From owner-man-jp-reviewer@jp.FreeBSD.org Mon Sep 30 19:10:35 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8UAAZD41152;
	Mon, 30 Sep 2002 19:10:35 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from shiva.tri.asanuma.co.jp (shiva.tri.asanuma.co.jp [210.160.188.2])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g8UAAS341142;
	Mon, 30 Sep 2002 19:10:29 +0900 (JST)
	(envelope-from mori@tri.asanuma.co.jp)
Received: from yashoda.tri.asanuma.co.jp (yashoda.tri.asanuma.co.jp [172.16.57.11])
	by shiva.tri.asanuma.co.jp (Postfix) with ESMTP
	id 0221E545D; Mon, 30 Sep 2002 19:10:27 +0900 (JST)
Received: from kurishna.tri.asanuma.co.jp (kurishna.tri.asanuma.co.jp [172.16.57.2])
	by yashoda.tri.asanuma.co.jp (8.11.3nb1/8.11.3) with ESMTP id g8UAAPW28937;
	Mon, 30 Sep 2002 19:10:26 +0900 (JST)
To: horikawa@jp.FreeBSD.org, man-jp-reviewer@jp.FreeBSD.org
References: <20020926.110716.90012290.mori@tri.asanuma.co.jp>
	<20020928.224212.92587129.horikawa@attbi.com>
Siganture-File: ~/.signature
From: Mori Kouji <mori@tri.asanuma.co.jp>
In-Reply-To: <20020928.224212.92587129.horikawa@attbi.com> (Kazuo Horikawa's message of "Sat, 28 Sep 2002 22:42:12 -0600")
Message-ID: <807kh3eqk3.fsf@kurishna.tri.asanuma.co.jp>
Lines: 2451
User-Agent: Nana-gnus/7.1.0.23 REMI/1.14.2 (=?ISO-2022-JP?B?GyRCJFsbKEI=?=
 =?ISO-2022-JP?B?GyRCJC8kWyQvQmdFZxsoQg==?=) Chao/1.14.1
 (=?ISO-2022-JP?B?GyRCTztDT0IiGyhC?=) APEL/10.3 Emacs/21.2 (i386--freebsd)
 MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=)
MIME-Version: 1.0 (split by REMI 1.14.2 - =?ISO-8859-4?Q?=22Hokuhoku-=D2shi?=
 =?ISO-8859-4?Q?ma=22=29?=
Content-Type: message/partial; id="Mon_Sep_30_19:10:20_2002@kurishna.tri.asanuma.co.jp"; number=3; total=3
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
Date: 30 Sep 2002 19:10:20 +0900
X-Sequence: man-jp-reviewer 4262
Subject: [man-jp-reviewer 4262] Re: ipfw.8 (orig. 1.63.2.23 -> 1.63.2.26) (3/3)
Errors-To: owner-man-jp-reviewer@jp.FreeBSD.org
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: mori@kurishna.tri.asanuma.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

-RED $B%-%e!<4IM}%"%k%4%j%:%`$r;HMQ$7$^$9!#(B
+RED (Random Early Detection) $B%-%e!<4IM}%"%k%4%j%:%`$r;HMQ$7$^$9!#(B
 .Ar w_q
 $B$H(B
 .Ar max_p
@@ -991,7 +1548,8 @@
 $B$H$9$k$N$ONI$/$"$j$^$;$s!#(B
 .It
 $B%7%9%F%`%;%-%e%j%F%#%l%Y%k$,(B 3 $B0J>e$K@_Dj$5$l$F$$$k>l9g!"(B
-IP $B%U%#%k%?%j%9%H$rJQ99$G$-$^$;$s(B ($B%7%9%F%`%;%-%e%j%F%#%l%Y%k$K$D$$$F$O(B
+.Nm
+$B%U%#%k%?%j%9%H$rJQ99$G$-$^$;$s(B ($B%7%9%F%`%;%-%e%j%F%#%l%Y%k$K$D$$$F$O(B
 .Xr init 8
 $B$r;2>H$7$F$/$@$5$$(B)$B!#(B
 .El
@@ -1006,42 +1564,61 @@
 $B%3%s%Q%$%k$5$l$F$$$J$$>l9g!"(B
 $B%Q%1%C%H$OGK4~$5$l$^$9!#(B
 .Sh SYSCTL $BJQ?t(B
-$B%U%!%$%"%&%)!<%k$NF0:n$r@)8f$9$k(B
 .Xr sysctl 8
-$BJQ?t$N=89g$,$"$j$^$9!#(B
+$BJQ?t$N=89g$O!"%U%!%$%"%&%)!<%k$H(B
+$B4XO"$9$k%b%8%e!<%k(B (
+.Nm dummynet, bridge
+) $B$NF0:n$r@)8f$7$^$9!#(B
 $B%G%U%)%k%HCM(B ($B$I$NCM$,<B:]$K;HMQ$5$l$k$+$O(B
 .Nm sysctl
 $B$G3NG'$7$F$/$@$5$$(B) $B$H0UL#$H6&$K!"$3$l$i$r0J2<$KNs5s$7$^$9!#(B
 .Bl -tag -width indent
+.It Em net.inet.ip.dummynet.expire : No 1
+$BL$7hDj$N%H%i%U%#%C%/$,0lEY$b$J$+$C$?F0E*%Q%$%W(B/$B%-%e!<$rBUBF$K:o=|$7$^$9!#(B
+$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$3$H$G$3$NF0:n$rL58z$K$9$k$3$H$,$G$-$^$9!#(B
+$B$3$N>l9g!"%Q%$%W(B/$B%-%e!<$OogCM$KC#$7$?>l9g$K$N$_:o=|$5$l$k$3$H$K$J$j$^$9!#(B
+.It Em net.inet.ip.dummynet.hash_size : No 64
+$BF0E*%Q%$%W(B/$B%-%e!<$K;HMQ$5$l$k%O%C%7%eI=$N%G%U%)%k%H$NBg$-$5$G$9!#(B
+$B$3$NCM$O%Q%$%W(B/$B%-%e!<$r@_Dj$9$k$H$-$K(B
+.Cm buckets
+$B%*%W%7%g%s$,(B 1 $B$D$b;XDj$5$l$J$+$C$?>l9g$K;HMQ$5$l$^$9!#(B
+.It Em net.inet.ip.dummynet.max_chain_len : No 16
+$B%O%C%7%e%P%1%C%H(B (hash bucket) $BFb$N%Q%$%W(B/$B%-%e!<$N:GBg8D?t$NCM$G$9!#(B
+.Cm net.inet.ip.dummynet.expire=0
+$B$G$"$C$F$b!"@Q(B
+.Cm max_chain_len*hash_size
+$B$,6u$N%Q%$%W(B/$B%-%e!<$,4|8B@Z$l$K$J$C$?$H$9$kogCM$r7hDj$9$k$N$K;HMQ$5$l$^$9!#(B
+.It net.inet.ip.dummynet.red_lookup_depth : No 256
+.It net.inet.ip.dummynet.red_avg_pkt_size : No 512
+.It net.inet.ip.dummynet.red_max_pkt_size : No 1500
+RED $B%"%k%4%j%:%`$r;H$C$FMn$93NN($r7W;;$9$k$N$K;HMQ$5$l$k%Q%i%a!<%?$G$9!#(B
+.It Em net.inet.ip.fw.autoinc_step : No 100
+$B%k!<%kHV9f$r<+F0@8@.$9$k:]$N%k!<%kHV9f4V$N:9J,$G$9!#(B
+$B$3$NCM$O(B 1 $B$+$i(B 100 $B$NHO0O$G$J$1$l$P$J$j$^$;$s!#(B
+.It Em net.inet.ip.fw.curr_dyn_buckets : Em net.inet.ip.fw.dyn_buckets
+$BF0E*%k!<%k$N%O%C%7%eI=Fb$N8=:_$N%P%1%C%H$N8D?t$G$9(B ($BFI$_=P$7$N$_(B)$B!#(B
 .It Em net.inet.ip.fw.debug : No 1
 .Nm
 $B$,@8@.$9$k%G%P%C%0%a%C%;!<%8$r@)8f$7$^$9!#(B
-.It Em net.inet.ip.fw.one_pass : No 1
-$B%;%C%H$5$l$k$H!"(B
-.Xr dummynet 4
-$B%Q%$%W$+$i=P$FMh$?%Q%1%C%H$O!"$U$?$?$S%U%!%$%"%&%)!<%k$rDL$5$J$$$h$&$K$7$^$9!#(B
-$B%;%C%H$5$l$J$$>l9g!"(Bpipe $B=hM}$N$"$H!"(B
-$B%Q%1%C%H$O:F$S%U%!%$%"%&%)!<%k$KA^F~$5$l!"<!$N%k!<%k$+$i:F3+$5$l$^$9!#(B
-.It Em net.inet.ip.fw.verbose : No 1
-$B>iD9$J%a%C%;!<%8$r=PNO$9$k$h$&$K$7$^$9!#(B
-.It Em net.inet.ip.fw.enable : No 1
-$B%U%!%$%"%&%)!<%k$rF0:n2DG=$K$7$^$9!#(B
-$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$H!"%U%!%$%"%&%)!<%k$r%3%s%Q%$%k$7$F(B
-$B;E9~$s$G$$$F$b%U%!%$%"%&%)!<%k$J$7$GF0:n$7$^$9!#(B
-.It Em net.inet.ip.fw.verbose_limit : No 0
-$B>iD9$J%U%!%$%"%&%)!<%k$,@8@.$9$k%a%C%;!<%8$N?t$r@)8B$7$^$9!#(B
 .It Em net.inet.ip.fw.dyn_buckets : No 256
-.It Em net.inet.ip.fw.curr_dyn_buckets : No 256
-$BF0E*%k!<%k$rJ];}$9$k$?$a$K;HMQ$9$k%O%C%7%eI=$N@_Dj%5%$%:$H(B
-$B8=:_$N%5%$%:$G$9!#$3$NCM$O(B 2 $B$N$Y$->h$K$9$kI,MW$,$"$j$^$9!#(B
-$B%O%C%7%eI=$N%5%$%:$NJQ99$O!"I=$,6u$N>l9g$N$_9T$J$o$l$^$9!#(B
-$B$7$?$,$C$F!"<B9TCf$KI=$N%5%$%:$rJQ99$9$k$?$a$K$O!"(B
+$BF0E*%k!<%k$G;HMQ$5$l$k%O%C%7%eI=$K4^$^$l$k%P%1%C%H$N8D?t$G$9!#(B
+2 $B$NN_>h$G$J$1$l$P$J$i$:!">e8B$O(B 65536 $B$G$9!#(B
+$BA4$F$NF0E*%k!<%k$,4|8B@Z$l$H$J$C$?$H$-$K$N$_8z2L$,8=$l$k$N$G!"(B
+$B3N<B$K%O%C%7%eI=$N%5%$%:$,JQ99$5$l$k$h$&$K$9$k$K$O(B
 .Cm flush
-$B$7$F%k!<%k=89g$r:F%m!<%I$9$kI,MW$,$"$k$G$7$g$&!#(B
+$B%3%^%s%I$r;HMQ$9$k$Y$-$G$7$g$&!#(B
 .It Em net.inet.ip.fw.dyn_count : No 3
 $B8=:_$NF0E*%k!<%k$N?t$G$9(B
 ($BFI$_9~$_@lMQ(B)$B!#(B
-.It Em net.inet.ip.fw.dyn_max : No 1000
+.It Em net.inet.ip.fw.dyn_keepalive : No 1
+TCP $B%;%C%7%g%s$K$*$$$F(B
+.Cm keep-state
+$B%k!<%k$N$?$a$N%-!<%W%"%i%$%V%Q%1%C%H$r@8@.$9$k$h$&$K$7$^$9!#(B
+$B%-!<%W%"%i%$%V%Q%1%C%H$O(B
+$B%k!<%k$N@8B8;~4V$,;D$j(B 20 $BIC$H$J$C$?$H$-$K(B
+$B@\B3$NN>C<$K8~$1$F(B 5 $BICKh$K(B
+$B@8@.$5$l$^$9!#(B
+.It Em net.inet.ip.fw.dyn_max : No 8192
 $BF0E*%k!<%k$N:GBgCM$G$9!#$3$N8B3&$K$$$-$D$/$H!"(B
 $B8E$$%k!<%k$,L58z$K$J$k$^$G$O!"$=$l0J>e!"F0E*%k!<%k$r(B
 $BAH$_9~$`$3$H$O$G$-$^$;$s!#(B
@@ -1051,12 +1628,178 @@
 .It Em net.inet.ip.fw.dyn_rst_lifetime : No 1
 .It Em net.inet.ip.fw.dyn_udp_lifetime : No 5
 .It Em net.inet.ip.fw.dyn_short_lifetime : No 30
-$B$3$l$i$NCM$O!"F0E*%k!<%k$N@8B84|4V$rICC10L$G%3%s%H%m!<%k$7$^$9!#(B
-$B:G=i$N(B SYN $B8r49$N:]$K!"@8B84|4V$,(B short $B$K$J$j!"(B
-SYN $B$rN>J}$H$b8+$?8e$KA}$d$5$l!":G8e$N(B FIN $B8r49$N4V!"(B
-$B$^$?$O(B RST $B$,@8$8$k:]$K:F$S8:$i$5$l$^$9!#(B
+$B$3$l$i$NCM$O!"F0E*%k!<%k$N@8B8;~4V$rICC10L$G%3%s%H%m!<%k$7$^$9!#(B
+$B:G=i$N(B SYN $B8r49$N:]$K$O@8B8;~4V$,C;4|(B (short) $B$K$J$j!"(B
+$B$=$N8e8_$$$N(B SYN $B$,8!=P$5$l$?8e$OA}2C$5$;$i$l!"(B
+$B:G8e$N(B FIN $B8r49$N4V!"(B
+$B$^$?$O(B RST $B$r<u?.$7$?:]$K:F$S8:$i$5$l$^$9!#(B
+.Em dyn_fin_lifetime
+$B$*$h$S(B
+.Em dyn_rst_lifetime
+$B$O87L)$K(B 5 $BIC(B ($B%-!<%W%"%i%$%V$r7+$jJV$9<~4|(B) $B$h$jC;$/$J$1$l$P$J$j$^$;$s!#(B
+$B%U%!%$%"%&%)!<%k$G$O$3$l$,6/@)$5$l$^$9!#(B
+.It Em net.inet.ip.fw.enable : No 1
+$B%U%!%$%"%&%)!<%k$rM-8z$K$7$^$9!#(B
+$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$H!"(B
+$B%^%7%s$,%3%s%Q%$%k;~$KM-8z$N@_Dj$,$5$l$F$$$k>l9g$G$"$C$F$b!"(B
+$B%U%!%$%"%&%)!<%k$,$J$$>uBV$G<B9T$5$l$^$9!#(B
+.It Em net.inet.ip.fw.one_pass : No 1
+$B@_Dj$5$l$F$$$k>l9g!"(B
+.Xr dummynet 4
+$B%Q%$%W$+$i=P$F$/$k%Q%1%C%H$O(B
+$B:FEY%U%!%$%"%&%)!<%k$rDL2a$9$k$3$H$O$"$j$^$;$s!#(B
+$B$=$&$G$J$$>l9g!"(B
+$B%Q%$%W%"%/%7%g%s$N8e!"(B
+$B%Q%1%C%H$O<!$N%k!<%k$G%U%!%$%"%&%)!<%k$K:FCmF~$5$l$^$9!#(B
+.Pp
+$BCm(B: $B%Q%$%W$+$i@8$8$k%V%j%C%8$5$l$?%Q%1%C%H$d%l%$%d(B 2 $B%Q%1%C%H$O!"(B
+$B$3$NJQ?t$NCM$K4X$o$i$:!"%U%!%$%"%&%)!<%k$K7h$7$F:FCmF~$5$l$^$;$s!#(B
+.It Em net.inet.ip.fw.verbose : No 1
+$B>iD9%a%C%;!<%8$rM-8z$K$7$^$9!#(B
+.It Em net.inet.ip.fw.verbose_limit : No 0
+$B>iD9=PNO$r9T$&$h$&$K@_Dj$5$l$?%U%!%$%"%&%)!<%k$,(B
+$B@8@.$9$k%a%C%;!<%8?t$r@)8B$7$^$9!#(B
+.It Em net.link.ether.ipfw : No 0
+.Nm
+$B$,%l%$%d(B 2 $B%Q%1%C%H$rDL$9$+$I$&$+$r@)8f$7$^$9!#(B
+$B%G%U%)%k%H$O(B no $B$G$9!#(B
+.It Em net.link.ether.bridge_ipfw : No 0
+.Nm
+$B$,%V%j%C%8$5$l$?%Q%1%C%H$rDL$9$+$I$&$+$r@)8f$7$^$9!#(B
+$B%G%U%)%k%H$O(B no $B$G$9!#(B
+.El
+.Sh IPFW2 $B3HD%(B
+$B$3$N%;%/%7%g%s$G$O(B
+.Nm ipfw2
+$B$GF3F~$5$l!"(B
+.Nm ipfw1
+$B$K$OL5$$5!G=$N0lMw$r<($7$^$9!#(B
+$B$3$3$G$O%k!<%k%;%C%H$r5-=R$9$k:]$K1F6A$,Bg$-$$$H;W$o$l$k=g$K<($7$^$9!#(B
+$B$h$j8z2LE*$J$d$jJ}$G%k!<%k%;%C%H$r5-=R$9$k$?$a$K(B
+$B$3$l$i$N5!G=$r;HMQ$7$?$$$H;W$&$+$b$7$l$^$;$s!#(B
+.Bl -tag -width indent
+.It $BHs(B IPv4 $B$N%Q%1%C%H$N<h$j07$$(B
+.Nm ipfw1
+$B$OA4$F$NHs(B IPv4 $B%Q%1%C%H$rL[$C$F<u$1IU$1$^$9(B (
+.Nm ipfw1
+$B$O(B
+.Em net.link.ether.bridge_ipfw=1 Ns
+$B$N>l9g$K$N$_;2>H$7$^$9(B)$B!#(B
+.Nm ipfw2
+$B$O(B
+$BA4$F$N%Q%1%C%H(B ($BHs(B IPv4 $B%Q%1%C%H$r4^$`(B) $B$r(B
+$B%k!<%k%;%C%H$K$7$?$,$C$F%U%#%k%?$7$^$9!#(B
+.Nm ipfw1
+$B$HF1$8$h$&$JF0:n$r$5$;$?$$>l9g$O(B
+$B%k!<%k%;%C%H$N@hF,$G<!$N$h$&$K$7$^$9(B:
+.Pp
+.Dl "ipfw add 1 allow layer2 not mac-type ip"
+.Pp
+.Cm layer2
+$B%*%W%7%g%s$O>iD9$G$"$k$h$&$K8+$($^$9$,!"I,MW$G$9(B --
+$B%l%$%d(B 3 $B$+$i%U%!%$%"%&%)!<%k$rDL$k%Q%1%C%H$O(B MAC $B%X%C%@$rBT$?$J$$$N$G!"(B
+.Cm mac-type ip
+$B%Q%?!<%s$O%l%$%d(B3$B$N%Q%1%C%H$KBP$7$F>o$K<:GT$7$^$9!#(B
+$B$D$^$j!"(B
+.Cm not
+$B%*%Z%l!<%?$r$*$/$HA4$F$rDL2a$5$;$k%k!<%k$K$J$C$F$7$^$$$^$9!#(B
+.It $B%"%I%l%9%;%C%H(B
+.Nm ipfw1
+$B$O%"%I%l%9%;%C%H(B (
+.Ar addr/masklen{num,num,...}
+$B$H$$$&7A<0$N$b$N(B)
+$B$r%5%]!<%H$7$F$$$^$;$s!#(B
+.Pp
+.Nm ipfw1
+$B$H(B
+.Nm ipfw2
+$B$K$O!"(B
+.Ar ipno:mask
+$B$N$h$&$J%"%I%l%9;XDj$G!"(B
+$BO"B3$9$k%S%C%HNs$NBe$o$j$KG$0U$N%S%C%H%^%9%/$r%^%9%/$K;XDj$9$k$3$H$,(B
+$B$G$-$k$H$$$&>.$5$J0c$$$,$"$j$^$9!#(B
+.Nm ipfw2
+$B$O$b$O$d$3$NJ8K!$r%5%]!<%H$7$F$$$^$;$s$,!"(B
+$B%+!<%M%k$NB&$G%5%]!<%H$5$l$F$$$k$N$G(B
+$B:3:Y$J$3$H$G$9$,:F$SF3F~$7$F$$$^$9!#(B
+.It $B%]!<%H$N;XDj(B
+.Nm ipfw1
+$B$G$O(B TCP $B$H(B UDP $B$N%]!<%H$r;XDj$9$k:]$K(B
+$B;XDj$G$-$k%]!<%HHO0O$O(B 1 $B$D$@$1$G$7$?!#(B
+$B$^$?!"(B
+.Nm ipfw2
+$B$G2DG=$J(B 15 $B%(%s%H%j$KBP$7$F(B 10 $B%(%s%H%j$K@)8B$5$l$F$$$^$7$?!#(B
+$B$^$?!"(B
+.Nm ipfw1
+$B$G$O(B
+.Cm tcp
+$B$^$?$O(B
+.Cm udp
+$B%Q%1%C%H$rMW5a$9$k%k!<%k$N>l9g$K8B$C$F(B
+$B%]!<%H$r;XDj$9$k$3$H$,2DG=$G$9!#(B
+.Nm ipfw2
+$B$G$OA4$F$N%Q%1%C%H$K%^%C%A$5$;$k%k!<%k$G%]!<%H$N;XDj$r9T$&$3$H$,2DG=$G!"(B
+$B%^%C%A$O%]!<%H<1JL;R$r4^$s$@%W%m%H%3%k$r1?$V%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
+.Pp
+$B:G8e$K!"(B
+.Nm ipfw1
+$B$G$O(B
+$B:G=i$N%]!<%H%(%s%H%j$r(B
+.Ar port:mask
+$B$H;XDj$9$k$3$H$,$G$-$^$9!#(B
+$B$3$3$G(B
+.Ar mask
+$B$OG$0U$N(B 16 $B%S%C%H%^%9%/$,;HMQ2DG=$G$9!#(B
+$B$3$NJ8K!$,M-MQ$G$"$k$+$I$&$+$O5?Ld$J$N$G(B
+.Nm ipfw2
+$B$G$O$b$O$d%5%]!<%H$5$l$F$$$^$;$s!#(B
+.It $BO@M}OB%V%m%C%/(B
+.Nm ipfw1
+$B$OO@M}OB%V%m%C%/$r%5%]!<%H$7$F$$$^$;$s!#(B
+.It $B%-!<%W%"%i%$%V(B
+.Nm ipfw1
+$B$O>uBV0MB8%;%C%7%g%s$N$?$a$N%-!<%W%"%i%$%V$r@8@.$7$^$;$s!#(B
+$B7k2L$H$7$F!"(B
+$B5Y;_>uBV$N%;%C%7%g%s$O(B
+$BF0E*%k!<%k$N@8B8;~4V$,4|8B@Z$l$H$J$k$?$a$K(B
+$BMn$5$l$k$3$H$,$"$j$^$9!#(B
+.It $B%k!<%k%;%C%H(B
+.Nm ipfw1
+$B$O%k!<%k%;%C%H$r<BAu$7$F$$$^$;$s!#(B
+.It MAC $B%X%C%@$K$h$k%U%#%k%?$H%l%$%d(B 2 $B$N%U%!%$%"%&%)!<%k(B
+.Nm ipfw1
+$B$O(B MAC $B%X%C%@%U%#!<%k%I$K$h$k%U%#%k%?$r<BAu$7$F$$$^$;$s$7!"(B
+.Cm ether_demux()
+$B$H(B
+.Cm ether_output_frame()
+$B$+$i$N%Q%1%C%H$K$h$C$F$b5/F0$7$^$;$s!#(B
+sysctl $BJQ?t(B
+.Em net.link.ether.ipfw
+$B$O$3$3$G$O2?$N8z2L$b$"$j$^$;$s!#(B
+.It $B%*%W%7%g%s(B
+$B<!$N%*%W%7%g%s$O(B
+.Nm ipfw1
+$B$G$O%5%]!<%H$5$l$F$$$^$;$s!#(B
+.Pp
+.Cm dst-ip, dst-port, layer2, mac, mac-type, src-ip, src-port
+.Pp
+$B$5$i$K!"<!$N%*%W%7%g%s$O(B
+.Nm ipfw1
+(RELENG_4)
+$B$N%k!<%k$G$O%5%]!<%H$5$l$F$$$^$;$s(B:
+.Cm ipid, iplen, ipprecedence, iptos, ipttl,
+.Cm ipversion, tcpack, tcpseq, tcpwin
+.It dummynet $B%*%W%7%g%s(B
+.Nm dummynet
+$B%Q%$%W(B/$B%-%e!<MQ$N<!$N%*%W%7%g%s$O%5%]!<%H$5$l$F$$$^$;$s(B:
+.Cm noerror
 .El
 .Sh $B;HMQNc(B
+.Nm
+$B$O$"$^$j$K$bB?$/$N;HMQJ}K!$,$"$k$N$G(B
+$B$3$N%;%/%7%g%s$G$O;HMQNc$N0lIt$r<($9$N$_$K$7$F$*$-$^$9!#(B
+.Pp
+.Ss $B4pK\E*$J%Q%1%C%H%U%#%k%?%j%s%0(B
 $B<!$N%3%^%s%I$O(B
 .Em cracker.evil.org
 $B$+$i(B
@@ -1087,6 +1830,26 @@
 .Cm deny
 $B%k!<%k$K$h$j5Q2<$5$l$^$9!#(B
 .Pp
+$B$b$7!"(B1 $B$D0J>e$N%5%V%M%C%H$N4IM}<T$J$i!"(B
+$B0J2<$N$h$&$K!"(B
+$B%"%I%l%9%;%C%H$HO@M}OB%V%m%C%/$r;XDj$7$F(B
+$B%/%i%$%"%s%H$N%V%m%C%/$K%5!<%S%9$rA*BrE*$KMxMQ2DG=$K$9$k(B
+$B6K$a$F%3%s%Q%/%H$J%k!<%k%;%C%H$r5-=R$9$k$H$$$&(B
+.Nm ipfw2
+$B$NJ8K!$NMxE@$r:NMQ$9$k$3$H$,$G$-$^$9!#(B
+.Pp
+.Dl "goodguys=\*q{ 10.1.2.0/24{20,35,66,18} or 10.2.3.0/28{6,3,11} }\*q"
+.Dl "badguys=\*q10.1.2.0/24{8,38,60}\*q"
+.Dl ""
+.Dl "ipfw add allow ip from ${goodguys} to any"
+.Dl "ipfw add deny ip from ${badguys} to any"
+.Dl "... normal policies ..."
+.Pp
+.Nm ipfw1
+$B$NJ8K!$G$O!"(B
+$B>e$NNc$G$O3F(B IP $B$KJL!9$N%k!<%k$rMQ0U$9$kI,MW$,$"$j$^$9!#(B
+.Pp
+.Ss $BF0E*%k!<%k(B
 $B$K$;$N(B TCP $B%Q%1%C%H$r4^$`E\Es$N967b(B (flood attack) $B$+$i(B
 $B%5%$%H$rJ]8n$9$k$?$a$K$O!"<!$NF0E*%k!<%k$rMQ$$$?J}$,0BA4$G$9!#(B
 .Pp
@@ -1143,6 +1906,7 @@
 .Pp
 .Dl ipfw divert 5000 ip from 192.168.2.0/24 to any in
 .Pp
+.Ss $B%H%i%U%#%C%/%7%'%$%Q(B
 $B<!$N%k!<%k$O!"(B
 .Nm
 $B$H(B
@@ -1207,7 +1971,7 @@
 .Dl "ipfw pipe 2 config delay 250ms bw 1Mbit/s"
 .Pp
 $B%U%m!<$4$H$N%-%e!<$O$5$^$6$^$JMQES$KM-MQ$G$9!#(B
-$BHs>o$KC1=c$JMQES$O!"%H%i%U%#%C%/$N7W?t$G$9(B:
+$BHs>o$KC1=c$JMQES$O!"%H%i%U%#%C%/$N=87W$G$9(B:
 .Pp
 .Dl "ipfw add pipe 1 tcp from any to any"
 .Dl "ipfw add pipe 1 udp from any to any"
@@ -1230,24 +1994,31 @@
 .Dl "ipfw add pipe 2 ip from any to 192.168.2.0/24 in"
 .Dl "ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue 20Kbytes"
 .Dl "ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue 20Kbytes"
-.Sh $B<BAu$K4X$9$kCm(B
-$B%Q%1%C%H$,(B
-.Nm
-$B$K=hM}$5$l$k2s?t$OMM!9$G$9!#(B
-$B4pK\E*$K$O!"%+!<%M%k4X?t(B
-.Fn ip_input ,
-.Fn ip_output ,
-.Fn bdg_forward
-$B$,5/F0$5$l$kEY$K(B
-.Nm
-$B$,5/F0$5$l$^$9!#(B
-$B$D$^$j!"(B
-$B=*E@$N(B 1 $B8D$,%m!<%+%k%[%9%H$K$"$k@\B3$G$O!"%Q%1%C%H$O(B 1 $B2s=hM}$5$l$^$9!#(B
-$B=*E@$N(B 2 $B8DN>J}$,%m!<%+%k%[%9%H$K$"$k@\B3$^$?$O(B
-$B$3$N%[%9%H$,%k!<%F%#%s%0$9$k%Q%1%C%H$KBP$7$F$O!"(B2 $B2s=hM}$5$l$^$9(B
-($B%2!<%H%&%'%$$H$7$F$NF0:n(B)$B!#(B
-$B$3$N%[%9%H$,%V%j%C%8$9$k%Q%1%C%H$KBP$7$F$O!"(B1 $B2s=hM}$5$l$^$9(B
-($B%V%j%C%8$H$7$F$NF0:n(B)$B!#(B
+.Ss $B%k!<%k%;%C%H(B
+$B%k!<%k%;%C%H$r<+F0E*$KDI2C$9$k$K$O!"Nc$($P%;%C%H(B 18 $B$J$i(B:
+.Pp
+.Dl "ipfw disable set 18"
+.Dl "ipfw add NN set 18 ...         # $BI,MW$K1~$8$F7+$jJV$9(B"
+.Dl "ipfw enable set 18"
+.Pp
+$B%k!<%k%;%C%H$r<+F0E*$K:o=|$9$k$K$O%3%^%s%I$OC1$K(B:
+.Pp
+.Dl "ipfw delete set 18"
+.Pp
+$B%k!<%k%;%C%H$N%F%9%H$r9T$C$?$j!"(B
+$B2?$+4V0c$$$,$"$C$?>l9g$K%k!<%k%;%C%H$r:o=|$7$F@)8f$r2sI|$9$k$K$O(B:
+.Pp
+.Dl "ipfw disable set 18"
+.Dl "ipfw add NN set 18 ...         # $BI,MW$K1~$8$F7+$jJV$9(B"
+.Dl "ipfw enable set 18 ; echo done; sleep 30 && ipfw disable set 18"
+.Pp
+$B$3$3$G3F@_Dj$,$&$^$/$$$C$?>l9g!"(B
+\&"sleep" $B$,=*N;$9$kA0$K(B control-C $B$r2!$9$H!"(B
+$B%k!<%k%;%C%H$O3hF0>uBV$N$^$^$H$J$j$^$9!#(B
+$B$=$&$G$J$$>l9g!"(B
+$B$?$H$(H"$K%"%/%;%9$9$k$3$H$,$G$-$J$+$C$?$H$7$F$b!"(B
+$B%k!<%k%;%C%H$OC<Kv$,%9%j!<%W$7$?8e$GL58z$J>uBV$K$J$k$N$G(B
+$B0JA0$N>u67$,I|85$5$l$^$9!#(B
 .Pp
 .Sh $B4XO"9`L\(B
 .Xr cpp 1 ,
@@ -1264,31 +2035,67 @@
 .Xr reboot 8 ,
 .Xr sysctl 8 ,
 .Xr syslogd 8
+.Rs
+.%A "S. Floyd"
+.%A "V. Jacobson"
+.%T "Random Early Detection gateways for Congestion Avoidance"
+.%D "August 1993"
+.Re
+.Rs
+.%A "B. Braden"
+.%A "D. Clark"
+.%A "J. Crowcroft"
+.%A "B. Davie"
+.%A "S. Deering"
+.%A "D. Estrin"
+.%A "S. Floyd"
+.%A "V. Jacobson"
+.%A "G. Minshall"
+.%A "C. Partridge"
+.%A "L. Peterson"
+.%A "K. Ramakrishnan"
+.%A "S. Shenker"
+.%A "J. Wroclawski"
+.%A "L. Zhang"
+.%T "Recommendations on Queue Management and Congestion Avoidance in the Internet"
+.%D "April 1998"
+.%O "RFC 2309"
+.Re
 .Sh $B%P%0(B
-$B$3$N?tG/$GJ8K!$,Bg$-$/$J$C$F$7$^$$!"(B
-$BHs>o$K$9$C$-$j$7$F$$$k$H$O8@$$Fq$$$G$9!#(B
-.Pp
-.Em WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!
+$BG/7n$H$H$b$KJ8K!$,Bg$-$/$J$j!"$H$-$I$-:.Mp$9$k$3$H$b$"$k$G$7$g$&!#(B
+$BIT9,$K$7$F!"8eJ}8_49@-$N$?$a$KJ8K!$NDj5A$N8m$j$rD{@5$G$-$J$$$G$$$^$9!#(B
 .Pp
-$B$3$N%W%m%0%i%`$O%3%s%T%e!<%?$r$+$J$j;H$$$K$/$$>uBV$K$7$F$7$^$&(B
-$B2DG=@-$,$"$j$^$9!#(B
-$B$O$8$a$F;HMQ$9$k;~$O%3%s%=!<%k>e$G<B9T$7!"M}2r$7$F$$$J$$A`:n$O(B
-.Em $B@dBP$K<B9T$7$J$$(B
-$B$h$&$K$7$F2<$5$$!#(B
+.Em !!! $B7Y9p(B !!!
 .Pp
-$BO"B3$7$?%(%s%H%j$NA`:n$b$7$/$ODI2C$K:]$7!"(B
-$B%5!<%S%9L>$d%W%m%H%3%kL>$O;HMQ$G$-$^$;$s!#(B
+$B%U%!%$%"%&%)!<%k$r8m$C$F@_Dj$9$k$H%3%s%T%e!<%?$,(B
+$B;HMQITG=$J>uBV$K$J$k2DG=@-$,$"$j$^$9!#(B
+$B$3$H$K$h$k$H!"%M%C%H%o!<%/$N%5!<%S%9$rDd;_$7$F$7$^$$!"(B
+$B@)8f$r2sI|$9$k$?$a$K%3%s%=!<%k%"%/%;%9$,I,MW$H$J$C$F$7$^$&$G$7$g$&!#(B
 .Pp
 $BF~$C$F$-$?%Q%1%C%H$NCGJR(B ($B%U%i%0%a%s%H(B) $B$,(B
 .Cm divert
 $B$K$h$C$F9T$-@h$rJQ99$5$l$k$+(B
 .Cm tee
 $B$5$l$k$H!"%=%1%C%H$KG[Aw$5$l$kA0$K%Q%1%C%H$O:F9=@.$5$l$^$9!#(B
+$B$3$l$i$N%Q%1%C%H$G;HMQ$5$l$k%"%/%7%g%s$O(B
+$B%Q%1%C%H$N:G=i$N%U%i%0%a%s%H$K%^%C%A$7$?%k!<%k$N(B 1 $B$D$G$9!#(B
 .Pp
 .Cm tee
 $B%k!<%k$K%^%C%A$9$k%Q%1%C%H$O!"(B
 $BB(;~$K<uM}$5$l$k$Y$-$G$O$J$/!"%k!<%k%j%9%H$r99$KDL$k$Y$-$G$9!#(B
 $B$3$l$O!"0J9_$N%P!<%8%g%s$G=$@5$5$l$k$+$b$7$l$^$;$s!#(B
+.Pp
+$B%f!<%6%i%s%I$X8~$1$i$l!"(B
+$B%f!<%6%i%s%I$N%W%m%;%9(B ($BNc$($P(B
+.Xr natd 8 )
+$B$K$h$C$F:FEjF~$5$l$k%Q%1%C%H$O!"(B
+$B%Q%1%C%H$NH/?.85%$%s%?%U%'!<%9$r4^$`(B
+$B%Q%1%C%HB0@-$N$$$m$$$m$r<:$C$F$$$^$9!#(B
+$B%Q%1%C%H$,$3$NJ}K!$G:FEjF~$5$l$?>l9g!"(B
+$B8e$N%k!<%k$O@5$7$/E,MQ$5$l$J$$$+$b$7$l$^$;$s!#(B
+$B%k!<%k$NJB$S$K$*$1$k(B
+.Cm divert
+$B%k!<%k$N=g=x$OHs>o$K=EMW$J$b$N$H$J$j$^$9!#(B
 .Sh $B:n<T(B
 .An Ugen J. S. Antsilevich ,
 .An Poul-Henning Kamp ,
@@ -1302,7 +2109,7 @@
 $B$,(B BSDI $BMQ$K5-=R$7$?%3!<%I$K4p$E$$$F$$$^$9!#(B
 .Pp
 .Xr dummynet 4
-$B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp $B$,%5%]!<%H$7$^$7$?!#(B
+$B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp. $B$,%5%]!<%H$7$^$7$?!#(B
 .Sh $BNr;K(B
 .Nm
 $B$O!"(B
@@ -1315,3 +2122,5 @@
 $B%9%F!<%H%U%k3HD%$O!"(B
 .Fx 4.0
 $B$+$iF3F~$5$l$^$7$?!#(B
+.Nm ipfw2
+$B$O(B 2002 $BG/2F$KF3F~$5$l$^$7$?!#(B

--Multipart_Mon_Sep_30_19:10:19_2002-1--
