From owner-man-jp-reviewer@jp.FreeBSD.org Mon Sep 30 19:10:31 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8UAAVl41147;
	Mon, 30 Sep 2002 19:10:31 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from shiva.tri.asanuma.co.jp (shiva.tri.asanuma.co.jp [210.160.188.2])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g8UAAO341137;
	Mon, 30 Sep 2002 19:10:24 +0900 (JST)
	(envelope-from mori@tri.asanuma.co.jp)
Received: from yashoda.tri.asanuma.co.jp (yashoda.tri.asanuma.co.jp [172.16.57.11])
	by shiva.tri.asanuma.co.jp (Postfix) with ESMTP
	id 8AC125423; Mon, 30 Sep 2002 19:10:22 +0900 (JST)
Received: from kurishna.tri.asanuma.co.jp (kurishna.tri.asanuma.co.jp [172.16.57.2])
	by yashoda.tri.asanuma.co.jp (8.11.3nb1/8.11.3) with ESMTP id g8UAALW28931;
	Mon, 30 Sep 2002 19:10:21 +0900 (JST)
To: horikawa@jp.FreeBSD.org, man-jp-reviewer@jp.FreeBSD.org
References: <20020926.110716.90012290.mori@tri.asanuma.co.jp>
	<20020928.224212.92587129.horikawa@attbi.com>
Siganture-File: ~/.signature
From: Mori Kouji <mori@tri.asanuma.co.jp>
In-Reply-To: <20020928.224212.92587129.horikawa@attbi.com> (Kazuo Horikawa's message of "Sat, 28 Sep 2002 22:42:12 -0600")
Message-ID: <8065wneqk2.fsf_-_@kurishna.tri.asanuma.co.jp>
Lines: 2451
User-Agent: Nana-gnus/7.1.0.23 REMI/1.14.2 (=?ISO-2022-JP?B?GyRCJFsbKEI=?=
 =?ISO-2022-JP?B?GyRCJC8kWyQvQmdFZxsoQg==?=) Chao/1.14.1
 (=?ISO-2022-JP?B?GyRCTztDT0IiGyhC?=) APEL/10.3 Emacs/21.2 (i386--freebsd)
 MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=)
MIME-Version: 1.0 (split by REMI 1.14.2 - =?ISO-8859-4?Q?=22Hokuhoku-=D2shi?=
 =?ISO-8859-4?Q?ma=22=29?=
Content-Type: message/partial; id="Mon_Sep_30_19:10:20_2002@kurishna.tri.asanuma.co.jp"; number=1; total=3
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
Date: 30 Sep 2002 19:10:20 +0900
X-Sequence: man-jp-reviewer 4261
Subject: [man-jp-reviewer 4261] Re: ipfw.8 (orig. 1.63.2.23 -> 1.63.2.26) (1/3)
Errors-To: owner-man-jp-reviewer@jp.FreeBSD.org
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: mori@kurishna.tri.asanuma.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

Sender: mori@kurishna.tri.asanuma.co.jp
To: horikawa@jp.FreeBSD.org,man-jp-reviewer@jp.FreeBSD.org
Subject: Re: [man-jp-reviewer 4257] Re: ipfw.8 (orig. 1.63.2.23 -> 1.63.2.26)
References: <20020926.110716.90012290.mori@tri.asanuma.co.jp>
	<20020928.224212.92587129.horikawa@attbi.com>
Siganture-File: ~/.signature
MIME-Version: 1.0 (generated by REMI 1.14.2 - =?ISO-2022-JP?B?IhskQiRbGyhC?=
 =?ISO-2022-JP?B?GyRCJC8kWyQvQmdFZxsoQiI=?=)
Content-Type: multipart/mixed;
 boundary="Multipart_Mon_Sep_30_19:10:19_2002-1"
From: Mori Kouji <mori@tri.asanuma.co.jp>
Date: 30 Sep 2002 19:10:20 +0900
In-Reply-To: <20020928.224212.92587129.horikawa@attbi.com> (Kazuo Horikawa's message of "Sat, 28 Sep 2002 22:42:12 -0600")
Message-ID: <807kh3eqk3.fsf@kurishna.tri.asanuma.co.jp>
Lines: 2451
User-Agent: Nana-gnus/7.1.0.23 REMI/1.14.2 (=?ISO-2022-JP?B?GyRCJFsbKEI=?=
 =?ISO-2022-JP?B?GyRCJC8kWyQvQmdFZxsoQg==?=) Chao/1.14.1
 (=?ISO-2022-JP?B?GyRCTztDT0IiGyhC?=) APEL/10.3 Emacs/21.2 (i386--freebsd)
 MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=)

--Multipart_Mon_Sep_30_19:10:19_2002-1
Content-Type: text/plain; charset=ISO-2022-JP

$B?9$G$9!#(B

Kazuo Horikawa <horikawa@jp.FreeBSD.org> writes:

> o $B!V0l$D!W$H!V(B1 $B$D!W$,:.:_$7$F$$$^$9!#(B
>   $B!V(B2 $B$D!W!V(B4 $B$D!W$H$J$C$F$$$k$H$3$m$b$"$k$N$G!"!V(B1 $B$D!W$H$7$?J}$,NI$$$H(B
>   $B;W$$$^$9!#(B

$B8D?t$rI=$9$N$G$J$$47MQI=8=$@$H!V0l$D!W$+$J$H;W$C$?$N$G$9$,!"(B
$B$8$c!<$I$l$,47MQI=8=$G$I$l$,8D?t$N5-=R$@$m$&(B? $B$HD/$a$F$$$k$&$A$K(B
$B:.Mp$7$F$-$?$N$GA4It!V(B1 $B$D!W$GE}0l$7$^$7$?!#(B(^^;

> o $B!V$Y$->h!W$O!VN_>h!W!Vf2!W!V$Y$-!W$N$$$:$l$+$K$7$F$/$@$5$$!#(B

$B!V(B2 $B$N$Y$->h!W$r!V(B2 $B$NN_>h!W$H$7$^$7$?!#(B

$BB>$N;XE&$K$D$$$F$OKY@n$5$s$N0F$r$=$N$^$^H?1G$5$;$F$^$9!#(B

-- 
$B?9(B $B9@Fs(B	(MORI Kouji)
($B3t(B)$B^I>BAH(B $B5;=Q8&5f=j(B
E-mail: mori@tri.asanuma.co.jp


--Multipart_Mon_Sep_30_19:10:19_2002-1
Content-Type: text/plain; charset=ISO-2022-JP

--- ipfw.8.old	Mon Sep  9 09:27:02 2002
+++ ipfw.8	Mon Sep 30 14:27:03 2002
@@ -1,9 +1,14 @@
 .\"
-.\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.63.2.23 2002/05/01 21:29:59 cjc Exp %
+.\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.63.2.26 2002/08/21 18:58:24 trhodes Exp %
 .\"
 .\" $FreeBSD: doc/ja_JP.eucJP/man/man8/ipfw.8,v 1.41 2002/05/05 21:27:02 horikawa Exp $
 .\"
-.Dd May 31, 2001
+.de NOIPFW
+.br
+(\\$1 NOT IN IPFW)
+.br
+..
+.Dd August 13, 2002
 .Dt IPFW 8
 .Os
 .Sh $BL>>N(B
@@ -11,82 +16,143 @@
 .Nd IP $B%U%!%$%"%&%)!<%k$H%H%i%U%#%C%/%7%'%$%Q$N@)8f%W%m%0%i%`(B
 .Sh $B=q<0(B
 .Nm
-.Op Fl q
-.Oo
-.Fl p Ar preproc
-.Oo Fl D
-.Ar macro Ns Op = Ns Ar value
-.Oc
-.Op Fl U Ar macro
-.Oc
-.Ar pathname
+.Op Fl cq
+.Cm add
+.Ar rule
+.Nm
+.Op Fl acdeftNS
+.Brq Cm list | show
+.Op Ar number ...
 .Nm
 .Op Fl f | q
 .Cm flush
 .Nm
 .Op Fl q
-.Brq Cm zero | resetlog | delete
+.Brq Cm delete | zero | resetlog
+.Op Cm set
 .Op Ar number ...
+.Pp
 .Nm
-.Op Fl s Op Ar field
-.Op Fl adeftN
-.Brq Cm list | show
-.Op Ar number ...
+.Cm set Oo Cm disable Ar number ... Oc Op Cm enable Ar number ...
 .Nm
-.Op Fl q
-.Cm add
-.Op Ar number
-.Ar rule-body
+.Cm set move
+.Op Cm rule
+.Ar number Cm to Ar number
 .Nm
-.Cm pipe
-.Ar number
-.Cm config
-.Ar pipe-config-options
+.Cm set swap Ar number number
 .Nm
-.Cm pipe
-.Brq Cm delete | list | show
-.Op Ar number ...
+.Cm set show
+.Pp
 .Nm
-.Cm queue
+.Brq Cm pipe | queue
 .Ar number
 .Cm config
-.Ar queue-config-options
+.Ar config-options
 .Nm
-.Cm queue
+.Op Fl s Op Ar field
+.Brq Cm pipe | queue
 .Brq Cm delete | list | show
 .Op Ar number ...
+.Pp
+.Nm
+.Op Fl q
+.Oo
+.Fl p Ar preproc
+.Oo Fl D
+.Ar macro Ns Op = Ns Ar value
+.Oc
+.Op Fl U Ar macro
+.Oc
+.Ar pathname
 .Sh $B2r@b(B
 .Nm
-$B$O!"(B
+$B$H$=$N%f!<%F%#%j%F%#$O(B
 .Fx
 $B$N(B
-.Xr ipfirewall 4
-$B$H(B
+.Xr ipfw 4
+$B%U%!%$%"%&%)!<%k$H(B
 .Xr dummynet 4
 $B%H%i%U%#%C%/%7%'%$%Q$r@)8f$9$k%f!<%6%$%s%?%U%'!<%9$G$9!#(B
 .Pp
-$B%U%!%$%"%&%)!<%k@_Dj$O!"HV9fIU$1$5$l$?%k!<%k$N%j%9%H$+$i$J$j$^$9!#(B
-$B$"$k%k!<%k$K%^%C%A$7$=$l$K4XO"$9$kF0:n$,<B9T$5$l$k$^$G!"(B
-$B3FF~=PNO(B IP $B%Q%1%C%H$O%k!<%k$N%j%9%H$KBP$7>H9g$5$l$^$9!#(B
-$BF0:n$H%7%9%F%`$N@_Dj$K$h$C$F$O!"%^%C%A$7$?%k!<%k$ND>8e$G!"(B
-$B%Q%1%C%H$,%U%!%$%"%&%)!<%k$K:FCmF~$5$l!"(B
-$B99$K=hM}$,7QB3$9$k$3$H$b$"$j$^$9!#(B
-$BA4$F$N%k!<%k$,A4$F$N%$%s%?%U%'!<%9$KE,MQ$5$l$^$9$N$G!"(B
-$B%A%'%C%/$N2s?t$,:G>.$H$J$k$h$&$J%k!<%k=89g$r=q$/$N$O(B
-$B%7%9%F%`4IM}<T$N@UG$$G$9!#(B
+.Em $BCm(B:
+$B$3$N%^%K%e%"%k%Z!<%8$O(B 2002 $BG/(B 7 $B7n$KF3F~$5$l(B
+.Nm ipfw2
+$B$H$7$F$bCN$i$l$F$$$k(B
+.Nm
+$B$N?7%P!<%8%g%s$r;2>H$7$F$$$^$9!#(B
+$B$3$3$K<($9%3%^%s%I$N%j%9%H$O5lHG$N%U%!%$%"%&%)!<%k$N%9!<%Q!<%;%C%H$G$9!#(B
+$BN><T$r6hJL$9$kI,MW$,$"$k$H$-$O5lHG$r(B
+.Nm ipfw1
+$B$H8F$V$3$H$K$7$^$9!#(B
 .Pp
-$B$I$N@_Dj$b>o$K!"(B
-.Em DEFAULT
-$B%k!<%k(B ($BHV9f(B 65535) $B$r4^$_$^$9!#$3$N%k!<%k$OJQ99$G$-$:!"(B
+.Nm ipfw2
+$B$O(B
+.Fx
+CURRENT $B$NI8=`$G$9$,!"(B
+.Fx
+STABLE $B$G$O!"(B
+.Cm options IPFW2
+$B$r$D$1$F%+!<%M%k$r%3%s%Q%$%k$7!"(B
+.Cm -DIPFW2
+$B$r$D$1$F(B
+.Nm /sbin/ipfw
+$B$H(B
+.Nm /usr/lib/libalias
+$B$r:F%3%s%Q%$%k$7$F:F%$%s%9%H!<%k(B
+(
+buildworld $B$NA0$K(B
+.Cm IPFW2=TRUE
+$B$r(B
+.Nm /etc/make.conf
+$B$KDI2C$9$k$HF1MM$N7k2L$K$J$j$^$9(B
+)
+$B$7$J$$$H!":#$G$b(B
+.Nm ipf1
+$B$r;H$$$^$9!#(B
+.Pp
+.Nm ipfw1
+$B$KB8:_$7$J$$5!G=$N0lMw$O(B
+.Sx IPFW2 $B3HD%(B
+$B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
+.Pp
+.Nm
+$B$N@_Dj!"$b$7$/$O(B
+.Em $B%k!<%k%;%C%H(B
+$B$O!"(B1 $B$+$i(B 65535 $B$^$G$NHV9f$r$D$1$i$l$?(B
+.Em $B%k!<%k(B
+$B$N%j%9%H$+$i$J$j$^$9!#(B
+$B%Q%1%C%H$O(B
+$B%W%m%H%3%k%9%?%C%/$N$?$/$5$s$N0[$J$k2U=j$G(B
+.Nm
+$B$KEO$5$l$^$9(B
+($B%Q%1%C%H$NH/?.85$H08@h$K0MB8$7!"(B
+.Nm
+$B$OF1$8%Q%1%C%H$KBP$7$FJ#?t2s5/F0$5$;$i$l$k2DG=@-$,$"$j$^$9(B)$B!#(B
+$B%U%!%$%"%&%)!<%k$KEO$5$l$k%Q%1%C%H$O(B
+$B%U%!%$%"%&%)!<%k$N(B
+.Em $B%k!<%k%;%C%H(B
+$B$K=q$+$l$?3F%k!<%k$KBP$7$F>H9g$5$l$^$9!#(B
+.Pp
+$B0lCW$7$?>l9g!"0lCW$7$?%k!<%k$KBP1~$9$k%"%/%7%g%s$,<B9T$5$l$^$9!#(B
+$B%"%/%7%g%s$H<B:]$N%7%9%F%`$N@_Dj$K$h$C$F$O!"(B
+$B%^%C%A$7$?%k!<%k$N8e$N%k!<%k$G$5$i$K=hM}$r9T$&$?$a$K(B
+$B%Q%1%C%H$,%U%!%$%"%&%)!<%k$K:FCmF~$5$l$k$3$H$,$"$j$^$9!#(B
+.Pp
+.Nm
+$B%k!<%k%;%C%H$K$O>o$K(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k(B ($BHV9f(B 65535) $B$,4^$^$l$^$9!#(B
+$B$3$N%k!<%k$OJQ99$G$-$:!"(B
 $BA4%Q%1%C%H$K%^%C%A$7$^$9!#(B
-$B%G%U%)%k%H%k!<%k$K4XO"IU$1$k%k!<%k$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$K4XO"IU$1$i$l$k%"%/%7%g%s$O(B
 .Cm deny
 $B$+(B
 .Cm allow
 $B$N$I$A$i$+$K$J$j$^$9$,!"(B
 $B$3$l$O$I$N$h$&$K%+!<%M%k$r@_Dj$7$?$+$K0MB8$7$^$9!#(B
 .Pp
-$B%k!<%k=89g$,(B
+$B%k!<%k%;%C%H$,(B
 .Cm keep-state
 $B$^$?$O(B
 .Cm limit
@@ -98,80 +164,109 @@
 $B%^%C%A$7$?%Q%1%C%H$N%Q%i%a!<%?$K$A$g$&$I0lCW$9$k%k!<%k$,(B
 $BF0E*$K@8@.$5$l$^$9!#(B
 .Pp
-$B$3$l$i$NF0E*%k!<%k$N<wL?$OM-8B$G!"(B
+$B$3$l$i$NF0E*%k!<%k$N@8B8;~4V$OM-8B$G!"(B
 .Cm check-state
 $B$^$?$O(B
 .Cm keep-state
+$B$^$?$O(B
+.Cm limit
 $B%k!<%k$,:G=i$K@8$8$?>l=j$G%A%'%C%/$5$l$^$9!#(B
-$BF0E*%k!<%k$O!"9gK!E*$J%H%i%U%#%C%/$r%*%s%G%^%s%I$G(B
+$BF0E*%k!<%k$O!"@5Ev$J%H%i%U%#%C%/$r%*%s%G%^%s%I$G(B
 $B%U%!%$%"%&%)!<%k$rDL2a$5$;$k$?$a$KMQ$$$k$3$H$,IaDL$G$9!#(B
 .Nm
 $B$N%9%F!<%H%U%k$JF0:n$K$D$$$F99$K>pJs$,I,MW$J$i$P!"(B
 $B0J2<$N(B
-.Sx $B%k!<%k=q<0(B
-$B$^$?$O(B
+.Sx $B%9%F!<%H%U%k%U%!%$%"%&%)!<%k(B
+$B%;%/%7%g%s$H(B
 .Sx $B;HMQNc(B
 $B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
 .Pp
-$BF0E*%k!<%k$b4^$a$9$Y$F$N%k!<%k$O!"(B
-$B$=$l$K4XO"$9$k%+%&%s%?$r$$$/$D$+;}$C$F$$$^$9!#(B
-$B$=$l$O!"%Q%1%C%H%+%&%s%H!"%P%$%H%+%&%s%H!"%m%0%+%&%s%H!"(B
-$B:G8e$K%^%C%A$7$?;~9o$r<($9%?%$%`%9%?%s%W$G$9!#(B
+$BA4$F$N%k!<%k(B($BF0E*%k!<%k$r4^$`(B)$B$O!"(B
+$B4XO"$9$k%+%&%s%?$r$$$/$D$+;}$C$F$$$^$9(B:
+$B%Q%1%C%H%+%&%s%H!"%P%$%H%+%&%s%H!"%m%0%+%&%s%H!"(B
+$B:G8e$K%^%C%A$7$?;~9o$r<($9%?%$%`%9%?%s%W!#(B
 $B%+%&%s%?$O!"(B
 .Nm
-$B%3%^%s%I$K$h$C$F!"I=<($*$h$S%j%;%C%H2DG=$G$9!#(B
+$B%3%^%s%I$K$h$C$FI=<($9$k$3$H$,$G$-!"$^$?%j%;%C%H$9$k$3$H$,$G$-$^$9!#(B
 .Pp
 $B%k!<%k$NDI2C$O(B
 .Cm add
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B8D!9$N%k!<%k$N:o=|$O(B
+$B8DJL!"$^$?$O%0%k!<%W$G$N%k!<%k$N:o=|$O(B
 .Cm delete
 $B%3%^%s%I$K$F2DG=$G$"$j!"$9$Y$F$N%k!<%k$N:o=|$O(B
 .Cm flush
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B%k!<%k$NI=<($O!"(B
+$B%k!<%k$NI=<((B
+($B%*%W%7%g%s$G%+%&%s%?FbMF$r4^$a$k$3$H$,$G$-$^$9(B)
+$B$O!"(B
 .Cm show
 $B%3%^%s%I$*$h$S(B
 .Cm list
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B$3$l$i$K$h$j!"%*%W%7%g%s$G%+%&%s%?FbMF$b4^$a$FI=<($5$;$k$3$H$,$G$-$^$9!#(B
 $B:G8e$K!"%+%&%s%?$N%j%;%C%H$O(B
 .Cm zero
 $B%3%^%s%I$*$h$S(B
 .Cm resetlog
 $B%3%^%s%I$K$F2DG=$G$9!#(B
 .Pp
+$B$^$?!"3F%k!<%k$O(B 32 $B$N(B
+$B0[$J$k(B
+.Em $B%;%C%H(B
+$B$N(B 1 $B$D$K=jB0$7!"(B
+$B%;%C%H$KBP$9$k%"%H%_%C%/$JA`:n!"Nc$($P(B
+$BM-8z2=!&L58z2=!&%;%C%H$NF~$l49$(!&%;%C%HFb$NA4%k!<%k$rJL$N%;%C%H$X0\F0!&(B
+$B%;%C%HFb$NA4%k!<%k$N:o=|$J$I$r9T$&$?$a$N(B
+.Nm
+$B%3%^%s%I$,$"$j$^$9!#(B
+$B$3$l$i$O0l;~E*$J@_Dj$r%$%s%9%H!<%k$7$?$j@_Dj$N%F%9%H$r9T$C$?$j$9$k$H$-$K(B
+$BJXMx$G$9!#(B
+.Em $B%;%C%H(B
+$B$K4X$9$k>\:Y$O%;%/%7%g%s(B
+.Sx $B%k!<%k%;%C%H(B
+$B$r;2>H$7$F2<$5$$!#(B
+.Pp
 $B<!$N%*%W%7%g%s$,MxMQ2DG=$G$9(B:
 .Bl -tag -width indent
 .It Fl a
-$B%j%9%HCf$K%+%&%s%?CM$r<($7$^$9!#(B
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B%+%&%s%?CM$r<($7$^$9!#(B
 .Cm show
 $B%3%^%s%I$O!"$3$N%*%W%7%g%s$r0EL[E*$K;XDj$7$?$@$1$N$b$N$G$9!#(B
+.It Fl c
+$B%k!<%k$rF~NO$7$?$j;2>H$7$?$j$9$k$H$-$K!"(B
+$B%3%s%Q%/%H$J=q<0$G%k!<%k$rI=<($7$^$9!#(B
+$B$D$^$j!"%k!<%k$,2?$NDI2C>pJs$b;}$?$J$$$H$-$O!"(B
+$B%*%W%7%g%J%k$JJ8;zNs(B "ip from any to any" $B$rI=<($7$^$;$s!#(B
 .It Fl d
-$B%j%9%HCf$K!"@EE*%k!<%k$K2C$($FF0E*%k!<%k$bI=<($7$^$9!#(B
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B@EE*%k!<%k$K2C$($FF0E*%k!<%k$bI=<($7$^$9!#(B
 .It Fl e
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B$b$7(B
 .Fl d
-$B%*%W%7%g%s$b;XDj$5$l$?>l9g!"(B
-$B%j%9%HCf$K!"4|8B@Z$l$NF0E*%k!<%k$bI=<($7$^$9!#(B
+$B%*%W%7%g%s$,;XDj$5$l$F$$$l$P!"(B
+$B4|8B@Z$l$NF0E*%k!<%k$bI=<($7$^$9!#(B
 .It Fl f
 $B8m$C$F;HMQ$9$k$HLdBj$r5/$92DG=@-$N$"$k%3%^%s%I!"(B
 .No $B$9$J$o$A(B Cm flush
 $B$KBP$7$F!"<B9T$N3NG'$r9T$$$^$;$s!#(B
-.Em $BCm(B :
 $B%W%m%;%9$K4XO"IU$1$i$l$?(B tty $B$,L5$$>l9g!"$3$N%*%W%7%g%s$,(B
 $B0EL[$N$&$A$K;XDj$5$l$?$H$7$F=hM}$5$l$^$9!#(B
+.It Fl N
+$B=PNO$K4^$^$l$k%"%I%l%9$H%5!<%S%9L>$NL>A02r7h$r;n$_$^$9!#(B
 .It Fl q
 .Cm add ,
 .Cm zero ,
 .Cm resetlog ,
 .Cm flush
-$B<B9TCf!"F0:n$K$D$$$FJs9p$7$^$;$s(B
+$B$r<B9T$9$k:]!"F0:n$K$D$$$FJs9p$7$^$;$s(B
 ($B0EL[$N$&$A$K(B
 .Fl f
 $B$,;XDj$5$l$^$9(B)$B!#(B
 $B%9%/%j%W%H(B
 ($BNc$($P(B
-.Sq sh /etc/rc.firewall )
+.Ql sh\ /etc/rc.firewall )
 $B$NCf$GJ#?t$N(B
 .Nm
 $B%3%^%s%I$r<B9T$7$F%k!<%k$rJQ99$9$k>l9g$d!"(B
@@ -186,24 +281,31 @@
 $B$D$^$j!"%j%b!<%H%m%0%$%s%;%C%7%g%s7PM3$N>l9g!"%;%C%7%g%s$O%/%m!<%:$5$l!"(B
 $B;D$j$N%k!<%k%;%C%H$O=hM}$5$l$^$;$s!#(B
 $B$3$N>uBV$+$i2sI|$9$k$?$a$K$O%3%s%=!<%k$X$N%"%/%;%9$,I,MW$K$J$j$^$9!#(B
-.It Fl t
-$B%j%9%H:n@.;~$K!":G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
-.It Fl N
-$B=PNOCf$N%"%I%l%9$H%5!<%S%9L>$r2r7h$7$h$&$H$7$^$9!#(B
+.It Fl S
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B3F%k!<%k$,B0$9$k(B
+.Em $B%;%C%H(B
+$B$rI=<($7$^$9!#(B
+$B$3$N%U%i%0$,;XDj$5$l$F$$$J$1$l$P!"(B
+$BL58z2=$5$l$F$$$k%k!<%k$OI=<($5$l$^$;$s!#(B
 .It Fl s Op Ar field
-$B%Q%$%W7PM3$G%j%9%H=PNO$7$F$$$k:]$K!"(B4$B$D$N%+%&%s%?$N(B1$B$D$K$D$$$F(B
+$B%Q%$%W7PM3$G%j%9%H=PNO$7$F$$$k:]$K!"(B4 $B$D$N%+%&%s%?$N(B 1 $B$D$K$D$$$F(B
 $B@0Ns$5$;$^$9(B ($B8=:_$N%Q%1%C%H?t(B)$B!#(B
+.It Fl t
+$B%k!<%k$N%j%9%H$rI=<($9$k:]$K!"(B
+$B:G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
 .El
 .Pp
-$B@_Dj$r4JC1$K$9$k$?$a$K!"%k!<%k$r%U%!%$%k$K5-=R$7$F!"(B
-$B$3$l$r(B
+$BKAF,$N=q<0$N9T$G<($7$?$h$&$K!"(B
+$B@_Dj$r4JC1$K$9$k$?$a!"(B
+$B%k!<%k$r(B
 .Nm
-$B$N:G=i$N=q<09T$r;H$C$F=hM}$7$^$9!#(B
+$B$K=hM}$5$;$k%U%!%$%k$K5-=R$9$k$3$H$,$G$-$^$9!#(B
 .Ar pathname
 $B$K$O@dBP%Q%9L>$r;HMQ$9$kI,MW$,$"$j$^$9!#(B
 $B$3$N%U%!%$%k$+$i$O(B 1 $B9T$:$DFI$_9~$^$l!"(B
 .Nm
-$B%f!<%F%#%j%F%#$X$N0z?t$H$J$j$^$9!#(B
+$B%f!<%F%#%j%F%#$N0z?t$H$7$F<u$1IU$1$i$l$^$9!#(B
 .Pp
 .Fl p Ar preproc
 $B$r;HMQ$7$F!"(B
@@ -236,164 +338,300 @@
 .Pp
 $B8e=R$N(B
 .Sx $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
-$B$N@a$G<($9$h$&$K!"(B
+$B%;%/%7%g%s$G<($9$h$&$K!"(B
 .Nm
 .Cm pipe
+$B$*$h$S(B
+.Cm queue
 $B%3%^%s%I$r;HMQ$7$F!"%H%i%U%#%C%/%7%'%$%Q$r9=C[2DG=$G$9!#(B
+.Sh $B%Q%1%C%H%U%m!<(B
+$B%7%9%F%`%Q%i%a!<%?$N@)8f$K$h$j!"(B
+.Nm
+$B$O%W%m%H%3%k%9%?%C%/$NCf$NJ#?t$N2U=j$+$i<B9T$5$l$^$9!#(B
+$BE,@Z$J%k!<%k%;%C%H$r@_7W$9$k$K$O!"$3$N8=>]$rM}2r$9$k$3$H$,=EMW$G$9!#(B
+.Nm
+$B$,<B9T$5$l$k2U=j$O!"$=$N<B9T$r@)8f$9$k(B sysctl $BJQ?t$H$H$b$K(B
+$B0J2<$K5s$2$i$l$F$$$^$9!#(B
+.Bd -literal -offset indent
+      ^	    to upper layers   V
+      |                       |
+      +----------->-----------+
+      ^                       V
+ [ip_input]              [ip_output]   net.inet.ip.fw.enable=1
+      |                       |
+      ^                       V
+[ether_demux]    [ether_output_frame]  net.link.ether.ipfw=1
+      |                       |
+      +-->--[bdg_forward]-->--+        net.link.ether.bridge_ipfw=1
+      ^                       V
+      |      to devices       |
+.Ed
+.Pp
+$B>e?^$K<($5$l$k$h$&$K!"(B
+$BF10l$N%Q%1%C%H$,%U%!%$%"%&%)!<%k$rDL2a$9$k2s?t$O!"(B
+$B%Q%1%C%H$NH/?.85$d08@h!"%7%9%F%`$N@_Dj$K$h$j!"(B
+0 $B2s$+$i(B 4 $B2s$NHO0O$GJQF0$7$^$9!#(B
+$B$3$l$i$N3F=j$G!"$=$N%l%Y%k$KB0$9$kA4$F$N(B($B$=$7$FM#0l$N(B)$B%U%#!<%k%I$H0l=o$K!"(B
+$B%Q%1%C%H$O(B
+.Nm
+$B$KEO$5$l$^$9!#(B
+$B$D$^$j!"30$+$iF~$C$F$/$k%Q%1%C%H$O(B
+.Cm ether_demux()
+$B$+$i(B
+.Nm
+$B$,<B9T$5$l$k$H$-$K$O(B MAC $B%X%C%@$r4^$s$G$$$k$O$:$G$9$,!"(B
+$B$=$NF1$8%Q%1%C%H$,!"(B
+.Cm ip_input()
+$B$+$i(B
+.Nm
+$B$,<B9T$5$l$?$H$-$K$O(B MAC $B%X%C%@$O<h$j=|$+$l$F$$$k$O$:$G$9!#(B
+.br
+.Nm
+$B$,<B9T$5$l$?>l=j$d!"%Q%1%C%H$N%=!<%9$K4X$o$j$J$/!"(B
+$B40A4$J%k!<%k%;%C%H$,>o$K;HMQ$5$l$^$9!#(B
+$B<B9T$5$l$?2U=j$K$h$C$F$OL58z$H$J$k$h$&$J(B
+$B%^%C%A%Q%?!<%s$d%"%/%7%g%s(B
+($BNc$($P!"(B
+.Cm ip_input()
+$B$+$i(B
+.Nm
+$B$,8F$S=P$5$l$?$H$-$K(B MAC $B%X%C%@$H%^%C%A$r;n$_$k$h$&$J$b$N(B)
+$B$r%k!<%k$,4^$s$G$$$k$J$i!"$=$N%Q%?!<%s$O%^%C%A$7$J$$$3$H$K$J$j$^$9!#(B
+$B$H$O$$$(!"$=$N$h$&$J%Q%?!<%s$NA0$K(B
+.Cm not
+$B%*%Z%l!<%?$r5-=R$9$l$P!"%Q%?!<%s$O(B
+.Em $B>o$K(B
+$B$=$N$h$&$J%Q%1%C%H$K%^%C%A$9$k$3$H$K$J$j!"K>$^$7$/$J$$7k2L$H$J$k$G$7$g$&!#(B
+$B$7$?$,$C$F!"I,MW$J$i$P!"2DG=@-$N$"$k2U=j$NCf$G<1JL$9$k$h$&$K!"(B
+$BE,@Z$J%k!<%k%;%C%H$r5-=R$9$k$3$H$O%W%m%0%i%^$N@UG$$G$9!#(B
+$B$=$3$G(B
+.Cm skipto
+$B%k!<%k$,Lr$KN)$D$3$H$G$7$g$&!#(B
+$BNc$($P<!$N$h$&$K$7$^$9(B:
+.Bd -literal -offset indent
+# ether_demux $B$^$?$O(B bdg_forward $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 1000 all from any to any layer2 in
+# ip_input $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 2000 all from any to any not layer2 in
+# ip_output $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 3000 all from any to any not layer2 out
+# ether_output_frame $B$+$i$N%Q%1%C%H(B
+ipfw add 10 skipto 4000 all from any to any layer2 out
+.Ed
+.Pp
+($B$=$&$G$9!":#$N$H$3$m(B ether_demux $B$H(B bdg_forward $B$H$r(B
+$B6hJL$9$kJ}K!$O$"$j$^$;$s(B)$B!#(B
 .Sh $B%k!<%k=q<0(B
 .Nm
-$B%k!<%k%U%)!<%^%C%H$O<!$NDL$j$G$9!#(B
-.Bd -ragged
+$B$N=q<0$O<!$NDL$j$G$9(B:
+.Bd -ragged -offset indent
+.Op Ar rule_number
+.Op Cm set Ar set_number
 .Op Cm prob Ar match_probability
-.Ar action
+.br
+.Ar "   " action
 .Op Cm log Op Cm logamount Ar number
-.Ar proto
-.Cm from Ar src
-.Cm to Ar dst
-.Op Ar interface-spec
-.Op Ar options
+.Ar body
 .Ed
 .Pp
-$B3F%Q%1%C%H$r%U%#%k%?$9$k:]$K$O!"0J2<$N>pJs$K4p$E$/$3$H$,$G$-$^$9!#(B
+$B$3$3$G!"%k!<%k$N%\%G%#$O<!$N$h$&$K!"(B
+$B%Q%1%C%H$r%U%#%k%?$9$k$N$K$I$N>pJs$r;HMQ$9$k$N$+$r;XDj$7$^$9(B:
 .Pp
-.Bl -tag -width "$BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B" -offset indent -compact
-.It $BAw<u?.%$%s%?%U%'!<%9(B
-($BL>A0$^$?$O%"%I%l%9(B)
+.Bl -tag -width "Source and dest. addresses and ports" -offset XXX -compact
+.It $B%l%$%d(B 2 $B%X%C%@%U%#!<%k%I(B
+$B2DG=$J$i$P(B
+.It IPv4 $B%W%m%H%3%k(B
+TCP, UDP, ICMP $B$J$I(B
+.It $BAw?.85$*$h$S08@h$N%"%I%l%9$H%]!<%H(B
 .It $BJ}8~(B
-($BF~NO$^$?$O=PNO(B)
-.It $BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B
-($B%^%9%/;HMQ2D(B)
-.It $B%W%m%H%3%k(B
-(TCP, UDP, ICMP $BEy(B)
-.It $BAw?.85$*$h$S08@h%]!<%H(B
-($B%j%9%H!"HO0O!"%^%9%/$N$$$:$l$+(B)
-.It TCP $B%U%i%0(B
-.It IP $B%U%i%0%a%s%H%U%i%0(B
+$B%;%/%7%g%s(B
+.Sx $B%Q%1%C%H%U%m!<(B
+$B$r;2>H$7$F2<$5$$(B
+.It $BAw?.$*$h$S<u?.%$%s%?%U%'!<%9(B
+$BL>A0$^$?$O%"%I%l%9(B
+.It $B$=$NB>$N(B IP $B%X%C%@%U%#!<%k%I(B
+$B%P!<%8%g%s!"%5!<%S%9%?%$%W!"%G!<%?%0%i%`D9!"<1JL;R!"(B
+$B%U%i%0%a%s%H%U%i%0(B (0 $B$G$J$$(B IP $B%*%U%;%C%H(B)$B!"(B
+$B@8B8;~4V(B
 .It IP $B%*%W%7%g%s(B
+.It $B$=$NB>$N(B TCP $B%X%C%@%U%#!<%k%I(B
+TCP $B%U%i%0(B (SYN, FIN, ACK, RST $B$J$I(B)$B!"(B
+$B%7!<%1%s%9HV9f!"3NG'1~EzHV9f!"%&%#%s%I%&(B
+.It TCP $B%*%W%7%g%s(B
 .It ICMP $B%?%$%W(B
-.It $B%Q%1%C%H$K4XO"IU$1$i$l$?%=%1%C%H$N%f!<%6(B ID $B$H%0%k!<%W(B ID
+ICMP $B%Q%1%C%H$N>l9g(B
+.It $B%f!<%6(B/$B%0%k!<%W(B ID
+$B%Q%1%C%H$r%m!<%+%k%=%1%C%H$K4XO"$E$1$k$3$H$,2DG=$J>l9g(B
 .El
 .Pp
-$BAw?.85(B IP $B%"%I%l%9$d08@h(B TCP/UDP $B%]!<%H$K$h$k%U%#%k%?$O(B
-$B4m81$,$"$k$3$H$KCm0U$7$F$/$@$5$$!#(B
-$B$J$<$J$i!"$3$l$i$N:>>N$O4JC1$@$+$i$G$9!#(B
+$B>e5-$N>pJs!"(B
+$BNc$($P!"Aw?.85(B MAC $B%"%I%l%9$^$?$O(B IP $B%"%I%l%9$H(B TCP/UDP $B%]!<%H(B
+$B$OMF0W$K:>>N$,2DG=$G$"$k$3$H$KCm0U$7$F2<$5$$!#(B
+$B$7$?$,$C$F!"$3$l$i$N%U%#!<%k%I$N$_$G%U%#%k%?$9$k$3$H$O(B
+$BI,$:$7$bK>$^$7$$7k2L$H$O$J$j$^$;$s!#(B
 .Bl -tag -width indent
+.It Ar rule_number
+$B3F%k!<%k$O!"(B1 $B$+$i(B 65535 $B$NHO0O$N(B
+.Ar rule_number
+$B$K4XO"$E$1$i$l$F$*$j!"(B
+$B8e<T$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$N$?$a$KM=Ls$5$l$F$$$^$9!#(B
+$B%k!<%k$O%k!<%kHV9f$N=g$K%A%'%C%/$5$l$^$9!#(B
+$BJ#?t$N%k!<%k$,F10l$NHV9f$r;}$D$3$H$,2DG=$G!"(B
+$B$=$N>l9g$ODI2C$5$l$?=g=x$G%A%'%C%/$5$l$^$9(B ($BI=<($9$k>l9g$bF1MM$G$9(B) $B!#(B
+$BHV9f$N;XDj$J$7$G%k!<%k$,F~NO$5$l$?>l9g!"(B
+$B%+!<%M%k$O!"$=$N%k!<%k$,(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$h$jA0$K$"$k%k!<%k$NCf$G:G8e$K$J$k$h$&$K3d$jEv$F$^$9!#(B
+$B<+F0E*$K$D$1$i$l$k%k!<%kHV9f$O!"(B
+$B%G%U%)%k%H$r=|$$$?Cf$G:G8e$H$J$k%k!<%kHV9f$r!"(B
+sysctl $BJQ?t(B
+.Ar net.inet.ip.fw.autoinc_step
+$B$NCM$@$1A}2C$5$;$F3d$jEv$F$i$l$^$9!#(B
+$B$3$NJQ?t$N%G%U%)%k%H$O(B 100 $B$G$9!#(B
+$B$b$7!"$3$NA`:n$,(B
+($BNc$($P5v2D$5$l$?:GBg%k!<%kHV9f$r1[$($k$H$$$C$?M}M3$G(B)
+$BIT2DG=$G$"$l$P!"(B
+$B:G8e$N%G%U%)%k%H$G$J$$CM$HF1$8HV9f$,Be$o$j$K;HMQ$5$l$^$9!#(B
+.It Cm set Ar set_number
+$B3F%k!<%k$O(B 0 $B$+$i(B 31 $B$NHO0O$N(B
+.Ar set_number
+$B$K4XO"$E$1$i$l$F$*$j!"(B
+$B8e<T$O(B
+.Em $B%G%U%)%k%H(B
+$B%k!<%k$N$?$a$KM=Ls$5$l$F$$$^$9!#(B
+$B%;%C%H$O8DJL$KL58z2=$7$?$jM-8z2=$7$?$j$9$k$3$H$,$G$-$^$9!#(B
+$B$7$?$,$C$F!"$3$N%Q%i%a!<%?$O%"%H%_%C%/$J%k!<%k%;%C%HA`:n$r9T$&$?$a$K(B
+$BI,MWIT2D7g$J$b$N$G$9!#(B
+$B%k!<%k%;%C%H$rC1=c$K:o=|$9$k$3$H$b2DG=$G$9!#(B
+$B%;%C%HHV9f$r;XDj$;$:$K%k!<%k$,F~NO$5$l$?>l9g!"(B
+$B%;%C%H(B 0 $B$,;HMQ$5$l$^$9!#(B
 .It Cm prob Ar match_probability
 $B;XDj$7$?3NN((B (0 $B$+$i(B 1 $B$^$G$NIbF0>.?tE@?t$G$9(B)
-$B$G$N$_%^%C%A$,@k8@$5$l$^$9!#(B
-$B%i%s%@%`$K%Q%1%C%H$rMn$H$91~MQ$H$7$FMQ$$$k>l9g$d!"(B(
+$B$G$7$+%^%C%A$7$J$$%^%C%A$r@k8@$5$l$^$9!#(B
+$B%i%s%@%`$K%Q%1%C%H$rMn$H$9$7$?$j$9$k$h$&$J(B
+$BB?$/$N%"%W%j%1!<%7%g%s$d!"(B
+(
 .Xr dummynet 4
 $B$H6&$K;HMQ$7$F(B)
 $B%Q%1%C%HE~C#=g=x$NMp$l$r0z$-5/$3$9J#?t7PO)$N8z2L$r%7%_%e%l!<%H$9$k:]$K(B
 $BM-MQ$G$9!#(B
-.It Ar action :
+.It Cm log Op Cm logamount Ar number
+$B%Q%1%C%H$,(B
+.Cm log
+$B%-!<%o!<%I$r;}$C$?%k!<%k$K%^%C%A$7$?>l9g!"(B
+$B%a%C%;!<%8$,(B
+.Xr syslogd 8
+$B$K(B
+.Dv LOG_SECURITY
+$B%U%!%7%j%F%#$G5-O?$5$l$^$9!#(B
+sysctl $BJQ?t(B
+.Em net.inet.ip.fw.verbose
+$B$,(B 1
+($B%+!<%M%k$,(B
+.Dv IPFIREWALL_VERBOSE
+$B$G%3%s%Q%$%k$5$l$F$$$l$P$3$l$,%G%U%)%k%H$G$9(B)
+$B$K@_Dj$5$l$F$*$j!"(B
+$B$=$N%k!<%k$K$D$$$F$3$l$^$G5-O?$5$l$?%Q%1%C%H$N?t$,(B
+$B$=$N(B
+.Cm logamount
+$B%Q%i%a!<%?$r1[$($F$$$J$1$l$P!"5-O?$,9T$o$l$^$9!#(B
+.Cm logamount
+$B$,;XDj$5$l$F$$$J$1$l$P!"@)8B$O(B sysctl $BJQ?t(B
+.Em net.inet.ip.fw.verbose_limit
+$B$+$i;2>H$5$l$^$9!#(B
+$BN><T$NCM$,(B 0 $B$G$"$l$P5-O?$N@)8B$O<h$j=|$+$l$^$9!#(B
+.Pp
+$B0lEY@)8B$KC#$7$?$J$i!"(B
+$B$3$N%(%s%H%j$KBP$9$k%m%.%s%0%+%&%s%?$+%Q%1%C%H%+%&%s%?$r%/%j%"$9$l$P(B
+$B5-O?$r:F$SM-8z$K$9$k$3$H$,$G$-$^$9!#(B
+.Cm resetlog
+$B%3%^%s%I$r;2>H$7$F2<$5$$!#(B
+.Pp
+.El
+.Ss $B%k!<%k%"%/%7%g%s(B
+$B%k!<%k$O<!$K<($9%"%/%7%g%s$N(B 1 $B$D$H4XO"$E$1$k$3$H$,$G$-$^$9!#(B
+$B$3$l$O%Q%1%C%H$,%k!<%k$N%\%G%#$K%^%C%A$7$?$H$-$K<B9T$5$l$^$9!#(B
 .Bl -tag -width indent
-.It Cm allow
-$B%^%C%A$9$k%Q%1%C%H$rDL2a$5$;!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Cm pass ,
-.Cm permit ,
-.Cm accept
-$B$O$3$l$NJLL>$G$9!#(B
-.It Cm deny
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Cm drop
-$B$O(B
-.Cm deny
-$B$NJLL>$G$9!#(B
-.It Cm reject
-($B$3$N;HMQ$O?d>)$5$l$^$;$s(B)
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
-ICMP $B$N(B host unreachable $B$rAw?.$7!"(B
-$B%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm unreach Ar code
-$B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
-ICMP $B$N(B unreachable $B$K(B
-.Ar code
-$B$rIU$1$FAw?.$7$^$9!#$3$3$G!"(B
-.Ar code
-$B$O!"(B0 $B$+$i(B 256 $B$^$G$N?t;z!"$b$7$/$O!"0J2<$KNs5s$9$kJLL>$N$$$:$l$+$G$9(B:
-.Cm net , host , protocol , port ,
-.Cm needfrag , srcfail , net-unknown , host-unknown ,
-.Cm isolated , net-prohib , host-prohib , tosnet ,
-.Cm toshost , filter-prohib , host-precedence ,
-.Cm precedence-cutoff
-$B!#%^%C%A%s%0$O=*N;$7$^$9!#(B
-.It Cm reset
-TCP $B%Q%1%C%H$N$_BP>]!#(B
-$B%Q%1%C%H$rGK4~$7!"(BTCP $B$N(B reset (RST) $B$rAw?.$7!"(B
-$B%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm count
-$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$9$Y$F$N%+%&%s%?$r99?7$7!"(B
-$B0zB3$-%^%C%A%s%0$r9T$J$$$^$9!#(B
+.It Cm allow | accept | pass | permit
+$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$r<u$1IU$1$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm check-state
-$BF0E*%k!<%k=89g$KBP$7$F%Q%1%C%H$N%A%'%C%/$r9T$J$$$^$9!#(B
-$B%^%C%A$7$?>l9g!"%^%C%A%s%0$O=*N;$7$^$9!#(B
+$BF0E*%k!<%k%;%C%H$KBP$7$F%Q%1%C%H$N%A%'%C%/$r9T$J$$$^$9!#(B
+$B%^%C%A$7$?>l9g!"(B
+$B$=$NF0E*%k!<%k$r@8@.$7$?%k!<%k$K4XO"$E$1$i$l$?%"%/%7%g%s$r<B9T$7!"(B
 $B%^%C%A$7$J$+$C$?>l9g!"<!$N%k!<%k$K0\$j$^$9!#(B
+.br
 .Cm check-state
-$B%k!<%k$,8+$D$+$i$J$$$H$-$O!"F0E*%k!<%k=89g$O:G=i$N(B
+$B%k!<%k$O%\%G%#$r;}$A$^$;$s!#(B
+.Cm check-state
+$B%k!<%k$,8+$D$+$i$J$$$H$-$O!"(B
+$BF0E*%k!<%k%;%C%H$O:G=i$N(B
 .Cm keep-state
+$B%k!<%k!"$b$7$/$O(B
+.Cm limit
 $B%k!<%k$N>l=j$G%A%'%C%/$5$l$^$9!#(B
+.It Cm count
+$B%k!<%k$K%^%C%A$7$?A4$F$N%Q%1%C%H$N%+%&%s%?$r99?7$7$^$9!#(B
+$B8!:w$O<!$N%k!<%k$XB39T$7$^$9!#(B
+.It Cm deny | drop
+$B%k!<%k$K%^%C%A$7$?A4$F$N%Q%1%C%H$rGK4~$7$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm divert Ar port
-$B%^%C%A$9$k%Q%1%C%H$r(B
-.Ar port
-$B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
-.Xr divert 4
-$B%=%1%C%H$KAw$j!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Cm tee Ar port
-$B%^%C%A$9$k%Q%1%C%H$N%3%T!<$r(B
+$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$r(B
+$B%]!<%H(B
 .Ar port
-$B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
+$B$K%P%$%s%I$5$l$F$$$k(B
 .Xr divert 4
-$B%=%1%C%H$KAw$j$^$9!#(B
-$B8!:w$r=*N;$7!"85$N%Q%1%C%H$O<uM}$5$l$^$9(B
-($B$?$@$78e=R$N(B
-.Sx $B%P%0(B
-$B$r;2>H$7$F$/$@$5$$(B)$B!#(B
-.It Cm fwd Ar ipaddr Ns Op , Ns Ar port
+$B%=%1%C%H$KAw=P$7$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
+.It Cm fwd | forward Ar ipaddr Ns Op , Ns Ar port
 $B%^%C%A$7$?%Q%1%C%H$N<!$N%[%C%W$r(B
 .Ar ipaddr
-$B$KJQ99$7$^$9!#$3$l$O%I%C%HIU$-(B 4 $B$DAH$N(B IP $B%"%I%l%9$G$b%[%9%HL>$G$b$h$$$G$9!#(B
-.Ar ipaddr
-$B$,D>@\E~C#2DG=$J%"%I%l%9$G$O$J$$>l9g!"$=$N(B IP $B$KBP$7$F(B
-$B%m!<%+%k%k!<%F%#%s%0%F!<%V%k$G$_$D$+$C$?7PO)$r;HMQ$7$^$9!#(B
+$B$KJQ99$7$^$9!#(B
+$B$3$l$K$O(B4$B$D$N?t;z$r%I%C%H$G6h@Z$C$?(B IP $B%"%I%l%9(B
+$B$^$?$O%[%9%HL>$,;HMQ$G$-$^$9!#(B
+$B$3$N%k!<%k$K%^%C%A$7$?>l9g!"8!:w$O=*N;$7$^$9!#(B
+.Pp
 .Ar ipaddr
-$B$,%m!<%+%k%"%I%l%9$N>l9g!"(B
-.Cm fwd
-$B%k!<%k$K%Q%1%C%H$,%^%C%A$9$k$H!"$=$N%Q%1%C%H$r%m!<%+%k%^%7%s$N(B
+$B$,%m!<%+%k%"%I%l%9$N>l9g!"%^%C%A$7$?%Q%1%C%H$O%m!<%+%k%^%7%s$N(B
 .Ar port
-$B$KE>49$7$^$9!#(B
-$B$=$N:]!"(B
-$B%=%1%C%H$N%m!<%+%k%"%I%l%9$O!"(B
-$B%Q%1%C%H$N85!9$N08@h$N(B IP $B%"%I%l%9$N$^$^$H$7$^$9!#(B
-.Xr netstat 1
-$B%(%s%H%j$,4qL/$K8+$($k$h$&$K$J$j$^$9$,!"(B
-$B$3$l$OF)2aE*%W%m%-%7%5!<%P$N$?$a$K$"$j$^$9!#(B
-IP $B$,(B $B%m!<%+%k%"%I%l%9$G$O$J$$>l9g!"%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B)
-$BL5;k$5$l$^$9!#(B
-$B%Q%1%C%H$,%m!<%+%k$K@8@.$5$l$?$H$-$K$b!"%"%I%l%9$r%^%C%W$7$^$9!#(B
-$B8!:w$O$3$N%k!<%k$,%^%C%A$7$?$H$-$K=*N;$7$^$9!#(B
-$B%]!<%HHV9f$,M?$($i$l$J$+$C$?>l9g!"(B
-$B30It%^%7%s$N%]!<%H(B Y $B$X$N%Q%1%C%H$O(B $B%m!<%+%k%]!<%H(B Y $B$XE>Aw$5$l$k$h$&$K!"(B
-$B%Q%1%C%HCf$N%]!<%HHV9f$,;HMQ$5$l$^$9!#(B
-$B%+!<%M%k$O!"(B
-$B%*%W%7%g%s(B IPFIREWALL_FORWARD $BIU$-$G%3%s%Q%$%k$5$l$F$$$kI,MW$,$"$j$^$9!#(B
-$B%V%j%C%85!G=$O!"E>Aw$,<BAu$5$l$F$$$kItJ,$G(B
-.Fn ip_input
-$B$H(B
-.Fn ip_output
-$B$r%P%$%Q%9$9$k$3$H$G!"%m!<%+%k%7%9%F%`08$G$O$J$$%Q%1%C%H$rE>Aw$7$^$9!#(B
+($B$^$?$O!"%k!<%k$G;XDj$5$l$F$$$J$$>l9g$O$=$N%Q%1%C%H$N%]!<%HHV9f(B)
+$B$KE>Aw$5$l$^$9!#(B
+.br
+.Ar ipaddr
+$B$,%m!<%+%k%"%I%l%9$G$J$$>l9g!"(B
+$B%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B) $BL5;k$5$l!"(B
+$B%Q%1%C%H$O(B
+$B%m!<%+%k$J7PO)%F!<%V%k$KB8:_$9$k$=$N(B IP $B$KBP$9$k7PO)$r;HMQ$7$F(B
+$B%j%b!<%H%"%I%l%9$KE>Aw$5$l$^$9!#(B
+.br
+.Ar fwd
+$B%k!<%k$O%l%$%d(B 2 $B%Q%1%C%H(B
+($B$=$l$i$O(B ether_input, ether_output, bridged $B$G<u?.$5$l$^$9(B)
+$B$K$O%^%C%A$7$^$;$s!#(B
+.br
 .Cm fwd
-$BF0:n$O%Q%1%C%H$NFbMF$r$^$C$?$/JQ99$7$J$$$?$a!"(B
+$B%"%/%7%g%s$O%Q%1%C%H$NFbMF$r$^$C$?$/JQ99$7$^$;$s!#(B
+$B<B:]!"08@h%"%I%l%9$,=$@5$5$l$:$K;D$k$N$G!"(B
 $BE>Aw@h%7%9%F%`$,$=$N$h$&$J%Q%1%C%H$r<h$j9~$`%k!<%k$r;}$?$J$$8B$j!"(B
 $BEv3:%Q%1%C%H$ODL>o$=$N%7%9%F%`$,5qH]$7$^$9!#(B
+$B%m!<%+%k$GE>Aw$5$l$k%Q%1%C%H$N$?$a$K!"(B
+$B%=%1%C%H$N%m!<%+%k%"%I%l%9$O%Q%1%C%H$N85$N08@h%"%I%l%9$K@_Dj$5$l$^$9!#(B
+$B$3$N$3$H$K$h$C$F(B
+.Xr netstat 1
+$B%(%s%H%j$O$+$($C$F4qL/$J8+$(J}$K$J$j$^$9$,!"(B
+$B$3$l$OF)2a%W%m%-%7%5!<%P$G$N;HMQ$r0U?^$7$F$$$^$9!#(B
 .It Cm pipe Ar pipe_nr
 $B%Q%1%C%H$r(B
 .Xr dummynet 4
 .Dq $B%Q%$%W(B
-$B$XEO$7$^$9(B ($B%P%s%II}@)8B!"CY1dEy$N$?$a(B)$B!#(B
-$B99$J$k>pJs$K$D$$$F$O(B
+($B%P%s%II}@)8B!"CY1d$J$I$K;HMQ$5$l$^$9(B)
+$B$XEO$7$^$9!#(B
+$B>\$7$$>pJs$K$D$$$F$O(B
 .Sx $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
-$B$N@a$r;2>H$7$F$/$@$5$$!#(B
+$B%;%/%7%g%s$r;2>H$7$F$/$@$5$$!#(B
 $B8!:w$O=*N;$7$^$9!#(B
 $B$7$+$7!"%Q%$%W$+$iH4$1$?$H$-$K(B
 .Xr sysctl 8
@@ -404,133 +642,208 @@
 .It Cm queue Ar queue_nr
 $B%Q%1%C%H$r(B
 .Xr dummynet 4
-.Dq queue
-$B$XEO$7$^$9(B
-(WF2Q $B$r;H$C$?%P%s%II}@)8BMQ(B)$B!#(B
+.Dq $B%-%e!<(B
+(WF2Q $B$r;H$C$?%P%s%II}@)8B$K;HMQ$5$l$^$9(B)
+$B$XEO$7$^$9!#(B
+.It Cm reject
+($B2ACM$,Dc2<$7$F$$$^$9(B)$B!#(B
+.Cm unreach host
+$B$HF15A$G$9!#(B
+.It Cm rest
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$rGK4~$7$^$9!#(B
+$B$5$i$K!"$=$N%Q%1%C%H$,(B TCP $B%Q%1%C%H$G$"$l$P!"(B
+TCP $B%j%;%C%H(B (RST) $BDLCN$rAw=P$7$h$&$H;n$_$^$9!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .It Cm skipto Ar number
 .Ar number
 $B$h$j>.$5$JHV9f$N%k!<%k$rHt$S1[$7$F!"(B
 .Ar number
-$B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"%^%C%A%s%0$r7QB3$7$^$9!#(B
+$B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"8!:w$r7QB3$7$^$9!#(B
+.It Cm tee Ar port
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$NJ#@=$r!"(B
+$B%]!<%H(B
+.Ar port
+$B$K%P%$%s%I$5$l$?(B
+.Xr divert 4
+$B%=%1%C%H$KAw=P$7$^$9!#(B
+$B8!:w$O=*N;$7!"85$N%Q%1%C%H$O<u$1IU$1$i$l$^$9(B
+($B$?$@$7!"0J2<$N%;%/%7%g%s(B
+.Sx $B%P%0(B
+$B$r;2>H$7$F2<$5$$(B)$B!#(B
+.It Cm unreach Ar code
+$B$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$rGK4~$7!"(B
+$B%3!<%I(B
+.Ar code
+$B$N(B ICMP $BE~C#IT2DDLCN$rAw=P$7$h$&$H;n$_$^$9!#(B
+$B$3$3$G(B
+.Ar code
+$B$O(B 0 $B$+$i(B 255 $B$N?t;z!"$^$?$O<!$N%(%$%j%"%9$N$$$:$l$+$G$9(B:
+.Cm net , host , protocol , port ,
+.Cm needfrag , srcfail , net-unknown , host-unknown ,
+.Cm isolated , net-prohib , host-prohib , tosnet ,
+.Cm toshost , filter-prohib , host-precedence ,
+.Cm precedence-cutoff
+$B!#(B
+$B8!:w$O=*N;$7$^$9!#(B
 .El
-.It Cm log Op Cm logamount Ar number
-$B%+!<%M%k$,(B
-.Dv IPFIREWALL_VERBOSE
-$B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g$K!"(B
-.Cm log
-$B%-!<%o!<%I$,;XDj$5$l$F$$$k%k!<%k$H%^%C%A$7$?;~!"(B
-$B%a%C%;!<%8$r(B
-.Dv LOG_SECURITY
-$B%U%!%7%j%F%#$G(B
-.Xr syslogd 8
-$B$G%m%0$7$^$9!#(B
-.Em $BCm(B :
-$B%G%U%)%k%H$G$O!"%m%0$O(B
-.Pa /var/log/security
-$B%U%!%$%k$KDI2C$5$l$^$9(B (
-.Xr syslog.conf 5
-$B$r;2>H$7$F$/$@$5$$(B)$B!#(B
-$B%+!<%M%k$,!"(B
-.Dv IPFIREWALL_VERBOSE_LIMIT
-$B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g!"(B
-$B%G%U%)%k%H$G$O!"(B
-$B0lO"$N%k!<%k$KBP$7;XDj$5$l$?%Q%1%C%H(B
-$B?t$r<u?.$7$?8e!"%a%C%;!<%8$NI=<($rCf;_$7!"(B
-.Em net.inet.ip.fw.verbose_limit
-$B$,$=$N?t$K@_Dj$5$l$^$9!#(B
-$B$7$+$7(B
-.Cm logamount Ar number
-$B$,;HMQ$5$l$?>l9g!"(B
-.Em net.inet.ip.fw.verbose_limit
-$B$NBe$j$K$3$N(B
-.Ar number
-$B$,%G%U%)%k%H$N%m%0@)8B$K$J$j!"CM(B
-.Dq 0
-$B$r;XDj$9$k$H!"%m%.%s%0$N@)8B$O<h$j=|$+$l$^$9!#(B
-$B$3$N%(%s%H%j$KBP$9$k%m%.%s%0%+%&%s%?$^$?$O%Q%1%C%H%+%&%s%?$r(B
-$B%/%j%"$9$l$P!"%m%.%s%0$O:F$SM-8z$K$J$j$^$9!#(B
+.Ss $B%k!<%k%\%G%#(B
+$B%k!<%k$N%\%G%#$O(B 0 $B0J>e$N%Q%?!<%s(B
+($BAw?.85$H08@h%"%I%l%9$d%]!<%H$N;XDj!"(B
+$B%W%m%H%3%k%*%W%7%g%s!"<u?.$^$?$OAw?.%$%s%?%U%'!<%9$N;XDj$J$I(B)
+$B$+$i@.$j$^$9!#(B
+$B%Q%1%C%H$O2r<a$5$l$k=g$K%^%C%A$7$J$1$l$P$J$j$^$;$s!#(B
+$BDL>o!"%Q%?!<%s$O(B ($B0EL[E*$K(B)
+.Cm and
+$B%*%Z%l!<%?$G@\B3$5$l$^$9(B -- $B$D$^$j!"%k!<%k$,%^%C%A$9$k$?$a$K$O(B
+$BA4$F$,%^%C%A$7$J$1$l$P$J$j$^$;$s!#(B
+$B8D!9$N%Q%?!<%s$K$O!"%^%C%A$N7k2L$rH?E>$5$;$k$?$a$K(B
+.Cm not
+$B%*%Z%l!<%?$rA0CV$9$k$3$H$,$G$-$^$9!#(B
+$B$3$l$O<!$N$h$&$K$J$j$^$9!#(B
 .Pp
-$B%3%s%=!<%k%m%0$H%G%U%)%k%H%m%0@)8B?t$O!"(B
-.Xr sysctl 8
-$B$rDL$8$F(B MIB $B%Y!<%9(B
-.Dv net.inet.ip.fw
-$B$K$FF0E*$K@_Dj$G$-$^$9!#(B
-.It Ar proto
-$BL>A0$^$?$O?tCM$G;XDj$9$k(B IP $B%W%m%H%3%k(B ($B>\:Y$O(B
-.Pa /etc/protocols
-$B$N%j%9%H$r;2>H$N$3$H(B)$B!#(B
-.Cm ip
-$B$^$?$O(B
-.Cm all
-$B$N%-!<%o!<%I$r;HMQ$9$k$H!"$9$Y$F$N%W%m%H%3%k$,%^%C%A$7$^$9!#(B
-.It Ar src No $B$H(B Ar dst :
-.Cm any | me | Op Cm not
-.Aq Ar address Ns / Ns Ar mask
-.Op Ar ports
+.Dl "ipfw add 100 allow ip from not 1.2.3.4 to any"
 .Pp
-.Cm any
-$B$r;XDj$9$k$H!"%k!<%k$O$9$Y$F$N(B IP $BHV9f$H%^%C%A$7$^$9!#(B
+$B$5$i$K!"(B
+$B<!$N$h$&$K(B
+.Cm or
+$B%*%Z%l!<%?$r;HMQ$7!"(B
+$B4]3g8L(B () $B$d(B $B%V%l!<%9(B {} $B$G3g$i$l$?FbIt$K%Q%?!<%s$rNs5s$9$k$3$H$G!"(B
+$B?7$7$$%^%C%A%Q%?!<%s$N%;%C%H(B (
+.Em $BO@M}OB%V%m%C%/(B
+) $B$r9=C[$9$k$3$H$,$G$-$^$9(B:
 .Pp
-.Cm me
-$B$r;XDj$9$k$H!"%k!<%k$O%7%9%F%`>e$G9=@.$5$l$?$9$Y$F$N(B IP $BHV9f$H%^%C%A$7$^$9!#(B
+.Dl "ipfw add 100 allow ip from { x or not y or z } to any"
 .Pp
-.Aq Ar address Ns / Ns Ar mask
-$B$O0J2<$N$h$&$K;XDj$G$-$^$9!#(B
-.Bl -tag -width "ipno/bits"
-.It Ar ipno
-IP $BHV9f$r(B 1.2.3.4 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$N(B IP $BHV9f$K$N$_%^%C%A$7$^$9!#(B
-.It Ar ipno Ns / Ns Ar bits
-IP $BHV9f$H%M%C%H%^%9%/$NI}$r(B 1.2.3.4/24 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$NNc$N>l9g$O(B 1.2.3.0 $B$+$i(B 1.2.3.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
-.It Ar ipno Ns : Ns Ar mask
-IP $BHV9f$H%M%C%H%^%9%/$r(B 1.2.3.4:255.255.240.0 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$N>l9g$O(B 1.2.0.0 $B$+$i(B 1.2.15.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
-.El
+$B3g8L$N%l%Y%k$O(B 1 $B$D$N$_$,2DG=$G$9!#(B
+$B$[$H$s$I$N%7%'%k$,4]3g8L$d%V%l!<%9$KFCJL$J0UL#$r;}$?$;$F$$$k$3$H$K(B
+$BCm0U$7$F2<$5$$!#(B
+$B$7$?$,$C$F!"$=$N$h$&$J2r<a$,5/$3$i$J$$$h$&$K%P%C%/%9%i%C%7%e(B \\ $B$r(B
+$B$=$NA0$KCV$/$3$H$r4+$a$^$9!#(B
