From owner-man-jp@jp.freebsd.org  Tue Nov 23 16:54:50 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA56054;
	Tue, 23 Nov 1999 16:54:50 +0900 (JST)
	(envelope-from owner-man-jp@jp.FreeBSD.org)
Received: from net.ipc.hiroshima-u.ac.jp (net.ipc.hiroshima-u.ac.jp [133.41.16.208])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id QAA56049
	for <man-jp@jp.freebsd.org>; Tue, 23 Nov 1999 16:54:49 +0900 (JST)
	(envelope-from isaki@net.ipc.hiroshima-u.ac.jp)
Received: from localhost (localhost [127.0.0.1])
	by net.ipc.hiroshima-u.ac.jp (8.9.2/3.7W/NET) with ESMTP id QAA89669
	for <man-jp@jp.freebsd.org>; Tue, 23 Nov 1999 16:54:49 +0900 (JST)
To: man-jp@jp.freebsd.org
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19991123165449Y.isaki@net.ipc.hiroshima-u.ac.jp>
Date: Tue, 23 Nov 1999 16:54:49 +0900
From: Tetsuya Isaki <isaki@net.ipc.hiroshima-u.ac.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 262
Reply-To: man-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: man-jp 1939
Subject: [man-jp 1939] many bugs in ipfw(8)
Errors-To: owner-man-jp@jp.freebsd.org
Sender: owner-man-jp@jp.freebsd.org
X-Originator: isaki@net.ipc.hiroshima-u.ac.jp

$B0f:j$G$9!#(B

ipfw(8) $B$KA43Q3g8L$r8+IU$1$F!"$=$N$D$$$G$K%^%K%e%"%k$r(B
$BFI$s$G$?$i!"8m$j$r$?$/$5$sH/8+$7$^$7$?!#(B

$BD>$7$F$k$&$A$K(B stable(man-jp-reviewer 1667)$B$,=P$F$7$^$C$?$h$&$J$N$G!"(B
$B?=$7Lu$"$j$^$;$s$,0l$D8E$$%P!<%8%g%s$G$9!#(B

 o $B0lIt$4$C$=$jH4$1$F$$$k!#(B
   man-jp-reviewer $B$KAw$m$&$+$H;W$&$/$i$$4hD%$C$FLu$7$?$N$G$9$,!"(B
   $B$b$H$b$H(B ipfw $B$J$>$h$/J,$+$C$F$J$$$N$GC!$$$F2<$5$$!#(B
 o $B:G6aDI2C$5$l$?(B uid/gid $B$N@bL@$NF~$k0LCV$,4V0c$($F$$$k!#(B
 o $BA43Q3g8L!#(B
 o $B6gFIE@$d3g8L$N2aITB-!":3:Y$JI=8=$N=$@5!#(B
 o $B!V%j%>%k%V$7$F!W(B->($BL>A0$r(B)$B!V2r7h$7$F!W$,$$$$$H;W$$$^$9!#(B
 o cracker $B$r(B hacker $B$HLu$7$F$$$k$N$O62$m$7$$5$$,$7$^$9!#(B:-)
 o $B2r@b$N:G=i$NCJMn$A$g$C$H0ULu$7$9$.$H;W$&$N$G!"(B
   $B=q$-D>$7$F$_$^$7$?$,$$$+$,$G$7$g$&$+!#(B

-    $B=q<0$N(B 1 $B9TL\$N$h$&$K%U%!%$%kL>$r;XDj$7$?>l9g$O!"(B file $B$r(B 1 $B9T$:$D!"0z?t(B
-    $B$H$7$FFI$_9~$_$^$9!#(B
+    $B=q<0$N(B 1 $B9TL\$N$h$&$K;HMQ$7$?>l9g$O!"(B file $B$r(B 1 $B9T$:$D!"(B ipfw $B%3%^%s%I$X(B
+    $B$N0z?t$H$7$FFI$_9~$_$^$9!#(B
$B86J8$O(B
     If used as shown in the first synopsis line, the file will be read line
     by line and applied as arguments to the ipfw command.
$B$G$9!#(B

---
$B0f:jE/Li(B <isaki@net.ipc.hiroshima-u.ac.jp>

.\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.47.2.8 1999/08/29 15:13:45 peter Exp %
.\" jpman %Id: ipfw.8,v 1.4 1997/05/19 17:19:51 horikawa Stab %

--- ipfw.8.orig	Sat Nov 20 19:14:26 1999
+++ ipfw.8	Tue Nov 23 16:41:39 1999
@@ -66,9 +66,11 @@
 .Op via Ar name | ipno
 .Op Ar options
 .Sh $B2r@b(B
-$B=q<0$N(B 1 $B9TL\$N$h$&$K%U%!%$%kL>$r;XDj$7$?>l9g$O!"(B
+$B=q<0$N(B 1 $B9TL\$N$h$&$K;HMQ$7$?>l9g$O!"(B
 .Ar file
-$B$r(B 1 $B9T$:$D!"0z?t$H$7$FFI$_9~$_$^$9!#(B
+$B$r(B 1 $B9T$:$D!"(B
+.Nm
+$B%3%^%s%I$X$N0z?t$H$7$FFI$_9~$_$^$9!#(B
 .Pp
 .Fl p Ar preproc
 $B$r;HMQ$7$F!"(B
@@ -97,6 +99,109 @@
 $B=@Fp@-$N$"$k@_Dj%U%!%$%k$r:n@.2DG=$H$J$j!"(BIP $B%"%I%l%9$N$h$&$K(B
 $BIQHK$KI,MW$H$J$k0z?t$r=8Cf4IM}$9$k$?$a$N%^%/%m$r;HMQ2DG=$H$J$j$^$9!#(B
 .Pp
+$B<u?.$5$l$?$"$k$$$OAw?.$5$l$k3F%Q%1%C%H$O(B
+.Nm
+$B$N%k!<%k$rDL2a$7$^$9!#(B
+$B%[%9%H$,%2!<%H%&%'%$$H$7$FF0:n$7$F$$$k>l9g!"(B
+$B%[%9%H$K$h$C$FE>Aw$5$l$k%Q%1%C%H$O(B
+.Nm
+$B$K$h$C$F(B 2 $B2s=hM}$5$l$^$9(B
+.Po
+1 $B2s$OF~$C$FMh$?;~!"$b$&(B 1 $B2s$O=P$F$$$/;~$G$9(B
+.Pc $B!#(B
+$B0J2<$N>pJs$r4p$K3F%Q%1%C%H$r%U%#%k%?$9$k$3$H$,=PMh$^$9!#(B
+.Pp
+.Bl -tag -offset indent -compact -width xxxx
+.It $B<u?.%$%s%?%U%'!<%9(B Pq Ar recv
+$B%Q%1%C%H$,<u?.$5$l$?%$%s%?%U%'!<%9(B
+.It $BAw?.%$%s%?%U%'!<%9(B Pq Ar xmit
+$B%Q%1%C%H$,Aw=P$5$l$k%$%s%?%U%'!<%9(B
+.It Incoming Pq Ar in
+$B%Q%1%C%H$,<u?.$5$l$?(B
+.It Outgoing Pq Ar out
+$B%Q%1%C%H$,Aw=P$5$l$?(B
+.It $B;OE@(B IP $B%"%I%l%9(B
+$BAw?.<T$N(B IP $B%"%I%l%9(B
+.It $B08@h(B IP $B%"%I%l%9(B
+$B%?!<%2%C%H$N(B IP $B%"%I%l%9(B
+.It $B%W%m%H%3%k(B
+IP
+.Pq Ar ip ,
+UDP
+.Pq Ar udp ,
+TCP
+.Pq Ar tcp ,
+ICMP
+.Pq Ar icmp
+$B$K8B$i$J$$$,!"$=$l$i$r4^$`(B IP $B%W%m%H%3%k(B
+.It $B;OE@%]!<%H(B
+$BAw?.<T$N(B UDP $B$+(B TCP $B$N%]!<%H(B
+.It $B08@h%]!<%H(B
+$B%?!<%2%C%H$N(B UDP $B$+(B TCP $B%]!<%H(B
+.It $B%3%M%/%7%g%s%U%i%0(B Pq Ar setup
+$B$3$N%Q%1%C%H$O(B TCP $B%3%M%/%7%g%s%;%C%H%"%C%W$NMW5a$G$"$k(B
+.It $B%3%M%/%7%g%s3NN)%U%i%0(B Pq Ar established
+$B$3$N%Q%1%C%H$O3NN)$5$l$?(B TCP $B%3%M%/%7%g%s$N0lIt$G$"$k(B
+.It $B$9$Y$F$N(B TCP $B%U%i%0(B Pq Ar tcpflags
+1 $B$D0J>e$N(B TCP $B%U%i%0(B: $B%3%M%/%7%g%s2rJ|(B
+.Pq Ar fin ,
+$B%3%M%/%7%g%s%*!<%W%s(B
+.Pq Ar syn ,
+$B%3%M%/%7%g%s%j%;%C%H(B
+.Pq Ar rst ,
+$B%W%C%7%e(B
+.Pq Ar push ,
+$B3NG'1~Ez(B
+.Pq Ar ack ,
+$B6[5^(B
+.Pq Ar urg
+.It $BCGJR2=%U%i%0(B Pq Ar frag
+$B$3$N%Q%1%C%H$O(B IP $B%Q%1%C%H$NCGJR2=$G$"$k(B
+.It IP $B%*%W%7%g%s(B Pq Ar ipoptions
+1 $B$D0J>e$N(B IP $B%*%W%7%g%s(B: $B87L)$J%=!<%9%k!<%H(B
+.Pq Ar ssrr ,
+$B%k!<%9%=!<%9%k!<%H(B
+.Pq Ar lsrr ,
+$B%k!<%H5-O?(B
+.Pq Ar rr ,
+$B%?%$%`%9%?%s%W(B
+.Pq Ar ts
+.It ICMP $B%?%$%W(B Pq Ar icmptypes
+1 $B$D0J>e$N(B ICMP $B%?%$%W(B: $B%(%3!<JVEz(B
+.Pq Ar 0 ,
+$B=*E@ITE~C#(B
+.Pq Ar 3 ,
+$BH/?.M^@)(B
+.Pq Ar 4 ,
+$B8~$1D>$7(B
+.Pq Ar 5 ,
+$B%(%3!<MW5a(B
+.Pq Ar 8 ,
+$B%k!<%?9-9p(B
+.Pq Ar 9 ,
+$B%k!<%?MW@A(B
+.Pq Ar 10 ,
+$B;~4VD62a(B
+.Pq Ar 11 ,
+IP $B%X%C%@0[>o(B
+.Pq Ar 12 ,
+$B%?%$%`%9%?%s%WMW5a(B
+.Pq Ar 13 ,
+$B%?%$%`%9%?%s%W1~Ez(B
+.Pq Ar 14 ,
+$B>pJsMW5a(B
+.Pq Ar 15 ,
+$B>pJsJVEz(B
+.Pq Ar 16 ,
+$B%"%I%l%9%^%9%/MW5a(B
+.Pq Ar 17 ,
+$B%"%I%l%9%^%9%/1~Ez(B
+.Pq Ar 18
+.El
+.Pp
+$B;OE@(B IP $B%"%I%l%9$d;OE@(B TCP/UDP $B%]!<%H$r%U%#%k%?$9$k$3$H$O(B
+$B%9%W!<%U$5$l$d$9$/$J$k$N$GCm0U$7$F2<$5$$!#(B
+.Pp
 .Nm
 $B$O%Q%1%C%H$4$H$K!"%^%C%A$9$k%k!<%k$,8+$D$+$k$^$G%k!<%k%j%9%H$rD4$Y$^$9!#(B
 $B3F%k!<%k$K$O%Q%1%C%H?t$H%Q%1%C%H%5%$%:$N(B 2 $B$D$N%+%&%s%?$,MQ0U$5$l$F$$$F!"(B
@@ -122,7 +227,6 @@
 $BHV9f$r;XDj$;$:$K%k!<%k$rDI2C$7$?>l9g$O!"(B
 $B4{$KDj5A$5$l$F$$$k%k!<%k$N:GBg$NHV9f$K(B 100 $B$r2C$($?$b$N$H$J$j$^$9!#(B
 $B%k!<%k$NHV9f$,(B 65435 $B0J>e$N>l9g$O!"?7$7$$%k!<%k$OF1$8HV9f$,M?$($i$l$^$9!#(B
-$B!#(B
 .Pp
 delete $BA`:n$O!"(B
 .Ar number 
@@ -173,7 +277,7 @@
 .It Fl f
 $BA`:n$r<B9T$9$k:]$K3NG'%a%C%;!<%8$rI=<($7$^$;$s!#(B
 flush $BA`:n$bL5>r7o$K<B9T$5$l$^$9!#(B
-.Ar $B!JCm0U!K(B
+.Ar ($BCm0U(B)
 $B%W%m%;%9$K(B tty $B$,4XO"IU$1$i$l$F$$$J$$>l9g$K$O!"(B
 $B$3$N%*%W%7%g%s$,;XDj$5$l$F$$$k$b$N$H$7$F<B9T$5$l$^$9!#(B
 .It Fl q
@@ -196,18 +300,7 @@
 .It Fl t
 list $BA`:n$N;~$K!":G8e$K%^%C%A$7$?%Q%1%C%H$N%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
 .It Fl N
-IP $B%"%I%l%9$H%5!<%S%9L>$r%j%>%k%V$7$F%[%9%HL>$GI=<($7$^$9!#(B
-.It Ar uid user
-.Ar user
-$B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
-$B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
-.Ar user
-$B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
-.It Ar gid group
-$B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
-$B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
-.Ar group
-$B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
+IP $B%"%I%l%9$H%5!<%S%9L>$r2r7h$7$F%[%9%HL>$GI=<($7$^$9!#(B
 .El
 .Pp
 .Ar action :
@@ -289,7 +382,7 @@
 $B$3$l$OF)2aE*%W%m%-%7%5!<%P$N$?$a$K$"$j$^$9!#(B
 IP $B$,(B $B%m!<%+%k%"%I%l%9$G$O$J$$>l9g!"%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B) $BL5;k$5$l!"(B
 $B%k!<%k$O%7%9%F%`$+$i=P$F9T$/%Q%1%C%H$KBP$7$F$N$_E,MQ$5$l$^$9!#(B
-$B$^$?!"!W(B
+$B$^$?!"(B
 $B%Q%1%C%H%m!<%+%k$K@8@.$5$l$?;~$K$b%"%I%l%9$r%m!<%+%k%]!<%H$K%^%C%W$7$^$9!#(B
 $B8!:w$O%k!<%k$,%^%C%A$7$?$H$-$K=*N;$7$^$9!#(B
 $B%]!<%HHV9f$,M?$($i$l$J$+$C$?>l9g!"%Q%1%C%HCf$N%]!<%HHV9f$,;HMQ$5$l!"(B
@@ -312,6 +405,17 @@
 $B$h$j>.$5$JHV9f$N%k!<%k$rHt$S1[$7$F!"(B
 .Ar number
 $B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"%^%C%A%s%0$r7QB3$7$^$9!#(B
+.It Ar uid user
+.Ar user
+$B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
+$B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.Ar user
+$B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
+.It Ar gid group
+$B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
+$B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
+.Ar group
+$B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
 .El
 .Pp
 $B%Q%1%C%H$,(B
@@ -361,7 +465,7 @@
 .It Ar <number|name>
 $B;XDj$5$l$?%W%m%H%3%k$N%Q%1%C%H$N$_%^%C%A$7$^$9(B (
 .Pa /etc/protocols
-$B$N%j%9%H$r;2>H$N;v(B)
+$B$N%j%9%H$r;2>H$N;v(B)$B!#(B
 .El
 .Pp
 .Ar src 
@@ -482,8 +586,8 @@
 $B$r;XDj$9$k;v$O$G$-$^$;$s!#(B
 .Pp
 $B8D!9$N%Q%1%C%H$O!"<u?.MQ$J$$$7Aw?.MQ%$%s%?%U%'!<%9$r;}$?$J$$$+$b$7$l$^$;$s!#(B
-$B%m!<%+%k%[%9%H$GH/@8$7$?%Q%1%C%H$K$O<u?.MQ$N%$%s%?%U%'!<%9$O$J$$$7!"(B
-$B%m!<%+%k%[%9%HFb08$N%Q%1%C%H$O!"Aw?.MQ%$%s%?%U%'!<%9$,M-$j$^$;$s!#(B
+$B%m!<%+%k%[%9%H$GH/@8$7$?%Q%1%C%H$K$O<u?.MQ$N%$%s%?%U%'!<%9$O$"$j$^$;$s$7!"(B
+$B%m!<%+%k%[%9%HFb08$N%Q%1%C%H$K$OAw?.MQ%$%s%?%U%'!<%9$O$"$j$^$;$s!#(B
 .Pp
 $BDI2CMQ(B
 .Ar options :
@@ -599,12 +703,14 @@
 .Pp
 .Dl ipfw add deny tcp from cracker.evil.org to wolf.tambov.su 23
 .Pp 
-$B<!$N%3%^%s%I$O%M%C%H%o!<%/(B hackers $B$+$i%[%9%H(B my $B$X$N$9$Y$F$N%3%M%/%7%g%s$r(B
-$B5qH]$7$^$9!#(B
+$B<!$N%3%^%s%I$O%/%i%C%+!<$N%M%C%H%o!<%/A4BN$+$i%[%9%H(B my $B$X$N$9$Y$F$N(B
+$B%3%M%/%7%g%s$r5qH]$7$^$9!#(B
 .Pp
 .Dl ipfw add deny all from 123.45.67.0/24 to my.host.org
 .Pp
-$B<!$O%+%&%s%H$5$l$F$$$k>pJs$H%?%$%`%9%?%s%W$r8+$kNc$G$9(B
+$B<!$O%+%&%s%H$5$l$F$$$k>pJs$H%?%$%`%9%?%s%W>pJs$r8+$k(B
+.Ar list
+$B%3%^%s%I$N$h$$Nc$G$9(B
 .Pp
 .Dl ipfw -at l
 .Pp
