(B
-# $B$h$C$F!"%U%i%0%a%s%H$,$J$/$F$b$-$A$s$HF0:n$9$k$3$H$,4|BT$G$-$k$+$i$G$9!#(B
+# $BF1MM$N%5!<%S%9$r(B TCP $B$K$D$$$F$b5v2D$7$^$9!#$3$3$G$b!"30It$+$i8+$($k(B
+# $B%"%I%l%9$K%P%$%s%I$9$k%5!<%S%9$K$N$_E,MQ$5$l$^$9!#$^$?!"$3$NNc$G$O(B
+#  'auth' $B$rDL2a$5$;$F$$$^$9$,!"<B:]$K$O30It$+$i8+$($k%]!<%H$G$O(B identd
+# $B$rF0:n$5$;$F$$$^$;$s!#$3$l$K$h$C$F!"(Bauth $BMW5a$r<u$1<h$C$?%^%7%s$O(B
+# TCP RESET $B$rH/9T$7$^$9!#%Q%1%C%H$r<N$F$F$7$^$&$H!"(Bident $B;2>H$r9T$C$F$/$k(B
+# $B%5!<%S%9$X$N@\B3$NCY1d$N860x$H$J$j$^$9!#(B
+#
+# TCP $B%U%i%0%a%s%H$r5v2D$7$F$$$J$$$3$H$KCm0U$7$F2<$5$$!#(BUDP $B0J30$G$O!"(B
+# $B0lHL$K%U%i%0%a%s%H$r5v$5$J$$$N$G$9!#(BTCP $B$N!"(BMTU $B%G%#%9%+%P%j%W%m%H%3%k(B
+# $B$,@5$7$/F0:n$7$F!"(BTCP $B%U%i%0%a%s%H$,B8:_$7$J$$$b$N$H4|BT$7$F$$$^$9!#(B
 #
 add 03000 allow tcp from any to any http,https
 add 03000 allow tcp from any to any 4000-65535,ssh,smtp,domain,ntalk
@@ -297,62 +310,57 @@
 #	14	$B%?%$%`%9%?%s%W%j%W%i%$(B
 #
 # $B>u67$K$h$C$F$O%?%$%W(B 5 $B$N(B ICMP $B%j%@%$%l%/%H%Q%1%C%H$r5v2D$7$J$1$l$P$J(B
-# $B$i$J$$>l9g$,$"$j$^$9$,!"$=$N$h$&$J>l9g$K$O%k!<%?$G$=$l$,6X;_$5$l$F$$$k(B
-# $B$3$H$r3NG'$7$F2<$5$$!#(B
+# $B$i$J$$>l9g$,$"$j$^$9$,!"$=$N$h$&$J>l9g$K$O%$%s%?!<%M%C%H%k!<%?$G$=$l$,(B
+# $B6X;_$5$l$F$$$k$3$H$r3NG'$7$F2<$5$$!#(B
 #
 add 04000 allow icmp from any to any icmptypes 0,5,8,11,12,13,14
 
-# $BDL2a$7$h$&$H$9$k$=$NB>$N%U%i%0%a%s%H$N%m%0$r$H$j$^$9!#Lr$K$?$D$+$b$7$l(B
-# $B$^$;$s$,!"<YKb$J$@$1$+$b$7$l$^$;$s!#:G8e$N(B deny $B%k!<%k$O!"%+!<%M%k$N@_(B
-# $BDj$,$I$&$G$"$C$F$b!"%U%!%$%"%&%)!<%k$,Jq3gE*$J$b$N$G$"$k$3$H$rJ]>Z$9$k(B
+# $B$3$3$^$GDL$C$F;D$C$?%U%i%0%a%s%H$N%m%0$r$H$j$^$9!#Lr$K$?$D$+$b$7$l(B
+# $B$^$;$s$,!"<YKb$J$@$1$+$b$7$l$^$;$s!#:G8e$N(B deny $B%k!<%k$O!"%+!<%M%k$N@_Dj(B
+# $B$,$I$&$G$"$C$F$b!"%U%!%$%"%&%)!<%k$,Jq3gE*$J$b$N$G$"$k$3$H$rJ]>Z$9$k(B
 # $B$b$N$G$9!#(B
 #
 add 05000 deny log ip from any to any frag
 add 06000 deny all from any to any
 .Ed
 .Sh $BFbIt8~$1!"30It8~$1%5!<%S%9$N%]!<%H%P%$%s%G%#%s%0(B
-
 $B%^%k%A%[!<%`$J%[%9%H$G!"%5!<%S%9$r$I$A$i$N%"%I%l%9$K%P%$%s%I$9$k$+$H$$$&(B
 $B$3$H$K$D$$$F?($l$^$7$?$,!"@bL@$O$7$F$$$^$;$s!#J#?t$N(B IP $B%"%I%l%9$r;}$D%[(B
 $B%9%H$G$O!"$=$l$>$l$N%5!<%S%9$r$9$Y$F$N(B IP $B%"%I%l%9$K%P%$%s%I$9$k$N$G$O$J(B
-$B$/!"FCDj$N(B IP $B%"%I%l%9$d%$%s%?!<%U%'%$%9$K%P%$%s%I$9$k$3$H$,2DG=$G$9!#$?(B
-$B$H$($P$3$NNc$N%U%!%$%"%&%)!<%k%^%7%s$K$O!"%$%s%?!<%U%'%$%9$,(B 3 $B$D$"$j!"(B
-$B$=$N(B 1 $B$D$K$O(B 2 $B$D$N%0%m!<%P%k$J(B IP $B%"%I%l%9$,$"$k$N$G!"$3$N%^%7%s$K$O(B 
+$B$/!"FCDj$N(B IP $B%"%I%l%9$d%$%s%?%U%'!<%9$K%P%$%s%I$9$k$3$H$,2DG=$G$9!#$?(B
+$B$H$($P$3$NNc$N%U%!%$%"%&%)!<%k%^%7%s$K$O!"%$%s%?%U%'!<%9$,(B 3 $B$D$"$j!"(B
+$B$=$N(B 1 $B$D$K$O(B 2 $B$D$N30It$+$i8+$($k(B IP $B%"%I%l%9$,$"$k$N$G!"$3$N%^%7%s$K$O(B 
 5 $B$D$N(B IP $B%"%I%l%9(B (10.0.0.1, 10.0.1.1, 10.0.2.1, 192.100.5.5,
-192.100.5.1)$B$,$"$k$3$H$K$J$j$^$9!#(BWindows $B$N(B LAN $B%;%0%a%s%H$G%U%!%$%k6&(B
-$BM-%5!<%S%9$rF0$+$9$N$G$"$l$P!"(Bsamba $B$N(B 'bind interfaces' $B$H$$$&@_Dj9`L\(B
-$B$G!"(BLAN1 $B$N(B IP $B%"%I%l%9$K$@$1(B samba $B$r%P%$%s%I$9$k$h$&$K$9$k$3$H$,$G$-$^(B
-$B$9!#$3$&$9$k$3$H$G!"B>$N(B LAN $B%;%0%a%s%H$G$O$3$N%U%!%$%k6&M-%5!<%S%9$rMx(B
-$BMQ$G$-$J$/$J$j$^$9!#$^$?!"(BLAN2 $B$,(B UNIX $B%o!<%/%9%F!<%7%g%s$N%;%0%a%s%H$G(B
-$B$"$l$P!"(Bnfsd $B$r(B 10.0.2.1 $B$K%P%$%s%I$9$k$h$&$K@_Dj$9$k$3$H$G(B NFS $B$G$bF1MM(B
+192.100.5.1) $B$,$"$k$3$H$K$J$j$^$9!#(BWindows $B$N(B LAN $B%;%0%a%s%H(B (LAN1 $B$H$7$^$9(B)
+$B$KBP$7$F%U%!%$%k6&M-%5!<%S%9$rDs6!$9$k$N$G$"$l$P!"(Bsamba $B$N(B 'bind interfaces'
+$B$H$$$&@_Dj9`L\$G!"(BLAN1 $B$N(B IP $B%"%I%l%9$K$@$1(B samba $B$r%P%$%s%I$G$-$^$9!#(B
+$B$3$&$9$k$3$H$G!"B>$N(B LAN $B%;%0%a%s%H$G$O$3$N%U%!%$%k6&M-%5!<%S%9$rMxMQ(B
+$B$G$-$J$/$J$j$^$9!#$^$?!"(BLAN2 $B$K(B UNIX $B%(%s%8%K%"%j%s%0%o!<%/%9%F!<%7%g%s(B
+$B$,$"$l$P!"(Bnfsd $B$r(B 10.0.2.1 $B$K%P%$%s%I$9$k$h$&$K@_Dj$9$k$3$H$G(B NFS $B$G$bF1MM(B
 $B$N$3$H$,$G$-$^$9!#$I$N%5!<%S%9$r$I$N$h$&$K%P%$%s%I$9$k$+$O$[$H$s$I$N>l9g(B
 $B$K;XDj$G$-$^$9$7!"$^$?$=$l$,;XDj$G$-$J$$>l9g$K$O(B
 .Xr jail 8
 $B$r;H$&$3$H$K$h$C$F!"4V@\E*$K$=$l$r9T$&$3$H$b$G$-$^$9!#(B
 .Sh $B4XO"9`L\(B
-.Pp
-.Xr config 8 ,
-.Xr dummynet 4 ,
-.Xr ipfw 8 ,
 .Xr ipnat 1 ,
+.Xr dummynet 4 ,
 .Xr ipnat 5 ,
+.Xr rc.conf 5 ,
+.Xr smb.conf 5 [ /usr/ports/net/samba ] ,
+.Xr samba 7 [ /usr/ports/net/samba ] ,
+.Xr config 8 ,
+.Xr ipfw 8 ,
 .Xr jail 8 ,
 .Xr natd 8 ,
-.Xr nfsd 8 ,
-.Xr rc.conf 5 ,
-.Xr samba 7 [ /usr/ports/net/samba ]
-.Xr smb.conf 5 [ /usr/ports/net/samba ]
+.Xr nfsd 8
 .Sh $B4XO"J8=q(B
-.Pp
 .Xr ipf 5 ,
 .Xr ipf 8 ,
 .Xr ipfstat 8
 .Sh $BNr;K(B
-The
 .Nm
 $B%^%K%e%"%k%Z!<%8$O:G=i!"(B
 .An Matthew Dillon
-$B$K$h$C$F=q$+$l!"(B2001$BG/(B5$B7n$K(B
+$B$K$h$C$F=q$+$l!"(B2001 $BG/(B 5 $B7n$K(B
 .Fx 4.3 
 $B$G$O$8$a$FEP>l$7$^$7$?!#(B
-
--
$BKY@nOBM:(B
