From owner-man-jp-reviewer@jp.FreeBSD.org Thu Sep 26 11:07:33 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8Q27XG48925;
	Thu, 26 Sep 2002 11:07:33 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from shiva.tri.asanuma.co.jp (shiva.tri.asanuma.co.jp [210.160.188.2])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g8Q27Q348917
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 26 Sep 2002 11:07:26 +0900 (JST)
	(envelope-from mori@tri.asanuma.co.jp)
Received: from yashoda.tri.asanuma.co.jp (yashoda.tri.asanuma.co.jp [172.16.57.11])
	by shiva.tri.asanuma.co.jp (Postfix) with ESMTP id 114DA545D
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 26 Sep 2002 11:07:18 +0900 (JST)
Received: from localhost (kurishna.tri.asanuma.co.jp [172.16.57.2])
	by yashoda.tri.asanuma.co.jp (8.11.3nb1/8.11.3) with ESMTP id g8Q27HW05030;
	Thu, 26 Sep 2002 11:07:17 +0900 (JST)
Message-Id: <20020926.110716.90012290.mori@tri.asanuma.co.jp>
To: man-jp-reviewer@jp.FreeBSD.org
From: MORI Kouji <mori@tri.asanuma.co.jp>
X-Mailer: Mew version 2.2 on Emacs 21.2 / Mule 5.0
 =?iso-2022-jp?B?KBskQjgtTFobKEIp?=
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Thu_Sep_26_11:07:16_2002_228)--"
Content-Transfer-Encoding: 7bit
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
Date: Thu, 26 Sep 2002 11:07:16 +0900
X-Sequence: man-jp-reviewer 4254
Subject: [man-jp-reviewer 4254] ipfw.8 (orig. 1.63.2.23 -> 1.63.2.26)
Errors-To: owner-man-jp-reviewer@jp.FreeBSD.org
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: mori@tri.asanuma.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

----Next_Part(Thu_Sep_26_11:07:16_2002_228)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B?9$G$9!#$9$C$+$jCY$/$J$C$F$7$^$$$^$7$?$,(B ipfw.8 $B$N:9J,$G$9!#(B

IP$B%*%W%7%g%sL>$J$I$NLu8l$O%T%"%=%s$+$i=P$F$$$k!V>\2r(BTCP/IP Vol.1$B!W$r(B
$B;29M$K$7$^$7$?!#$b$C$HG'CN$5$l$F$$$=$&$JLu8l$,$"$l$P:9$7BX$($h$&$+$H(B
$B;W$&$N$G!"$=$C$AJ}LL$KL@$k$$J}!"$h$m$7$/$*4j$$$7$^$9!#(B

$BESCf$+$i;W$$$D$$$F%j%9%H%"%C%W$7$?$N$GH4$1$,B?$$$H;W$$$^$9$,!"(B
$BLu8l$NI=$r:\$;$F$*$-$^$9!#(B

congestion		$BmUmT(B
destination		$B08@h(B
dynamic rule		$BF0E*%k!<%k(B
expire			$B4|8B@Z$l(B
keepalive		$B%-!<%W%"%i%$%V(B
lifetime		$B@8B8;~4V(B
loss (rate)		$BB;<:(B($BN((B)
match			$B%^%C%A(B, $B%^%C%A$9$k(B
on-demand		$B%*%s%G%^%s%I$G(B
or-block		$BO@M}OB%V%m%C%/(B
rule			$B%k!<%k(B
(rule) action		($B%k!<%k(B)$B%"%/%7%g%s(B
(rule) body		($B%k!<%k(B)$B%\%G%#(B
ruleset			$B%k!<%k%;%C%H(B
set of rules		$B%k!<%k%;%C%H(B
source			$BH/?.85(B
stateful		$B%9%F!<%H%U%k(B, $B>uBV0MB8(B, $B>uBV0MB87?(B
traffic shaper		$B%H%i%U%#%C%/%7%'%$%Q(B

[IP$B%U%#!<%k%I(B]
precedence field	$B@h9T%U%#!<%k%I(B
tos field		TOS $B%U%#!<%k%I(B
version field		$B%P!<%8%g%s%U%#!<%k%I(B

[TCP$B%U%#!<%k%I(B]
acknowledgement field	$B3NG'1~EzHV9f%U%#!<%k%I(B
sequence number field	$B%7!<%1%s%9HV9f%U%#!<%k%I(B
window field		$B%&%#%s%I%&%U%#!<%k%I(B

[IP$B%*%W%7%g%s(B]
(ssrr) strict source route	$B%9%H%j%/%H%=!<%9%k!<%H(B
(lsrr) loose source route	$B%k!<%:%=!<%9%k!<%H(B
(rr) record packet route	$B%l%3!<%I%k!<%H(B
(ts) timestamp			$B%?%$%`%9%?%s%W(B

[ICMP$B%?%$%W(B]
(0) echo reply			$B%(%3!<1~Ez(B
(3) destination unreachable	$B08@hE~C#IT2D(B
(4) source quench		$BH/?.85M^@)(B
(5) redirect			$B%j%@%$%l%/%H(B
(8) echo request		$B%(%3!<MW5a(B
(9) router advertisement	$B%k!<%?9-9p(B
(10) router soliciation		$B%k!<%?MW@A(B
(11) time-to-live exceed	$B;~4VD62a(B
(12) IP header bad		IP $B%X%C%@0[>o(B
(13) timestamp request		$B%?%$%`%9%?%s%WMW5a(B
(14) timestamp replay		$B%?%$%`%9%?%s%W1~Ez(B
(15) information request	$B%$%s%U%)%a!<%7%g%sMW5a(B
(16) information reply		$B%$%s%U%)%a!<%7%g%s1~Ez(B
(17) address mask request	$B%"%I%l%9%^%9%/MW5a(B
(18) address mask reply		$B%"%I%l%9%^%9%/1~Ez(B

[TCP$B%*%W%7%g%s(B]
(mss) maximum segment size		$B:GBg%;%0%a%s%H%5%$%:(B
(window) tcp window advertisement	TCP $B%&%#%s%I%&9-9p(B
(sack) selective ack			$BA*BrE*(B ACK
(ts) rfc1323 timestamp			RFC1323 $B%?%$%`%9%?%s%W(B
(cc) rfc1644 t/tcp connection count	RFC1644 T/TCP $B%3%M%/%7%g%s%+%&%s%H(B

-- 
$B?9(B $B9@Fs(B	(MORI Kouji)
($B3t(B)$B^I>BAH(B $B5;=Q8&5f=j(B
E-mail: mori@tri.asanuma.co.jp

----Next_Part(Thu_Sep_26_11:07:16_2002_228)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ipfw.8.ja.diff.jis"

--- ipfw.8.ja.old	Mon Sep  9 09:27:02 2002
+++ ipfw.8.ja.new	Thu Sep 26 10:33:50 2002
@@ -1,9 +1,14 @@
 .\"
-.\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.63.2.23 2002/05/01 21:29:59 cjc Exp %
+.\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.63.2.26 2002/08/21 18:58:24 trhodes Exp %
 .\"
 .\" $FreeBSD: doc/ja_JP.eucJP/man/man8/ipfw.8,v 1.41 2002/05/05 21:27:02 horikawa Exp $
 .\"
-.Dd May 31, 2001
+.de NOIPFW
+.br
+(\\$1 NOT IN IPFW)
+.br
+..
+.Dd August 13, 2002
 .Dt IPFW 8
 .Os
 .Sh $BL>>N(B
@@ -11,82 +16,142 @@
 .Nd IP $B%U%!%$%"%&%)!<%k$H%H%i%U%#%C%/%7%'%$%Q$N@)8f%W%m%0%i%`(B
 .Sh $B=q<0(B
 .Nm
-.Op Fl q
-.Oo
-.Fl p Ar preproc
-.Oo Fl D
-.Ar macro Ns Op = Ns Ar value
-.Oc
-.Op Fl U Ar macro
-.Oc
-.Ar pathname
+.Op Fl cq
+.Cm add
+.Ar rule
+.Nm
+.Op Fl acdeftNS
+.Brq Cm list | show
+.Op Ar number ...
 .Nm
 .Op Fl f | q
 .Cm flush
 .Nm
 .Op Fl q
-.Brq Cm zero | resetlog | delete
+.Brq Cm delete | zero | resetlog
+.Op Cm set
 .Op Ar number ...
+.Pp
 .Nm
-.Op Fl s Op Ar field
-.Op Fl adeftN
-.Brq Cm list | show
-.Op Ar number ...
+.Cm set Oo Cm disable Ar number ... Oc Op Cm enable Ar number ...
 .Nm
-.Op Fl q
-.Cm add
-.Op Ar number
-.Ar rule-body
+.Cm set move
+.Op Cm rule
+.Ar number Cm to Ar number
 .Nm
-.Cm pipe
-.Ar number
-.Cm config
-.Ar pipe-config-options
+.Cm set swap Ar number number
 .Nm
-.Cm pipe
-.Brq Cm delete | list | show
-.Op Ar number ...
+.Cm set show
+.Pp
 .Nm
-.Cm queue
+.Brq Cm pipe | queue
 .Ar number
 .Cm config
-.Ar queue-config-options
+.Ar config-options
 .Nm
-.Cm queue
+.Op Fl s Op Ar field
+.Brq Cm pipe | queue
 .Brq Cm delete | list | show
 .Op Ar number ...
+.Pp
+.Nm
+.Op Fl q
+.Oo
+.Fl p Ar preproc
+.Oo Fl D
+.Ar macro Ns Op = Ns Ar value
+.Oc
+.Op Fl U Ar macro
+.Oc
+.Ar pathname
 .Sh $B2r@b(B
 .Nm
-$B$O!"(B
+$B$H$=$N%f!<%F%#%j%F%#$O(B
 .Fx
 $B$N(B
-.Xr ipfirewall 4
-$B$H(B
+.Xr ipfw 4
+$B%U%!%$%"%&%)!<%k$H(B
 .Xr dummynet 4
 $B%H%i%U%#%C%/%7%'%$%Q$r@)8f$9$k%f!<%6%$%s%?%U%'!<%9$G$9!#(B
 .Pp
-$B%U%!%$%"%&%)!<%k@_Dj$O!"HV9fIU$1$5$l$?%k!<%k$N%j%9%H$+$i$J$j$^$9!#(B
-$B$"$k%k!<%k$K%^%C%A$7$=$l$K4XO"$9$kF0:n$,<B9T$5$l$k$^$G!"(B
-$B3FF~=PNO(B IP $B%Q%1%C%H$O%k!<%k$N%j%9%H$KBP$7>H9g$5$l$^$9!#(B
-$BF0:n$H%7%9%F%`$N@_Dj$K$h$C$F$O!"%^%C%A$7$?%k!<%k$ND>8e$G!"(B
-$B%Q%1%C%H$,%U%!%$%"%&%)!<%k$K:FCmF~$5$l!"(B
-$B99$K=hM}$,7QB3$9$k$3$H$b$"$j$^$9!#(B
-$BA4$F$N%k!<%k$,A4$F$N%$%s%?%U%'!<%9$KE,MQ$5$l$^$9$N$G!"(B
-$B%A%'%C%/$N2s?t$,:G>.$H$J$k$h$&$J%k!<%k=89g$r=q$/$N$O(B
-$B%7%9%F%`4IM}<T$N@UG$$G$9!#(B
+.Em $BCm(B:
+$B$3$N%^%K%e%"%k%Z!<%8$O(B 2002 $BG/(B 7 $B7n$K>R2p$5$l(B
+.Nm ipfw2
+$B$H$7$F$bCN$i$l$F$$$k(B
+.Nm
+$B$N?7%P!<%8%g%s$r;2>H$7$F$$$^$9!#(B
+$B$3$3$K<($9%3%^%s%I$N%j%9%H$O5lHG$N%U%!%$%"%&%)!<%k$N%9!<%Q!<%;%C%H$G$9!#(B
+$BN><T$r6hJL$9$kI,MW$,$"$k$H$-$O5lHG$r(B
+.Nm ipfw1
+$B$H8F$V$3$H$K$7$^$9!#(B
 .Pp
-$B$I$N@_Dj$b>o$K!"(B
-.Em DEFAULT
-$B%k!<%k(B ($BHV9f(B 65535) $B$r4^$_$^$9!#$3$N%k!<%k$OJQ99$G$-$:!"(B
+.Nm ipfw2
+$B$O(B
+.Fx
+CURRENT $B$NI8=`$G$9$,!"(B
+.Fx
+STABLE $B$G$O!"(B
+.Cm options IPFW2
+$B$r$D$1$F%+!<%M%k$r%3%s%Q%$%k$7!"(B
+.Cm -DIPFW2
+$B$r$D$1$F(B
+.Nm /sbin/ipfw
+$B$H(B
+.Nm /usr/lib/libalias
+$B$r:F%3%s%Q%$%k$7$F:F%$%s%9%H!<%k(B
+(
+buildworld $B$NA0$K(B
+.Cm IPFW2=TRUE
+$B$r(B
+.Nm /etc/make.conf
+$B$KDI2C$9$k$HF1MM$N7k2L$K$J$j$^$9(B
+)
+$B$7$J$$$H!":#$G$b(B
+.Nm ipf1
+$B$r;H$$$^$9!#(B
+.Pp
+.Nm ipfw1
+$B$KB8:_$7$J$$5!G=$N0lMw$O(B
+.Sx IPFW2 $B3HD%(B
+$B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
+.Pp
+.Nm
+$B$N@_Dj!"$b$7$/$O(B
+.Em $B%k!<%k%;%C%H(B
+$B$O!"(B1 $B$+$i(B 65535 $B$^$G$NHV9f$r$D$1$i$l$?(B
+.Em $B%k!<%k(B
+$B$N%j%9%H$+$i$J$j$^$9!#(B
+$B%Q%1%C%H$O(B
+$B%W%m%H%3%k%9%?%C%/$N$?$/$5$s$N0[$J$k2U=j$G(B
+.Nm
+$B$KEO$5$l$^$9(B
+($B%Q%1%C%H$NH/?.85$H08@h$K0MB8$7!"(B
+.Nm
+$B$OF1$8%Q%1%C%H$KBP$7$FJ#?t2s5/F0$5$;$i$l$k2DG=@-$,$"$j$^$9(B)$B!#(B
+$B%U%!%$%"%&%)!<%k$KEO$5$l$k%Q%1%C%H$O(B
+$B%U%!%$%"%&%)!<%k$N(B
+.Em $B%k!<%k%;%C%H(B
+$B$K=q$+$l$?3F%k!<%k$KBP$7$F>H9g$5$l$^$9!#(B
+$B0lCW$7$?>l9g!"0lCW$7$?%k!<%k$KBP1~$9$k%"%/%7%g%s$,<B9T$5$l$^$9!#(B
+$B%"%/%7%g%s$H<B:]$N%7%9%F%`$N@_Dj$K$h$C$F$O!"(B
+$B%^%C%A$7$?%k!<%k$N8e$N%k!<%k$G$5$i$K=hM}$r9T$&$?$a$K(B
+$B%Q%1%C%H$,%U%!%$%"%&%)!<%k$K:FCmF~$5$l$k$3$H$,$"$j$^$9!#(B
+.Pp
+.Nm
+$B%k!<%k%;%C%H$K$O>o$K(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k(B ($BHV9f(B 65535) $B$,4^$^$l$^$9!#(B
+$B$3$N%k!<%k$OJQ99$G$-$:!"(B
 $BA4%Q%1%C%H$K%^%C%A$7$^$9!#(B
-$B%G%U%)%k%H%k!<%k$K4XO"IU$1$k%k!<%k$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$K4XO"IU$1$i$l$k%"%/%7%g%s$O(B
 .Cm deny
 $B$+(B
 .Cm allow
 $B$N$I$A$i$+$K$J$j$^$9$,!"(B
 $B$3$l$O$I$N$h$&$K%+!<%M%k$r@_Dj$7$?$+$K0MB8$7$^$9!#(B
 .Pp
-$B%k!<%k=89g$,(B
+$B%k!<%k%;%C%H$,(B
 .Cm keep-state
 $B$^$?$O(B
 .Cm limit
@@ -98,80 +163,109 @@
 $B%^%C%A$7$?%Q%1%C%H$N%Q%i%a!<%?$K$A$g$&$I0lCW$9$k%k!<%k$,(B
 $BF0E*$K@8@.$5$l$^$9!#(B
 .Pp
-$B$3$l$i$NF0E*%k!<%k$N<wL?$OM-8B$G!"(B
+$B$3$l$i$NF0E*%k!<%k$N@8B8;~4V$OM-8B$G!"(B
 .Cm check-state
 $B$^$?$O(B
 .Cm keep-state
+$B$^$?$O(B
+.Cm limit
 $B%k!<%k$,:G=i$K@8$8$?>l=j$G%A%'%C%/$5$l$^$9!#(B
-$BF0E*%k!<%k$O!"9gK!E*$J%H%i%U%#%C%/$r%*%s%G%^%s%I$G(B
+$BF0E*%k!<%k$O!"@5Ev$J%H%i%U%#%C%/$r%*%s%G%^%s%I$G(B
 $B%U%!%$%"%&%)!<%k$rDL2a$5$;$k$?$a$KMQ$$$k$3$H$,IaDL$G$9!#(B
 .Nm
 $B$N%9%F!<%H%U%k$JF0:n$K$D$$$F99$K>pJs$,I,MW$J$i$P!"(B
 $B0J2<$N(B
-.Sx $B%k!<%k=q<0(B
-$B$^$?$O(B
+.Sx $B%9%F!<%H%U%k%U%!%$%"%&%)!<%k(B
+$B%;%/%7%g%s$H(B
 .Sx $B;HMQNc(B
 $B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
 .Pp
-$BF0E*%k!<%k$b4^$a$9$Y$F$N%k!<%k$O!"(B
-$B$=$l$K4XO"$9$k%+%&%s%?$r$$$/$D$+;}$C$F$$$^$9!#(B
-$B$=$l$O!"%Q%1%C%H%+%&%s%H!"%P%$%H%+%&%s%H!"%m%0%+%&%s%H!"(B
-$B:G8e$K%^%C%A$7$?;~9o$r<($9%?%$%`%9%?%s%W$G$9!#(B
+$BA4$F$N%k!<%k(B($BF0E*%k!<%k$r4^$`(B)$B$O!"(B
+$B4XO"$9$k%+%&%s%?$r$$$/$D$+;}$C$F$$$^$9(B:
+$B%Q%1%C%H%+%&%s%H!"%P%$%H%+%&%s%H!"%m%0%+%&%s%H!"(B
+$B:G8e$K%^%C%A$7$?;~9o$r<($9%?%$%`%9%?%s%W!#(B
 $B%+%&%s%?$O!"(B
 .Nm
-$B%3%^%s%I$K$h$C$F!"I=<($*$h$S%j%;%C%H2DG=$G$9!#(B
+$B%3%^%s%I$K$h$C$FI=<($9$k$3$H$,$G$-!"$^$?%j%;%C%H$9$k$3$H$,$G$-$^$9!#(B
 .Pp
 $B%k!<%k$NDI2C$O(B
 .Cm add
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B8D!9$N%k!<%k$N:o=|$O(B
+$B8DJL!"$^$?$O%0%k!<%W$G$N%k!<%k$N:o=|$O(B
 .Cm delete
 $B%3%^%s%I$K$F2DG=$G$"$j!"$9$Y$F$N%k!<%k$N:o=|$O(B
 .Cm flush
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B%k!<%k$NI=<($O!"(B
+$B%k!<%k$NI=<((B
+($B%*%W%7%g%s$G%+%&%s%?FbMF$r4^$a$k$3$H$,$G$-$^$9(B)
+$B$O!"(B
 .Cm show
 $B%3%^%s%I$*$h$S(B
 .Cm list
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B$3$l$i$K$h$j!"%*%W%7%g%s$G%+%&%s%?FbMF$b4^$a$FI=<($5$;$k$3$H$,$G$-$^$9!#(B
 $B:G8e$K!"%+%&%s%?$N%j%;%C%H$O(B
 .Cm zero
 $B%3%^%s%I$*$h$S(B
 .Cm resetlog
 $B%3%^%s%I$K$F2DG=$G$9!#(B
 .Pp
+$B$^$?!"3F%k!<%k$O(B 32 $B$N(B
+$B0[$J$k(B
+.Em $B%;%C%H(B
+$B$N0l$D$K=jB0$7!"(B
+$B%;%C%H$KBP$9$k%"%H%_%C%/$JA`:n!"Nc$($P(B
+$BM-8z2=!&L58z2=!&%;%C%H$NF~$l49$(!&%;%C%HFb$NA4%k!<%k$rJL$N%;%C%H$X0\F0!&(B
+$B%;%C%HFb$NA4%k!<%k$N:o=|$J$I$r9T$&$?$a$N(B
+.Nm
+$B%3%^%s%I$,$"$j$^$9!#(B
+$B$3$l$i$O0l;~E*$J@_Dj$r%$%s%9%H!<%k$7$?$j@_Dj$N%F%9%H$r9T$C$?$j$9$k$H$-$K(B
+$BJXMx$G$9!#(B
+.Em $B%;%C%H(B
+$B$K4X$9$k>\:Y$O%;%/%7%g%s(B
+.Sx $B%k!<%k%;%C%H(B
+$B$r;2>H$7$F2<$5$$!#(B
+.Pp
 $B<!$N%*%W%7%g%s$,MxMQ2DG=$G$9(B:
 .Bl -tag -width indent
 .It Fl a
-$B%j%9%HCf$K%+%&%s%?CM$r<($7$^$9!#(B
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B%+%&%s%?CM$r<($7$^$9!#(B
 .Cm show
 $B%3%^%s%I$O!"$3$N%*%W%7%g%s$r0EL[E*$K;XDj$7$?$@$1$N$b$N$G$9!#(B
+.It Fl c
+$B%k!<%k$rF~NO$7$?$j;2>H$7$?$j$9$k$H$-$K!"(B
+$B%3%s%Q%/%H$J=q<0$G%k!<%k$rI=<($7$^$9!#(B
+$B$D$^$j!"%k!<%k$,2?$NDI2C>pJs$b;}$?$J$$$H$-$O!"(B
+$B%*%W%7%g%J%k$JJ8;zNs(B "ip from any to any" $B$rI=<($7$^$;$s!#(B
 .It Fl d
-$B%j%9%HCf$K!"@EE*%k!<%k$K2C$($FF0E*%k!<%k$bI=<($7$^$9!#(B
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B@EE*%k!<%k$K2C$($FF0E*%k!<%k$bI=<($7$^$9!#(B
 .It Fl e
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B$b$7(B
 .Fl d
-$B%*%W%7%g%s$b;XDj$5$l$?>l9g!"(B
-$B%j%9%HCf$K!"4|8B@Z$l$NF0E*%k!<%k$bI=<($7$^$9!#(B
+$B%*%W%7%g%s$,;XDj$5$l$F$$$l$P!"(B
+$B4|8B@Z$l$NF0E*%k!<%k$bI=<($7$^$9!#(B
 .It Fl f
 $B8m$C$F;HMQ$9$k$HLdBj$r5/$92DG=@-$N$"$k%3%^%s%I!"(B
 .No $B$9$J$o$A(B Cm flush
 $B$KBP$7$F!"<B9T$N3NG'$r9T$$$^$;$s!#(B
-.Em $BCm(B :
 $B%W%m%;%9$K4XO"IU$1$i$l$?(B tty $B$,L5$$>l9g!"$3$N%*%W%7%g%s$,(B
 $B0EL[$N$&$A$K;XDj$5$l$?$H$7$F=hM}$5$l$^$9!#(B
+.It Fl N
+$B=PNO$K4^$^$l$k%"%I%l%9$H%5!<%S%9L>$NL>A02r7h$r;n$_$^$9!#(B
 .It Fl q
 .Cm add ,
 .Cm zero ,
 .Cm resetlog ,
 .Cm flush
-$B<B9TCf!"F0:n$K$D$$$FJs9p$7$^$;$s(B
+$B$r<B9T$9$k:]!"F0:n$K$D$$$FJs9p$7$^$;$s(B
 ($B0EL[$N$&$A$K(B
 .Fl f
 $B$,;XDj$5$l$^$9(B)$B!#(B
 $B%9%/%j%W%H(B
 ($BNc$($P(B
-.Sq sh /etc/rc.firewall )
+.Ql sh\ /etc/rc.firewall )
 $B$NCf$GJ#?t$N(B
 .Nm
 $B%3%^%s%I$r<B9T$7$F%k!<%k$rJQ99$9$k>l9g$d!"(B
@@ -186,24 +280,31 @@
 $B$D$^$j!"%j%b!<%H%m%0%$%s%;%C%7%g%s7PM3$N>l9g!"%;%C%7%g%s$O%/%m!<%:$5$l!"(B
 $B;D$j$N%k!<%k%;%C%H$O=hM}$5$l$^$;$s!#(B
 $B$3$N>uBV$+$i2sI|$9$k$?$a$K$O%3%s%=!<%k$X$N%"%/%;%9$,I,MW$K$J$j$^$9!#(B
-.It Fl t
-$B%j%9%H:n@.;~$K!":G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
-.It Fl N
-$B=PNOCf$N%"%I%l%9$H%5!<%S%9L>$r2r7h$7$h$&$H$7$^$9!#(B
+.It Fl S
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B3F%k!<%k$,B0$9$k(B
+.Em $B%;%C%H(B
+$B$rI=<($7$^$9!#(B
+$B$3$N%U%i%0$,;XDj$5$l$F$$$J$1$l$P!"(B
+$BL58z2=$5$l$F$$$k%k!<%k$OI=<($5$l$^$;$s!#(B
 .It Fl s Op Ar field
 $B%Q%$%W7PM3$G%j%9%H=PNO$7$F$$$k:]$K!"(B4$B$D$N%+%&%s%?$N(B1$B$D$K$D$$$F(B
 $B@0Ns$5$;$^$9(B ($B8=:_$N%Q%1%C%H?t(B)$B!#(B
+.It Fl t
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B:G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
 .El
 .Pp
-$B@_Dj$r4JC1$K$9$k$?$a$K!"%k!<%k$r%U%!%$%k$K5-=R$7$F!"(B
-$B$3$l$r(B
+$BKAF,$N=q<0$N9T$G<($7$?$h$&$K!"(B
+$B@_Dj$r4JC1$K$9$k$?$a!"(B
+$B%k!<%k$r(B
 .Nm
-$B$N:G=i$N=q<09T$r;H$C$F=hM}$7$^$9!#(B
+$B$K=hM}$5$;$k%U%!%$%k$K5-=R$9$k$3$H$,$G$-$^$9!#(B
 .Ar pathname
 $B$K$O@dBP%Q%9L>$r;HMQ$9$kI,MW$,$"$j$^$9!#(B
 $B$3$N%U%!%$%k$+$i$O(B 1 $B9T$:$DFI$_9~$^$l!"(B
 .Nm
-$B%f!<%F%#%j%F%#$X$N0z?t$H$J$j$^$9!#(B
+$B%f!<%F%#%j%F%#$N0z?t$H$7$F<u$1IU$1$i$l$^$9!#(B
 .Pp
 .Fl p Ar preproc
 $B$r;HMQ$7$F!"(B
@@ -236,164 +337,300 @@
 .Pp
 $B8e=R$N(B
 .Sx $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
-$B$N@a$G<($9$h$&$K!"(B
+$B%;%/%7%g%s$G<($9$h$&$K!"(B
 .Nm
 .Cm pipe
+$B$*$h$S(B
+.Cm queue
 $B%3%^%s%I$r;HMQ$7$F!"%H%i%U%#%C%/%7%'%$%Q$r9=C[2DG=$G$9!#(B
+.Sh $B%Q%1%C%H%U%m!<(B
+$B%7%9%F%`%Q%i%a!<%?$N@)8f$K$h$j!"(B
+.Nm
+$B$O%W%m%H%3%k%9%?%C%/$NCf$NJ#?t$N2U=j$+$i<B9T$5$l$^$9!#(B
+$BE,@Z$J%k!<%k%;%C%H$r@_7W$9$k$K$O!"$3$N8=>]$rM}2r$9$k$3$H$,=EMW$G$9!#(B
+.Nm
+$B$,<B9T$5$l$k2U=j$O!"$=$N<B9T$r@)8f$9$k(B sysctl $BJQ?t$H$H$b$K(B
+$B0J2<$K5s$2$i$l$F$$$^$9!#(B
+.Bd -literal -offset indent
+      ^	    to upper layers   V
+      |                       |
+      +----------->-----------+
+      ^                       V
+ [ip_input]              [ip_output]   net.inet.ip.fw.enable=1
+      |                       |
+      ^                       V
+[ether_demux]    [ether_output_frame]  net.link.ether.ipfw=1
+      |                       |
+      +-->--[bdg_forward]-->--+        net.link.ether.bridge_ipfw=1
+      ^                       V
+      |      to devices       |
+.Ed
+.Pp
+$B>e?^$K<($5$l$k$h$&$K!"(B
+$BF10l$N%Q%1%C%H$,%U%!%$%"%&%)!<%k$rDL2a$9$k2s?t$O!"(B
+$B%Q%1%C%H$NH/?.85$d08@h!"%7%9%F%`$N@_Dj$K$h$j!"(B
+0 $B2s$+$i(B 4 $B2s$NHO0O$GJQF0$7$^$9!#(B
+$B$3$l$i$N3F=j$G!"$=$N%l%Y%k$KB0$9$kA4$F$N(B($B$=$7$FM#0l$N(B)$B%U%#!<%k%I$H0l=o$K!"(B
+$B%Q%1%C%H$O(B
+.Nm
+$B$KEO$5$l$^$9!#(B
+$B$D$^$j!"30$+$iF~$C$F$/$k%Q%1%C%H$O(B
+.Cm ether_demux()
+$B$+$i(B
+.Nm
+$B$,<B9T$5$l$k$H$-$K$O(B MAC $B%X%C%@$r4^$s$G$$$k$O$:$G$9$,!"(B
+$B$=$NF1$8%Q%1%C%H$,!"(B
+.Cm ip_input()
+$B$+$i(B
+.Nm
+$B$,<B9T$5$l$?$H$-$K$O(B MAC $B%X%C%@$O<h$j=|$+$l$F$$$k$O$:$G$9!#(B
+.br
+.Nm
+$B$,<B9T$5$l$?>l=j$d!"%Q%1%C%H$N%=!<%9$K4X$o$j$J$/!"(B
+$B40A4$J%k!<%k%;%C%H$,>o$K;HMQ$5$l$^$9!#(B
+$B<B9T$5$l$?2U=j$K$h$C$F$OL58z$H$J$k$h$&$J(B
+$B%^%C%A%Q%?!<%s$d%"%/%7%g%s(B
+($BNc$($P!"(B
+.Cm ip_input()
+$B$+$i(B
+.Nm
+$B$,8F$S=P$5$l$?$H$-$K(B MAC $B%X%C%@$H%^%C%A$r;n$_$k$h$&$J$b$N(B)
+$B$r%k!<%k$,4^$s$G$$$k$J$i!"$=$N%Q%?!<%s$O%^%C%A$7$J$$$3$H$K$J$j$^$9!#(B
+$B$H$O$$$(!"$=$N$h$&$J%Q%?!<%s$NA0$K(B
+.Cm not
+$B%*%Z%l!<%?$r5-=R$9$l$P!"%Q%?!<%s$O(B
+.Em $B>o$K(B
+$B$=$N$h$&$J%Q%1%C%H$K%^%C%A$9$k$3$H$K$J$j!"K>$^$7$/$J$$7k2L$H$J$k$G$7$g$&!#(B
+$B$7$?$,$C$F!"I,MW$J$i$P!"2DG=@-$N$"$k2U=j$NCf$G<1JL$9$k$h$&$K!"(B
+$BE,@Z$J%k!<%k%;%C%H$r5-=R$9$k$3$H$O%W%m%0%i%^$N@UG$$G$9!#(B
+$B$=$3$G(B
+.Cm skipto
+$B%k!<%k$,Lr$KN)$D$3$H$G$7$g$&!#(B
+$BNc$($P<!$N$h$&$K$7$^$9(B:
+.Bd -literal -offset indent
+# ether_demux $B$^$?$O(B bdg_forward $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 1000 all from any to any layer2 in
+# ip_input $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 2000 all from any to any not layer2 in
+# ip_output $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 3000 all from any to any not layer2 out
+# ether_output_frame $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 4000 all from any to any layer2 out
+.Ed
+.Pp
+($B$=$&$G$9!":#$N$H$3$m(B ether_demux $B$H(B bdg_forward $B$H$r(B
+$B6hJL$9$kJ}K!$O$"$j$^$;$s(B)$B!#(B
 .Sh $B%k!<%k=q<0(B
 .Nm
-$B%k!<%k%U%)!<%^%C%H$O<!$NDL$j$G$9!#(B
-.Bd -ragged
+$B$N=q<0$O<!$NDL$j$G$9(B:
+.Bd -ragged -offset indent
+.Op Ar rule_number
+.Op Cm set Ar set_number
 .Op Cm prob Ar match_probability
-.Ar action
+.br
+.Ar "   " action
 .Op Cm log Op Cm logamount Ar number
-.Ar proto
-.Cm from Ar src
-.Cm to Ar dst
-.Op Ar interface-spec
-.Op Ar options
+.Ar body
 .Ed
 .Pp
-$B3F%Q%1%C%H$r%U%#%k%?$9$k:]$K$O!"0J2<$N>pJs$K4p$E$/$3$H$,$G$-$^$9!#(B
+$B$3$3$G!"%k!<%k$N%\%G%#$O<!$N$h$&$K!"(B
+$B%Q%1%C%H$r%U%#%k%?$9$k$N$K$I$N>pJs$r;HMQ$9$k$N$+$r;XDj$7$^$9(B:
 .Pp
-.Bl -tag -width "$BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B" -offset indent -compact
-.It $BAw<u?.%$%s%?%U%'!<%9(B
-($BL>A0$^$?$O%"%I%l%9(B)
+.Bl -tag -width "Source and dest. addresses and ports" -offset XXX -compact
+.It $B%l%$%d(B 2 $B%X%C%@%U%#!<%k%I(B
+$B2DG=$J$i$P(B
+.It IPv4 $B%W%m%H%3%k(B
+TCP, UDP, ICMP $B$J$I(B
+.It $BAw?.85$*$h$S08@h$N%"%I%l%9$H%]!<%H(B
 .It $BJ}8~(B
-($BF~NO$^$?$O=PNO(B)
-.It $BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B
-($B%^%9%/;HMQ2D(B)
-.It $B%W%m%H%3%k(B
-(TCP, UDP, ICMP $BEy(B)
-.It $BAw?.85$*$h$S08@h%]!<%H(B
-($B%j%9%H!"HO0O!"%^%9%/$N$$$:$l$+(B)
-.It TCP $B%U%i%0(B
-.It IP $B%U%i%0%a%s%H%U%i%0(B
+$B%;%/%7%g%s(B
+.Sx $B%Q%1%C%H%U%m!<(B
+$B$r;2>H$7$F2<$5$$(B
+.It $BAw?.$*$h$S<u?.%$%s%?!<%U%'!<%9(B
+$BL>A0$^$?$O%"%I%l%9(B
+.It $B$=$NB>$N(B IP $B%X%C%@%U%#!<%k%I(B
+$B%P!<%8%g%s!"%5!<%S%9%?%$%W!"%G!<%?%0%i%`D9!"<1JL;R!"(B
+$B%U%i%0%a%s%H%U%i%0(B (0 $B$G$J$$(B IP $B%*%U%;%C%H(B)$B!"(B
+$B@8B8;~4V(B
 .It IP $B%*%W%7%g%s(B
+.It $B$=$NB>$N(B TCP $B%X%C%@%U%#!<%k%I(B
+TCP $B%U%i%0(B (SYN, FIN, ACK, RST $B$J$I(B)$B!"(B
+$B%7!<%1%s%9HV9f!"3NG'1~EzHV9f!"%&%#%s%I%&(B
+.It TCP $B%*%W%7%g%s(B
 .It ICMP $B%?%$%W(B
-.It $B%Q%1%C%H$K4XO"IU$1$i$l$?%=%1%C%H$N%f!<%6(B ID $B$H%0%k!<%W(B ID
+ICMP $B%Q%1%C%H$N>l9g(B
+.It $B%f!<%6(B/$B%0%k!<%W(B ID
+$B%Q%1%C%H$r%m!<%+%k%=%1%C%H$K4XO"$E$1$k$3$H$,2DG=$J>l9g(B
 .El
 .Pp
-$BAw?.85(B IP $B%"%I%l%9$d08@h(B TCP/UDP $B%]!<%H$K$h$k%U%#%k%?$O(B
-$B4m81$,$"$k$3$H$KCm0U$7$F$/$@$5$$!#(B
-$B$J$<$J$i!"$3$l$i$N:>>N$O4JC1$@$+$i$G$9!#(B
+$B>e5-$N>pJs!"(B
+$BNc$($P!"Aw?.85(B MAC $B%"%I%l%9$^$?$O(B IP $B%"%I%l%9$H(B TCP/UDP $B%]!<%H(B
+$B$OMF0W$K:>>N$,2DG=$G$"$k$3$H$KCm0U$7$F2<$5$$!#(B
+$B$7$?$,$C$F!"$3$l$i$N%U%#!<%k%I$N$_$G%U%#%k%?$9$k$3$H$O(B
+$BI,$:$7$bK>$^$7$$7k2L$H$O$J$j$^$;$s!#(B
 .Bl -tag -width indent
+.It Ar rule_number
+$B3F%k!<%k$O!"(B1 $B$+$i(B 65535 $B$NHO0O$N(B
+.Ar rule_number
+$B$K4XO"$E$1$i$l$F$*$j!"(B
+$B8e<T$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$N$?$a$KM=Ls$5$l$F$$$^$9!#(B
+$B%k!<%k$O%k!<%kHV9f$N=g$K%A%'%C%/$5$l$^$9!#(B
+$BJ#?t$N%k!<%k$,F10l$NHV9f$r;}$D$3$H$,2DG=$G!"(B
+$B$=$N>l9g$ODI2C$5$l$?=g=x$G%A%'%C%/$5$l$^$9(B ($BI=<($9$k>l9g$bF1MM$G$9(B) $B!#(B
+$BHV9f$N;XDj$J$7$G%k!<%k$,F~NO$5$l$?>l9g!"(B
+$B%+!<%M%k$O!"$=$N%k!<%k$,(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$h$jA0$K$"$k%k!<%k$NCf$G:G8e$K$J$k$h$&$K3d$jEv$F$^$9!#(B
+$B<+F0E*$K$D$1$i$l$k%k!<%kHV9f$O!"(B
+$B%G%U%)%k%H$r=|$$$?Cf$G:G8e$H$J$k%k!<%kHV9f$r!"(B
+sysctl $BJQ?t(B
+.Ar net.inet.ip.fw.autoinc_step
+$B$NCM$@$1A}2C$5$;$F3d$jEv$F$i$l$^$9!#(B
+$B$3$NJQ?t$N%G%U%)%k%H$O(B 100 $B$G$9!#(B
+$B$b$7!"$3$NA`:n$,(B
+($BNc$($P5v2D$5$l$?:GBg%k!<%kHV9f$r1[$($k$H$$$C$?M}M3$G(B)
+$BIT2DG=$G$"$l$P!"(B
+$B:G8e$N%G%U%)%k%H$G$J$$CM$HF1$8HV9f$,Be$o$j$K;HMQ$5$l$^$9!#(B
+.It Cm set Ar set_number
+$B3F%k!<%k$O(B 0 $B$+$i(B 31 $B$NHO0O$N(B
+.Ar set_number
+$B$K4XO"$E$1$i$l$F$*$j!"(B
+$B8e<T$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$N$?$a$KM=Ls$5$l$F$$$^$9!#(B
+$B%;%C%H$O8DJL$KL58z2=$7$?$jM-8z2=$7$?$j$9$k$3$H$,$G$-$^$9!#(B
+$B$7$?$,$C$F!"$3$N%Q%i%a!<%?$O%"%H%_%C%/$J%k!<%k%;%C%HA`:n$r9T$&$?$a$K(B
+$BI,MWIT2D7g$J$b$N$G$9!#(B
+$B%k!<%k%;%C%H$rC1=c$K:o=|$9$k$3$H$b2DG=$G$9!#(B
+$B%;%C%HHV9f$r;XDj$;$:$K%k!<%k$,F~NO$5$l$?>l9g!"(B
+$B%;%C%H(B 0 $B$,;HMQ$5$l$^$9!#(B
 .It Cm prob Ar match_probability
 $B;XDj$7$?3NN((B (0 $B$+$i(B 1 $B$^$G$NIbF0>.?tE@?t$G$9(B)
-$B$G$N$_%^%C%A$,@k8@$5$l$^$9!#(B
-$B%i%s%@%`$K%Q%1%C%H$rMn$H$91~MQ$H$7$FMQ$$$k>l9g$d!"(B(
+$B$G$7$+%^%C%A$7$J$$%^%C%A$r@k8@$5$l$^$9!#(B
+$B%i%s%@%`$K%Q%1%C%H$rMn$H$9$7$?$j$9$k$h$&$J(B
+$BB?$/$N%"%W%j%1!<%7%g%s$d!"(B
+(
 .Xr dummynet 4
 $B$H6&$K;HMQ$7$F(B)
 $B%Q%1%C%HE~C#=g=x$NMp$l$r0z$-5/$3$9J#?t7PO)$N8z2L$r%7%_%e%l!<%H$9$k:]$K(B
 $BM-MQ$G$9!#(B
-.It Ar action :
+.It Cm log Op Cm logamount Ar number
+$B%Q%1%C%H$,(B
+.Cm log
+$B%-!<%o!<%I$r;}$C$?%k!<%k$K%^%C%A$7$?>l9g!"(B
+$B%a%C%;!<%8$,(B
+.Xr syslogd 8
+$B$K(B
+.Dv LOG_SECURITY
+$B%U%!%7%j%F%#$G5-O?$5$l$^$9!#(B
+sysctl $BJQ?t(B
+.Em net.inet.ip.fw.verbose
+$B$,(B 1
+($B%+!<%M%k$,(B
+.Dv IPFIREWALL_VERBOSE
+$B$G%3%s%Q%$%k$5$l$F$$$l$P$3$l$,%G%U%)%k%H$G$9(B)
+$B$K@_Dj$5$l$F$*$j!"(B
+$B$=$N%k!<%k$K$D$$$F$3$l$^$G5-O?$5$l$?%Q%1%C%H$N?t$,(B
+$B$=$N(B
+.Cm logamount
+$B%Q%i%a!<%?$r1[$($F$$$J$1$l$P!"5-O?$,9T$o$l$^$9!#(B
+.Cm logamount
+$B$,;XDj$5$l$F$$$J$1$l$P!"@)8B$O(B sysctl $BJQ?t(B
+.Em net.inet.ip.fw.verbose_limit
+$B$+$i;2>H$5$l$^$9!#(B
+$BN><T$NCM$,(B 0 $B$G$"$l$P5-O?$N@)8B$O<h$j=|$+$l$^$9!#(B
+.Pp
+$B0lEY@)8B$KC#$7$?$J$i!"(B
+$B$3$N%(%s%H%j$KBP$9$k%m%.%s%0%+%&%s%?$+%Q%1%C%H%+%&%s%?$r%/%j%"$9$l$P(B
+$B5-O?$r:F$SM-8z$K$9$k$3$H$,$G$-$^$9!#(B
+.Cm resetlog
+$B%3%^%s%I$r;2>H$7$F2<$5$$!#(B
+.Pp
+.El
+.Ss $B%k!<%k%"%/%7%g%s(B
+$B%k!<%k$O<!$K<($9%"%/%7%g%s$N0l$D$H4XO"$E$1$k$3$H$,$G$-$^$9!#(B
+$B$3$l$O%Q%1%C%H$,%k!<%k$N%\%G%#$K%^%C%A$7$?$H$-$K<B9T$5$l$^$9!#(B
 .Bl -tag -width indent
-.It Cm allow
-$B%^%C%A$9$k%Q%1%C%H$rDL2a$5$;!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Cm pass ,
-.Cm permit ,
-.Cm accept
-$B$O$3$l$NJLL>$G$9!#(B
-.It Cm deny
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Cm drop
-$B$O(B
-.Cm deny
-$B$NJLL>$G$9!#(B
-.It Cm reject
-($B$3$N;HMQ$O?d>)$5$l$^$;$s(B)
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
-ICMP $B$N(B host unreachable $B$rAw?.$7!"(B
-$B%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm unreach Ar code
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
-ICMP $B$N(B unreachable $B$K(B
-.Ar code
-$B$rIU$1$FAw?.$7$^$9!#$3$3$G!"(B
-.Ar code
-$B$O!"(B0 $B$+$i(B 256 $B$^$G$N?t;z!"$b$7$/$O!"0J2<$KNs5s$9$kJLL>$N$$$:$l$+$G$9(B:
-.Cm net , host , protocol , port ,
-.Cm needfrag , srcfail , net-unknown , host-unknown ,
-.Cm isolated , net-prohib , host-prohib , tosnet ,
-.Cm toshost , filter-prohib , host-precedence ,
-.Cm precedence-cutoff
-$B!#%^%C%A%s%0$O=*N;$7$^$9!#(B
-.It Cm reset
-TCP $B%Q%1%C%H$N$_BP>]!#(B
-$B%Q%1%C%H$rGK4~$7!"(BTCP $B$N(B reset (RST) $B$rAw?.$7!"(B
-$B%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm count
-$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$9$Y$F$N%+%&%s%?$r99?7$7!"(B
-$B0zB3$-%^%C%A%s%0$r9T$J$$$^$9!#(B
+.It Cm allow | accept | pass | permit
+$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$r<u$1IU$1$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm check-state
-$BF0E*%k!<%k=89g$KBP$7$F%Q%1%C%H$N%A%'%C%/$r9T$J$$$^$9!#(B
-$B%^%C%A$7$?>l9g!"%^%C%A%s%0$O=*N;$7$^$9!#(B
+$BF0E*%k!<%k%;%C%H$KBP$7$F%Q%1%C%H$N%A%'%C%/$r9T$J$$$^$9!#(B
+$B%^%C%A$7$?>l9g!"(B
+$B$=$NF0E*%k!<%k$r@8@.$7$?%k!<%k$K4XO"$E$1$i$l$?%"%/%7%g%s$r<B9T$7!"(B
 $B%^%C%A$7$J$+$C$?>l9g!"<!$N%k!<%k$K0\$j$^$9!#(B
+.br
 .Cm check-state
-$B%k!<%k$,8+$D$+$i$J$$$H$-$O!"F0E*%k!<%k=89g$O:G=i$N(B
+$B%k!<%k$O%\%G%#$r;}$A$^$;$s!#(B
+.Cm check-state
+$B%k!<%k$,8+$D$+$i$J$$$H$-$O!"(B
+$BF0E*%k!<%k%;%C%H$O:G=i$N(B
 .Cm keep-state
+$B%k!<%k!"$b$7$/$O(B
+.Cm limit
 $B%k!<%k$N>l=j$G%A%'%C%/$5$l$^$9!#(B
+.It Cm count
+$B%k!<%k$K%^%C%A$7$?A4$F$N%Q%1%C%H$N%+%&%s%?$r99?7$7$^$9!#(B
+$B8!:w$O<!$N%k!<%k$XB39T$7$^$9!#(B
+.It Cm deny | drop
+$B%k!<%k$K%^%C%A$7$?A4$F$N%Q%1%C%H$rGK4~$7$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm divert Ar port
-$B%^%C%A$9$k%Q%1%C%H$r(B
-.Ar port
-$B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
-.Xr divert 4
-$B%=%1%C%H$KAw$j!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm tee Ar port
-$B%^%C%A$9$k%Q%1%C%H$N%3%T!<$r(B
+$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$r(B
+$B%]!<%H(B
 .Ar port
-$B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
+$B$K%P%$%s%I$5$l$F$$$k(B
 .Xr divert 4
-$B%=%1%C%H$KAw$j$^$9!#(B
-$B8!:w$r=*N;$7!"85$N%Q%1%C%H$O<uM}$5$l$^$9(B
-($B$?$@$78e=R$N(B
-.Sx $B%P%0(B
-$B$r;2>H$7$F$/$@$5$$(B)$B!#(B
-.It Cm fwd Ar ipaddr Ns Op , Ns Ar port
+$B%=%1%C%H$KAw=P$7$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
+.It Cm fwd | forward Ar ipaddr Ns Op , Ns Ar port
 $B%^%C%A$7$?%Q%1%C%H$N<!$N%[%C%W$r(B
 .Ar ipaddr
-$B$KJQ99$7$^$9!#$3$l$O%I%C%HIU$-(B 4 $B$DAH$N(B IP $B%"%I%l%9$G$b%[%9%HL>$G$b$h$$$G$9!#(B
-.Ar ipaddr
-$B$,D>@\E~C#2DG=$J%"%I%l%9$G$O$J$$>l9g!"$=$N(B IP $B$KBP$7$F(B
-$B%m!<%+%k%k!<%F%#%s%0%F!<%V%k$G$_$D$+$C$?7PO)$r;HMQ$7$^$9!#(B
+$B$KJQ99$7$^$9!#(B
+$B$3$l$K$O(B4$B$D$N?t;z$r%I%C%H$G6h@Z$C$?(B IP $B%"%I%l%9(B
+$B$^$?$O%[%9%HL>$,;HMQ$G$-$^$9!#(B
+$B$3$N%k!<%k$K%^%C%A$7$?>l9g!"8!:w$O=*N;$7$^$9!#(B
+.Pp
 .Ar ipaddr
-$B$,%m!<%+%k%"%I%l%9$N>l9g!"(B
-.Cm fwd
-$B%k!<%k$K%Q%1%C%H$,%^%C%A$9$k$H!"$=$N%Q%1%C%H$r%m!<%+%k%^%7%s$N(B
+$B$,%m!<%+%k%"%I%l%9$N>l9g!"%^%C%A$7$?%Q%1%C%H$O%m!<%+%k%^%7%s$N(B
 .Ar port
-$B$KE>49$7$^$9!#(B
-$B$=$N:]!"(B
-$B%=%1%C%H$N%m!<%+%k%"%I%l%9$O!"(B
-$B%Q%1%C%H$N85!9$N08@h$N(B IP $B%"%I%l%9$N$^$^$H$7$^$9!#(B
-.Xr netstat 1
-$B%(%s%H%j$,4qL/$K8+$($k$h$&$K$J$j$^$9$,!"(B
-$B$3$l$OF)2aE*%W%m%-%7%5!<%P$N$?$a$K$"$j$^$9!#(B
-IP $B$,(B $B%m!<%+%k%"%I%l%9$G$O$J$$>l9g!"%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B)
-$BL5;k$5$l$^$9!#(B
-$B%Q%1%C%H$,%m!<%+%k$K@8@.$5$l$?$H$-$K$b!"%"%I%l%9$r%^%C%W$7$^$9!#(B
-$B8!:w$O$3$N%k!<%k$,%^%C%A$7$?$H$-$K=*N;$7$^$9!#(B
-$B%]!<%HHV9f$,M?$($i$l$J$+$C$?>l9g!"(B
-$B30It%^%7%s$N%]!<%H(B Y $B$X$N%Q%1%C%H$O(B $B%m!<%+%k%]!<%H(B Y $B$XE>Aw$5$l$k$h$&$K!"(B
-$B%Q%1%C%HCf$N%]!<%HHV9f$,;HMQ$5$l$^$9!#(B
-$B%+!<%M%k$O!"(B
-$B%*%W%7%g%s(B IPFIREWALL_FORWARD $BIU$-$G%3%s%Q%$%k$5$l$F$$$kI,MW$,$"$j$^$9!#(B
-$B%V%j%C%85!G=$O!"E>Aw$,<BAu$5$l$F$$$kItJ,$G(B
-.Fn ip_input
-$B$H(B
-.Fn ip_output
-$B$r%P%$%Q%9$9$k$3$H$G!"%m!<%+%k%7%9%F%`08$G$O$J$$%Q%1%C%H$rE>Aw$7$^$9!#(B
+($B$^$?$O!"%k!<%k$G;XDj$5$l$F$$$J$$>l9g$O$=$N%Q%1%C%H$N%]!<%HHV9f(B)
+$B$KE>Aw$5$l$^$9!#(B
+.br
+.Ar ipaddr
+$B$,%m!<%+%k%"%I%l%9$G$J$$>l9g!"(B
+$B%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B) $BL5;k$5$l!"(B
+$B%Q%1%C%H$O(B
+$B%m!<%+%k$J7PO)%F!<%V%k$KB8:_$9$k$=$N(B IP $B$KBP$9$k7PO)$r;HMQ$7$F(B
+$B%j%b!<%H%"%I%l%9$KE>Aw$5$l$^$9!#(B
+.br
+.Ar fwd
+$B%k!<%k$O%l%$%d(B 2 $B%Q%1%C%H(B
+($B$=$l$i$O(B ether_input, ether_output, bridged $B$G<u?.$5$l$^$9(B)
+$B$K$O%^%C%A$7$^$;$s!#(B
+.br
 .Cm fwd
-$BF0:n$O%Q%1%C%H$NFbMF$r$^$C$?$/JQ99$7$J$$$?$a!"(B
+$B%"%/%7%g%s$O%Q%1%C%H$NFbMF$r$^$C$?$/JQ99$7$^$;$s!#(B
+$B<B:]!"08@h%"%I%l%9$,=$@5$5$l$:$K;D$k$N$G!"(B
 $BE>Aw@h%7%9%F%`$,$=$N$h$&$J%Q%1%C%H$r<h$j9~$`%k!<%k$r;}$?$J$$8B$j!"(B
 $BEv3:%Q%1%C%H$ODL>o$=$N%7%9%F%`$,5qH]$7$^$9!#(B
+$B%m!<%+%k$GE>Aw$5$l$k%Q%1%C%H$N$?$a$K!"(B
+$B%=%1%C%H$N%m!<%+%k%"%I%l%9$O%Q%1%C%H$N85$N08@h%"%I%l%9$K@_Dj$5$l$^$9!#(B
+$B$3$N$3$H$K$h$C$F(B
+.Xr netstat 1
+$B%(%s%H%j$O$+$($C$F4qL/$J8+$(J}$K$J$j$^$9$,!"(B
+$B$3$l$OF)2a%W%m%-%7%5!<%P$G$N;HMQ$r0U?^$7$F$$$^$9!#(B
 .It Cm pipe Ar pipe_nr
 $B%Q%1%C%H$r(B
 .Xr dummynet 4
 .Dq $B%Q%$%W(B
-$B$XEO$7$^$9(B ($B%P%s%II}@)8B!"CY1dEy$N$?$a(B)$B!#(B
-$B99$J$k>pJs$K$D$$$F$O(B
+($B%P%s%II}@)8B!"CY1d$J$I$K;HMQ$5$l$^$9(B)
+$B$XEO$7$^$9!#(B
+$B>\$7$$>pJs$K$D$$$F$O(B
 .Sx $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
-$B$N@a$r;2>H$7$F$/$@$5$$!#(B
+$B%;%/%7%g%s$r;2>H$7$F$/$@$5$$!#(B
 $B8!:w$O=*N;$7$^$9!#(B
 $B$7$+$7!"%Q%$%W$+$iH4$1$?$H$-$K(B
 .Xr sysctl 8
@@ -404,133 +641,208 @@
 .It Cm queue Ar queue_nr
 $B%Q%1%C%H$r(B
 .Xr dummynet 4
-.Dq queue
-$B$XEO$7$^$9(B
-(WF2Q $B$r;H$C$?%P%s%II}@)8BMQ(B)$B!#(B
+.Dq $B%-%e!<(B
+(WF2Q $B$r;H$C$?%P%s%II}@)8B$K;HMQ$5$l$^$9(B)
+$B$XEO$7$^$9!#(B
+.It Cm reject
+($BHsFq$5$l$^$9(B)$B!#(B
+.Cm unreach host
+$B$HF15A$G$9!#(B
+.It Cm rest
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$rGK4~$7$^$9!#(B
+$B$5$i$K!"$=$N%Q%1%C%H$,(B TCP $B%Q%1%C%H$G$"$l$P!"(B
+TCP $B%j%;%C%H(B (RST) $BDLCN$rAw=P$7$h$&$H;n$_$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm skipto Ar number
 .Ar number
 $B$h$j>.$5$JHV9f$N%k!<%k$rHt$S1[$7$F!"(B
 .Ar number
-$B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"%^%C%A%s%0$r7QB3$7$^$9!#(B
+$B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"8!:w$r7QB3$7$^$9!#(B
+.It Cm tee Ar port
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$NJ#@=$r!"(B
+$B%]!<%H(B
+.Ar port
+$B$K%P%$%s%I$5$l$?(B
+.Xr divert 4
+$B%=%1%C%H$KAw=P$7$^$9!#(B
+$B8!:w$O=*N;$7!"85$N%Q%1%C%H$O<u$1IU$1$i$l$^$9(B
+($B$?$@$7!"0J2<$N%;%/%7%g%s(B
+.Sx $B%P%0(B
+$B$r;2>H$7$F2<$5$$(B)$B!#(B
+.It Cm unreach Ar code
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$rGK4~$7!"(B
+$B%3!<%I(B
+.Ar code
+$B$N(B ICMP $BE~C#IT2DDLCN$rAw=P$7$h$&$H;n$_$^$9!#(B
+$B$3$3$G(B
+.Ar code
+$B$O(B 0 $B$+$i(B 255 $B$N?t;z!"$^$?$O<!$N%(%$%j%"%9$N$$$:$l$+$G$9(B:
+.Cm net , host , protocol , port ,
+.Cm needfrag , srcfail , net-unknown , host-unknown ,
+.Cm isolated , net-prohib , host-prohib , tosnet ,
+.Cm toshost , filter-prohib , host-precedence ,
+.Cm precedence-cutoff
+$B!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .El
-.It Cm log Op Cm logamount Ar number
-$B%+!<%M%k$,(B
-.Dv IPFIREWALL_VERBOSE
-$B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g$K!"(B
-.Cm log
-$B%-!<%o!<%I$,;XDj$5$l$F$$$k%k!<%k$H%^%C%A$7$?;~!"(B
-$B%a%C%;!<%8$r(B
-.Dv LOG_SECURITY
-$B%U%!%7%j%F%#$G(B
-.Xr syslogd 8
-$B$G%m%0$7$^$9!#(B
-.Em $BCm(B :
-$B%G%U%)%k%H$G$O!"%m%0$O(B
-.Pa /var/log/security
-$B%U%!%$%k$KDI2C$5$l$^$9(B (
-.Xr syslog.conf 5
-$B$r;2>H$7$F$/$@$5$$(B)$B!#(B
-$B%+!<%M%k$,!"(B
-.Dv IPFIREWALL_VERBOSE_LIMIT
-$B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g!"(B
-$B%G%U%)%k%H$G$O!"(B
-$B0lO"$N%k!<%k$KBP$7;XDj$5$l$?%Q%1%C%H(B
-$B?t$r<u?.$7$?8e!"%a%C%;!<%8$NI=<($rCf;_$7!"(B
-.Em net.inet.ip.fw.verbose_limit
-$B$,$=$N?t$K@_Dj$5$l$^$9!#(B
-$B$7$+$7(B
-.Cm logamount Ar number
-$B$,;HMQ$5$l$?>l9g!"(B
-.Em net.inet.ip.fw.verbose_limit
-$B$NBe$j$K$3$N(B
-.Ar number
-$B$,%G%U%)%k%H$N%m%0@)8B$K$J$j!"CM(B
-.Dq 0
-$B$r;XDj$9$k$H!"%m%.%s%0$N@)8B$O<h$j=|$+$l$^$9!#(B
-$B$3$N%(%s%H%j$KBP$9$k%m%.%s%0%+%&%s%?$^$?$O%Q%1%C%H%+%&%s%?$r(B
-$B%/%j%"$9$l$P!"%m%.%s%0$O:F$SM-8z$K$J$j$^$9!#(B
+.Ss $B%k!<%k%\%G%#(B
+$B%k!<%k$N%\%G%#$O(B 0 $B0J>e$N%Q%?!<%s(B
+($BAw?.85$H08@h%"%I%l%9$d%]!<%H$N;XDj!"(B
+$B%W%m%H%3%k%*%W%7%g%s!"<u?.$^$?$OAw?.%$%s%?!<%U%'!<%9$N;XDj$J$I(B)
+$B$+$i@.$j$^$9!#(B
+$B%Q%1%C%H$O2r<a$5$l$k=g$K%^%C%A$7$J$1$l$P$J$j$^$;$s!#(B
+$BDL>o!"%Q%?!<%s$O(B ($B0EL[E*$K(B)
+.Cm and
+$B%*%Z%l!<%?$G@\B3$5$l$^$9(B -- $B$D$^$j!"%k!<%k$,%^%C%A$9$k$?$a$K$O(B
+$BA4$F$,%^%C%A$7$J$1$l$P$J$j$^$;$s!#(B
+$B8D!9$N%Q%?!<%s$K$O!"%^%C%A$N7k2L$rH?E>$5$;$k$?$a$K(B
+.Cm not
+$B%*%Z%l!<%?$rA0CV$9$k$3$H$,$G$-$^$9!#(B
+$B$3$l$O<!$N$h$&$K$J$j$^$9!#(B
 .Pp
-$B%3%s%=!<%k%m%0$H%G%U%)%k%H%m%0@)8B?t$O!"(B
-.Xr sysctl 8
-$B$rDL$8$F(B MIB $B%Y!<%9(B
-.Dv net.inet.ip.fw
-$B$K$FF0E*$K@_Dj$G$-$^$9!#(B
-.It Ar proto
-$BL>A0$^$?$O?tCM$G;XDj$9$k(B IP $B%W%m%H%3%k(B ($B>\:Y$O(B
-.Pa /etc/protocols
-$B$N%j%9%H$r;2>H$N$3$H(B)$B!#(B
-.Cm ip
-$B$^$?$O(B
-.Cm all
-$B$N%-!<%o!<%I$r;HMQ$9$k$H!"$9$Y$F$N%W%m%H%3%k$,%^%C%A$7$^$9!#(B
-.It Ar src No $B$H(B Ar dst :
-.Cm any | me | Op Cm not
-.Aq Ar address Ns / Ns Ar mask
-.Op Ar ports
+.Dl "ipfw add 100 allow ip from not 1.2.3.4 to any"
 .Pp
-.Cm any
-$B$r;XDj$9$k$H!"%k!<%k$O$9$Y$F$N(B IP $BHV9f$H%^%C%A$7$^$9!#(B
+$B$5$i$K!"(B
+$B<!$N$h$&$K(B
+.Cm or
+$B%*%Z%l!<%?$r;HMQ$7!"(B
+$B4]3g8L(B () $B$d(B $B%V%l!<%9(B {} $B$G3g$i$l$?FbIt$K%Q%?!<%s$rNs5s$9$k$3$H$G!"(B
+$B?7$7$$%^%C%A%Q%?!<%s$N%;%C%H(B (
+.Em $BO@M}OB%V%m%C%/(B
+) $B$r9=C[$9$k$3$H$,$G$-$^$9(B:
 .Pp
-.Cm me
-$B$r;XDj$9$k$H!"%k!<%k$O%7%9%F%`>e$G9=@.$5$l$?$9$Y$F$N(B IP $BHV9f$H%^%C%A$7$^$9!#(B
+.Dl "ipfw add 100 allow ip from { x or not y or z } to any"
 .Pp
-.Aq Ar address Ns / Ns Ar mask
-$B$O0J2<$N$h$&$K;XDj$G$-$^$9!#(B
-.Bl -tag -width "ipno/bits"
-.It Ar ipno
-IP $BHV9f$r(B 1.2.3.4 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$N(B IP $BHV9f$K$N$_%^%C%A$7$^$9!#(B
-.It Ar ipno Ns / Ns Ar bits
-IP $BHV9f$H%M%C%H%^%9%/$NI}$r(B 1.2.3.4/24 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$NNc$N>l9g$O(B 1.2.3.0 $B$+$i(B 1.2.3.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
-.It Ar ipno Ns : Ns Ar mask
-IP $BHV9f$H%M%C%H%^%9%/$r(B 1.2.3.4:255.255.240.0 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$N>l9g$O(B 1.2.0.0 $B$+$i(B 1.2.15.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
-.El
+$B3g8L$N%l%Y%k$O(B 1 $B$D$N$_$,2DG=$G$9!#(B
+$B$[$H$s$I$N%7%'%k$,4]3g8L$d%V%l!<%9$KFCJL$J0UL#$r;}$?$;$F$$$k$3$H$K(B
+$BCm0U$7$F2<$5$$!#(B
+$B$7$?$,$C$F!"$=$N$h$&$J2r<a$,5/$3$i$J$$$h$&$K%P%C%/%9%i%C%7%e(B \\ $B$r(B
+$B$=$NA0$KCV$/$3$H$r4+$a$^$9!#(B
 .Pp
-$B%"%I%l%9$NA0$K(B
-.Cm not
-$B$rIU$1$k$3$H$K$h$C$F!"%^%C%A$N0UL#$rH?E>$5$;$k(B
-$B$3$H$,$G$-$^$9(B ($B;XDj$5$l$?%"%I%l%90J30$N$9$Y$F$N%"%I%l%9$,%^%C%A$7$^$9(B)$B!#(B
-$B$3$l$O%]!<%HHV9f$NA*Br$K$O1F6A$7$^$;$s!#(B
+$B%k!<%k$N%\%G%#$O!"DL>o$OAw?.85$H08@h%"%I%l%9$N;XDj$r4^$^$J$1$l$P$J$j$^$;$s!#(B
+$B%-!<%o!<%I(B
+.Ar any
+$B$OI,?\%U%#!<%k%I$NFbMF$,=EMW$G$J$$$3$H$r;XDj$9$k$?$a$K(B
+$BMM!9$J2U=j$G;HMQ$9$k$3$H$,$G$-$^$9!#(B
 .Pp
-TCP $B$H(B UDP $B$G$O$5$i$K!"(B
-.Em ports
-$B$r0J2<$N$h$&$K;XDj$G$-$^$9!#(B
+$B%k!<%k%\%G%#$O0J2<$N=q<0(B:
 .Bd -ragged -offset indent
-.Sm off
-.Brq Ar port | port No \&- Ar port | port : mask
-.Op , Ar port Op , Ar ...
-.Sm on
+.Op Ar proto Cm from Ar src Cm to Ar dst
+.Op Ar options
 .Ed
 .Pp
+$B:G=i$NItJ,(B (protocol from src to dst) $B$O(B
+.Nm ipfw1
+$B$H$N8eJ}8_49$N$?$a$K$"$j$^$9!#(B
+.Nm ipfw2
+$B$G$O!"G$0U$N%^%C%A%Q%?!<%s(B
+(MAC $B%X%C%@!"(BIPv4 $B%W%m%H%3%k!"%"%I%l%9!"%]!<%H$r4^$`(B)
+$B$,(B
+.Ar options
+$B%;%/%7%g%s$G;XDj$G$-$^$9!#(B
+.Pp
+$B%k!<%k%U%#!<%k%I$O0J2<$N0UL#$G$9(B:
+.Bl -tag -width indent
+.It Ar proto : protocol | Cm { Ar protocol Cm or ... }
+IPv4 $B%W%m%H%3%k(B ($B$^$?$OJ#?t$N%W%m%H%3%k$+$i$J$k(B
+.Em $BO@M}OB%V%m%C%/(B
+)
+$B$O?t;z$dL>A0$G;XDj$5$l$^$9(B
+($B40A4$J%j%9%H$O(B
+.Pa /etc/protocols
+$B$r;2>H$7$F2<$5$$(B)$B!#(B
+.Cm ip
+$B$^$?$O(B
+.Cm all
+$B$N%-!<%o!<%I$r;HMQ$9$k$H!"$9$Y$F$N%W%m%H%3%k$,%^%C%A$7$^$9!#(B
+.It Ar src No $B$*$h$S(B Ar dst : ip-address | Cm { Ar ip-address Cm or ... } Op Ar ports
+$BC10l$N(B
+.Ar ip-address
+$B$d!"(B1 $B$D0J>e$N%"%I%l%9$r4^$`(B
+.Em $BO@M}OB%V%m%C%/(B
+$B$O!"8e$KB3$1$F(B
+.Ar ports
+$B;X<(;R$r%*%W%7%g%s$GCV$/$3$H$,$G$-$^$9!#(B
+.It Ar ip-address :
+$B<!$NJ}K!(B
+($B%*%W%7%g%s$G(B
+.Cm not
+$B%*%Z%l!<%?$rA0CV$9$k$3$H$,$G$-$^$9(B)
+$B$N$$$:$l$+$G;XDj$5$l$?%"%I%l%9(B ($B$^$?$O%"%I%l%9$N%;%C%H(B):
+.Bl -tag -width indent
+.It Cm any
+$BG$0U$N(B IP $B%"%I%l%9$K%^%C%A$7$^$9!#(B
+.It Cm me
+$B%7%9%F%`$N%$%s%?!<%U%'!<%9$K@_Dj$5$l$?G$0U$N(B IP $B%"%I%l%9$K%^%C%A$7$^$9!#(B
+$B%"%I%l%9$N%j%9%H$O%Q%1%C%H$,2r@O$5$l$k$H$-$KI>2A$5$l$^$9!#(B
+.It Ar numeric-ip | hostname
+$B%I%C%H$G6h@Z$C$?(B4$B$D$N?t;z$^$?$O%[%9%HL>$G;XDj$7$?!"(B
+$B0l$D$N(B IPv4 $B%"%I%l%9$K%^%C%A$7$^$9!#(B
+$B%[%9%HL>$O$=$N%k!<%k$,%U%!%$%"%&%)!<%k$N%j%9%H$KDI2C$5$l$k$H$-$K(B
+$BL>A02r7h$,9T$o$l$^$9!#(B
+.It Ar addr Ns / Ns Ar masklen
+$B%Y!<%9$H$J$k(B
+.Ar addr
+($B%I%C%H$G6h@Z$C$?(B4$B$D$N?t;z$^$?$O%[%9%HL>$G;XDj$5$l$^$9(B)
+$B$H(B
+.Cm masklen
+$B%S%C%HI}$N%^%9%/(B
+$B$K0lCW$9$kA4$F$N%"%I%l%9$K%^%C%A$7$^$9!#(B
+$BNc$($P!"(B1.2.3.4/25 $B$O(B 1.2.3.0 $B$+$i(B 1.2.3.127 $B$^$G$N(B
+$BA4$F$N(B IP $B%"%I%l%9$K%^%C%A$9$k$3$H$K$J$j$^$9!#(B
+.It Ar addr Ns / Ns Ar masklen Ns Cm { Ns Ar num,num,... Ns Cm }
+$B%Y!<%9%"%I%l%9$,(B
+.Ar addr
+($B%I%C%H$G6h@Z$C$?(B4$B$D$N?t;z$^$?$O%[%9%HL>$G;XDj$5$l$^$9(B)
+$B$G$"$j!":G8e$N%P%$%H$,%V%l!<%9(B {} $B$NCf$KNs5s$5$l$F$$$k(B
+$BA4$F$N%"%I%l%9$K%^%C%A$7$^$9!#(B
+$B%V%l!<%9!"%+%s%^!"?t;z$N4V$K$O6uGr$rCV$$$F$O$$$1$J$$$3$H$KCm0U$7$F2<$5$$!#(B
+.Ar masklen
+$B%U%#!<%k%I$O%"%I%l%9$N%;%C%H$N%5%$%:$K@)8B$r$D$1$k$?$a$K;HMQ$5$l!"(B
+24 $B$+$i(B 32 $B$N4V$NG$0U$NCM$r$H$k$3$H$,$G$-$^$9!#(B
+.br
+$BNc$($P!"%"%I%l%9$,(B 1.2.3.4/24{128,35,55,89} $B$H$7$F;XDj$5$l$?>l9g!"(B
+$B<!$N%"%I%l%9$,%^%C%A$7$^$9(B:
+.br
+1.2.3.128 1.2.3.35 1.2.3.55 1.2.3.89
+.br
+$B$3$N=q<0$O0l$D$N%k!<%k$G$^$P$i$J%"%I%l%972$r<h$j07$&$H$-$K(B
+$BFC$KJXMx$G$9!#(B
+$B%^%C%A$,%S%C%H%^%9%/$r;HMQ$7$F9T$o$l$k$N$G!"(B
+$B$+$+$k;~4V$O0lDj$G!"%k!<%k%;%C%H$NJ#;($5$,7`E*$K8:>/$7$^$9!#(B
+.El
+.It Ar ports : Oo Cm not Oc Bro Ar port | port Ns \&- Ns Ar port Ns Brc Op , Ns Ar ...
+$B%]!<%HHV9f$r%5%]!<%H$7$F$$$k%W%m%H%3%k(B (TCP $B$d(B UDP $B$J$I(B) $B$N$?$a$K!"(B
+$B%*%W%7%g%s$N(B
+.Cm ports
+$B$O!"(B1 $B$D0J>e$N%]!<%H$^$?$O%]!<%H$NHO0O$r6uGr$J$7$N%+%s%^6h@Z$j$G!"(B
+$B$5$i$K%*%W%7%g%s$N(B
+.Cm not
+$B%*%Z%l!<%?$rIU2C$7$F!"(B
+$B;XDj$9$k$3$H$,$G$-$^$9!#(B
 $B5-9f(B
 .Ql \&-
 $B$K$h$kI=8=$O!"%]!<%HHO0O(B ($BN>C<4^$`(B) $B$r;XDj$7$^$9!#(B
 .Pp
-$B5-9f(B
-.Ql \&:
-$B$K$h$kI=8=$O!"%]!<%H$H%^%9%/$r;XDj$7$^$9!#(B
-$B%^%C%A$,@k8@$5$l$k$N$O!"(B
-$B%Q%1%C%HCf$N%]!<%HHV9f$,%k!<%kCf$N%]!<%HHV9f$K%^%C%A$9$k$H$-$G$9$,!"(B
-$B%^%C%ABP>]$N%S%C%H$O%^%9%/Cf$G;XDj$5$l$?$b$N$K8BDj$5$l$^$9!#(B
-.Pp
 $B%]!<%HHV9f$NBe$o$j$K(B ($B%U%!%$%k(B
 .Pa /etc/services
 $B$+$i<h$C$?(B) $B%5!<%S%9L>$r;HMQ$G$-$^$9!#(B
-$B%]!<%HHO0O;XDj$N=q<0$O!":G=i$NCM$H$7$F$N$_;XDj$G$-$^$9!#(B
-$BNs5s=PMh$k%]!<%H?t$O(B
-.Pa /usr/src/sys/netinet/ip_fw.h
-$B$G(B
-.Dv IP_FW_MAX_PORTS
-$B$H$7$FDj5A$5$l$F$$$^$9!#(B
+$B%]!<%H%j%9%H$ND9$5$O(B 30 $B%]!<%H$^$?$O%]!<%HHO0O$K@)8B$5$l$F$$$^$9$,!"(B
+$B%k!<%k$N(B
+.Cm options
+$B%;%/%7%g%s$G(B
+.Em $BO@M}OB%V%m%C%/(B
+$B$r;HMQ$9$k$H$h$j9-$$HO0O$r;XDj$9$k$3$H$,$G$-$^$9!#(B
 $B%P%C%/%9%i%C%7%e(B
 .Pq Ql \e
 $B$r;HMQ$9$k$3$H$K$h$j!"%5!<%S%9L>Cf$N(B
 .Pq Ql -
-$BJ8;z$r%(%9%1!<%W2DG=$G$9(B:
+$BJ8;z$r%(%9%1!<%W2DG=$G$9(B
+($B%7%'%k$+$iF~NO$9$k$H$-!"%P%C%/%9%i%C%7%e$O(B
+$B%7%'%k<+?H$K%(%9%1!<%WJ8;z$H$7$F;HMQ$5$l$k$3$H$rKI$0$?$a$K(B
+2 $B2s%?%$%W$7$J$1$l$P$J$j$^$;$s(B)$B!#(B
 .Pp
-.Dl ipfw add count tcp from any ftp\e\e-data-ftp to any
+.Dl "ipfw add count tcp from any ftp\e\e-data-ftp to any"
 .Pp
 $BCGJR2=$5$l$?%Q%1%C%H$G%*%U%;%C%H$,Hs(B 0 $B$N$b$N(B
 ($B$9$J$o$A!":G=i$NCGJR$G$O$J$$$b$N(B) $B$O!"(B
@@ -538,182 +850,54 @@
 $BCGJR2=$5$l$?%Q%1%C%H$X$N%^%C%A%s%0$K4X$9$k>\:Y$O(B
 .Cm frag
 $B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
-.It Ar interface-spec
-$B<!$N;XDj;R$NAH$_9g$o$;$r;HMQ2DG=$G$9(B:
-.Bl -tag -width "via ipno"
-.It Cm in
-$BF~NO%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
-.It Cm out
-$B=PNO%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
-.It Cm via Ar ifX
-$B%Q%1%C%H$O%$%s%?%U%'!<%9(B
-.Ar ifX
-$B$rDL2a$;$M$P$J$j$^$;$s!#(B
-.It Cm via Ar if Ns Cm *
-$B%Q%1%C%H$O%$%s%?%U%'!<%9(B
-.Ar ifX
-$B$rDL2a$;$M$P$J$j$^$;$s!#$3$N(B
-.Ar X
-$B$O$I$s$J%f%K%C%HHV9f$G$b$+$^$$$^$;$s!#(B
-.It Cm via any
-$B%Q%1%C%H$O(B
-.Em $B$$$:$l$+(B
-$B$N%$%s%?%U%'!<%9$rDL2a$;$M$P$J$j$^$;$s!#(B
-.It Cm via Ar ipno
-$B%Q%1%C%H$O!"(B
-IP $B%"%I%l%9(B
-.Ar ipno
-$B$r;}$D%$%s%?%U%'!<%9$rDL2a$;$M$P$J$j$^$;$s!#(B
 .El
+.Ss $B%k!<%k%*%W%7%g%s(B ($B%^%C%A%Q%?!<%s(B)
+$B%k!<%kFb$GDI2C$N%^%C%A%Q%?!<%s$r;HMQ$9$k$3$H$,$G$-$^$9!#(B
+$B$3$l$i$O%k!<%kFb$K(B 0 $B0J>eCV$1$k$N$G(B
+.Em $B%*%W%7%g%s(B
+$B$H8F$P$l$F$*$j!"%*%W%7%g%s$G(B
+.Cm not
+$B%*%Z%i%s%I$rA0CV$9$k$3$H$,$G$-!"(B
+.Em $BO@M}OB%V%m%C%/(B
+$B$X$H%0%k!<%W2=$9$k$3$H$,2DG=$G$9!#(B
 .Pp
-.Cm via
-$B$rMQ$$$k$H!">o;~;XDj$5$l$?%$%s%?%U%'!<%9$,%A%'%C%/$5$l$^$9!#(B
-.Cm recv
-$B$d(B
-.Cm xmit
-$B$r!"(B
-.Cm via
-$B$NBe$o$j$K;XDj$9$k$H!"(B
-$B<u?.!"$b$7$/$OAw?.%$%s%?%U%'!<%9$N$_$,(B ($B$*$N$*$N(B) $B%A%'%C%/$5$l$^$9!#(B
-$BN>J}$r;XDj$9$l$P!"(B
-$B<u?.%$%s%?%U%'!<%9$HAw?.%$%s%?%U%'!<%9$NN>J}$K4p$E$-%Q%1%C%H$r(B
-$B%^%C%A$5$;$k$3$H$,2DG=$K$J$j$^$9!#(B
-$BNc(B :
-.Pp
-.Dl "ipfw add 100 deny ip from any to any out recv ed0 xmit ed1"
-.Pp
-.Cm recv
-$B$G;XDj$7$?%$%s%?%U%'!<%9$G$O!"<u?.$HAw?.!"N>J}$N%Q%1%C%H$r%A%'%C%/$G$-$^$9!#(B
-$B$=$l$KBP$7!"(B
-.Cm xmit
-$B$G;XDj$7$?%$%s%?%U%'!<%9$G$O!"Aw?.%Q%1%C%H$N$_$H$J$j$^$9!#(B
-$B$=$l$f$($K!"(B
-.Cm xmit
-$B$r;XDj$9$k$H(B
-.Cm out
-$B$,!"I,?\$G$9(B (
-.Cm in
-$B$OIT2D(B)$B!#(B
-.Cm via
-$B$H6&$K(B
-.Cm xmit
-$B$b$7$/$O!"(B
-.Cm recv
-$B$r;XDj$9$k;v$O$G$-$^$;$s!#(B
-.Pp
-$B%Q%1%C%H$O!"<u?.MQ$J$$$7Aw?.MQ%$%s%?%U%'!<%9$r;}$?$J$$>l9g$,$"$j$^$9!#(B
-$B%m!<%+%k%[%9%H$GH/@8$7$?%Q%1%C%H$K$O<u?.MQ$N%$%s%?%U%'!<%9$O$"$j$^$;$s$7!"(B
-$B%m!<%+%k%[%9%HFb08$N%Q%1%C%H$K$OAw?.MQ%$%s%?%U%'!<%9$O$"$j$^$;$s!#(B
-.It Ar options :
+$B0J2<$N%^%C%A%Q%?!<%s$,;HMQ$G$-$^$9(B ($B%"%k%U%!%Y%C%H=g$KJB$Y$F$$$^$9(B):
 .Bl -tag -width indent
-.It Cm keep-state Op Ar method
-$B%^%C%A$N:]$K!"%U%!%$%"%&%)!<%k$,F0E*%k!<%k$r@8@.$7$^$9!#$3$N%k!<%k$N(B
-$B%G%U%)%k%H$NF0:n$O!"F10l%W%m%H%3%k$rMQ$$$kH/?.85$H08@h$N(B IP/port
-$B4V$GAPJ}8~$KDL2a$9$k%Q%1%C%H$X$N%^%C%A$G$9!#(B
-$B$3$N%k!<%k$N@8B84|4V$OM-8B$G$9(B (
-.Xr sysctl 8
-$BJQ?t$N=89g$K$h$j@)8f$5$l$^$9(B)$B!#$3$N@8B84|4V$O!"%Q%1%C%H$N%^%C%A$,(B
-$B@8$8$k$?$S$K99?7$5$l$^$9!#(B
-.It Cm limit Bro Cm src-addr | src-port | dst-addr | dst-port Brc Ar N
-$B%U%!%$%"%&%)!<%k$O!"(B
-$B%k!<%k$G;XDj$5$l$k%Q%i%a!<%?$K$*$$$F$O!"(B
-.Ar N
-$B8D$N@\B3$@$1$r5v2D$7$^$9!#(B
-$B;OE@$*$h$S=*E@$N%"%I%l%9$d%]!<%H$O!"(B1 $B8D0J>e;XDj2DG=$G$9!#(B
 .It Cm bridged
 $B%V%j%C%8$5$l$k%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
-$B$3$l$O%^%k%A%-%c%9%H$d%V%m!<%I%-%c%9%H$N%Q%1%C%H$r07$&:]$KM-MQ$G$9!#(B
-$B$3$l0J30$NJ}K!$G$O!"%Q%1%C%H$O!"%V%j%C%8$N:]$K0lEY!"(B
-$B%m!<%+%k%9%?%C%/$KEO$5$l$k:]$K$b$&0lEY$H!"(B
-$B%U%!%$%"%&%)!<%k$r(B 2 $BEYDL2a$7$F$7$^$$$^$9!#(B
-.Pp
-$B%Q%U%)!<%^%s%9>e$N$o$:$+$JB;<:$O$H$b$+$/!"(B
-.Em pipe
-$B$rMQ$$$k:]$K$bLdBj$K$J$j$^$9!#$3$l$O!"%P%s%II}!"%-%e!<@jM-EY$J$I$N(B
-$B%+%&%s%?$K4X$7$F!"F1$8%Q%1%C%H$,(B 2 $BEY%+%&%s%H$5$l$F$7$^$&$?$a$G$9!#(B
-.It Cm frag
-$B%Q%1%C%H$,CGJR(B ($B%U%i%0%a%s%H(B) $B2=$5$l$?%G!<%?%0%i%`$N0lIt$G!"(B
-$B$+$D%G!<%?%0%i%`$N@hF,$NCGJR$G$J$$>l9g$K%^%C%A$7$^$9!#(B
-.Cm frag
-$B$r!"(B
-.Cm tcpflags
-$B$d(B TCP/UDP $B%]!<%H;XDj$H6&$K;HMQ$9$k$3$H$O$G$-$^$;$s!#(B
-.It Cm ipoptions Ar spec
-IP $B%X%C%@$,!"(B
-.Ar spec
-$B$K;XDj$5$l$?%3%s%^$G6h@Z$i$l$?%*%W%7%g%s$N%j%9%H$r4^$`>l9g$K$N$_%^%C%A$7$^$9!#(B
-$B%5%]!<%H$5$l$F$$$k(B IP $B%*%W%7%g%s$O(B
-.Pp
-.Cm ssrr
-(strict source route),
-.Cm lsrr
-(loose source route),
-.Cm rr
-(record packet route),
-.Cm ts
-(timestamp) $B$G$9!#(B
-.Ql \&!
-$B$K$h$C$F!"FCDj$N%*%W%7%g%s$r4^$^$J$$;XDj$,5-=R$G$-$^$9!#(B
-.It Cm tcpoptions Ar spec
-TCP $B%X%C%@$,!"(B
-.Ar spec
-$B$K;XDj$5$l$?%3%s%^$G6h@Z$i$l$?%*%W%7%g%s$N%j%9%H$r4^$`>l9g$K$N$_%^%C%A$7$^$9!#(B
-$B%5%]!<%H$5$l$F$$$k(B TCP $B%*%W%7%g%s$O(B
-.Pp
-.Cm mss
-(maximum segment size),
-.Cm window
-(tcp window advertisement),
-.Cm sack
-(selective ack),
-.Cm ts
-(rfc1323 timestamp),
-.Cm cc
-(rfc1644 t/tcp connection count) $B$G$9!#(B
-.Ql \&!
-$B$K$h$C$F!"FCDj$N%*%W%7%g%s$r4^$^$J$$;XDj$,5-=R$G$-$^$9!#(B
+.It Cm dst-ip Ar ip address
+$B08@h(B IP $B%"%I%l%9$,0z?t$G;XDj$7$?%"%I%l%9$N(B 1 $B$D$G$"$k(B
+IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm dst-port Ar source ports
+$B08@h%]!<%H$,0z?t$G;XDj$7$?%]!<%H$N(B 1 $B$D$G$"$k(B
+IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
 .It Cm established
-TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
-RST $B$^$?$O(B ACK $B%S%C%H$,%;%C%H$5$l$F$$$k%Q%1%C%H$N$_%^%C%A$7$^$9!#(B
-.It Cm setup
-TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
-SYN $B%S%C%H$,%;%C%H$5$l(B ACK $B$,%;%C%H$5$l$F$$$J$$%Q%1%C%H$N$_%^%C%A$7$^$9!#(B
-.It Cm tcpflags Ar spec
-TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
-TCP $B%X%C%@$,(B
-.Ar spec
-$B$K;XDj$5$l$?%3%s%^$G6h@Z$i$l$?%U%i%0$N%j%9%H$r4^$`>l9g$K$N$_%^%C%A$7$^$9!#(B
-$B%5%]!<%H$5$l$F$$$k%U%i%0$O!"(B
-.Pp
-.Cm fin ,
-.Cm syn ,
-.Cm rst ,
-.Cm psh ,
-.Cm ack ,
-.Cm urg
-$B$G$9!#(B
-.Ql \&!
-$B$K$h$C$F!"FCDj$N%U%i%0$r4^$^$J$$;XDj$r5-=R$G$-$^$9!#(B
-.Cm tcpflags
-$B;XDj$r4^$`%k!<%k$O!"Hs(B 0 $B$N%*%U%;%C%H$r;}$DCGJR2=$5$l$?%Q%1%C%H$K(B
-$B%^%C%A$9$k$3$H$O$"$j$^$;$s!#(B
-$BCGJR2=$5$l$?%Q%1%C%H$K4X$9$k%^%C%A$K$D$$$F$N>\:Y$O(B
-.Cm frag
-$B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
+RST $B$+(B ACK $B%S%C%H$,%;%C%H$5$l$F$$$k(B TCP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm frag
+IP $B%G!<%?%0%i%`$N%U%i%0%a%s%H$G$"$j!"$+$D!":G=i$N%U%i%0%a%s%H$G$J$$(B
+$B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+$B$3$l$i$N%Q%1%C%H$O<!$N%W%m%H%3%k%X%C%@(B ($BNc$($P(B TCP, UDP) $B$r;}$?$J$$$N$G!"(B
+$B$3$l$i$N%X%C%@$rD4$Y$k%*%W%7%g%s$O%^%C%A$9$k$3$H$,$G$-$J$$$3$H$K(B
+$BCm0U$7$F2<$5$$!#(B
+.It Cm gid Ar group
+.Ar group
+$B$K$h$C$FAw?.$5$l$?!"$^$?$O$=$l$KBP$7$F<u?.$5$l$?(B
+$BA4$F$N(B TCP $B$b$7$/$O(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.Ar group
+$B$OL>A0$+?tCM$G;XDj$9$k$3$H$,$G$-$^$9!#(B
 .It Cm icmptypes Ar types
-ICMP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
 ICMP $B%?%$%W$,(B
 .Ar types
-$B$G;XDj$5$l$?%j%9%HCf$KB8:_$9$k>l9g$K$N$_%^%C%A$7$^$9!#(B
+$B$G;XDj$5$l$?%j%9%HCf$KB8:_$9$k(B ICMP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
 $B%j%9%H$OHO0O;XDj$G$b!"%?%$%W$*$N$*$N$r%3%s%^$G6h@Z$C$?$b$N$G$b(B
 $B$I$A$i$NAH$_9g$o$;$G$b$+$^$$$^$;$s!#(B
 $B%5%]!<%H$5$l$F$$$k(B ICMP $B%?%$%W$O<!$NDL$j$G$9(B:
 .Pp
-$B%(%3!<JVEz(B
+$B%(%3!<1~Ez(B
 .Pq Cm 0 ,
-$B=*E@ITE~C#(B
+$B08@hE~C#IT2D(B
 .Pq Cm 3 ,
-$BH/?.M^@)(B
+$BH/?.85M^@)(B
 .Pq Cm 4 ,
 $B%j%@%$%l%/%H(B
 .Pq Cm 5 ,
@@ -731,31 +915,394 @@
 .Pq Cm 13 ,
 $B%?%$%`%9%?%s%W1~Ez(B
 .Pq Cm 14 ,
-$B>pJsMW5a(B
+$B%$%s%U%)%a!<%7%g%sMW5a(B
 .Pq Cm 15 ,
-$B>pJsJVEz(B
+$B%$%s%U%)%a!<%7%g%sJVEz(B
 .Pq Cm 16 ,
 $B%"%I%l%9%^%9%/MW5a(B
 .Pq Cm 17 ,
 $B%"%I%l%9%^%9%/1~Ez(B
 .Pq Cm 18
+.It Cm in | out
+$B$=$l$>$lE~Ce$^$?$OAw=P%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.Cm in
+$B$H(B
+.Cm out
+$B$O8_$$$KGSB>E*$G$9(B
+($B<B:]!"(B
+.Cm out
+$B$O(B
+.Cm not in Ns
+$B$H$7$F<BAu$5$l$F$$$^$9(B)$B!#(B
+.It Cm ipid Ar id
+.Cm ip_id
+$B%U%#!<%k%I$,CM(B
+.Ar id
+$B$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm iplen Ar len
+$B%X%C%@$H%G!<%?$r4^$s$@A4BN$ND9$5$,(B
+.Ar len
+$B%P%$%H$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm ipoptions Ar spec
+IP $B%X%C%@$,(B
+.Ar spec
+$B$G;XDj$5$l$?%+%s%^6h@Z$j$N%*%W%7%g%s%j%9%H$r4^$`(B
+$B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+IP $B%*%W%7%g%s$O<!$N$b$N$,%5%]!<%H$5$l$F$$$^$9(B:
+.Pp
+.Cm ssrr
+($B%9%H%j%/%H%=!<%9%k!<%F%#%s%0(B),
+.Cm lsrr
+($B%k!<%:%=!<%9%k!<%F%#%s%0(B),
+.Cm rr
+($B%l%3!<%I%k!<%H(B),
+.Cm ts
+($B%?%$%`%9%?%s%W(B)$B!#(B
+.Ql \&!
+$B$rCV$/$3$H$GFCDj$N%*%W%7%g%s$,B8:_$7$J$$$H$$$&5-=R$,$G$-$^$9!#(B
+.It Cm ipprecedence Ar precedence
+$B@h9T%U%#!<%k%I$,(B
+.Ar precedence
+$B$KEy$7$$(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm iptos Ar spec
+.Cm tos
+$B%U%#!<%k%I$,(B
+.Ar spec
+$B$G;XDj$5$l$?%+%s%^6h@Z$j$N%5!<%S%9%?%$%W$N%j%9%H$r4^$`(B
+IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+$B%5%]!<%H$5$l$F$$$k%5!<%S%9$N(B IP $B%?%$%W$O<!$NDL$j$G$9(B:
+.Pp
+.Cm lowdelay
+.Pq Dv IPTOS_LOWDELAY ,
+.Cm throughput
+.Pq Dv IPTOS_THROUGHPUT ,
+.Cm reliability
+.Pq Dv IPTOS_RELIABILITY ,
+.Cm mincost
+.Pq Dv IPTOS_MINCOST ,
+.Cm congestion
+.Pq Dv IPTOS_CE
+$B!#(B
+.Ql \&!
+$B$rCV$/$3$H$GFCDj$N%*%W%7%g%s$,B8:_$7$J$$$H$$$&5-=R$,$G$-$^$9!#(B
+.It Cm ipttl Ar ttl
+$B@8B8;~4V$,(B
+.Ar ttl
+$B$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm ipversion Ar ver
+IP $B%P!<%8%g%s%U%#!<%k%I$,(B
+.Ar ver
+$B$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm keep-state
+$B%^%C%A$9$k:]$K!"%U%!%$%"%&%)!<%k$OF0E*%k!<%k$r:n@.$7$^$9!#(B
+$B:n@.$5$l$k%k!<%k$O!"%G%U%)%k%H$G$O!"F1$8%W%m%H%3%k$r;HMQ$7$F$$$k(B
+$BH/?.85$H08@h(B IP/$B%]!<%H4V$G$NAPJ}8~$N%H%i%U%#%C%/$K%^%C%A$9$k$h$&$J(B
+$BF0:n$H$J$j$^$9!#(B
+$B$3$N%k!<%k$K$O@)8B$5$l$?@8B8;~4V(B (
+.Xr sysctl 8
+$BJQ?t$N%;%C%H$G@)8f$5$l$^$9(B)
+$B$,$"$j!"(B
+$B@8B8;~4V$O%^%C%A$9$k%Q%1%C%H$,8+$D$+$k$?$S$K%j%U%l%C%7%e$5$l$^$9!#(B
+.It Cm layer2
+$B%l%$%d(B 2 $B$N%Q%1%C%H$N$_$K%^%C%A$7$^$9!#(B
+$B$D$^$j!"(B
+ether_demux() $B$H(B ether_output_frame() $B$+$i(B
+.Nm
+$B$XEO$5$l$k%Q%1%C%H$G$9!#(B
+.It Cm limit Bro Cm src-addr | src-port | dst-addr | dst-port Brc Ar N
+$B%U%!%$%"%&%)!<%k$O!"(B
+$B%k!<%k$G;XDj$7$?F10l$N%Q%i%a!<%?$N%;%C%H$KBP$7$F(B
+.Ar N
+$B8D$N@\B3$N$_$r5v2D$7$^$9!#(B
+1 $B$D0J>e$NH/?.85$H08@h%"%I%l%9$*$h$S%]!<%H$,;XDj$G$-$^$9!#(B
+.It Cm { MAC | mac } Ar dst-mac src-mac
+$BM?$($i$l$?(B
+.Ar dst-mac
+$B%"%I%l%9$H(B
+.Ar src-mac
+$B%"%I%l%9$r;}$D%Q%1%C%H$K%^%C%A$7$^$9!#(B
+$B%"%I%l%9$K$O(B
+.Cm any
+$B%-!<%o!<%I(B ($BG$0U$N(B MAC $B%"%I%l%9$K%^%C%A$7$^$9(B) $B$^$?$O(B
+$B%3%m%s$G6h@Z$C$?(B 16 $B?J?t(B 6 $B8D$NAH$_!"(B
+$B<!$K<($9$h$&$J%*%W%7%g%s$G$=$N8e$K0UL#$N$"$k%S%C%H?t$r;XDj$9$k%^%9%/(B
+$B$r;XDj$7$^$9!#(B
+.Pp
+.Dl "MAC 10:20:30:40:50:60/33 any"
+.Pp
+MAC $B%"%I%l%9$N=g=x(B ($B08@h$,:G=i$G(B 2 $BHVL\$KH/?.85(B) $B$O(B
+$BJ*M}E*$J@~>e$N$b$N$HF1$8$G$9$,!"(B
+IP $B%"%I%l%9$G;HMQ$5$l$k$b$N$H$OH?BP$G$"$k$3$H$KCm0U$7$F2<$5$$!#(B
+.It Cm mac-type Ar mac-type
+$B%$!<%5%M%C%H$N%?%$%W%U%#!<%k%I$,(B
+$B0z?t$G;XDj$7$?$b$N$N0l$D$H0lCW$9$k(B
+$B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.Ar mac-type
+$B$O(B
+.Cm port numbers
+$B$HF1$8J}K!$G;XDj$7$^$9(B
+($B$D$^$j!"(B1 $B$D0J>e$N%+%s%^6h@Z$j$NC10l$NCM$^$?$OHO0O$G$9(B)$B!#(B
+.Em vlan , ipv4 , ipv6
+$B$N$h$&$J4{CN$NCM$KBP$9$k%7%s%\%j%C%/$JL>>N$r;HMQ$9$k$3$H$,$G$-$^$9!#(B
+$BCM$O(B 10 $B?J?t$+(B 16 $B?J?t(B (0x $B$,F,$K$D$/>l9g(B) $B$GF~NO$9$k$3$H$,$G$-!"(B
+$B>o$K(B 16 $B?J?t$G=PNO$5$l$^$9(B (
+.Cm -N
+$B%*%W%7%g%s$,;HMQ$5$l$F$$$J$$>l9g$G$9!#(B
+$B$=$N$H$-$O%7%s%\%j%C%/$JL>A02r7h$,;n$_$i$l$^$9(B)$B!#(B
+.It Cm proto Ar protocol
+IPv4 $B%W%m%H%3%k$K0lCW$9$k%Q%1%C%H$,%^%C%A$7$^$9!#(B
+.It Cm recv | xmit | via Brq Ar ifX | Ar if Ns Cm * | Ar ipno | Ar any
+$B<u?.$7$?%Q%1%C%H!"Aw?.$9$k%Q%1%C%H!"DL2a$9$k%Q%1%C%H$,(B
+$B$=$l$>$l%^%C%A$7$^$9!#(B
+$B%$%s%?!<%U%'!<%9$O@53N$JL>A0(B
+.Ns No ( Ar ifX Ns No ) $B!"(B
+$B%G%P%$%9L>(B
+.Ns No ( Ar if Ns Ar * Ns No ) $B!"(B
+IP $B%"%I%l%9$G;XDj$9$k$+!"(B
+$B$b$7$/$O2?$i$+$N%$%s%?!<%U%'!<%9$rDL2a$9$k$3$H$r;XDj$7$^$9!#(B
+.Pp
+.Cm via
+$B%-!<%o!<%I$O%$%s%?!<%U%'!<%9$,>o$K%A%'%C%/$5$l$k$3$H$K$J$j$^$9!#(B
+.Cm recv
+$B$d(B
+.Cm xmit
+$B$,(B
+.Cm via
+$B$NBe$o$j$K;HMQ$5$l$?>l9g!"(B
+$B<u?.$7$?%$%s%?!<%U%'!<%9!"$^$?$OAw?.$9$k%$%s%?!<%U%'!<%9(B
+($B$=$l$>$l$KBP1~$7$^$9(B) 
+$B$N$_$,%A%'%C%/$5$l$^$9!#(B
+$BN>J}$H$b;XDj$7$?>l9g!"(B
+$BAw?.%$%s%?!<%U%'!<%9$H<u?.%$%s%?!<%U%'!<%9$NN>J}$K4p$E$/(B
+$B%Q%1%C%H$N%^%C%A$,2DG=$K$J$j$^$9!#(B
+$BNc$($P<!$N$h$&$K$J$j$^$9(B:
+.Pp
+.Dl "ipfw add deny ip from any to any out recv ed0 xmit ed1"
+.Pp
+.Cm recv
+$B%$%s%?!<%U%'!<%9$OE~Ce$^$?$OAw=P%Q%1%C%H$N$I$A$i$+$K$D$$$F(B
+$B8!::$9$k$3$H$,$G$-$^$9$,!"(B
+.Cm xmit
+$B%$%s%?!<%U%'!<%9$OAw=P%Q%1%C%H$N$_$K$D$$$F8!::$9$k$3$H$,$G$-$^$9!#(B
+$B$7$?$,$C$F(B
+.Cm xmit
+$B$r;HMQ$9$k>l9g$K$O(B
+.Cm out
+$B$OI,?\$G$9(B ($B$=$7$F(B
+.Cm in
+$B$OL58z$H$J$j$^$9(B)$B!#(B
+.Pp
+$B%Q%1%C%H$,<u?.%$%s%?!<%U%'!<%9$dAw?.%$%s%?!<%U%'!<%9$r;}$?$J$$$3$H$,$"$j$^$9(B:
+$B%m!<%+%k%[%9%H$+$iH/@8$7$?%Q%1%C%H$O<u?.%$%s%?!<%U%'!<%9$r;}$A$^$;$s$7!"(B
+$B%m!<%+%k%[%9%H$KE~Ce$9$kM=Dj$N%Q%1%C%H$OAw?.%$%s%?!<%U%'!<%9$r;}$A$^$;$s!#(B
+.It Cm setup
+SYN $B%S%C%H$,%;%C%H$5$l$F$$$k$,(B ACK $B%S%C%H$r;}$?$J$$(B
+TCP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+$B$3$l$O(B
+.Dq Li tcpflags\ syn,!ack
+$B$NC;=L7A$G$9!#(B
+.It Cm src-ip Ar ip-address
+$BH/?.85(B IP $B$,0z?t$G;XDj$5$l$?%"%I%l%9$N0l$D$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm src-port Ar ports
+$BH/?.85%]!<%H$,0z?t$G;XDj$5$l$?%]!<%H$N0l$D$G$"$k(B IP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.It Cm tcpack Ar ack
+TCP $B%Q%1%C%H$N$_$G$9!#(B
+TCP $B%X%C%@$N3NG'1~EzHV9f%U%#!<%k%I$,(B
+.Ar ack
+$B$K@_Dj$5$l$F$$$l$P%^%C%A$7$^$9!#(B
+.It Cm tcpflags Ar spec
+TCP $B%Q%1%C%H$N$_$G$9!#(B
+TCP $B%X%C%@$,(B
+.AR spec
+$B$G;XDj$7$?%+%s%^6h@Z$j$N%U%i%0$N%j%9%H$r4^$s$G$$$l$P%^%C%A$7$^$9!#(B
+$B%5%]!<%H$5$l$F$$$k(B TCP $B%U%i%0$O<!$NDL$j$G$9(B:
+.Pp
+.Cm fin ,
+.Cm syn ,
+.Cm rst ,
+.Cm psh ,
+.Cm ack ,
+.Cm urg
+$B!#(B
+.Ql \&!
+$B$rCV$/$3$H$GFCDj$N%U%i%0$,B8:_$7$J$$$H$$$&5-=R$,$G$-$^$9!#(B
+.Cm tcpflags
+$B$N;XDj$r4^$`%k!<%k$O(B 0 $B$G$J$$%*%U%;%C%H$r;}$D%U%i%0%a%s%H%Q%1%C%H$K$O(B
+$B7h$7$F%^%C%A$9$k$3$H$O$G$-$^$;$s!#(B
+$B%U%i%0%a%s%H%Q%1%C%H$N%^%C%A$K$D$$$F$N>\:Y$O(B
+.Cm frag
+$B%*%W%7%g%s$r;2>H$7$F2<$5$$!#(B
+.It Cm tcpseq Ar seq
+TCP $B%Q%1%C%H$N$_$G$9!#(B
+TCP $B%X%C%@$N%7!<%1%s%9HV9f%U%#!<%k%I$,(B
+.Ar seq
+$B$K@_Dj$5$l$F$$$l$P%^%C%A$7$^$9!#(B
+.It Cm tcpwin Ar win
+TCP $B%Q%1%C%H$N$_$G$9!#(B
+TCP $B%X%C%@$N%&%#%s%I%&%U%#!<%k%I$,(B
+.Ar win
+$B$K@_Dj$5$l$F$$$l$P%^%C%A$7$^$9!#(B
+.It Cm tcpoptions Ar spec
+TCP $B%Q%1%C%H$N$_$G$9!#(B
+.Ar spec
+$B$G;XDj$7$?%+%s%^6h@Z$j$N%*%W%7%g%s$N%j%9%H$,(B
+TCP $B%X%C%@$K4^$^$l$F$$$l$P%^%C%A$7$^$9!#(B
+$B%5%]!<%H$5$l$F$$$k(B TCP $B%*%W%7%g%s$O<!$NDL$j$G$9(B:
+.Pp
+.Cm mss
+($B:GBg%;%0%a%s%H%5%$%:(B),
+.Cm window
+(TCP $B%&%#%s%I%&9-9p(B),
+.Cm sack
+($BA*BrE*(B ACK),
+.Cm ts
+(RFC1323 $B%?%$%`%9%?%s%W(B),
+.Cm cc
+(RFC1644 T/TCP $B%3%M%/%7%g%s%+%&%s%H(B)
+.Ql \&!
+$B$rCV$/$3$H$GFCDj$N%*%W%7%g%s$,B8:_$7$J$$$H$$$&5-=R$,$G$-$^$9!#(B
 .It Cm uid Ar user
 .Ar user
 $B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
 $B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
 .Ar user
 $B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
-.It Cm gid Ar group
-.Ar group
-$B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
-$B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
-.Ar group
-$B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
 .El
+.Sh $B%k!<%k$N%;%C%H(B
+$B3F%k!<%k$O(B 0 $B$+$i(B 31 $B$^$GHV9f$r$D$1$i$l$?(B 32 $B$N0[$J$k(B
+.Em $B%;%C%H(B
+$B$N$$$:$l$+$KB0$7$F$$$^$9!#(B
+$B%;%C%H(B 31 $B$O%G%U%)%k%H%k!<%k$N$?$a$KM=Ls$5$l$F$$$^$9!#(B
+.Pp
+$B%G%U%)%k%H$G$O!"(B
+$B?75,$N%k!<%k$rF~NO$9$k:]$K(B
+.Cm set N
+$B%"%H%j%S%e!<%H$r;HMQ$7$J$1$l$P!"(B
+$B%k!<%k$O%;%C%H(B 0 $B$KCV$+$l$^$9!#(B
+$B%;%C%H$O8DJL$K!"$+$D!"%"%H%_%C%/$KM-8z2=$7$?$jL58z2=$7$?$j$G$-$k$N$G!"(B
+$B$3$N5!9=$K$h$C$F!"%U%!%$%"%&%)!<%k$K4X$9$kJ#?t$N@_Dj$r3JG<$7!"(B
+$B$=$l$i$N@_Dj$rAGAa$/(B ($B$+$D%"%H%_%C%/$K(B) $B@Z$jBX$($k$?$a$NJ}K!$,(B
+$B4JC1$K$J$j$^$9!#(B
+$B%;%C%H$rM-8z2=(B/$BL58z2=$9$k%3%^%s%I$O<!$NDL$j!#(B
+.Pp
+.Nm
+.Cm set disable Ar number ... Op Cm enable Ar number ...
+.Pp
+$B$3$3$G$OJ#?t$N(B
+.Cm enable
+$B$^$?$O(B
+.Cm disable
+$B%;%/%7%g%s$,;XDj2DG=$G$9!#(B
+$B%3%^%s%I$G;XDj$7$?A4$F$N%;%C%H$K$D$$$F!"(B
+$B%3%^%s%I$O%"%H%_%C%/$K<B9T$5$l$^$9!#(B
+$B%G%U%)%k%H$G$OA4$F$N%;%C%H$OM-8z2=$5$l$?>uBV$G$9!#(B
+.Pp
+$B%;%C%H$rL58z2=$9$k:]!"%U%!%$%"%&%)!<%k$N@_Dj$NCf$K$=$N%k!<%k$,(B
+$BB8:_$7$J$$$+$N$h$&$K?6$kIq$$$^$9!#(B
+$B$?$@$7Nc30$,0l$D$@$1$"$j$^$9(B:
+.Bl -bullet
+.It
+$BL58z2=$5$l$k0JA0$K%k!<%k$+$i@8@.$5$l$?F0E*%k!<%k$O(B
+$B4|8B@Z$l$H$J$k$^$G$O$^$@3hF02DG=$J>uBV$G$9!#(B
+$BF0E*%k!<%k$r:o=|$9$k$?$a$K$O!"(B
+$B$=$N%k!<%k$r@8@.$7$??F%k!<%k$rL@<(E*$K:o=|$7$J$1$l$P$J$j$^$;$s!#(B
 .El
+$B%k!<%k$N%;%C%HHV9f$O<!$N%3%^%s%I$GJQ99$G$-$^$9!#(B
+.Pp
+.Nm
+.Cm set move
+.Brq Cm rule Ar rule-number | old-set
+.Cm to Ar new-set
+.Pp
+$B$^$?!"<!$N%3%^%s%I$r;HMQ$7$F(B 2 $B$D$N%k!<%k%;%C%H$r(B
+$B%"%H%_%C%/$KF~$l49$($k$3$H$,$G$-$^$9!#(B
+.Pp
+.Nm
+.Cm set swap Ar first-set second-set
+.Pp
+$B%k!<%k$N%;%C%H$G;HMQ$G$-$k9`L\$O(B
+.Sx $B;HMQNc(B
+$B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
+.Sh $B%9%F!<%H%U%k%U%!%$%"%&%)!<%k(B
+$B%9%F!<%H%U%k%*%Z%l!<%7%g%s$O!"(B
+$BM?$($i$l$?%Q%?!<%s$K%^%C%A$9$k%Q%1%C%H$,8!=P$5$l$?$H$-$K!"(B
+$BFCDj$N%U%m!<$K$D$$$F$N%k!<%k$rF0E*$K%U%!%$%"%&%)!<%k$K(B
+$B:n@.$9$k$?$a$NJ}K!$G$9!#(B
+$B%9%F!<%H%U%k%*%Z%l!<%7%g%s$KBP$9$k%5%]!<%H$O(B
+.Nm $B%k!<%k(B
+$B$N(B
+.Cm check-state , keep-state
+$B$*$h$S(B
+.Cm limit
+$B%*%W%7%g%s$rDL$8$FDs6!$5$l$^$9!#(B
+.Pp
+.Em src-ip/src-port dst-ip/dst-port
+$B$N%"%I%l%9$N%Z%"$N4V$KM?$($i$l$?(B
+.Em protocol
+$B$r;HMQ$7$FA4$F$^$?$O$=$l$N$_$N%Q%1%C%H$K%^%C%A$9$k(B
+.Em $BF0E*(B
+$B%k!<%k$,@8@.$5$l$k>l9g!"(B
+$BF0E*%k!<%k$O%Q%1%C%H$,(B
+.Cm keep-state
+$B$d(B
+.Cm limit
+$B%k!<%k$K%^%C%A$7$?$H$-$K@8@.$5$l$^$9(B (
+.Em src
+$B$H(B
+.Em dst
+$B$O$3$3$G$O=i4|>uBV$G%^%C%A$9$k%"%I%l%9$r<($9$?$a$K$N$_(B
+$B;HMQ$5$l$F$$$^$9$,!"$=$l$i$O8e$G<($9$b$N$H40A4$KEy2A$G$9(B)$B!#(B
+$BF0E*%k!<%k$O:G=i$K(B
+.Cm check-state, keep-state
+$B$^$?$O(B
+.Cm limit
+$B$NH/@8$r%A%'%C%/$5$l!"(B
+$B%^%C%A$7$?:]$K<B9T$5$l$k%"%/%7%g%s$O?F%k!<%k$HF1$8$b$N$K$J$j$^$9!#(B
+.Pp
+$B%W%m%H%3%k$H(B IP $B%"%I%l%90J30$KDI2C$5$l$kB0@-$O$J$/!"(B
+$B%]!<%H$OF0E*%k!<%k$G%A%'%C%/$5$l$k$3$H$KCm0U$7$F2<$5$$!#(B
+.Pp
+$BF0E*%k!<%k$NE57?E*$J;H$$J}$O!"(B
+$B%U%!%$%"%&%)!<%k$N@_Dj$rJD$8$?$^$^$K$7$F$*$/$3$H$G$9!#(B
+$B$7$+$7!"(B
+$BFbIt%M%C%H%o!<%/$+$i$N:G=i$N(B TCP SYN $B%Q%1%C%H$K$h$C$F!"(B
+$B%U%m!<$KBP$9$kF0E*%k!<%k$,%$%s%9%H!<%k$5$l$k$N$G!"(B
+$B$=$N%;%C%7%g%s$K=jB0$9$k%Q%1%C%H$O%U%!%$%"%&%)!<%k$NDL2a$r(B
+$B5v2D$5$l$k$3$H$K$J$j$^$9!#(B
+.Pp
+.Dl "ipfw add check-state"
+.Dl "ipfw add allow tcp from my-subnet to any setup"
+.Dl "ipfw add deny tcp from any to any"
+.Pp
+$BF1MM$J%"%W%m!<%A$,(B UDP $B$KBP$7$F$b;H$(!"(B
+$BFbIt$+$i$d$C$FMh$k(B UDP $B%Q%1%C%H$K$h$C$F!"(B
+$B$=$N1~Ez$O%U%!%$%"%&%)!<%k$rDL2a$9$k$h$&$K(B
+$BF0E*%k!<%k$,%$%s%9%H!<%k$5$l$k$3$H$K$J$j$^$9(B:
+.Pp
+.Dl "ipfw add check-state"
+.Dl "ipfw add allow udp from my-subnet to any"
+.Dl "ipfw add deny udp from any to any"
+.Pp
+$BF0E*%k!<%k$O$7$P$i$/$?$C$?8e4|8B@Z$l$H$J$j$^$9!#(B
+$B$=$N;~4V$O!"(B
+$B%U%m!<$N>uBV$H$$$/$D$+$N(B
+.Cm sysctl
+$BJQ?t$N@_Dj$K0MB8$7$^$9!#(B
+$B>\:Y$O%;%/%7%g%s(B
+.Sx sysctl $BJQ?t(B
+$B$r;2>H$7$F2<$5$$!#(B
+TCP $B%;%C%7%g%s$G$O!"(B
+$B4|8B@Z$l$K$J$k$3$m$K%k!<%k$N>uBV$r%j%U%l%C%7%e$5$;$k$?$a!"(B
+$BDj4|E*$K%-!<%W%"%i%$%V%Q%1%C%H$rAw=P$9$k$h$&(B
+$BF0E*%k!<%k$KDLCN$9$k$3$H$,$G$-$^$9!#(B
+.Pp
+$BF0E*%k!<%k$N;HMQJ}K!$K4X$9$kB>$NNc$O(B
+$B%;%/%7%g%s(B
+.Sx $B;HMQNc(B
+$B$r;2>H$7$F2<$5$$!#(B
 .Sh $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
 .Nm
-$B%f!<%F%#%j%F%#$O!"(B
+$B$O!"(B
 .Xr dummynet 4
 $B%H%i%U%#%C%/%7%'%$%Q$X$N%f!<%6%$%s%?%U%'!<%9$bDs6!$7$^$9!#(B
 $B%7%'%$%Q$O!"%f!<%6$,;XDj$7$?%^%9%/$r(B IP $B%X%C%@$N0[$J$C$?%U%#!<%k%I$K(B
@@ -769,72 +1316,45 @@
 .Em $B%-%e!<(B
 (queue) $B$H8F$P$l$k$b$N$G$9!#(B
 .Em $B%Q%$%W(B
-$B$O!"M?$($i$l$?%P%s%II}!"CY1d;~4V!"%-%e!<$ND9$5!"%Q%1%C%HAS<:N($r(B
+$B$O!"M?$($i$l$?%P%s%II}!"CY1d;~4V!"%-%e!<$ND9$5!"%Q%1%C%HB;<:N($r(B
 $B$b$D%j%s%/$r%(%_%e%l!<%H$7$^$9!#(B
 $B$3$N%Q%i%a!<%?$K=>$$!"%Q%1%C%H$O%Q%$%WCf$rA+0\$7$^$9!#(B
 .Pp
 .Em $B%-%e!<(B
-$B$O!"(BWF2Q+ $B%]%j%7$r<BAu$9$k$?$a$K;HMQ$9$kCj>]2=$G$9!#(B
+$B$O!"(BWF2Q+ (Worst-case Fair Weighted Fair Queueing) $B%]%j%7$r(B
+$B<BAu$9$k$?$a$K;HMQ$9$kCj>]2=$G$9!#(B
 $B%-%e!<$O!"3F%U%m!<$KBP$7!"=E$_$H;2>H%Q%$%W$r4XO"IU$1$^$9!#(B
 $B$=$l$+$i!"F1$8%Q%$%W$K7k$SIU$1$i$l$?$9$Y$F$N%U%m!<$O!"(B
 WF2Q+ $B%]%j%7$K=>$$!"(B
 $B%Q%$%W$K$h$C$F8GDj$5$l$?%l!<%H$G%9%1%8%e!<%k$5$l$^$9!#(B
 .Pp
 .Nm
-$B%Q%$%W@_Dj=q<0$O<!$NDL$j$G$9!#(B
-.Bd -ragged
-.Cm pipe Ar number Cm config
-.Op Cm bw Ar bandwidth | device
-.Op Cm delay Ar ms-delay
-.Oo
-.Cm queue
-.Brq Ar slots | size
-.Oc
-.Op Cm plr Ar loss-probability
-.Op Cm mask Ar mask-specifier
-.Op Cm buckets Ar hash-table-size
-.Oo
-.Cm red | gred
-.Sm off
-.Ar w_q No / Ar min_th No / Ar max_th No / Ar max_p
-.Sm on
-.Oc
+$B%Q%$%W@_Dj$N=q<0$O<!$NDL$j$G$9(B:
+.Bd -ragged -offset indent
+.Cm pipe Ar number Cm config Ar pipe-configuration
 .Ed
 .Pp
 .Nm
-$B%-%e!<@_Dj=q<0$O<!$NDL$j$G$9!#(B
-.Bd -ragged
-.Cm queue Ar number Cm config
-.Op Cm pipe Ar pipe_nr
-.Op Cm weight Ar weight
-.Oo
-.Cm queue
-.Brq Ar slots | size
-.Oc
-.Op Cm plr Ar loss-probability
-.Op Cm mask Ar mask-specifier
-.Op Cm buckets Ar hash-table-size
-.Oo
-.Cm red | gred
-.Sm off
-.Ar w_q No / Ar min_th No / Ar max_th No / Ar max_p
-.Sm on
-.Oc
+$B%-%e!<@_Dj$N=q<0$O<!$NDL$j$G$9(B:
+.Bd -ragged -offset indent
+.Cm pipe Ar number Cm config Ar pipe-configuration
+.Ed
 .Pp
 $B<!$N%Q%i%a!<%?$r%Q%$%W$KBP$7$F@_Dj2DG=$G$9(B:
-.Bl -tag -width indent
+.Pp
+.Bl -tag -width indent -compact
 .It Cm bw Ar bandwidth | device
-$B%P%s%II}$G$"$j!"C10L$O(B
+$B%P%s%II}$G!"C10L$O(B
 .Sm off
 .Op Cm K | M
-.Brq Cm bit/s | Byte/s .
+.Brq Cm bit/s | Byte/s
 .Sm on
-$B$GB,Dj$7$^$9!#(B
+$B$G$9!#(B
 .Pp
 $BCM(B 0 ($B%G%U%)%k%H(B) $B$OL58B$N%P%s%II}$r0UL#$7$^$9!#(B
 $BC10L$O?tCM$ND>8e$KB3$1$F=q$/I,MW$,$"$j!"<!$N$h$&$K$7$^$9!#(B
 .Pp
-.Dl "ipfw pipe 1 config bw 300Kbit/s queue 50KBytes"
+.Dl "ipfw pipe 1 config bw 300Kbit/s"
 .Pp
 $B?tCM$NBe$j$K%G%P%$%9L>$,;XDj$5$l$?>l9g!"(B
 $BAw?.%/%m%C%/$O;XDj$7$?%G%P%$%9$+$iM?$($i$l$^$9!#(B
@@ -843,32 +1363,47 @@
 $B%G%P%$%9$N$_$,(B
 .Xr ppp 8
 $B$HAH$_9g$o$;$F;HMQ$9$k$?$a$K!"$3$N5!G=$rDs6!$7$F$$$^$9!#(B
+.Pp
 .It Cm delay Ar ms-delay
 $BCY1d;~4V$G$"$j!"%_%jICC10L$G;XDj$7$^$9!#(B
 $BCM$O!"%/%m%C%/%F%#%C%/$NG\?t(B
 ($BE57?E*$K$O(B 10ms $B$G$9$,!"(B
-$B%+!<%M%k$r(B "options HZ=1000" $B$GF0:n$5$;$F@:EY$r(B 1ms $B0J2<$K$9$k$HNI$$(B
+$B%+!<%M%k$r(B
+.Dq "options HZ=1000"
+$B$GF0:n$5$;$F@:EY$r(B 1ms $B0J2<$K$9$k$HNI$$(B
 $B$3$H$,7P83E*$KCN$i$l$F$$$^$9(B) $B$K4]$a$i$l$^$9!#(B
 $B%G%U%)%k%HCM$O(B 0 $B$G$"$j!"CY1dL5$7$r0UL#$7$^$9!#(B
-.It Cm queue Brq Ar slots | size Ns Cm Kbytes
-$B%-%e!<$NBg$-$5$G$"$j!"%9%m%C%H?t$+(B KBytes $B$G$9!#(B
-$B%G%U%)%k%HCM$O(B 50 $B%9%m%C%H$G$"$j!"(B
-$B%$!<%5%M%C%H%G%P%$%9$NE57?E*$J%-%e!<$NBg$-$5$G$9!#(B
-$BDcB.%j%s%/$G$O%-%e!<$NBg$-$5$rC;$/$9$Y$-$3$H$KCm0U$7$F$/$@$5$$!#(B
-$B$5$b$J$$$H!"%H%i%U%#%C%/$O?SBg$J%-%e!<CY1d$K$h$k1F6A$r<u$1$F$7$^$$$^$9!#(B
-$BNc$($P!"(B
-50 $B8D$N:GBg%$!<%5%M%C%H%Q%1%C%H(B (1500 $B%P%$%H(B) $B$O(B 600Kbit $B$G$"$j!"(B
-30Kbit/s $B$N%Q%$%W$G$O(B 20 $BIC$N%-%e!<$r0UL#$7$^$9!#(B
-$B$h$jBg$-$J(B MTU $B$N%$%s%?%U%'!<%9$+$i%Q%1%C%H$r<u$1<h$k$H$-$K$O!"(B
-$B$h$j0-$$7k2L$H$J$j$^$9!#(B
-$BNc$($P!"%k!<%W%P%C%/%$%s%?%U%'!<%9$K$*$$$F(B 16KB $B%Q%1%C%H$r<u$1<h$k$H$-$G$9!#(B
-.It Cm plr Ar packet-loss-rate
-$B%Q%1%C%HAS<:N($G$9!#(B
-$B0z?t(B
-.Ar packet-loss-rate
-$B$O(B 0 $B$H(B 1 $B$N4V$NIbF0>.?tE@?t$G$"$j!"(B
-0 $B$OAS<:L5$7$r0UL#$7!"(B1 $B$O(B 100% $B$NAS<:$r0UL#$7$^$9!#(B
-$BAS<:N($OFbItE*$K$O(B 31 $B%S%C%H$GI=8=$5$l$^$9!#(B
+.El
+.Pp
+$B<!$N%Q%i%a!<%?$r%-%e!<$KBP$7$F@_Dj2DG=$G$9(B:
+.Pp
+.Bl -tag -width indent -compact
+.It Cm pipe Ar pipe_nr
+$B%-%e!<$r;XDj$7$?%Q%$%W$K@\B3$7$^$9!#(B
+$BJ#?t$N%-%e!<(B
+($BBgDq$O0[$J$k=E$_$r;}$A$^$9(B)
+$B$rF10l$N%Q%$%W$K@\B3$9$k$3$H$,$G$-$^$9!#(B
+$B%Q%$%W$O%-%e!<$N=89g$KBP$9$k=8Ls$5$l$?%l!<%H$r;XDj$7$^$9!#(B
+.Pp
+.It Cm weight Ar weight
+$B$3$N%-%e!<$K%^%C%A$9$k%U%m!<$KE,MQ$9$k=E$_$r;XDj$7$^$9!#(B
+$B=E$_$O(B 1 $B$+$i(B 100 $B$NHO0O$G$J$1$l$P$J$i$:!"(B
+$B%G%U%)%k%H$O(B 1 $B$G$9!#(B
+.El
+.Pp
+$B:G8e$K!"<!$N%Q%i%a!<%?$,%Q%$%W$d%-%e!<$KBP$7$F@_Dj$G$-$^$9(B:
+.Pp
+.Bl -tag -width indent -compact
+.Pp
+.It Cm buckets Ar hash-table-size
+$BMM!9$J%-%e!<$r3JG<$9$k%O%C%7%eI=$N%5%$%:$r;XDj$7$^$9!#(B
+$B%G%U%)%k%H$O(B 64 $B$G!"(B
+.Xr sysctl 8
+$BJQ?t(B
+.Em net.inet.ip.dummynet.hash_size
+$B$K$h$C$F(B
+16 $B$+$i(B 1024 $B$^$G$NHO0O$G@)8f$9$k$3$H$,2DG=$G$9!#(B
+.Pp
 .It Cm mask Ar mask-specifier
 .Xr dummynet 4
 $B$G$O!"%U%m!<$4$H$N%-%e!<$r@8@.2DG=$G$9!#(B
@@ -884,30 +1419,51 @@
 .Cm all
 $B!#(B
 $B:G8e$N;XDj;R$O!"(B
-$B$9$Y$F$N%U%#!<%k%I$N$9$Y$F$N%S%C%H$,=EMW$G$"$k$3$H$r0UL#$7$F$$$^$9!#(B
-.Ar pipe
-$B@_DjCf$G;HMQ$5$l$k>l9g!"(B
+$B$9$Y$F$N%U%#!<%k%I$N$9$Y$F$N%S%C%H$,8!::$5$l$k$3$H$r0UL#$7$F$$$^$9!#(B
+.Ar $B%Q%$%W(B
+$B@_Dj$NCf$G;HMQ$5$l$k>l9g!"(B
 $B3F%U%m!<$K$O%Q%$%W$N%l!<%H$KEy$7$$%l!<%H$,3d$jEv$F$i$l$^$9!#(B
-.Ar queue
-$B@_DjCf$G;HMQ$5$l$k>l9g!"(B
+.Ar $B%-%e!<(B
+$B@_Dj$NCf$G;HMQ$5$l$k>l9g!"(B
 $B3F%U%m!<$K$O%-%e!<$N=E$_$KEy$7$$=E$_$,3d$jEv$F$i$l!"(B
 $BF1$8%Q%$%W$r9=@.$9$k%-%e!<$O=E$_$KHfNc$7$F%P%s%II}$r6&M-$7$^$9!#(B
-.It Cm buckets Ar hash-table-size
-$BMM!9$J%-%e!<$r3JG<$9$k$?$a$K;HMQ$9$k%O%C%7%eI=$NBg$-$5$r;XDj$7$^$9!#(B
-$B%G%U%)%k%HCM$O(B 64 $B$G$"$j!"(B
-.Xr sysctl 8
-$BJQ?t(B
-.Em net.inet.ip.dummynet.hash_size
-$B$G@)8f$5$l!";HMQ2DG=$JHO0O$O(B 16 $B$+$i(B 1024 $B$G$9!#(B
-.It Cm pipe Ar pipe_nr
-$B%-%e!<$r;XDj$7$?%Q%$%W$K@\B3$7$^$9!#(B
-$BJ#?t$N%-%e!<(B ($BDL>o$O0[$J$C$?=E$_(B) $B$rF10l$N%Q%$%W$K@\B32DG=$G$9!#(B
-$B$3$N>l9g!"$3$N%-%e!<=89g$KBP$9$k=8Ls%l!<%H$r!"$3$N%Q%$%W$,;XDj$7$^$9!#(B
-.It Cm weight Ar weight
-$B$3$N%-%e!<$KE,9g$9$k%U%m!<$K;HMQ$9$k=E$_$r;XDj$7$^$9!#(B
-$B=E$_$O(B 1..100 $B$NHO0O$G$"$k$3$H$,I,MW$G$"$j!"%G%U%)%k%H$O(B 1 $B$G$9!#(B
+.Pp
+.It Cm noerror
+$B%Q%1%C%H$,(B dummynet $B$N%-%e!<$d%Q%$%W$K$h$C$FMn$5$l$?$H$-!"(B
+$BDL>o$O!"(B
+$B%G%P%$%9%-%e!<$,0lGU$K$J$C$?$H$-$K@8$8$k$N$HF1MM$J7A$G!"(B
+$B%(%i!<$,%+!<%M%kFb$N8F$S=P$785%k!<%A%s$KJs9p$5$l$^$9!#(B
+$B$3$N%*%W%7%g%s$r@_Dj$9$k$H!"(B
+$B%Q%1%C%H$NG[Aw$K@.8y$7$?$+$N$h$&$KJs9p$5$l$^$9!#(B
+$B$3$l$O!"(B
+$B1s3VCO$K$"$k%k!<%?$G$NB;<:$dmUmT$r%7%_%e%l!<%H$7$?$$$H$$$&(B
+$B0lIt$N<B83E*$J@_Dj$N$?$a$KI,MW$H$5$l$F$$$^$9!#(B
+.Pp
+.It Cm plr Ar packet-loss-rate
+$B%Q%1%C%H$NB;<:N($G$9!#(B
+$B0z?t(B
+.Ar packet-loss-rate
+$B$O(B 0 $B$+$i(B 1 $B$^$G$NIbF0>.?tE@?t$G!"(B
+0 $B$,B;<:$,$J$$$3$H$r!"(B1 $B$,(B 100% $B<:$o$l$k$3$H$r0UL#$7$^$9!#(B
+$BB;<:N($OFbItE*$K$O(B 31 $B%S%C%H$GI=8=$5$l$F$$$^$9!#(B
+.Pp
+.It Cm queue Brq Ar slots | size Ns Cm Kbytes
+.Ar slots
+$B$^$?$O(B
+.Cm KBytes
+$B$GI=$7$?%-%e!<$N%5%$%:$G$9!#(B
+$B%G%U%)%k%H$O(B 50 $B%9%m%C%H$G!"(B
+$B$3$l$O%$!<%5%M%C%H%G%P%$%9$K$*$1$kE57?E*$J%-%e!<$N%5%$%:$G$9!#(B
+$BDcB.%j%s%/$N$?$a$K%-%e!<$N%5%$%:$r>.$5$$$^$^$K$7$F$*$/$3$H$,?d>)$5$l$^$9!#(B
+$B$=$&$7$J$$$H%H%i%U%#%C%/$KBP$9$k%-%e!<$NCY1d$,Cx$7$/$J$k$+$b$7$l$^$;$s!#(B
+$BNc$($P!":GBg%5%$%:$N%$!<%5%M%C%H%Q%1%C%H(B (1500 $B%P%$%H(B) $B$,(B 50 $B8D$N$H$-!"(B
+600Kbit$B!"(B $B$D$^$j(B 30Kbit/$BIC(B $B$N%Q%$%W$G(B 20 $BIC$H$$$&$3$H$K$J$j$^$9!#(B
+$B$=$l$h$j$b$:$C$HBg$-$J(B MTU $B$r;}$C$?%$%s%?!<%U%'!<%9(B
+($BNc$($P%k!<%W%P%C%/%$%s%?!<%U%'!<%9$O(B 16KB $B%Q%1%C%H$G$9(B)
+$B$+$i%Q%1%C%H$r<u$1<h$k$H$7$F$b0-$$7k2L$H$J$k$3$H$,$"$j$^$9!#(B
+.Pp
 .It Cm red | gred Ar w_q Ns / Ns Ar min_th Ns / Ns Ar max_th Ns / Ns Ar max_p
-RED $B%-%e!<4IM}%"%k%4%j%:%`$r;HMQ$7$^$9!#(B
+RED (Random Early Detection) $B%-%e!<4IM}%"%k%4%j%:%`$r;HMQ$7$^$9!#(B
 .Ar w_q
 $B$H(B
 .Ar max_p
@@ -991,7 +1547,8 @@
 $B$H$9$k$N$ONI$/$"$j$^$;$s!#(B
 .It
 $B%7%9%F%`%;%-%e%j%F%#%l%Y%k$,(B 3 $B0J>e$K@_Dj$5$l$F$$$k>l9g!"(B
-IP $B%U%#%k%?%j%9%H$rJQ99$G$-$^$;$s(B ($B%7%9%F%`%;%-%e%j%F%#%l%Y%k$K$D$$$F$O(B
+.Nm
+$B%U%#%k%?%j%9%H$rJQ99$G$-$^$;$s(B ($B%7%9%F%`%;%-%e%j%F%#%l%Y%k$K$D$$$F$O(B
 .Xr init 8
 $B$r;2>H$7$F$/$@$5$$(B)$B!#(B
 .El
@@ -1006,42 +1563,61 @@
 $B%3%s%Q%$%k$5$l$F$$$J$$>l9g!"(B
 $B%Q%1%C%H$OGK4~$5$l$^$9!#(B
 .Sh SYSCTL $BJQ?t(B
-$B%U%!%$%"%&%)!<%k$NF0:n$r@)8f$9$k(B
 .Xr sysctl 8
-$BJQ?t$N=89g$,$"$j$^$9!#(B
+$BJQ?t$N=89g$O!"%U%!%$%"%&%)!<%k$H(B
+$B4XO"$9$k%b%8%e!<%k(B (
+.Nm dummynet, bridge
+) $B$NF0:n$r@)8f$7$^$9!#(B
 $B%G%U%)%k%HCM(B ($B$I$NCM$,<B:]$K;HMQ$5$l$k$+$O(B
 .Nm sysctl
 $B$G3NG'$7$F$/$@$5$$(B) $B$H0UL#$H6&$K!"$3$l$i$r0J2<$KNs5s$7$^$9!#(B
 .Bl -tag -width indent
+.It Em net.inet.ip.dummynet.expire : No 1
+$BL$7hDj$N%H%i%U%#%C%/$,0lEY$b$J$+$C$?F0E*%Q%$%W(B/$B%-%e!<$rBUBF$K:o=|$7$^$9!#(B
+$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$3$H$GL58z$K$9$k$3$H$,$G$-$^$9!#(B
+$B$3$N>l9g!"%Q%$%W(B/$B%-%e!<$OogCM$KC#$7$?>l9g$K$N$_:o=|$5$l$k$3$H$K$J$j$^$9!#(B
+.It Em net.inet.ip.dummynet.hash_size : No 64
+$BF0E*%Q%$%W(B/$B%-%e!<$K;HMQ$5$l$k%O%C%7%eI=$N%G%U%)%k%H$NBg$-$5$G$9!#(B
+$B$3$NCM$O%Q%$%W(B/$B%-%e!<$r@_Dj$9$k$H$-$K(B
+.Cm buckets
+$B%*%W%7%g%s$,0l$D$b;XDj$5$l$J$+$C$?>l9g$K;HMQ$5$l$^$9!#(B
+.It Em net.inet.ip.dummynet.max_chain_len : No 16
+$B%O%C%7%e%P%1%C%H(B (hash bucket) $BFb$N%Q%$%W(B/$B%-%e!<$N:GBg8D?t$NCM$G$9!#(B
+.Cm net.inet.ip.dummynet.expire=0
+$B$G$"$C$F$b!"@Q(B
+.Cm max_chain_len*hash_size
+$B$,6u$N%Q%$%W(B/$B%-%e!<$,4|8B@Z$l$K$J$C$?$H$9$kogCM$r7hDj$9$k$N$K;HMQ$5$l$^$9!#(B
+.It net.inet.ip.dummynet.red_lookup_depth : No 256
+.It net.inet.ip.dummynet.red_avg_pkt_size : No 512
+.It net.inet.ip.dummynet.red_max_pkt_size : No 1500
+RED $B%"%k%4%j%:%`$r;H$C$FMn$93NN($r7W;;$9$k$N$K;HMQ$5$l$k%Q%i%a!<%?$G$9!#(B
+.It Em net.inet.ip.fw.autoinc_step : No 100
+$B%k!<%kHV9f$r<+F0@8@.$9$k:]$N%k!<%kHV9f4V$N:9J,$G$9!#(B
+$B$3$NCM$O(B 1 $B$+$i(B 100 $B$NHO0O$G$J$1$l$P$J$j$^$;$s!#(B
+.It Em net.inet.ip.fw.curr_dyn_buckets : Em net.inet.ip.fw.dyn_buckets
+$BF0E*%k!<%k$N%O%C%7%eI=Fb$N8=:_$N%P%1%C%H$N8D?t$G$9(B ($BFI$_=P$7$N$_(B)$B!#(B
 .It Em net.inet.ip.fw.debug : No 1
 .Nm
 $B$,@8@.$9$k%G%P%C%0%a%C%;!<%8$r@)8f$7$^$9!#(B
-.It Em net.inet.ip.fw.one_pass : No 1
-$B%;%C%H$5$l$k$H!"(B
-.Xr dummynet 4
-$B%Q%$%W$+$i=P$FMh$?%Q%1%C%H$O!"$U$?$?$S%U%!%$%"%&%)!<%k$rDL$5$J$$$h$&$K$7$^$9!#(B
-$B%;%C%H$5$l$J$$>l9g!"(Bpipe $B=hM}$N$"$H!"(B
-$B%Q%1%C%H$O:F$S%U%!%$%"%&%)!<%k$KA^F~$5$l!"<!$N%k!<%k$+$i:F3+$5$l$^$9!#(B
-.It Em net.inet.ip.fw.verbose : No 1
-$B>iD9$J%a%C%;!<%8$r=PNO$9$k$h$&$K$7$^$9!#(B
-.It Em net.inet.ip.fw.enable : No 1
-$B%U%!%$%"%&%)!<%k$rF0:n2DG=$K$7$^$9!#(B
-$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$H!"%U%!%$%"%&%)!<%k$r%3%s%Q%$%k$7$F(B
-$B;E9~$s$G$$$F$b%U%!%$%"%&%)!<%k$J$7$GF0:n$7$^$9!#(B
-.It Em net.inet.ip.fw.verbose_limit : No 0
-$B>iD9$J%U%!%$%"%&%)!<%k$,@8@.$9$k%a%C%;!<%8$N?t$r@)8B$7$^$9!#(B
 .It Em net.inet.ip.fw.dyn_buckets : No 256
-.It Em net.inet.ip.fw.curr_dyn_buckets : No 256
-$BF0E*%k!<%k$rJ];}$9$k$?$a$K;HMQ$9$k%O%C%7%eI=$N@_Dj%5%$%:$H(B
-$B8=:_$N%5%$%:$G$9!#$3$NCM$O(B 2 $B$N$Y$->h$K$9$kI,MW$,$"$j$^$9!#(B
-$B%O%C%7%eI=$N%5%$%:$NJQ99$O!"I=$,6u$N>l9g$N$_9T$J$o$l$^$9!#(B
-$B$7$?$,$C$F!"<B9TCf$KI=$N%5%$%:$rJQ99$9$k$?$a$K$O!"(B
+$BF0E*%k!<%k$G;HMQ$5$l$k%O%C%7%eI=$K4^$^$l$k%P%1%C%H$N8D?t$G$9!#(B
+2 $B$N$Y$->h$G$J$1$l$P$J$i$:!">e8B$O(B 65536 $B$G$9!#(B
+$BA4$F$NF0E*%k!<%k$,4|8B@Z$l$H$J$C$?$H$-$K$N$_8z2L$,8=$l$k$N$G!"(B
+$B3N<B$K%O%C%7%eI=$N%5%$%:$,JQ99$5$l$k$h$&$K$9$k$K$O(B
 .Cm flush
-$B$7$F%k!<%k=89g$r:F%m!<%I$9$kI,MW$,$"$k$G$7$g$&!#(B
+$B%3%^%s%I$r;HMQ$9$k$Y$-$G$7$g$&!#(B
 .It Em net.inet.ip.fw.dyn_count : No 3
 $B8=:_$NF0E*%k!<%k$N?t$G$9(B
 ($BFI$_9~$_@lMQ(B)$B!#(B
-.It Em net.inet.ip.fw.dyn_max : No 1000
+.It Em net.inet.ip.fw.dyn_keepalive : No 1
+TCP $B%;%C%7%g%s$K$*$$$F(B
+.Cm keep-state
+$B%k!<%k$N$?$a$N%-!<%W%"%i%$%V%Q%1%C%H$r@8@.$9$k$h$&$K$7$^$9!#(B
+$B%-!<%W%"%i%$%V%Q%1%C%H$O(B
+$B%k!<%k$N@8B8;~4V$,;D$j(B 20 $BIC$H$J$C$?$H$-$K(B
+$B@\B3$NN>C<$K8~$1$F(B 5 $BICKh$K(B
+$B@8@.$5$l$^$9!#(B
+.It Em net.inet.ip.fw.dyn_max : No 8192
 $BF0E*%k!<%k$N:GBgCM$G$9!#$3$N8B3&$K$$$-$D$/$H!"(B
 $B8E$$%k!<%k$,L58z$K$J$k$^$G$O!"$=$l0J>e!"F0E*%k!<%k$r(B
 $BAH$_9~$`$3$H$O$G$-$^$;$s!#(B
@@ -1051,12 +1627,177 @@
 .It Em net.inet.ip.fw.dyn_rst_lifetime : No 1
 .It Em net.inet.ip.fw.dyn_udp_lifetime : No 5
 .It Em net.inet.ip.fw.dyn_short_lifetime : No 30
-$B$3$l$i$NCM$O!"F0E*%k!<%k$N@8B84|4V$rICC10L$G%3%s%H%m!<%k$7$^$9!#(B
-$B:G=i$N(B SYN $B8r49$N:]$K!"@8B84|4V$,(B short $B$K$J$j!"(B
-SYN $B$rN>J}$H$b8+$?8e$KA}$d$5$l!":G8e$N(B FIN $B8r49$N4V!"(B
-$B$^$?$O(B RST $B$,@8$8$k:]$K:F$S8:$i$5$l$^$9!#(B
+$B$3$l$i$NCM$O!"F0E*%k!<%k$N@8B8;~4V$rICC10L$G%3%s%H%m!<%k$7$^$9!#(B
+$B:G=i$N(B SYN $B8r49$N:]$K$O@8B8;~4V$,C;4|(B (short) $B$K$J$j!"(B
+$B$=$N8e8_$$$N(B SYN $B$,8!=P$5$l$?8e$OA}2C$5$;$i$l!"(B
+$B:G8e$N(B FIN $B8r49$N4V!"(B
+$B$^$?$O(B RST $B$r<u?.$7$?:]$K:F$S8:$i$5$l$^$9!#(B
+.Em dyn_fin_lifetime
+$B$*$h$S(B
+.Em dyn_rst_lifetime
+$B$O87L)$K(B 5 $BIC(B ($B%-!<%W%"%i%$%V$r7+$jJV$9<~4|(B) $B$h$jC;$/$J$1$l$P$J$j$^$;$s!#(B
+$B%U%!%$%"%&%)!<%k$G$O$3$l$,6/@)$5$l$^$9!#(B
+.It Em net.inet.ip.fw.enable : No 1
+$B%U%!%$%"%&%)!<%k$rM-8z$K$7$^$9!#(B
+$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$H!"(B
+$B%^%7%s$,%3%s%Q%$%k;~$KM-8z$N@_Dj$,$5$l$F$$$k>l9g$G$"$C$F$b!"(B
+$B%U%!%$%"%&%)!<%k$,$J$$>uBV$G<B9T$5$l$^$9!#(B
+.It Em net.inet.ip.fw.one_pass : No 1
+$B@_Dj$5$l$F$$$k>l9g!"(B
+.Xr dummynet 4
+$B%Q%$%W$+$i=P$F$/$k%Q%1%C%H$O(B
+$B:FEY%U%!%$%"%&%)!<%k$rDL2a$9$k$3$H$O$"$j$^$;$s!#(B
+$B$=$&$G$J$$>l9g!"(B
+$B%Q%$%W%"%/%7%g%s$N8e!"(B
+$B%Q%1%C%H$O<!$N%k!<%k$G%U%!%$%"%&%)!<%k$K:FCmF~$5$l$^$9!#(B
+.Pp
+$BCm(B: $B%Q%$%W$+$i@8$8$k%V%j%C%8$5$l$?%Q%1%C%H$d%l%$%d(B 2 $B%Q%1%C%H$O!"(B
+$B$3$NJQ?t$NCM$K4X$o$i$:!"%U%!%$%"%&%)!<%k$K7h$7$F:FCmF~$5$l$^$;$s!#(B
+.It Em net.inet.ip.fw.verbose : No 1
+$B>iD9%a%C%;!<%8$rM-8z$K$7$^$9!#(B
+.It Em net.inet.ip.fw.verbose_limit : No 0
+$B>iD9=PNO$r9T$&$h$&$K@_Dj$5$l$?%U%!%$%"%&%)!<%k$,(B
+$B@8@.$9$k%a%C%;!<%8?t$r@)8B$7$^$9!#(B
+.It Em net.link.ether.ipfw : No 0
+.Nm
+$B$,%l%$%d(B 2 $B%Q%1%C%H$rDL$9$+$I$&$+$r@)8f$7$^$9!#(B
+$B%G%U%)%k%H$O(B no $B$G$9!#(B
+.It Em net.link.ether.bridge_ipfw : No 0
+.Nm
+$B$,%V%j%C%8$5$l$?%Q%1%C%H$rDL$9$+$I$&$+$r@)8f$7$^$9!#(B
+$B%G%U%)%k%H$O(B no $B$G$9!#(B
+.El
+.Sh IPFW2 $B3HD%(B
+$B$3$N%;%/%7%g%s$G$O(B
+.Nm ipfw2
+$B$G>R2p$5$l!"(B
+.Nm ipfw1
+$B$K$OL5$$5!G=$N0lMw$r<($7$^$9!#(B
+$B$3$3$G$O%k!<%k%;%C%H$r5-=R$9$k:]$K1F6A$,Bg$-$$$H;W$o$l$k=g$K<($7$^$9!#(B
+$B$h$j8z2LE*$J$d$jJ}$G%k!<%k%;%C%H$r5-=R$9$k$?$a$K(B
+$B$3$l$i$N5!G=$r;HMQ$7$?$$$H;W$&$+$b$7$l$^$;$s!#(B
+.Bl -tag -width indent
+.It $BHs(B IPv4 $B$N%Q%1%C%H$N<h$j07$$(B
+.Nm ipfw1
+$B$OA4$F$NHs(B IPv4 $B%Q%1%C%H$rL[$C$F<u$1IU$1$^$9(B (
+.Nm ipfw1
+$B$O(B
+.Em net.link.ether.bridge_ipfw=1 Ns
+$B$N>l9g$K$N$_;2>H$7$^$9(B)$B!#(B
+.Nm ipfw2
+$B$O(B
+$BA4$F$N%Q%1%C%H(B ($BHs(B IPv4 $B%Q%1%C%H$r4^$`(B) $B$r(B
+$B%k!<%k%;%C%H$K$7$?$,$C$F%U%#%k%?$7$^$9!#(B
+.Nm ipfw1
+$B$HF1$8$h$&$JF0:n$r$5$;$?$$>l9g$O(B
+$B%k!<%k%;%C%H$N@hF,$G<!$N$h$&$K$7$^$9(B:
+.Pp
+.Dl "ipfw add 1 allow layer2 not mac-type ip"
+.Pp
+.Cm layer2
+$B%*%W%7%g%s$O>iD9$G$"$k$h$&$K8+$($^$9$,!"I,MW$G$9(B --
+$B%l%$%d(B 3 $B$+$i%U%!%$%"%&%)!<%k$rDL$k%Q%1%C%H$O(B MAC $B%X%C%@$rBT$?$J$$$N$G!"(B
+.Cm mac-type ip
+$B%Q%?!<%s$O%l%$%d(B3$B$N%Q%1%C%H$KBP$7$F>o$K<:GT$7$^$9!#(B
+$B$D$^$j!"(B
+.Cm not
+$B%*%Z%l!<%?$r$*$/$HA4$F$rDL2a$5$;$k%k!<%k$K$J$C$F$7$^$$$^$9!#(B
+.It $B%"%I%l%9%;%C%H(B
+.Nm ipfw1
+$B$O%"%I%l%9%;%C%H(B (
+.Ar addr/masklen{num,num,...}
+$B$H$$$&7A<0$N$b$N(B)
+$B$r%5%]!<%H$7$F$$$^$;$s!#(B
+.Pp
+.Nm ipfw1
+$B$H(B
+.Nm ipfw2
+$B$K$O(B
+.Ar ipno:mask
+$B$N$h$&$J%"%I%l%9;XDj$r<u$1IU$1$k:]$K>.$5$J0c$$$,$"$j!"(B
+$BO"B3$9$k%S%C%HNs$NBe$o$j$KG$0U$N%S%C%H%^%9%/$r%^%9%/$H$9$k$3$H$,$G$-$^$9!#(B
+.Nm ipfw2
+$B$O$b$O$d$3$NJ8K!$r%5%]!<%H$7$F$$$^$;$s$,!"(B
+$B%+!<%M%k$NB&$G%5%]!<%H$5$l$F$$$k$N$G(B
+$B:3:Y$J$3$H$G$9$,:F$S>R2p$7$F$$$^$9!#(B
+.It $B%]!<%H$N;XDj(B
+.Nm ipfw1
+$B$G$O(B TCP $B$H(B UDP $B$N%]!<%H$r;XDj$9$k:]$K(B
+$B;XDj$G$-$k%]!<%HHO0O$O(B 1 $B$D$@$1$G$7$?!#(B
+$B$^$?!"(B
+.Nm ipfw2
+$B$G2DG=$J(B 15 $B%(%s%H%j$KBP$7$F(B 10 $B%(%s%H%j$K@)8B$5$l$F$$$^$7$?!#(B
+$B$^$?!"(B
+.Nm ipfw1
+$B$G$O(B
+.Cm tcp
+$B$^$?$O(B
+.Cm udp
+$B%Q%1%C%H$rMW5a$9$k%k!<%k$N>l9g$K8B$C$F(B
+$B%]!<%H$r;XDj$9$k$3$H$,2DG=$G$9!#(B
+.Nm ipfw2
+$B$G$OA4$F$N%Q%1%C%H$K%^%C%A$5$;$k%k!<%k$G%]!<%H$N;XDj$r9T$&$3$H$,2DG=$G!"(B
+$B%^%C%A$O%]!<%H<1JL;R$r4^$s$@%W%m%H%3%k$r1?$V%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
+.Pp
+$B:G8e$K!"(B
+.Nm ipfw1
+$B$G$O(B
+$B:G=i$N%]!<%H%(%s%H%j$r(B
+.Ar port:mask
+$B$H;XDj$9$k$3$H$,$G$-$^$9!#(B
+$B$3$3$G(B
+.Ar mask
+$B$OG$0U$N(B 16 $B%S%C%H%^%9%/$,;HMQ2DG=$G$9!#(B
+$B$3$NJ8K!$,M-MQ$G$"$k$+$I$&$+$O5?Ld$J$N$G(B
+.Nm ipfw2
+$B$G$O$b$O$d%5%]!<%H$5$l$F$$$^$;$s!#(B
+.It $BO@M}OB%V%m%C%/(B
+.Nm ipfw1
+$B$OO@M}OB%V%m%C%/$r%5%]!<%H$7$F$$$^$;$s!#(B
+.It $B%-!<%W%"%i%$%V(B
+.Nm ipfw1
+$B$O>uBV0MB8%;%C%7%g%s$N$?$a$N%-!<%W%"%i%$%V$r@8@.$7$^$;$s!#(B
+$B7k2L$H$7$F!"(B
+$B5Y;_>uBV$N%;%C%7%g%s$O(B
+$BF0E*%k!<%k$N@8B8;~4V$,4|8B@Z$l$H$J$k$?$a$K(B
+$BMn$5$l$k$3$H$,$"$j$^$9!#(B
+.It $B%k!<%k%;%C%H(B
+.Nm ipfw1
+$B$O%k!<%k%;%C%H$r<BAu$7$F$$$^$;$s!#(B
+.It MAC $B%X%C%@$K$h$k%U%#%k%?$H%l%$%d(B 2 $B$N%U%!%$%"%&%)!<%k(B
+.Nm ipfw1
+$B$O(B MAC $B%X%C%@%U%#!<%k%I$K$h$k%U%#%k%?$r<BAu$7$F$$$^$;$s$7!"(B
+.Cm ether_demux()
+$B$H(B
+.Cm ether_output_frame()
+$B$+$i$N%Q%1%C%H$K$h$C$F$b5/F0$7$^$;$s!#(B
+sysctl $BJQ?t(B
+.Em net.link.ether.ipfw
+$B$O$3$3$G$O2?$N8z2L$b$"$j$^$;$s!#(B
+.It $B%*%W%7%g%s(B
+$B<!$N%*%W%7%g%s$O(B
+.Nm ipfw1
+$B$G$O%5%]!<%H$5$l$F$$$^$;$s!#(B
+.Pp
+.Cm dst-ip, dst-port, layer2, mac, mac-type, src-ip, src-port
+.Pp
+$B$5$i$K!"<!$N%*%W%7%g%s$O(B
+.Nm ipfw1
+(RELENG_4)
+$B$N%k!<%k$G$O%5%]!<%H$5$l$F$$$^$;$s(B:
+.Cm ipid, iplen, ipprecedence, iptos, ipttl,
+.Cm ipversion, tcpack, tcpseq, tcpwin
+.It dummynet $B%*%W%7%g%s(B
+.Nm dummynet
+$B%Q%$%W(B/$B%-%e!<MQ$N<!$N%*%W%7%g%s$O%5%]!<%H$5$l$F$$$^$;$s(B:
+.Cm noerror
 .El
 .Sh $B;HMQNc(B
+.Nm
+$B$O$"$^$j$K$bB?$/$N;HMQJ}K!$,$"$k$N$G(B
+$B$3$N%;%/%7%g%s$G$O;HMQNc$N0lIt$r<($9$N$_$K$7$F$*$-$^$9!#(B
+.Pp
+.Ss $B4pK\E*$J%Q%1%C%H%U%#%k%?%j%s%0(B
 $B<!$N%3%^%s%I$O(B
 .Em cracker.evil.org
 $B$+$i(B
@@ -1087,6 +1828,26 @@
 .Cm deny
 $B%k!<%k$K$h$j5Q2<$5$l$^$9!#(B
 .Pp
+$B$b$7!"0l$D0J>e$N%5%V%M%C%H$N4IM}<T$J$i!"(B
+$B0J2<$N$h$&$K!"(B
+$B%"%I%l%9%;%C%H$HO@M}OB%V%m%C%/$r;XDj$7$F(B
+$B%/%i%$%"%s%H$N%V%m%C%/$K%5!<%S%9$rA*BrE*$KMxMQ2DG=$K$9$k(B
+$B6K$a$F%3%s%Q%/%H$J%k!<%k%;%C%H$r5-=R$9$k$H$$$&(B
+.Nm ipfw2
+$B$NJ8K!$NMxE@$r:NMQ$9$k$3$H$,$G$-$^$9!#(B
+.Pp
+.Dl "goodguys=\*q{ 10.1.2.0/24{20,35,66,18} or 10.2.3.0/28{6,3,11} }\*q"
+.Dl "badguys=\*q10.1.2.0/24{8,38,60}\*q"
+.Dl ""
+.Dl "ipfw add allow ip from ${goodguys} to any"
+.Dl "ipfw add deny ip from ${badguys} to any"
+.Dl "... normal policies ..."
+.Pp
+.Nm ipfw1
+$B$NJ8K!$G$O!"(B
+$B>e$NNc$G$O3F(B IP $B$KJL!9$N%k!<%k$rMQ0U$9$kI,MW$,$"$j$^$9!#(B
+.Pp
+.Ss $BF0E*%k!<%k(B
 $B$K$;$N(B TCP $B%Q%1%C%H$r4^$`E\Es$N967b(B (flood attack) $B$+$i(B
 $B%5%$%H$rJ]8n$9$k$?$a$K$O!"<!$NF0E*%k!<%k$rMQ$$$?J}$,0BA4$G$9!#(B
 .Pp
@@ -1143,6 +1904,7 @@
 .Pp
 .Dl ipfw divert 5000 ip from 192.168.2.0/24 to any in
 .Pp
+.Ss $B%H%i%U%#%C%/%7%'%$%Q(B
 $B<!$N%k!<%k$O!"(B
 .Nm
 $B$H(B
@@ -1207,7 +1969,7 @@
 .Dl "ipfw pipe 2 config delay 250ms bw 1Mbit/s"
 .Pp
 $B%U%m!<$4$H$N%-%e!<$O$5$^$6$^$JMQES$KM-MQ$G$9!#(B
-$BHs>o$KC1=c$JMQES$O!"%H%i%U%#%C%/$N7W?t$G$9(B:
+$BHs>o$KC1=c$JMQES$O!"%H%i%U%#%C%/$N=87W$G$9(B:
 .Pp
 .Dl "ipfw add pipe 1 tcp from any to any"
 .Dl "ipfw add pipe 1 udp from any to any"
@@ -1230,24 +1992,31 @@
 .Dl "ipfw add pipe 2 ip from any to 192.168.2.0/24 in"
 .Dl "ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue 20Kbytes"
 .Dl "ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue 20Kbytes"
-.Sh $B<BAu$K4X$9$kCm(B
-$B%Q%1%C%H$,(B
-.Nm
-$B$K=hM}$5$l$k2s?t$OMM!9$G$9!#(B
-$B4pK\E*$K$O!"%+!<%M%k4X?t(B
-.Fn ip_input ,
-.Fn ip_output ,
-.Fn bdg_forward
-$B$,5/F0$5$l$kEY$K(B
-.Nm
-$B$,5/F0$5$l$^$9!#(B
-$B$D$^$j!"(B
-$B=*E@$N(B 1 $B8D$,%m!<%+%k%[%9%H$K$"$k@\B3$G$O!"%Q%1%C%H$O(B 1 $B2s=hM}$5$l$^$9!#(B
-$B=*E@$N(B 2 $B8DN>J}$,%m!<%+%k%[%9%H$K$"$k@\B3$^$?$O(B
-$B$3$N%[%9%H$,%k!<%F%#%s%0$9$k%Q%1%C%H$KBP$7$F$O!"(B2 $B2s=hM}$5$l$^$9(B
-($B%2!<%H%&%'%$$H$7$F$NF0:n(B)$B!#(B
-$B$3$N%[%9%H$,%V%j%C%8$9$k%Q%1%C%H$KBP$7$F$O!"(B1 $B2s=hM}$5$l$^$9(B
-($B%V%j%C%8$H$7$F$NF0:n(B)$B!#(B
+.Ss $B%k!<%k%;%C%H(B
+$B%k!<%k%;%C%H$r<+F0E*$KDI2C$9$k$K$O!"Nc$($P%;%C%H(B 18 $B$J$i(B:
+.Pp
+.Dl "ipfw disable set 18"
+.Dl "ipfw add NN set 18 ...         # $BI,MW$K1~$8$F7+$jJV$9(B"
+.Dl "ipfw enable set 18"
+.Pp
+$B%k!<%k%;%C%H$r<+F0E*$K:o=|$9$k$K$O%3%^%s%I$OC1$K(B:
+.Pp
+.Dl "ipfw delete set 18"
+.Pp
+$B%k!<%k%;%C%H$N%F%9%H$r9T$C$?$j!"(B
+$B2?$+4V0c$$$,$"$C$?>l9g$K%k!<%k%;%C%H$r:o=|$7$F@)8f$r2sI|$9$k$K$O(B:
+.Pp
+.Dl "ipfw disable set 18"
+.Dl "ipfw add NN set 18 ...         # $BI,MW$K1~$8$F7+$jJV$9(B"
+.Dl "ipfw enable set 18 ; echo done; sleep 30 && ipfw disable set 18"
+.Pp
+$B$3$3$G3F@_Dj$,$&$^$/$$$C$?>l9g!"(B
+"sleep" $B$,=*N;$9$kA0$K(B control-C $B$r2!$9$H!"(B
+$B%k!<%k%;%C%H$O3hF0>uBV$N$^$^$H$J$j$^$9!#(B
+$B$=$&$G$J$$>l9g!"(B
+$B$?$H$(H"$K%"%/%;%9$9$k$3$H$,$G$-$J$+$C$?$H$7$F$b!"(B
+$B%k!<%k%;%C%H$OC<Kv$,%9%j!<%W$7$?8e$GL58z$J>uBV$K$J$k$N$G(B
+$B0JA0$N>u67$,I|85$5$l$^$9!#(B
 .Pp
 .Sh $B4XO"9`L\(B
 .Xr cpp 1 ,
@@ -1264,31 +2033,67 @@
 .Xr reboot 8 ,
 .Xr sysctl 8 ,
 .Xr syslogd 8
+.Rs
+.%A "S. Floyd"
+.%A "V. Jacobson"
+.%T "Random Early Detection gateways for Congestion Avoidance"
+.%D "August 1993"
+.Re
+.Rs
+.%A "B. Braden"
+.%A "D. Clark"
+.%A "J. Crowcroft"
+.%A "B. Davie"
+.%A "S. Deering"
+.%A "D. Estrin"
+.%A "S. Floyd"
+.%A "V. Jacobson"
+.%A "G. Minshall"
+.%A "C. Partridge"
+.%A "L. Peterson"
+.%A "K. Ramakrishnan"
+.%A "S. Shenker"
+.%A "J. Wroclawski"
+.%A "L. Zhang"
+.%T "Recommendations on Queue Management and Congestion Avoidance in the Internet"
+.%D "April 1998"
+.%O "RFC 2309"
+.Re
 .Sh $B%P%0(B
-$B$3$N?tG/$GJ8K!$,Bg$-$/$J$C$F$7$^$$!"(B
-$BHs>o$K$9$C$-$j$7$F$$$k$H$O8@$$Fq$$$G$9!#(B
-.Pp
-.Em WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!
+$BG/7n$H$H$b$KJ8K!$,Bg$-$/$J$j!"$H$-$I$-:.Mp$9$k$3$H$b$"$k$G$7$g$&!#(B
+$BIT9,$K$7$F!"J8K!$NDj5A$N8m$j$r@5$9$?$a$K8eJ}8_49@-$O$J$/$J$C$F$7$^$$$^$7$?!#(B
 .Pp
-$B$3$N%W%m%0%i%`$O%3%s%T%e!<%?$r$+$J$j;H$$$K$/$$>uBV$K$7$F$7$^$&(B
-$B2DG=@-$,$"$j$^$9!#(B
-$B$O$8$a$F;HMQ$9$k;~$O%3%s%=!<%k>e$G<B9T$7!"M}2r$7$F$$$J$$A`:n$O(B
-.Em $B@dBP$K<B9T$7$J$$(B
-$B$h$&$K$7$F2<$5$$!#(B
+.Em !!! $B7Y9p(B !!!
 .Pp
-$BO"B3$7$?%(%s%H%j$NA`:n$b$7$/$ODI2C$K:]$7!"(B
-$B%5!<%S%9L>$d%W%m%H%3%kL>$O;HMQ$G$-$^$;$s!#(B
+$B%U%!%$%"%&%)!<%k$r8m$C$F@_Dj$9$k$H%3%s%T%e!<%?$,(B
+$B;HMQITG=$J>uBV$K$J$k2DG=@-$,$"$j$^$9!#(B
+$B$G$-$k8B$j%M%C%H%o!<%/$N%5!<%S%9$rDd;_$7$F(B
+$B@)8f$r2sI|$9$k$?$a$K%3%s%=!<%k$K%"%/%;%9$9$k$3$H$,I,MW$G$9!#(B
 .Pp
 $BF~$C$F$-$?%Q%1%C%H$NCGJR(B ($B%U%i%0%a%s%H(B) $B$,(B
 .Cm divert
 $B$K$h$C$F9T$-@h$rJQ99$5$l$k$+(B
 .Cm tee
 $B$5$l$k$H!"%=%1%C%H$KG[Aw$5$l$kA0$K%Q%1%C%H$O:F9=@.$5$l$^$9!#(B
+$B$3$l$i$N%Q%1%C%H$G;HMQ$5$l$k%"%/%7%g%s$O(B
+$B%Q%1%C%H$N:G=i$N%U%i%0%a%s%H$K%^%C%A$7$?%k!<%k$N0l$D$G$9!#(B
 .Pp
 .Cm tee
 $B%k!<%k$K%^%C%A$9$k%Q%1%C%H$O!"(B
 $BB(;~$K<uM}$5$l$k$Y$-$G$O$J$/!"%k!<%k%j%9%H$r99$KDL$k$Y$-$G$9!#(B
 $B$3$l$O!"0J9_$N%P!<%8%g%s$G=$@5$5$l$k$+$b$7$l$^$;$s!#(B
+.Pp
+$B%f!<%6!<%i%s%I$X8~$1$i$l!"(B
+$B%f!<%6!<%i%s%I$N%W%m%;%9(B ($BNc$($P(B
+.Xr natd 8 )
+$B$K$h$C$F:FEjF~$5$l$k%Q%1%C%H$O!"(B
+$B%Q%1%C%H$NH/?.85%$%s%?!<%U%'!<%9$r4^$`(B
+$B%Q%1%C%HB0@-$N$$$m$$$m$r<:$C$F$$$^$9!#(B
+$B%Q%1%C%H$,$3$NJ}K!$G:FEjF~$5$l$?>l9g!"(B
+$B8e$N%k!<%k$O@5$7$/E,MQ$5$l$J$$$+$b$7$l$^$;$s!#(B
+$B%k!<%k$NJB$S$K$*$1$k(B
+.Cm divert
+$B%k!<%k$N=g=x$OHs>o$K=EMW$J$b$N$H$J$j$^$9!#(B
 .Sh $B:n<T(B
 .An Ugen J. S. Antsilevich ,
 .An Poul-Henning Kamp ,
@@ -1302,7 +2107,7 @@
 $B$,(B BSDI $BMQ$K5-=R$7$?%3!<%I$K4p$E$$$F$$$^$9!#(B
 .Pp
 .Xr dummynet 4
-$B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp $B$,%5%]!<%H$7$^$7$?!#(B
+$B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp. $B$,%5%]!<%H$7$^$7$?!#(B
 .Sh $BNr;K(B
 .Nm
 $B$O!"(B
@@ -1315,3 +2120,5 @@
 $B%9%F!<%H%U%k3HD%$O!"(B
 .Fx 4.0
 $B$+$iF3F~$5$l$^$7$?!#(B
+.Nm ipfw2
+$B$O(B 2002 $BG/2F$K>R2p$5$l$^$7$?!#(B

----Next_Part(Thu_Sep_26_11:07:16_2002_228)----
