From owner-man-jp@jp.freebsd.org  Mon Jun  5 03:34:31 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id DAA40134;
	Mon, 5 Jun 2000 03:34:31 +0900 (JST)
	(envelope-from owner-man-jp@jp.FreeBSD.org)
Received: from serio.al.rim.or.jp (serio.al.rim.or.jp [202.247.191.123])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id DAA40129
	for <man-jp@jp.freebsd.org>; Mon, 5 Jun 2000 03:34:30 +0900 (JST)
	(envelope-from kuma@nk.rim.or.jp)
Received: from mail1.rim.or.jp
	by serio.al.rim.or.jp (8.9.3/3.7W/HMX-12) id DAA25123
	for <man-jp@jp.freebsd.org>; Mon, 5 Jun 2000 03:34:31 +0900 (JST)
Received: from nk.rim.or.jp (gatekeeper.sharplabs.com [216.65.151.101]) by mail1.rim.or.jp (3.7W)
	id DAA17711 for <man-jp@jp.freebsd.org>; Mon, 5 Jun 2000 03:34:27 +0900 (JST)
Date: Mon, 5 Jun 2000 03:34:27 +0900 (JST)
Message-Id: <200006041834.DAA17711@mail1.rim.or.jp>
To: man-jp@jp.freebsd.org
From: Norihiro Kumagai <kuma@nk.rim.or.jp>
In-reply-to: Your message of "Tue, 30 May 2000 23:34:13 EDT."
             <20000530233413N.horikawa@psinet.com>
Reply-To: man-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: man-jp 2517
Subject: [man-jp 2517] Re: update to 4.0-RELEASE (grep.1, sed.1, ipfw.8)
Errors-To: owner-man-jp@jp.freebsd.org
Sender: owner-man-jp@jp.freebsd.org
X-Originator: kuma@nk.rim.or.jp

$B7'C+$G$9!#(B

ipfw.8 $B$N:9J,E,MQCW$7$^$7$?!#(B

In Message <20000530233413N.horikawa@psinet.com>,
  Kazuo Horikawa <horikawa@psinet.com> writes:
>  o $B40N;$7$?$i!"(B
>    - $B:9J,$r(B man-jp-reviewer@jp.FreeBSD.org $B08$K(B
>    - $BA4J8$r(B horikawa@jp.FreeBSD.org $B08$K!"(B
>    $B$=$l$>$lAw$C$F$/$@$5$$!#(B

$B$K=>$$!":9J,$rAwIUCW$7$^$9!#(B

$B$H$3$m$G!"(Bflood atack $B$C$F$I$&Lu$9$N$,E,@Z$G$7$g$&!#(B
$B!VE\Es$N967b!W$HLu$7$?;d$O%&%1$rA@$$$9$.$?$N$G$7$g$&$+!)(B

> # ipfw.8 $B$O2~9T0LCV$@$1$NJQ99$b7k9=B?$$$+$b$7$l$^$;$s!#(B

$B$$$d$!!"$8$D$O$=$&$G$b$J$+$C$?$N$G$7$?!#$U$_$e$%!#(B

--- ipfw.8-org	Wed Feb 23 13:38:01 2000
+++ ipfw.8	Sun Jun  4 11:25:35 2000
@@ -2,8 +2,8 @@
 .\" %FreeBSD: src/sbin/ipfw/ipfw.8,v 1.61 2000/01/08 11:19:19 luigi Exp %
 .\"
 .\" jpman %Id: ipfw.8,v 1.4 1997/05/19 17:19:51 horikawa Stab %
-.Dd July 20, 1996
-.Dt IPFW 8 SMM
+.Dd February 16, 2000
+.Dt IPFW 8
 .Os FreeBSD
 .Sh $BL>>N(B
 .Nm ipfw
@@ -13,45 +13,52 @@
 .Op Fl q
 .Oo
 .Fl p Ar preproc
-.Op Fl D Ar macro Ns Op Ns =value
+.Oo Fl D
+.Sm off
+.Ar macro
+.Op = Ar value
+.Sm on
+.Oc
 .Op Fl U Ar macro
 .Oc
 .Ar file
 .Nm ipfw
-.Oo
-.Fl f
-|
-.Fl q
-.Oc
-flush
+.Op Fl f | q
+.Cm flush
 .Nm ipfw
-.Oo
-.Fl q
-.Oc
-{zero|resetlog|delete}
+.Op Fl q
+.Es \&{ \&}
+.En Cm zero | resetlog | delete
 .Op Ar number ...
 .Nm ipfw
+.Op Fl s Op Ar field
 .Op Fl aftN
+.Es \&{ \&}
+.En Cm list | show
 .Op Ar number ...
 .Nm ipfw
-.Oo
-.Fl q
-.Oc
-add
+.Op Fl q
+.Cm add
 .Op Ar number
 .Ar rule-body 
 .Nm ipfw
-pipe
+.Cm pipe
 .Ar number
-config
+.Cm config
 .Ar pipe-config-options
 .Nm ipfw
-pipe {delete|list|show}
+.Cm pipe
+.Es \&{ \&}
+.En Cm delete |list | show
 .Op Ar number ...
 .Sh $B2r@b(B
 .Nm
-$B$O!"(BFreeBSD $B$G$O!"(BIPFW $B%U%!%$%"%&%)!<%k$H(B
-.Nm dummynet
+$B$O!"(B
+.Fx
+$B$N(B
+.Xr ipfirewall 4
+$B$H(B
+.Xr dummynet 4
 $B%H%i%U%#%C%/%7%'%$%Q$r@)8f$9$k%f!<%6%$%s%?%U%'!<%9$G$9!#(B
 .Pp
 $B3FF~=PNO%Q%1%C%H$O(B
@@ -66,87 +73,131 @@
 .Nm
 $B$,(B 1 $BEY=hM}$7$^$9!#(B
 .Pp
-$B%U%!%$%"%&%)!<%k@_Dj$OHV9fIU$1$5$l$?%k!<%k$K$h$C$F9=@.$5$l$^$9!#(B
-$B%k!<%k$O3F%Q%1%C%H$K%^%C%A$9$k$^$G%9%-%c%s$5$l!"E,@Z$JF0:n$,9T$o$l$^$9!#(B
-$BF0:n$H%7%9%F%`$N@_Dj$K0MB8$7$^$9$,!"(B
-$B99$J$k=hM}$N$?$a$K%^%C%A$7$?%k!<%k$N8e$N%k!<%k$+$i!"(B
-$B%Q%1%C%H$r%U%!%$%"%&%)!<%k$K:FA^F~$G$-$^$9!#(B
-$BA4%k!<%k$,A4%$%s%?%U%'!<%9$KE,MQ$5$l$^$9$N$G!"(B
+$B%U%!%$%"%&%)!<%k@_Dj$O!"HV9fIU$1$5$l$?%k!<%k$N%j%9%H$+$i$J$j$^$9!#(B
+$B$"$k%k!<%k$K%^%C%A$7$=$l$K4XO"$9$kF0:n$,<B9T$5$l$k$^$G!"(B
+$B3F%Q%1%C%H$O%k!<%k$N%j%9%H$KBP$7>H9g$5$l$^$9!#(B
+$BF0:n$H%7%9%F%`$N@_Dj$K$h$C$F$O!"%^%C%A$7$?%k!<%k$ND>8e$G!"(B
+$B%Q%1%C%H$,%U%!%$%"%&%)!<%k$K:FCmF~$5$l!"(B
+$B99$K=hM}$,7QB3$9$k$3$H$b$"$j$^$9!#(B
+$BA4$F$N%k!<%k$,A4$F$N%$%s%?%U%'!<%9$KE,MQ$5$l$^$9$N$G!"(B
 $B%A%'%C%/$N2s?t$,:G>.$H$J$k$h$&$J%k!<%k=89g$r=q$/$N$O(B
 $B%7%9%F%`4IM}<T$N@UG$$G$9!#(B
 .Pp
-$B@_Dj$O>o$K!"%W%m%0%i%^$,JQ99IT2D$N(B
-.Ar DEFAULT
-$B%k!<%k(B ($BHV9f(B 65535) $B$r4^$_!"$3$l$O>o$K%Q%1%C%H$K%^%C%A$7$^$9!#(B
-$B%G%U%)%k%H%k!<%k$K$O(B
-.Ar deny
+$B$I$N@_Dj$b>o$K!"(B
+.Em DEFAULT
+$B%k!<%k(B ($BHV9f(B 65535) $B$r4^$_$^$9!#$3$N%k!<%k$O%W%m%0%i%^$,JQ99$G$-$:!"(B
+$B>o$K%Q%1%C%H$K%^%C%A$7$^$9!#(B
+$B%G%U%)%k%H%k!<%k$K4XO"IU$1$k%k!<%k$O(B
+.Cm deny
 $B$+(B
 .Ar allow
-$B$N$I$A$i$G$b4XO"IU$1$i$l$^$9$,!"(B
+$B$N$I$A$i$+$K$J$j$^$9$,!"(B
 $B$3$l$O$I$N$h$&$K%+!<%M%k$r@_Dj$7$?$+$K0MB8$7$^$9!#(B
 .Pp
-$B$9$Y$F$N%k!<%k$,$$$/$D$+$N4XO"IU$1$i$l$?%+%&%s%?$r;}$A$^$9!#(B
+$B%k!<%k=89g$,(B
+.Cm keep-state
+$B%*%W%7%g%sIU$-$N%k!<%k$r4^$`>l9g!"(B
+.Nm
+$B$O(B
+.Em $B%9%F!<%H%U%k(B ($B>uBV0MB87?(B)
+$B$GF0:n$7$^$9!#$9$J$o$A!"$"$k%^%C%A$N7k2L!"(B
+$B%^%C%A$7$?%Q%1%C%H$N%Q%i%a!<%?$K$A$g$&$I0lCW$9$k%k!<%k$,(B
+$BF0E*$K@8@.$5$l$^$9!#(B
+.Pp
+$B$3$l$i$NF0E*%k!<%k$N<wL?$OM-8B$G!"(B
+.Cm check-state
+$B$^$?$O(B
+.Cm keep-state
+$B%k!<%k$,:G=i$K@8$8$?>l=j$G%A%'%C%/$5$l$^$9!#(B
+$BF0E*%k!<%k$O!"9gK!E*$J%H%i%U%#%C%/$r%*%s%G%^%s%I$G(B
+$B%U%!%$%"%&%)!<%k$rDL2a$5$;$k$?$a$KMQ$$$k$3$H$,IaDL$G$9!#(B
+.Nm
+$B$N%9%F!<%H%U%k$JF0:n$K$D$$$F99$K>pJs$,I,MW$J$i$P!"(B
+$B0J2<$N(B
+.Sx $B%k!<%k=q<0(B
+$B$^$?$O(B
+.Sx $B;HMQNc(B
+$B%;%/%7%g%s$r;2>H$7$F2<$5$$!#(B
+.Pp
+$BF0E*%k!<%k$b4^$a$9$Y$F$N%k!<%k$O!"(B
+$B$=$l$K4XO"$9$k%+%&%s%?$r$$$/$D$+;}$C$F$$$^$9!#(B
 $B$=$l$O!"%Q%1%C%H%+%&%s%H!"%P%$%H%+%&%s%H!"%m%0%+%&%s%H!"(B
 $B:G8e$K%^%C%A$7$?;~9o$r<($9%?%$%`%9%?%s%W$G$9!#(B
 $B%+%&%s%?$O!"(B
 .Nm
-$B%3%^%s%I$K$h$C$F!"1\Mw$*$h$S%j%;%C%H2DG=$G$9!#(B
+$B%3%^%s%I$K$h$C$F!"I=<($*$h$S%j%;%C%H2DG=$G$9!#(B
 .Pp
 $B%k!<%k$NDI2C$O(B
-.Ar add
+.Cm add
 $B%3%^%s%I$K$F2DG=$G$9!#(B
 $B8D!9$N%k!<%k$N:o=|$O(B
-.Ar delete
+.Cm delete
 $B%3%^%s%I$K$F2DG=$G$"$j!"$9$Y$F$N%k!<%k$N:o=|$O(B
-.Ar flush
+.Cm flush
 $B%3%^%s%I$K$F2DG=$G$9!#(B
-$B%*%W%7%g%s$G%+%&%s%?FbMF$r<($91\Mw$O!"(B
+$B%k!<%k$NI=<($O!"(B
 .Ar show
-$B$*$h$S(B
+$B%3%^%s%I$*$h$S(B
 .Ar list
-$B$N%3%^%s%I$K$F2DG=$G$9!#(B
-$B:G8e$K!"%+%&%s%?%j%;%C%H$O(B
+$B%3%^%s%I$K$F2DG=$G$9!#(B
+$B$3$l$i$K$h$j!"%*%W%7%g%s$G%+%&%s%?FbMF$b4^$a$FI=<($5$;$k$3$H$,$G$-$^$9!#(B
+$B:G8e$K!"%+%&%s%?$N%j%;%C%H$O(B
 .Ar zero
-$B$*$h$S(B
+$B%3%^%s%I$*$h$S(B
 .Ar resetlog
-$B$N%3%^%s%I$K$F2DG=$G$9!#(B
+$B%3%^%s%I$K$F2DG=$G$9!#(B
 .Pp
 $B<!$N%*%W%7%g%s$,MxMQ2DG=$G$9(B:
 .Bl -tag -width indent
 .It Fl a
 $B%j%9%HCf$K%+%&%s%?CM$r<($7$^$9!#(B
 .Dq show
-$B%3%^%s%I$b8+$F$/$@$5$$!#(B
+$B%3%^%s%I$b$"$o$;$F8+$F$/$@$5$$!#(B
 .It Fl f
-$B8m$C$F;HMQ$9$k$HLdBj$r5/$9%3%^%s%I(B ($B$9$J$o$A(B flush) $B$KBP$7$F!"(B
-$B3NG'$r9T$$$^$;$s!#(B
-.Ar $BCm(B :
-$B%W%m%;%9$K4XO"IU$1$i$l$?(B tty $B$,L5$$>l9g!"$3$l$,0EL[E*$K;XDj$5$l$^$9!#(B
+$B8m$C$F;HMQ$9$k$HLdBj$r5/$92DG=@-$N$"$k%3%^%s%I!"(B
+.No $B$9$J$o$A(B Cm flush
+$B$KBP$7$F!"<B9T$N3NG'$r9T$$$^$;$s!#(B
+.Em $BCm(B :
+$B%W%m%;%9$K4XO"IU$1$i$l$?(B tty $B$,L5$$>l9g!"$3$N%*%W%7%g%s$,(B
+$B0EL[$N$&$A$K;XDj$5$l$?$H$7$F=hM}$5$l$^$9!#(B
 .It Fl q
-add, zero, resetlog, flush $B$N;~!"F0:n$K$D$$$FJs9p$7$^$;$s(B ($B0EL[E*$K(B
+.Cm add ,
+.Cm zero ,
+.Cm resetlog ,
+.Cm flush
+$B<B9TCf!"F0:n$K$D$$$FJs9p$7$^$;$s(B
+.Po
+$B0EL[$N$&$A$K(B
 .Fl f
-$B$,;XDj$5$l$^$9(B)$B!#(B
-$BJ#?t$N(B
-.Nm
-$B%3%^%s%I$r%9%/%j%W%H(B
+$B$,;XDj$5$l$^$9(B
+.Pc
+$B!#(B
+$B%9%/%j%W%H(B
 .Po
 $BNc$($P(B
 .Sq sh /etc/rc.firewall
 .Pc
-$BCf$G<B9T$9$k$3$H$d!"%j%b!<%H%m%0%$%s%;%C%7%g%s$K$FB?$/$N(B
-.Nm 
-$B%k!<%k$r=hM}$9$k$3$H$K$h$j!"%k!<%k$rJQ99$9$k>l9g$KM-MQ$G$9!#(B
+$B$NCf$GJ#?t$N(B
+.Nm
+$B%3%^%s%I$r<B9T$7$F%k!<%k$rJQ99$9$k>l9g$d!"(B
+$B%j%b!<%H%m%0%$%s%;%C%7%g%s7PM3$GB??t$N(B
+.Nm
+$B%k!<%k$r4^$`%U%!%$%k$r=hM}$9$k$3$H$K$h$j%k!<%k$rJQ99$9$k>l9g$K(B
+$BM-MQ$G$9!#(B
 $BDL>o(B ($B>iD9(B) $B%b!<%I$G(B ($B%G%U%)%k%H%+!<%M%k@_Dj$G(B) flush $B$r9T$C$?>l9g!"(B
 $B%a%C%;!<%8$rI=<($7$^$9!#(B
 $B$9$Y$F$N%k!<%k$,<N$F$i$l$^$9$N$G!"(B
 $B%a%C%;!<%8$O%m%0%$%s%;%C%7%g%s$XEO$;$^$;$s!#(B
-$B$3$l$K$h$C$F!"%j%b!<%H%m%0%$%s%;%C%7%g%s$OJD$8$i$l!"(B
-$B;D$j$N%k!<%k%;%C%H$O=hM}$5$l$J$/$J$j$^$9!#(B
-$B2sI|$9$k$?$a$K$O%3%s%=!<%k%"%/%;%9$,I,MW$K$J$j$^$9!#(B
+$B$D$^$j!"%j%b!<%H%m%0%$%s%;%C%7%g%s7PM3$N>l9g!"%;%C%7%g%s$O%/%m!<%:$5$l!"(B
+$B;D$j$N%k!<%k%;%C%H$O=hM}$5$l$^$;$s!#(B
+$B$3$N>uBV$+$i2sI|$9$k$?$a$K$O%3%s%=!<%k$X$N%"%/%;%9$,I,MW$K$J$j$^$9!#(B
 .It Fl t
-$B%j%9%HCf$K!":G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
+$B%j%9%H:n@.;~$K!":G8e$K%^%C%A$7$?%?%$%`%9%?%s%W$rI=<($7$^$9!#(B
 .It Fl N
 $B=PNOCf$N%"%I%l%9$H%5!<%S%9L>$r2r7h$7$h$&$H$7$^$9!#(B
+.It Fl s Op Ar field
+$B%Q%$%W7PM3$G%j%9%H=PNO$7$F$$$k:]$K!"(B4$B$D$N%+%&%s%?$N(B1$B$D$K$D$$$F(B
+$B@0Ns$5$;$^$9(B ($B8=:_$N%Q%1%C%H?t(B)$B!#(B
 .El
 .Pp
 $B@_Dj$r4JC1$K$9$k$?$a$K!"%k!<%k$r%U%!%$%k$K5-=R$7$F!"(B
@@ -156,27 +207,29 @@
 .Ar file
 $B$r(B 1 $B9T$:$D!"(B
 .Nm
-$B%3%^%s%I$X$N0z?t$H$7$FFI$_9~$_$^$9!#(B
+$B%f!<%F%#%j%F%#$X$N0z?t$H$7$FFI$_9~$_$^$9!#(B
 .Pp
 .Fl p Ar preproc
 $B$r;HMQ$7$F!"(B
 .Ar file
 $B$,%Q%$%W$5$l$k%W%j%W%m%;%C%5$r;XDj$9$k$3$H$b$G$-$^$9!#(B
-$BM-MQ$J%W%j%W%m%;%C%5$K$O(B
+$BM-MQ$J%W%j%W%m%;%C%5$K$O!"(B
 .Xr cpp 1
 $B$H(B
 .Xr m4 1
 $B$,$"$j$^$9!#(B
 .Ar preproc
-$B$N:G=i$NJ8;z$,%9%i%C%7%e$+$i;O$^$i$J$$>l9g!"(B
+$B$N:G=i$NJ8;z$,%9%i%C%7%e(B
+.Pq Ql /
+$B$+$i;O$^$i$J$$>l9g!"(B
 .Ev PATH
-$B$r;HMQ$7$?DL>o$NL>A08!:w9T$o$l$^$9!#(B
+$B$r;HMQ$7$?DL>o$NL>A08!:w$,9T$o$l$^$9!#(B
 .Nm
 $B$,<B9T$5$l$k$H$-$^$G$KA4%U%!%$%k%7%9%F%`$,(B ($B$^$@(B) $B%^%&%s%H$5$l$J$$$h$&$J4D6-(B
-($BNc$($P(B NFS $B7PM3$G%^%&%s%H$5$l$k>l9g(B) $B$G$O!"K\7o$KCm0U$7$F$/$@$5$$!#(B
+($BNc$($P(B NFS $B7PM3$G%^%&%s%H$5$l$k>l9g(B) $B$G$O!"$3$N$3$H$KCm0U$7$F$/$@$5$$!#(B
 $B$R$H$?$S(B
 .Fl p
-$B$,;XDj$5$l$k$H!"%*%W%7%g%s$N(B
+$B$,;XDj$5$l$k$H!"%*%W%7%g%s$H$7$F(B
 .Fl D
 $B$H(B
 .Fl U
@@ -185,34 +238,40 @@
 $B=@Fp@-$N$"$k@_Dj%U%!%$%k$r:n@.2DG=$H$J$j!"(BIP $B%"%I%l%9$N$h$&$K(B
 $BIQHK$KI,MW$H$J$k0z?t$r=8Cf4IM}$9$k$?$a$N%^%/%m$r;HMQ2DG=$H$J$j$^$9!#(B
 .Pp
-$B8e=R$N(B ``$B%H%i%U%#%C%/%7%'%$%Q@_Dj(B'' $B$N@a$K$"$k$h$&$K!"(B
+$B8e=R$N(B
+.Sx $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
+$B$N@a$G<($9$h$&$K!"(B
 .Nm
-.Ar pipe
+.Cm pipe
 $B%3%^%s%I$r;HMQ$7$F!"%H%i%U%#%C%/%7%'%$%Q$r9=C[2DG=$G$9!#(B
 .Pp
 .Sh $B%k!<%k=q<0(B
 .Nm
 $B%k!<%k%U%)!<%^%C%H$O<!$NDL$j$G$9!#(B
-.Pp
-.Op prob Ar match_probability
+.Bd -ragged
+.Op Cm prob Ar match_probability
 .Ar action
-.Op log Op Ar logamount Ar number
+.Op Cm log Op Cm logamount Ar number
 .Ar proto
-from
-.Ar src
-to
-.Ar dst
-.Op interface-spec
+.Cm from Ar src
+.Cm to Ar dst
+.Op Ar interface-spec
 .Op Ar options
+.Ed
 .Pp
-$B0J2<$N>pJs$r4p$K3F%Q%1%C%H$r%U%#%k%?$9$k$3$H$,=PMh$^$9!#(B
+$B3F%Q%1%C%H$r%U%#%k%?$9$k:]$K$O!"0J2<$N>pJs$K4p$E$/$3$H$,$G$-$^$9!#(B
 .Pp
-.Bl -tag -offset indent -compact -width xxxx
-.It $BAw<u?.%$%s%?%U%'!<%9(B ($BL>A0$^$?$O%"%I%l%9(B)
-.It $BJ}8~(B ($BF~NO$^$?$O=PNO(B)
-.It $BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B ($B%^%9%/;HMQ2D(B)
-.It $B%W%m%H%3%k(B (TCP, UDP, ICMP $BEy(B)
-.It $BAw?.85$*$h$S08@h%]!<%H(B ($B%j%9%H!"HO0O!"%^%9%/$N$$$:$l$+(B)
+.Bl -tag -width "$BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B" -offset indent -compact
+.It $BAw<u?.%$%s%?%U%'!<%9(B
+($BL>A0$^$?$O%"%I%l%9(B)
+.It $BJ}8~(B
+($BF~NO$^$?$O=PNO(B)
+.It $BAw?.85$*$h$S08@h(B IP $B%"%I%l%9(B
+($B%^%9%/;HMQ2D(B)
+.It $B%W%m%H%3%k(B
+(TCP, UDP, ICMP $BEy(B)
+.It $BAw?.85$*$h$S08@h%]!<%H(B
+($B%j%9%H!"HO0O!"%^%9%/$N$$$:$l$+(B)
 .It TCP $B%U%i%0(B
 .It IP $B%U%i%0%a%s%H%U%i%0(B
 .It IP $B%*%W%7%g%s(B
@@ -221,87 +280,93 @@
 .El
 .Pp
 $BAw?.85(B IP $B%"%I%l%9$d08@h(B TCP/UDP $B%]!<%H$K$h$k%U%#%k%?$O(B
-$B4m81$J$3$H$KCm0U$7$F$/$@$5$$!#(B
+$B4m81$,$"$k$3$H$KCm0U$7$F$/$@$5$$!#(B
 $B$J$<$J$i!"$3$l$i$N:>>N$O4JC1$@$+$i$G$9!#(B
-.Pp
-.Ar prob match_probability
-.Bd -ragged -offset flag
+.Bl -tag -width indent
+.It Cm prob Ar match_probability
 $B;XDj$7$?3NN((B (0 $B$+$i(B 1 $B$^$G$NIbF0>.?tE@?t$G$9(B)
 $B$G$N$_%^%C%A$,@k8@$5$l$^$9!#(B
-$B%i%s%@%`$K%Q%1%C%H$rMn$H$9MQES$d!"(B
-.Pf ( Xr dummynet 4
-$B$H6&$K;HMQ$7$F(B)
-$BJ#?t%Q%9$r%7%_%e%l!<%H$7$F%Q%1%C%HG[Aw=g=x$rMp$l$5$;$kMQES$J$I$KM-MQ$G$9!#(B
-.Ed
-.Pp
-.Ar action :
-.Bl -hang -offset flag -width 1234567890123456
-.It Ar allow
+$B%i%s%@%`$K%Q%1%C%H$rMn$H$91~MQ$H$7$FMQ$$$k>l9g$d!"(B
+.Po
+.Xr dummynet 4
+$B$H6&$K;HMQ$7$F(B
+.Pc
+$B%Q%1%C%HE~C#=g=x$NMp$l$r0z$-5/$3$9J#?t7PO)$N8z2L$r%7%_%e%l!<%H$9$k:]$K(B
+$BM-MQ$G$9!#(B
+.It Ar action :
+.Bl -tag -width indent
+.It Cm allow
 $B%^%C%A$9$k%Q%1%C%H$rDL2a$5$;!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Ar pass ,
-.Ar permit ,
-.Ar accept
-$B$HF1$8$G$9!#(B
-.It Ar deny
+.Cm pass ,
+.Cm permit ,
+.Cm accept
+$B$O$3$l$NJLL>$G$9!#(B
+.It Cm deny
 $B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.Ar drop
+.Cm drop
 $B$O(B
-.Ar deny
-$B$HF1$8$G$9!#(B
-.It Ar reject
-($B2ACM$,Dc2<$7$F$$$^$9!#(B)
+.Cm deny
+$B$NJLL>$G$9!#(B
+.It Cm reject
+.Pq $B$3$N;HMQ$O?d>)$5$l$^$;$s(B
 $B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
-ICMP $B$N(B host unreachable $B$rAw?.$7$F!"=*N;$7$^$9!#(B
-.It Ar unreach code
+ICMP $B$N(B host unreachable $B$rAw?.$7!"(B
+$B%^%C%A%s%0$r=*N;$7$^$9!#(B
+.It Cm unreach Ar code
 $B%^%C%A$9$k%Q%1%C%H$rGK4~$7!"(B
 ICMP $B$N(B unreachable $B$K(B
 .Ar code
-$B$rIU$1$FAw?.$7$^$9!#(B
+$B$rIU$1$FAw?.$7$^$9!#$3$3$G!"(B
 .Ar code
 $B$O!"(B0 $B$+$i(B 256 $B$^$G$N?t;z!"$b$7$/$O!"0J2<$KNs5s$9$kJLL>$N$$$:$l$+$G$9(B:
-.Ar net,
-.Ar host ,
-.Ar protocol ,
-.Ar port ,
-.Ar needfrag ,
-.Ar srcfail ,
-.Ar net-unknown ,
-.Ar host-unknown ,
-.Ar isolated ,
-.Ar net-prohib ,
-.Ar host-prohib ,
-.Ar tosnet ,
-.Ar toshost ,
-.Ar filter-prohib ,
-.Ar host-precedence ,
-.Ar precedence-cutoff
-$B!#Aw?.8e!"=*N;$7$^$9!#(B
-.It Ar reset
-TCP $B%Q%1%C%H$N$_$KBP1~!#(B
-$B%Q%1%C%H$rGK4~$7!"(BTCP $B$N(B (RST) $B$rAw?.$7!"=*N;$7$^$9!#(B
-.It Ar count
-$B%^%C%A$9$k%Q%1%C%H$N%+%&%s%?$r99?7$7!"0zB3$-%^%C%A%s%0$r9T$J$$$^$9!#(B
-.It Ar divert port
+.Cm net , host , protocol , port ,
+.Cm needfrag , srcfail , net-unknown , host-unknown ,
+.Cm isolated , net-prohib , host-prohib , tosnet ,
+.Cm toshost , filter-prohib , host-precedence ,
+.Cm precedence-cutoff
+$B!#%^%C%A%s%0$O=*N;$7$^$9!#(B
+.It Cm reset
+TCP $B%Q%1%C%H$N$_BP>]!#(B
+$B%Q%1%C%H$rGK4~$7!"(BTCP $B$N(B reset (RST) $B$rAw?.$7!"(B
+$B%^%C%A%s%0$r=*N;$7$^$9!#(B
+.It Cm count
+$B%k!<%k$K%^%C%A$9$k%Q%1%C%H$9$Y$F$N%+%&%s%?$r99?7$7!"(B
+$B0zB3$-%^%C%A%s%0$r9T$J$$$^$9!#(B
+.It Cm check-state
+$BF0E*%k!<%k=89g$KBP$7$F%Q%1%C%H$N%A%'%C%/$r9T$J$$$^$9!#(B
+$B%^%C%A$7$?>l9g!"%^%C%A%s%0$O=*N;$7$^$9!#(B
+$B%^%C%A$7$J$+$C$?>l9g!"<!$N%k!<%k$K0\$j$^$9!#(B
+.Cm check-state
+$B%k!<%k$,8+$D$+$i$J$$$H$-$O!"F0E*%k!<%k=89g$O:G=i$N(B
+.Cm keep-state
+$B%k!<%k$N>l=j$G%A%'%C%/$5$l$^$9!#(B
+.It Cm divert Ar port
 $B%^%C%A$9$k%Q%1%C%H$r(B
 .Ar port 
 $B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
 .Xr divert 4
 $B%=%1%C%H$KAw$j!"%^%C%A%s%0$r=*N;$7$^$9!#(B
-.It Ar tee port
+.It Cm tee Ar port
 $B%^%C%A$9$k%Q%1%C%H$N%3%T!<$r(B
 .Ar port
 $B$G;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$F$$$k(B
 .Xr divert 4
 $B%=%1%C%H$KAw$j$^$9!#(B
 $B8!:w$r=*N;$7!"85$N%Q%1%C%H$O<uM}$5$l$^$9(B
-($B$?$@$78e=R$N%P%0$r;2>H$7$F$/$@$5$$(B)$B!#(B
-.It Ar fwd ipaddr Op ,port
+.Po
+$B$?$@$78e=R$N(B
+.Sx $B%P%0(B
+$B$r;2>H$7$F$/$@$5$$(B
+.Pc "$B!#(B"
+.It Cm fwd Ar ipaddr Ns Xo
+.Op , Ns Ar port
+.Xc
 $B%^%C%A$7$?%Q%1%C%H$N<!$N%[%C%W$r(B
 .Ar ipaddr
 $B$KJQ99$7$^$9!#$3$l$O%I%C%HIU$-(B 4 $B$DAH$N(B IP $B%"%I%l%9$G$b%[%9%HL>$G$b$h$$$G$9!#(B
 .Ar ipaddr
 $B$,D>@\E~C#2DG=$J%"%I%l%9$G$O$J$$>l9g!"$=$N(B IP $B$KBP$7$F(B
-$B%m!<%+%k%k!<%F%#%s%0%F!<%V%k$G$_$D$+$k7PO)$r;HMQ$7$^$9!#(B
+$B%m!<%+%k%k!<%F%#%s%0%F!<%V%k$G$_$D$+$C$?7PO)$r;HMQ$7$^$9!#(B
 .Ar ipaddr
 $B$,%m!<%+%k%"%I%l%9$N>l9g!"(B
 $B%j%b!<%H%[%9%H$+$i$3$N%7%9%F%`$K%Q%1%C%H$,E~Ce$9$k$H!"(B
@@ -314,111 +379,114 @@
 $B$3$l$OF)2aE*%W%m%-%7%5!<%P$N$?$a$K$"$j$^$9!#(B
 IP $B$,(B $B%m!<%+%k%"%I%l%9$G$O$J$$>l9g!"%]!<%HHV9f$O(B ($B;XDj$5$l$F$$$F$b(B) $BL5;k$5$l!"(B
 $B%k!<%k$O%7%9%F%`$+$i=P$F9T$/%Q%1%C%H$KBP$7$F$N$_E,MQ$5$l$^$9!#(B
-$B$^$?!"(B
-$B%Q%1%C%H%m!<%+%k$K@8@.$5$l$?;~$K$b%"%I%l%9$r%m!<%+%k%]!<%H$K%^%C%W$7$^$9!#(B
-$B8!:w$O%k!<%k$,%^%C%A$7$?$H$-$K=*N;$7$^$9!#(B
-$B%]!<%HHV9f$,M?$($i$l$J$+$C$?>l9g!"%Q%1%C%HCf$N%]!<%HHV9f$,;HMQ$5$l!"(B
-$B30It%^%7%s$N%]!<%H(B Y $B$X$N%Q%1%C%H$O(B $B%m!<%+%k%]!<%H(B Y $B$XE>Aw$5$l$^$9!#(B
+$B%Q%1%C%H$,%m!<%+%k$K@8@.$5$l$?$H$-$K$O!"%"%I%l%9$r%m!<%+%k%]!<%H$K(B
+$B%^%C%W$7$^$9!#(B
+$B8!:w$O$3$N%k!<%k$,%^%C%A$7$?$H$-$K=*N;$7$^$9!#(B
+$B%]!<%HHV9f$,M?$($i$l$J$+$C$?>l9g!"(B
+$B30It%^%7%s$N%]!<%H(B Y $B$X$N%Q%1%C%H$O(B $B%m!<%+%k%]!<%H(B Y $B$XE>Aw$5$l$k$h$&$K!"(B
+$B%Q%1%C%HCf$N%]!<%HHV9f$,;HMQ$5$l$^$9!#(B
 $B%+!<%M%k$O!"(B
 $B%*%W%7%g%s(B IPFIREWALL_FORWARD $BIU$-$G%3%s%Q%$%k$5$l$F$$$kI,MW$,$"$j$^$9!#(B
-.It Ar pipe pipe_nr
+.It Cm pipe Ar pipe_nr
 $B%Q%1%C%H$r(B
 .Xr dummynet 4
-``$B%Q%$%W(B'' $B$XEO$7$^$9(B ($B%P%s%II}@)8B!"CY1dEy$N$?$a(B)$B!#(B
+.Dq $B%Q%$%W(B
+$B$XEO$7$^$9(B ($B%P%s%II}@)8B!"CY1dEy$N$?$a(B)$B!#(B
 $B99$J$k>pJs$K$D$$$F$O(B
 .Xr dummynet 4
 $B%^%K%e%"%k%Z!<%8$r;2>H$7$F$/$@$5$$!#(B
 $B8!:w$O=*N;$7$^$9!#(B
-$B$7$+$7!"%Q%$%W$+$iH4$1$?$H$-$K(B sysctl $BJQ?t(B
-net.inet.ip.fw.one_pass $B$,%;%C%H$5$l$F$$$J$$>l9g!"(B
+$B$7$+$7!"%Q%$%W$+$iH4$1$?$H$-$K(B
+.Xr sysctl 8
+$BJQ?t(B
+.Em net.inet.ip.fw.one_pass
+$B$,%;%C%H$5$l$F$$$J$$>l9g!"(B
 $B%Q%1%C%H$O%U%!%$%"%&%)!<%k%3!<%I$X:FEYEO$5$l$F<!$N%k!<%k$+$i3+;O$7$^$9!#(B
-.It Ar skipto number
+.It Cm skipto Ar number
 .Ar number
 $B$h$j>.$5$JHV9f$N%k!<%k$rHt$S1[$7$F!"(B
 .Ar number
 $B0J>e$NHV9f$N%k!<%k$G:G=i$KB8:_$9$k$b$N$+$i!"%^%C%A%s%0$r7QB3$7$^$9!#(B
 .El
-.Pp
-.Ar log Op Ar logamount Ar number
-.Bd -ragged -offset flag
+.It Cm log Op Cm logamount Ar number
 $B%+!<%M%k$,(B
 .Dv IPFIREWALL_VERBOSE
 $B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g$K!"(B
-.Ar log
+.Cm log
 $B%-!<%o!<%I$,;XDj$5$l$F$$$k%k!<%k$H%^%C%A$7$?;~!"(B
 $B%a%C%;!<%8$r%3%s%=!<%k$XI=<($7$^$9!#(B
-$B$b$7!"(B
+$B%+!<%M%k$,!"(B
 .Dv IPFIREWALL_VERBOSE_LIMIT
 $B%*%W%7%g%sIU$-$G%3%s%Q%$%k$5$l$F$$$k>l9g!"(B
 $B%G%U%)%k%H$G$O!"(B
 $B0lO"$N%k!<%k$KBP$7;XDj$5$l$?%Q%1%C%H(B
 $B?t$r<u?.$7$?8e!"%a%C%;!<%8$NI=<($rCf;_$7$^$9!#(B
 $B$7$+$7(B
-.Ar logamount Ar number
+.Cm logamount Ar number
 $B$,;HMQ$5$l$?>l9g!"(B
 .Dv IPFIREWALL_VERBOSE_LIMIT
 $B$NBe$j$K$3$N(B
 .Ar number
 $B$,%G%U%)%k%H$N%m%0@)8B$K$J$j$^$9!#(B
-$B%m%.%s%0%+%&%s%?$^$?$O%Q%1%C%H%+%&%s%?$r%/%j%"$9$l$P!"(B
-$B%m%.%s%0$O:F$SM-8z$K$J$j$^$9!#(B
+$B$3$N%(%s%H%j$KBP$9$k%m%.%s%0%+%&%s%?$^$?$O%Q%1%C%H%+%&%s%?$r(B
+$B%/%j%"$9$l$P!"%m%.%s%0$O:F$SM-8z$K$J$j$^$9!#(B
 .Pp
 $B%3%s%=!<%k%m%0$H%G%U%)%k%H%m%0@)8B?t$O!"(B
 .Xr sysctl 8
 $B$rDL$8$F(B MIB $B%Y!<%9(B
 .Dv net.inet.ip.fw
-$B$K$FD>@\@_Dj$G$-$^$9!#(B
-.Ed
-.Pp
-.Ar proto :
-.Bd -ragged -offset flag
+$B$K$FF0E*$K@_Dj$G$-$^$9!#(B
+.It Ar proto
 $BL>A0$^$?$O?tCM$G;XDj$9$k(B IP $B%W%m%H%3%k(B ($B>\:Y$O(B
 .Pa /etc/protocols
-$B$N%j%9%H$r;2>H$N;v(B)$B!#(B
-.Ar ip
+$B$N%j%9%H$r;2>H$N$3$H(B)$B!#(B
+.Cm ip
 $B$^$?$O(B
-.Ar all
+.Cm all
 $B$N%-!<%o!<%I$r;HMQ$9$k$H!"$9$Y$F$N%W%m%H%3%k$,%^%C%A$7$^$9!#(B
-.Ed
-.Pp
-.Ar src 
-$B$H(B
-.Ar dst :
-.Bd -ragged -offset flag
-.Ar <address/mask> Op Ar ports
+.It Ar src No $B$H(B Ar dst :
+.Aq Ar address Ns / Ns Ar mask
+.Op Ar ports
 .Pp
-.Em <address/mask>
+.Aq Ar address Ns / Ns Ar mask
 $B$O0J2<$N$h$&$K;XDj$G$-$^$9!#(B
-.Pp
-.Bl -hang -offset 0n -width 1234567890123456
+.Bl -tag -width indent
 .It Ar ipno
-IP $BHV9f$r(B 1.2.3.4 $B$N7A<0$G;XDj$7$^$9!#;XDj$5$l$?%"%I%l%9$N$_$,%^%C%A$7$^$9!#(B
-.It Ar ipno/bits
+IP $BHV9f$r(B 1.2.3.4 $B$N7A<0$G;XDj$7$^$9!#(B
+$B$3$N(B IP $BHV9f$K$N$_%^%C%A$7$^$9!#(B
+.It Ar ipno Ns / Ns Ar bits
 IP $BHV9f$H%M%C%H%^%9%/$NI}$r(B 1.2.3.4/24 $B$N7A<0$G;XDj$7$^$9!#(B
-$B$3$N>l9g$O(B 1.2.3.0 $B$+$i(B 1.2.3.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
-.It Ar ipno:mask
+$B$3$NNc$N>l9g$O(B 1.2.3.0 $B$+$i(B 1.2.3.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
+.It Ar ipno Ns : Ns Ar mask
 IP $BHV9f$H%M%C%H%^%9%/$r(B 1.2.3.4:255.255.240.0 $B$N7A<0$G;XDj$7$^$9!#(B
 $B$3$N>l9g$O(B 1.2.0.0 $B$+$i(B 1.2.15.255 $B$N%"%I%l%9$,%^%C%A$7$^$9!#(B
 .El
 .Pp
-$B%"%I%l%9$NA0$K(B ``not'' $B$rIU$1$k$3$H$K$h$C$F!"%^%C%A$N0UL#$rH?E>$5$;$k(B
-$B$3$H$,$G$-$^$9(B ($B;XDj$5$l$?%"%I%l%90J30$NAm$F$N%"%I%l%9$,%^%C%A$7$^$9(B)$B!#(B
-$B$3$l$O%]!<%HHV9f$K$O1F6A$7$^$;$s!#(B
+$B%"%I%l%9$NA0$K(B
+.Cm not
+$B$rIU$1$k$3$H$K$h$C$F!"%^%C%A$N0UL#$rH?E>$5$;$k(B
+$B$3$H$,$G$-$^$9(B ($B;XDj$5$l$?%"%I%l%90J30$N$9$Y$F$N%"%I%l%9$,%^%C%A$7$^$9(B)$B!#(B
+$B$3$l$O%]!<%HHV9f$NA*Br$K$O1F6A$7$^$;$s!#(B
 .Pp
 TCP $B$H(B UDP $B$G$O$5$i$K!"(B
 .Em ports
 $B$r0J2<$N$h$&$K;XDj$G$-$^$9!#(B
-.Pp
-.Bl -hang -offset flag
-.It Ns {port|port-port|port:mask} Ns Op ,port Ns Op ,...
-.El
+.Bd -ragged -offset indent
+.Sm off
+.Eo \&{
+.Ar port |
+.Ar port No \&- Ar port |
+.Ar port : mask
+.Ec \&} Op , Ar port Op , Ar ...
+.Sm on
+.Ed
 .Pp
 $B5-9f(B
-.Ql -
+.Ql \&-
 $B$K$h$kI=8=$O!"%]!<%HHO0O(B ($BN>C<4^$`(B) $B$r;XDj$7$^$9!#(B
 .Pp
 $B5-9f(B
-.Ql \:
+.Ql \&:
 $B$K$h$kI=8=$O!"%]!<%H$H%^%9%/$r;XDj$7$^$9!#(B
 $B%^%C%A$,@k8@$5$l$k$N$O!"(B
 $B%Q%1%C%HCf$N%]!<%HHV9f$,%k!<%kCf$N%]!<%HHV9f$K%^%C%A$9$k$H$-$G$9$,!"(B
@@ -427,75 +495,79 @@
 $B%]!<%HHV9f$NBe$o$j$K(B ($B%U%!%$%k(B
 .Pa /etc/services
 $B$+$i<h$C$?(B) $B%5!<%S%9L>$r;HMQ$G$-$^$9!#(B
-port-port $B$N=q<0$G!":G=i$NCM$K8B$jHO0O;XDj$G$-$^$9!#(B
+$B%]!<%HHO0O;XDj$N=q<0$O!":G=i$NCM$H$7$F$N$_;XDj$G$-$^$9!#(B
 $BNs5s=PMh$k%]!<%H?t$O(B  
 .Pa /usr/src/sys/netinet/ip_fw.h 
 $B$G(B
 .Dv IP_FW_MAX_PORTS
 $B$H$7$FDj5A$5$l$F$$$^$9!#(B
-.Ql \e
+$B%P%C%/%9%i%C%7%e(B
+.Pq Ql \e
 $B$r;HMQ$9$k$3$H$K$h$j!"%5!<%S%9L>Cf$N(B
-.Ql -
+.Pq Ql -
 $BJ8;z$r%(%9%1!<%W2DG=$G$9(B:
 .Pp
 .Dl ipfw add count tcp from any ftp\e\e-data-ftp to any
 .Pp
 $BCGJR2=$5$l$?%Q%1%C%H$G%*%U%;%C%H$,Hs(B 0 $B$N$b$N(B
 ($B$9$J$o$A!":G=i$NCGJR$G$O$J$$$b$N(B) $B$O!"(B
-1 $B$D0J>e$N%]!<%H;EMM$r;}$D%k!<%k$K$O%^%C%A$7$^$;$s!#(B
+1 $B$D0J>e$N%]!<%H;XDj$r;}$D%k!<%k$K$O%^%C%A$7$^$;$s!#(B
 $BCGJR2=$5$l$?%Q%1%C%H$X$N%^%C%A%s%0$K4X$9$k>\:Y$O(B
-.Ar frag
+.Cm frag
 $B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
-.Pp
-.Ed
-.Ar interface-spec :
-.Pp
-.Bd -ragged -offset flag
+.It Ar interface-spec
 $B<!$N;XDj;R$NAH$_9g$o$;$r;HMQ2DG=$G$9(B:
-.Bl -hang -offset 0n -width 1234567890123456
-.It Ar in
+.Bl -tag -width "via ipno"
+.It Cm in
 $BF~NO%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
-.It Ar out
+.It Cm out
 $B=PNO%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
-.It Ar via ifX
+.It Cm via Ar ifX
+$B%Q%1%C%H$O%$%s%?%U%'!<%9(B
 .Ar ifX
-$B$rDL2a$9$k%Q%1%C%H$r;XDj$7$^$9!#(B
-.It Ar via if*
+$B$rDL2a$;$M$P$J$j$^$;$s!#(B
+.It Cm via Ar if Ns Cm *
+$B%Q%1%C%H$O%$%s%?%U%'!<%9(B
 .Ar ifX
-$B$rDL2a$9$k%Q%1%C%H$r;XDj$7$^$9!#(BX $B$O$$$:$l$+$N%f%K%C%H$NHV9f$G$9!#(B
-.It Ar via any
+$B$rDL2a$;$M$P$J$j$^$;$s!#$3$N(B
+.Ar X
+$B$O$I$s$J%f%K%C%HHV9f$G$b$+$^$$$^$;$s!#(B
+.It Cm via any
+$B%Q%1%C%H$O(B
 .Em $B$$$:$l$+(B
-$B$N%$%s%?%U%'!<%9$rDL2a$9$k%Q%1%C%H$r;XDj$7$^$9!#(B
-.It Ar via ipno
-IP $B%"%I%l%9$,(B
+$B$N%$%s%?%U%'!<%9$rDL2a$;$M$P$J$j$^$;$s!#(B
+.It Cm via Ar ipno
+$B%Q%1%C%H$O!"(B
+IP $B%"%I%l%9(B
 .Ar ipno
-$B$N%$%s%?%U%'!<%9$rDL2a$9$k%Q%1%C%H$r;XDj$7$^$9!#(B
+$B$r;}$D%$%s%?%U%'!<%9$rDL2a$;$M$P$J$j$^$;$s!#(B
 .El
 .Pp
-.Ar via
+.Cm via
 $B$rMQ$$$k$H!">o;~;XDj$5$l$?%$%s%?%U%'!<%9$,%A%'%C%/$5$l$^$9!#(B
-.Ar recv
+.Cm recv
 $B$d(B
-.Ar xmit
+.Cm xmit
 $B$r!"(B
-.Ar via
+.Cm via
 $B$NBe$o$j$K;XDj$9$k$H!"(B
-$B<u?.!"$b$7$/$OAw?.%$%s%?%U%'!<%9$N$_$,(B ($B3F!9$K(B) $B%A%'%C%/$5$l$^$9!#(B
+$B<u?.!"$b$7$/$OAw?.%$%s%?%U%'!<%9$N$_$,(B ($B$*$N$*$N(B) $B%A%'%C%/$5$l$^$9!#(B
 $BN>J}$r;XDj$9$l$P!"(B
-$B<u?.$HAw?.$NN>J}$N%$%s%?%U%'!<%9$rDL$k%Q%1%C%H$r;XDj$G$-$^$9!#(B
+$B<u?.%$%s%?%U%'!<%9$HAw?.%$%s%?%U%'!<%9$NN>J}$K4p$E$-%Q%1%C%H$r(B
+$B%^%C%A$5$;$k$3$H$,2DG=$K$J$j$^$9!#(B
 $BNc(B :
 .Pp
 .Dl "ipfw add 100 deny ip from any to any out recv ed0 xmit ed1"
 .Pp
-.Ar recv
+.Cm recv
 $B$G;XDj$7$?%$%s%?%U%'!<%9$G$O!"<u?.$HAw?.!"N>J}$N%Q%1%C%H$r%A%'%C%/$G$-$^$9!#(B
 $B$=$l$KBP$7!"(B
-.Ar xmit
+.Cm xmit
 $B$G;XDj$7$?%$%s%?%U%'!<%9$G$O!"Aw?.%Q%1%C%H$N$_$H$J$j$^$9!#(B
 $B$=$l$f$($K!"(B
-.Ar xmit
+.Cm xmit
 $B$r;XDj$9$k$H(B
-.Ar out
+.Cm out
 $B$,!"I,?\$G$9(B (
 .Ar in
 $B$OIT2D(B)$B!#(B
@@ -506,21 +578,42 @@
 .Ar recv
 $B$r;XDj$9$k;v$O$G$-$^$;$s!#(B
 .Pp
-$B8D!9$N%Q%1%C%H$O!"<u?.MQ$J$$$7Aw?.MQ%$%s%?%U%'!<%9$r;}$?$J$$$+$b$7$l$^$;$s!#(B
+$B%Q%1%C%H$O!"<u?.MQ$J$$$7Aw?.MQ%$%s%?%U%'!<%9$r;}$?$J$$>l9g$,$"$j$^$9!#(B
 $B%m!<%+%k%[%9%H$GH/@8$7$?%Q%1%C%H$K$O<u?.MQ$N%$%s%?%U%'!<%9$O$"$j$^$;$s$7!"(B
 $B%m!<%+%k%[%9%HFb08$N%Q%1%C%H$K$OAw?.MQ%$%s%?%U%'!<%9$O$"$j$^$;$s!#(B
-.Ed
+.It Ar options :
+.Bl -tag -width indent
+.It Cm keep-state Op Ar method
+$B%^%C%A$N:]$K!"%U%!%$%"%&%)!<%k$,F0E*%k!<%k$r@8@.$7$^$9!#$3$N%k!<%k$N(B
+$B%G%U%)%k%H$NF0:n$O!"F10l%W%m%H%3%k$rMQ$$$kH/?.85$H08@h$N(B IP/port
+$B4V$GAPJ}8~$KDL2a$9$k%Q%1%C%H$X$N%^%C%A$G$9!#(B
+$B$3$N%k!<%k$N@8B84|4V$OM-8B$G$9(B (
+.Xr sysctl 8
+$BJQ?t$N=89g$K$h$j@)8f$5$l$^$9(B)$B!#$3$N@8B84|4V$O!"%Q%1%C%H$N%^%C%A$,(B
+$B@8$8$k$?$S$K99?7$5$l$^$9!#(B
 .Pp
-.Ar options :
-.Bl -hang -offset flag -width 1234567890123456
-.It frag
-$B%Q%1%C%H$,CGJR(B ($B%U%i%0%a%s%H(B) $B2=$5$l$?%G!<%?%0%i%`$N0lIt$G!"$+$D%G!<%?%0%i%`$N(B
-$B@hF,$NCGJR$G$J$$>l9g$K%^%C%A$7$^$9!#(B
-.Ar frag
+$B<B:]$NF0:n$O!"0[$J$k(B
+.Ar method
+$B$r;XDj$9$k$3$H$K$h$jJQ99$,2DG=$G$9!#(B
+.It Cm bridged
+$B%V%j%C%8$5$l$k%Q%1%C%H$K$N$_%^%C%A$7$^$9!#(B
+$B$3$l$O%^%k%A%-%c%9%H$d%V%m!<%I%-%c%9%H$N%Q%1%C%H$r07$&:]$KM-MQ$G$9!#(B
+$B$3$l0J30$NJ}K!$G$O!"%Q%1%C%H$O!"%V%j%C%8$N:]$K0lEY!"(B
+$B%m!<%+%k%9%?%C%/$KEO$5$l$k:]$K$b$&0lEY$H!"(B
+$B%U%!%$%"%&%)!<%k$r(B 2 $BEYDL2a$7$F$7$^$$$^$9!#(B
+.Pp
+$B%Q%U%)!<%^%s%9>e$N$o$:$+$JB;<:$O$H$b$+$/!"(B
+.Em pipe
+$B$rMQ$$$k:]$K$bLdBj$K$J$j$^$9!#$3$l$O!"%P%s%II}!"%-%e!<@jM-EY$J$I$N(B
+$B%+%&%s%?$K4X$7$F!"F1$8%Q%1%C%H$,(B 2 $BEY%+%&%s%H$5$l$F$7$^$&$?$a$G$9!#(B
+.It Cm frag
+$B%Q%1%C%H$,CGJR(B ($B%U%i%0%a%s%H(B) $B2=$5$l$?%G!<%?%0%i%`$N0lIt$G!"(B
+$B$+$D%G!<%?%0%i%`$N@hF,$NCGJR$G$J$$>l9g$K%^%C%A$7$^$9!#(B
+.Cm frag
 $B$r!"(B
-.Ar tcpflags
-$B$d(B TCP/UDP $B%]!<%H;EMM$H6&$K;HMQ$9$k$3$H$O$G$-$^$;$s!#(B
-.It ipoptions Ar spec
+.Cm tcpflags
+$B$d(B TCP/UDP $B%]!<%H;XDj$H6&$K;HMQ$9$k$3$H$O$G$-$^$;$s!#(B
+.It Cm ipoptions Ar spec
 IP $B%X%C%@$,!"(B
 .Ar spec 
 $B$K;XDj$5$l$?%3%s%^$G6h@Z$i$l$?%*%W%7%g%s$N%j%9%H$r4^$`>l9g$K$N$_%^%C%A$7$^$9!#(B
@@ -534,123 +627,142 @@
 (record packet route),
 .Ar ts 
 (timestamp) $B$G$9!#(B
-``!'' $B$K$h$C$F!"FCDj$N%*%W%7%g%s$r4^$a$J$$$h$&;XDj$G$-$^$9!#(B
-.It established
+.Ql !
+$B$K$h$C$F!"FCDj$N%*%W%7%g%s$r4^$^$J$$;XDj$,5-=R$G$-$^$9!#(B
+.It Cm established
+TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
 RST $B$^$?$O(B ACK $B%S%C%H$,%;%C%H$5$l$F$$$k%Q%1%C%H$N$_%^%C%A$7$^$9!#(B
-$B$3$N%S%C%H$,%;%C%H$5$l$k$3$H$,$"$k$N$O(B TCP $B$N%Q%1%C%H$N$_$G$9!#(B
-.It setup
+.It Cm setup
+TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
 SYN $B%S%C%H$,%;%C%H$5$l(B ACK $B$,%;%C%H$5$l$F$$$J$$%Q%1%C%H$N$_%^%C%A$7$^$9!#(B
-$B$3$N%S%C%H$,%;%C%H$5$l$k$3$H$,$"$k$N$O(B TCP $B$N%Q%1%C%H$N$_$G$9!#(B
-.It tcpflags Ar spec
+.It Cm tcpflags Ar spec
+TCP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
 TCP $B%X%C%@$,(B
 .Ar spec 
 $B$K;XDj$5$l$?%3%s%^$G6h@Z$i$l$?%U%i%0$N%j%9%H$r4^$`>l9g$K$N$_%^%C%A$7$^$9!#(B
 $B%5%]!<%H$5$l$F$$$k%U%i%0$O!"(B
 .Pp
-.Ar fin ,
-.Ar syn ,
-.Ar rst ,
-.Ar psh ,
-.Ar ack ,
-.Ar urg 
+.Cm fin ,
+.Cm syn ,
+.Cm rst ,
+.Cm psh ,
+.Cm ack ,
+.Cm urg 
 $B$G$9!#(B
-``!'' $B$K$h$C$F!"FCDj$N%U%i%0$r4^$a$J$$$h$&;XDj$G$-$^$9!#(B
-.Ar tcpflags
-$B;EMM$r4^$`%k!<%k$OHs(B 0 $B$N%*%U%;%C%H$r;}$DCGJR2=$5$l$?%Q%1%C%H$K(B
+.Ql !
+$B$K$h$C$F!"FCDj$N%U%i%0$r4^$^$J$$;XDj$r5-=R$G$-$^$9!#(B
+.Cm tcpflags
+$B;XDj$r4^$`%k!<%k$O!"Hs(B 0 $B$N%*%U%;%C%H$r;}$DCGJR2=$5$l$?%Q%1%C%H$K(B
 $B%^%C%A$9$k$3$H$O$"$j$^$;$s!#(B
 $BCGJR2=$5$l$?%Q%1%C%H$K4X$9$k%^%C%A$K$D$$$F$N>\:Y$O(B
-.Ar frag
+.Cm frag
 $B%*%W%7%g%s$r;2>H$7$F$/$@$5$$!#(B
-.It icmptypes Ar types
+.It Cm icmptypes Ar types
+ICMP $B%Q%1%C%H$N$_$KE,MQ$5$l$^$9!#(B
 ICMP $B%?%$%W$,(B
 .Ar types 
-$B$G;XDj$5$l$?%j%9%HCf$KB8:_$9$k>l9g$K$N$_E,MQ$5$l$k%k!<%k$H$J$j$^$9!#(B
-$B%j%9%H$O%l%s%8$NAH$_9g$o$;$G$b!"3F%?%$%W$r%3%s%^$G6h@Z$C$?$b$N$G$b$I$A$i$G$b(B
-$B$+$^$$$^$;$s!#(B
+$B$G;XDj$5$l$?%j%9%HCf$KB8:_$9$k>l9g$K$N$_%^%C%A$7$^$9!#(B
+$B%j%9%H$OHO0O;XDj$G$b!"%?%$%W$*$N$*$N$r%3%s%^$G6h@Z$C$?$b$N$G$b(B
+$B$I$A$i$NAH$_9g$o$;$G$b$+$^$$$^$;$s!#(B
 $B%5%]!<%H$5$l$F$$$k(B ICMP $B%?%$%W$O<!$NDL$j$G$9(B:
 .Pp
 $B%(%3!<JVEz(B
-.Pq Ar 0 ,
+.Pq Cm 0 ,
 $B=*E@ITE~C#(B
-.Pq Ar 3 ,
+.Pq Cm 3 ,
 $BH/?.M^@)(B
-.Pq Ar 4 ,
+.Pq Cm 4 ,
 $B%j%@%$%l%/%H(B
-.Pq Ar 5 ,
+.Pq Cm 5 ,
 $B%(%3!<MW5a(B
-.Pq Ar 8 ,
+.Pq Cm 8 ,
 $B%k!<%?9-9p(B
-.Pq Ar 9 ,
+.Pq Cm 9 ,
 $B%k!<%?MW@A(B
-.Pq Ar 10 ,
+.Pq Cm 10 ,
 $B;~4VD62a(B
-.Pq Ar 11 ,
+.Pq Cm 11 ,
 IP $B%X%C%@0[>o(B
-.Pq Ar 12 ,
+.Pq Cm 12 ,
 $B%?%$%`%9%?%s%WMW5a(B
-.Pq Ar 13 ,
+.Pq Cm 13 ,
 $B%?%$%`%9%?%s%W1~Ez(B
-.Pq Ar 14 ,
+.Pq Cm 14 ,
 $B>pJsMW5a(B
-.Pq Ar 15 ,
+.Pq Cm 15 ,
 $B>pJsJVEz(B
-.Pq Ar 16 ,
+.Pq Cm 16 ,
 $B%"%I%l%9%^%9%/MW5a(B
-.Pq Ar 17 ,
+.Pq Cm 17 ,
 $B%"%I%l%9%^%9%/1~Ez(B
-.Pq Ar 18
-.It Ar uid user
+.Pq Cm 18
+.It Cm uid Ar user
 .Ar user
 $B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
 $B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
 .Ar user
 $B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
-.It Ar gid group
+.It Cm gid Ar group
 .Ar group
 $B$,Aw?.$7$?$^$?$O<u?.$9$k!"(B
 $B$9$Y$F$N(B TCP $B%Q%1%C%H$H(B UDP $B%Q%1%C%H$K%^%C%A$7$^$9!#(B
 .Ar group
 $B$O!"L>A0$G$b(B ID $BHV9f$G$b%^%C%A$7$^$9!#(B
 .El
+.El
 .Sh $B%H%i%U%#%C%/%7%'%$%Q@_Dj(B
 .Nm
-$B$O!"(B
+$B%f!<%F%#%j%F%#$O!"(B
 .Xr dummynet 4
-$B%H%i%U%#%C%/%7%'%$%Q$X$N%f!<%6%$%s%?%U%'!<%9$G$b$"$j$^$9!#(B
+$B%H%i%U%#%C%/%7%'%$%Q$X$N%f!<%6%$%s%?%U%'!<%9$bDs6!$7$^$9!#(B
 $B%7%'%$%Q$O!"%Q%1%C%H$r(B
-.Ar pipe
+.Em pipe
 ($B%Q%$%W(B) $B$H8F$P$l$k%*%V%8%'%/%H$XEO$9$3$H$K$h$C$FF0:n$7$^$9!#(B
 $B%Q%$%W$O!"M?$($i$l$?%P%s%II}!"CY1d;~4V!"%-%e!<$ND9$5!"%Q%1%C%HAS<:N($r(B
-$B%(%_%e%l!<%H$7$^$9!#(B
+$B$b$D%j%s%/$r%(%_%e%l!<%H$7$^$9!#(B
 .Nm
 $B%Q%$%W@_Dj=q<0$O<!$NDL$j$G$9!#(B
 .Pp
-.Ar pipe number config
-.Op bw Ar bandwidth
-.Op queue Ar {slots|size}
-.Op delay Ar delay-ms
-.Op plr Ar loss-probability
-.Op mask Ar {all | {dst-ip|src-ip|dst-port|src-port|proto} bitmask}
-.Op buckets Ar hash-table-size
+.Cm pipe Ar number Cm config
+.Op Cm bw Ar bandwidth
+.Oo
+.Cm queue
+.Es \&{ \&}
+.En Ar slots | size
+.Oc
+.Op Cm delay Ar ms-delay
+.Op Cm plr Ar loss-probability
+.Op Cm mask Ar mask-specifier
+.Op Cm buckets Ar hash-table-size
 .Pp
 $B<!$N%Q%i%a!<%?$r%Q%$%W$KBP$7$F@_Dj2DG=$G$9(B:
-.Bl -hang -offset flag -width 1234567890
-.It bw Ar bandwidth
-$B%P%s%II}$G$"$j!"(B
-.Ar [K|M]{bit/s|Byte/s}
-$B$G;XDj$7$^$9!#(B
+.Bl -tag -width indent
+.It Cm bw Ar bandwidth
+$B%P%s%II}$G$"$j!"C10L$O(B
+.Sm off
+.Oo
+.Cm K | M
+.Oc Eo \&{
+.Cm bit/s | Byte/s
+.Ec \&}
+.Sm on
+$B$GB,Dj$7$^$9!#(B
+.Pp
 $BCM(B 0 ($B%G%U%)%k%H(B) $B$OL58B$N%P%s%II}$r0UL#$7$^$9!#(B
-$BC10L$O?tCM$ND>8e$KB3$/I,MW$,$"$j!"(B
+$BC10L$O?tCM$ND>8e$KB3$1$F=q$/I,MW$,$"$j!"(B
 .Dl "ipfw pipe 1 config bw 300Kbit/s queue 50KBytes"
 $B$N$h$&$K$7$^$9!#(B
-.It delay Ar ms-delay
+.It Cm delay Ar ms-delay
 $BCY1d;~4V$G$"$j!"%_%jICC10L$G;XDj$7$^$9!#(B
-$BCM$O!"<!$N%/%m%C%/%F%#%C%/(B 
+$BCM$O!"%/%m%C%/%F%#%C%/$NG\?t(B
 ($BE57?E*$K$O(B 10ms $B$G$9$,!"(B
 $B%+!<%M%k$r(B "options HZ=1000" $B$GF0:n$5$;$F@:EY$r(B 1ms $B0J2<$K$9$k$HNI$$(B
 $B$3$H$,7P83E*$KCN$i$l$F$$$^$9(B) $B$K4]$a$i$l$^$9!#(B
 $B%G%U%)%k%HCM$O(B 0 $B$G$"$j!"CY1dL5$7$r0UL#$7$^$9!#(B
-.It queue Ar {slots|size}
+.It Cm queue Xo
+.Es \&{ \&}
+.En Ar slots | size Ns Cm Kbytes
+.Xc
 $B%-%e!<$NBg$-$5$G$"$j!"%9%m%C%H?t$+(B KBytes $B$G$9!#(B
 $B%G%U%)%k%HCM$O(B 50 $B%9%m%C%H$G$"$j!"(B
 $B%$!<%5%M%C%H%G%P%$%9$NE57?E*$J%-%e!<$NBg$-$5$G$9!#(B
@@ -662,33 +774,40 @@
 $B$h$jBg$-$J(B MTU $B$N%$%s%?%U%'!<%9$+$i%Q%1%C%H$r<u$1<h$k$H$-$K$O!"(B
 $B$h$j0-$$7k2L$H$J$j$^$9!#(B
 $BNc$($P!"%k!<%W%P%C%/%$%s%?%U%'!<%9$K$*$$$F(B 16KB $B%Q%1%C%H$r<u$1<h$k$H$-$G$9!#(B
-.It plr packet-loss-rate
+.It Cm plr Ar packet-loss-rate
 $B%Q%1%C%HAS<:N($G$9!#(B
-NN $B$OIbF0>.?tE@?t$G$"$j!"(B
+$B0z?t(B
+.Ar packet-loss-rate
+$B$O(B 0 $B$H(B 1 $B$N4V$NIbF0>.?tE@?t$G$"$j!"(B
 0 $B$OAS<:L5$7$r0UL#$7!"(B1 $B$O(B 100% $B$NAS<:$r0UL#$7$^$9!#(B
 $BAS<:N($OFbItE*$K$O(B 31 $B%S%C%H$GI=8=$5$l$^$9!#(B
-.It mask Ar mask-specifier
-dummynet $B$G$O!"C10l%Q%$%W;XDj$r;HMQ$7$F!"%U%m!<Kh$N%-%e!<$r@8@.2DG=$G$9!#(B
+.It Cm mask Ar mask-specifier
+.Xr dummynet 4
+$B$G$O!"%Q%$%W;XDj0l$D$G!"%U%m!<$4$H$N%-%e!<$r@8@.2DG=$G$9!#(B
 $B%U%m!<<1JL;R$O!"%Q%$%W@_Dj$K$*$$$F;XDj$5$l$k(B
 IP $B%"%I%l%9!"%]!<%H!"%W%m%H%3%k%?%$%W$G%^%9%/$9$k$3$H$G9=C[$5$l$^$9!#(B
-$B%^%9%/8e$KF1$8(B ID $B$r;}$D%Q%1%C%H$O!"F1$8%-%e!<$KMn$A$^$9!#(B
+$B%^%9%/8e$KF1$8<1JL;R$r;}$D%Q%1%C%H$O!"F1$8%-%e!<$KMn$A$^$9!#(B
 $B;HMQ2DG=$J%^%9%/;XDj;R$O!"<!$rAH$_9g$o$;$?$b$N$G$9(B:
-.Ar dst-ip mask , src-ip mask ,
-.Ar dst-port mask , src-port mask ,
-.Ar proto mask ,
-.Ar all
+.Cm dst-ip Ar mask ,
+.Cm src-ip Ar mask ,
+.Cm dst-port Ar mask ,
+.Cm src-port Ar mask ,
+.Cm proto Ar mask ,
+.Cm all
 $B!#(B
 $B:G8e$N;XDj;R$O!"(B
 $B$9$Y$F$N%U%#!<%k%I$N$9$Y$F$N%S%C%H$,=EMW$G$"$k$3$H$r0UL#$7$F$$$^$9!#(B
-.It buckets Ar NN
+.It Cm buckets Ar hash-table-size
 $BMM!9$J%-%e!<$r3JG<$9$k$?$a$K;HMQ$9$k%O%C%7%eI=$NBg$-$5$r;XDj$7$^$9!#(B
-$B%G%U%)%k%HCM$O(B 64 $B$G$"$j!"(Bsysctl $BJQ?t(B
-.Ar net.inet.ip.dummynet.hash_size
+$B%G%U%)%k%HCM$O(B 64 $B$G$"$j!"(B
+.Xr sysctl 8
+$BJQ?t(B
+.Em net.inet.ip.dummynet.hash_size
 $B$G@)8f$5$l!";HMQ2DG=$JHO0O$O(B 16 $B$+$i(B 1024 $B$G$9!#(B
 .El
 .Sh $B%A%'%C%/%j%9%H(B
 $B%k!<%k$r9=@.$9$k:]$K9MN8$9$Y$-=EMW$JE@$r=R$Y$^$9!#(B
-.Bl -bullet -hang -offset flag 
+.Bl -bullet
 .It 
 $B$+$J$i$:Aw?.%Q%1%C%H$H<u?.%Q%1%C%H$NN>J}$N%Q%1%C%H$r%U%#%k%?%j%s%0$7$^$9!#(B
 $B$[$H$s$I$N%M%C%H%o!<%/%3%M%/%7%g%s$G$O%Q%1%C%H$,APJ}8~$KN.$l$k$3$H$,I,MW$G$9!#(B
@@ -704,17 +823,19 @@
 $B$3$l$O%Q%1%C%H$H$7$F$OM-8z$J$b$N$G$9$,!"MxMQL\E*$O%U%!%$%"%&%)!<%k$r(B
 $B$+$$$/$0$k$3$H$7$+$"$j$^$;$s!#(B
 .Pp
-$B%M%C%H%o!<%/1[$7$K%m%0%$%s$7$F$$$k>l9g!"(BKLD $BHG$N(B
+$B%M%C%H%o!<%/1[$7$K%m%0%$%s$7$F$$$k>l9g!"(B
+.Xr kld 4
+$B%P!<%8%g%s$N(B
 .Nm
 $B$r%m!<%I$9$k$3$H$O$=$l$[$IC1=c$J$3$H$G$O$"$j$^$;$s!#(B
 $B0J2<$N%3%^%s%I$r>)$a$^$9!#(B
-.Bd -literal -offset center
+.Bd -literal -offset indent
 kldload /modules/ipfw.ko && \e
-ipfw add 32000 allow all from any to any
+ipfw add 32000 allow ip from any to any
 .Ed
 .Pp
 $B$3$l$K0zB3$-!"F1$8$h$&$J>u67$G(B
-.Bd -literal -offset center
+.Bd -literal -offset indent
 ipfw flush
 .Ed
 .Pp
@@ -725,13 +846,62 @@
 .Xr init 8
 $B$r;2>H$7$F$/$@$5$$(B)$B!#(B
 .Sh $B%Q%1%C%H$N9T$-@hJQ99(B
-$B;XDj$5$l$?%]!<%H$r8+$F$$$k%=%1%C%H$O!"(B
+$B;XDj$5$l$?%]!<%H$K%P%$%s%I$5$l$?(B
+.Xr divert 4
+$B%=%1%C%H$O!"(B
 $B$=$N%]!<%H$X9T$-@hJQ99$5$l$?%Q%1%C%H$r!"(B
 $BA4It<u$1$H$j$^$9!#(B
-.Xr divert 4 
-$B$r;2>H$7$F2<$5$$!#%]!<%H$r8+$F$$$k%=%1%C%H$,$J$$>l9g$d%+!<%M%k$,%Q%1%C%H$N(B
-$B9T$-@hJQ99$r%5%]!<%H$9$k$h$&$K$O%3%s%Q%$%k$5$l$F$$$J$$>l9g!"(B
+$B08@h%]!<%H$K%P%$%s%I$5$l$?%=%1%C%H$,$J$$>l9g$d!"(B
+$B%+!<%M%k$,%Q%1%C%H$N9T$-@hJQ99%=%1%C%H$r%5%]!<%H$9$k$h$&$K$O(B
+$B%3%s%Q%$%k$5$l$F$$$J$$>l9g!"(B
 $B%Q%1%C%H$OGK4~$5$l$^$9!#(B
+.Sh SYSCTL $BJQ?t(B
+$B%U%!%$%"%&%)!<%k$NF0:n$r@)8f$9$k(B
+.Xr sysctl 8
+$BJQ?t$N=89g$,$"$j$^$9!#$3$l$i$r!"%G%U%)%k%H$NCM$H0UL#$H$H$b$K(B
+$B0J2<$K<($7$^$9!#(B
+.Bl -tag -width indent
+.It Em net.inet.ip.fw.debug : No 1
+.Nm ipfw
+$B$,@8@.$9$k%G%P%C%0%a%C%;!<%8$r@)8f$7$^$9!#(B
+.It Em net.inet.ip.fw.one_pass : No 1
+$B%;%C%H$5$l$k$H!"%U%!%$%"%&%)!<%k$NDL2a$,(B 1 $B2s$@$15v$5$l$k$h$&$K(B
+$B$J$j$^$9!#%;%C%H$5$l$J$$>l9g!"(Bpipe $B$d9T$-@hJQ99=hM}$N$"$H!"(B
+$B%Q%1%C%H$O:F$S%U%!%$%"%&%)!<%k$KA^F~$5$l!"<!$N%k!<%k$+$i:F3+$5$l$^$9!#(B
+.It Em net.inet.ip.fw.verbose : No 1
+$B>iD9$J%a%C%;!<%8$r=PNO$9$k$h$&$K$7$^$9!#(B
+.It Em net.inet.ip.fw.enable : No 1
+$B%U%!%$%"%&%)!<%k$rF0:n2DG=$K$7$^$9!#(B
+$B$3$NJQ?t$r(B 0 $B$K@_Dj$9$k$H!"%U%!%$%"%&%)!<%k$r%3%s%Q%$%k$7$F(B
+$B;E9~$s$G$$$F$b%U%!%$%"%&%)!<%k$J$7$GF0:n$7$^$9!#(B
+.It Em net.inet.ip.fw.verbose_limit : No 0
+$B>iD9$J%U%!%$%"%&%)!<%k$,@8@.$9$k%a%C%;!<%8$N?t$r@)8B$7$^$9!#(B
+.It Em net.inet.ip.fw.dyn_buckets : No 256
+.It Em net.inet.ip.fw.curr_dyn_buckets : No 256
+$BF0E*%k!<%k$rJ];}$9$k$?$a$K;HMQ$9$k%O%C%7%eI=$N@_Dj%5%$%:$H(B
+$B8=:_$N%5%$%:$G$9!#$3$NCM$O(B 2 $B$N$Y$->h$K$9$kI,MW$,$"$j$^$9!#(B
+$B%O%C%7%eI=$N%5%$%:$NJQ99$O!"I=$,6u$N>l9g$N$_9T$J$o$l$^$9!#(B
+$B$7$?$,$C$F!"<B9TCf$KI=$N%5%$%:$rJQ99$9$k$?$a$K$O!"(B
+.Cm flush
+$B$7$F%k!<%k=89g$r:F%m!<%I$9$kI,MW$,$"$k$G$7$g$&!#(B
+.It Em net.inet.ip.fw.dyn_count : No 3
+$B8=:_$NF0E*%k!<%k$N?t$G$9(B
+.Pq $BFI$_9~$_@lMQ(B
+$B!#(B
+.It Em net.inet.ip.fw.dyn_max : No 1000
+$BF0E*%k!<%k$N:GBgCM$G$9!#$3$N8B3&$K$$$-$D$/$H!"(B
+$B8E$$%k!<%k$,L58z$K$J$k$^$G$O!"$=$l0J>e!"F0E*%k!<%k$r(B
+$BAH$_9~$`$3$H$O$G$-$^$;$s!#(B
+.It Em net.inet.ip.fw.dyn_ack_lifetime : No 300
+.It Em net.inet.ip.fw.dyn_syn_lifetime : No 20
+.It Em net.inet.ip.fw.dyn_fin_lifetime : No 20
+.It Em net.inet.ip.fw.dyn_rst_lifetime : No 5
+.It Em net.inet.ip.fw.dyn_short_lifetime : No 30
+$B$3$l$i$NCM$O!"F0E*%k!<%k$N@8B84|4V$rICC10L$G%3%s%H%m!<%k$7$^$9!#(B
+$B:G=i$N(B SYN $B8r49$N:]$K!"@8B84|4V$,(B short $B$K$J$j!"(B
+SYN $B$rN>J}$H$b8+$?8e$KA}$d$5$l!":G8e$N(B FIN $B8r49$N4V!"(B
+$B$^$?$O(B RST $B$,@8$8$k:]$K:F$S8:$i$5$l$^$9!#(B
+.El
 .Sh $B;HMQNc(B
 $B<!$N%3%^%s%I$O(B
 .Em cracker.evil.org
@@ -739,15 +909,59 @@
 .Em wolf.tambov.su
 $B$N(B telnet $B%]!<%H$XAw$i$l$k$9$Y$F$N(B TCP $B%Q%1%C%H$r5qH]$9$k%k!<%k$rDI2C$7$^$9!#(B
 .Pp
-.Dl ipfw add deny tcp from cracker.evil.org to wolf.tambov.su 23
+.Dl "ipfw add deny tcp from cracker.evil.org to wolf.tambov.su telnet"
 .Pp 
 $B<!$N%3%^%s%I$O%/%i%C%+!<$N%M%C%H%o!<%/A4BN$+$i%[%9%H(B my $B$X$N(B
 $B$9$Y$F$N%3%M%/%7%g%s$r5qH]$7$^$9!#(B
 .Pp
-.Dl ipfw add deny all from 123.45.67.0/24 to my.host.org
+.Dl "ipfw add deny ip from 123.45.67.0/24 to my.host.org"
+.Pp
+$B:G=i$K8zN(NI$/(B ($BF0E*%k!<%k$rMQ$$$:$K(B) $B%"%/%;%9$r@)8B$9$kJ}K!$O!"(B
+$B<!$N%k!<%k$rMQ$$$k$3$H$G$9!#(B
+.Pp
+.Dl "ipfw add allow tcp from any to any established"
+.Dl "ipfw add allow tcp from net1 portlist1 to net2 portlist2 setup"
+.Dl "ipfw add allow tcp from net3 portlist3 to net3 portlist3 setup"
+.Dl "..."
+.Dl "ipfw add deny tcp from any to any"
+.Pp
+$B:G=i$N%k!<%k$ODL>o$N(B TCP $B%Q%1%C%H$K$9$0$K%^%C%A$7$^$9$,!"(B
+$B:G=i$N(B SYN $B%Q%1%C%H$K$O%^%C%A$7$^$;$s!#(B
+$B;XDj$7$?H/?.85(B/$B08@h$NAH$N(B SYN $B%Q%1%C%H$N$_!"<!$N(B
+.Cm setup
+$B%k!<%k$K%^%C%A$7$^$9!#$3$l$i0J30$N(B SYN $B%Q%1%C%H$O!":G8e$N(B
+.Cm deny
+$B%k!<%k$K$h$j5Q2<$5$l$^$9!#(B
+.Pp
+$B$K$;$N(B TCP $B%Q%1%C%H$r4^$`E\Es$N967b(B (flood attack) $B$+$i(B
+$B%5%$%H$rJ]8n$9$k$?$a$K$O!"<!$NF0E*%k!<%k$rMQ$$$?J}$,0BA4$G$9!#(B
+.Pp
+.Dl "ipfw add check-state"
+.Dl "ipfw add deny tcp from any to any established"
+.Dl "ipfw add allow tcp from my-net to any setup keep-state"
+.Pp
+$B$3$l$i$N%k!<%k$K$h$j!"%U%!%$%"%&%)!<%k$O!"<+J,$?$A$N%M%C%H%o!<%/$N(B
+$BFbB&$+$iE~Ce$9$kDL>o$N(B SYN $B%Q%1%C%H$G;O$^$k%3%M%/%7%g%s$KBP$7$F(B
+$B$N$_F0E*%k!<%k$rAH$_9~$_$^$9!#F0E*%k!<%k$O!":G=i$N(B
+.Cm check-state
+$B%k!<%k!"$^$?$O!"(B
+.Cm keep-state
+$B%k!<%k$KAx6x$7$?;~E@$G%A%'%C%/$5$l$^$9!#(B
+$B%k!<%k=89g$N%9%-%c%sNL$r:G>.$K$9$k$?$a$K!"(B
+.Cm check-state
+$B%k!<%k$O!"%k!<%k=89g$N:G=i$N$[$&$KCV$/$3$H$K$J$k$N$,IaDL$G$9!#(B
+$B<B:]$NG3Hq$OJQF0$7$^$9!#(B
+.Pp
+.Em $BCm0U(B :
+$B%9%F!<%H%U%k$J%k!<%k$O!"E\Es$N(B SYN $B967b$K$h$j6K$a$FBgNL$NF0E*%k!<%k$r(B
+$B:n$C$F$7$^$$!"%5!<%S%9ITG=967b$r<u$1$k$3$H$K$J$k2DG=@-$,$"$j$^$9!#(B
+$B%U%!%$%"%&%)!<%k$NF0:n$r%3%s%H%m!<%k$9$k(B
+.Xr sysctl 8
+$BJQ?t$K=>$$%U%!%$%"%&%)!<%k$,F0:n$9$k$3$H$K$h$C$F!"(B
+$B$3$N$h$&$J967b$N1F6A$rItJ,E*$K$G$b@)8B$9$k$3$H$O$G$-$^$9!#(B
 .Pp
 $B<!$O%+%&%s%H$5$l$F$$$k>pJs$H%?%$%`%9%?%s%W>pJs$r8+$k(B
-.Ar list
+.Cm list
 $B%3%^%s%I$N$h$$Nc$G$9!#(B
 .Pp
 .Dl ipfw -at l
@@ -759,16 +973,19 @@
 $B<!$N%k!<%k$O(B 192.168.2.0/24 $B$+$i$N$9$Y$F$N<u?.%Q%1%C%H$r!"(B5000 $BHV$N%]!<%H$K(B
 $B9T$-@hJQ99$9$k$b$N$G$9!#(B
 .Pp
-.Dl ipfw divert 5000 all from 192.168.2.0/24 to any in
+.Dl ipfw divert 5000 ip from 192.168.2.0/24 to any in
 .Pp
 $B<!$N%k!<%k$O!"(B
-ipfw $B$H(B dummynet $B$N%7%_%e%l!<%7%g%sEy$G$N;HMQJ}K!$r<($7$F$$$^$9!#(B
+.Nm
+$B$H(B
+.Xr dummynet 4
+$B$r%7%_%e%l!<%7%g%s$J$I$G;H$&:]$N;HMQJ}K!$r<($7$F$$$^$9!#(B
 .Pp
 $B$3$N%k!<%k$O(B 5% $B$N3NN($G%i%s%@%`$K%Q%1%C%H$rMn$7$^$9!#(B
 .Pp
 .Dl "ipfw add prob 0.05 deny ip from any to any in"
 .Pp
-$BF1MM$N8z2L$O(B dummynet $B$N%Q%$%W$G<B8=2DG=$G$9(B:
+$BF1MM$N8z2L$O(B dummynet $B%Q%$%W$G<B8=2DG=$G$9(B:
 .Pp
 .Dl "ipfw add pipe 10 ip from any to any"
 .Dl "ipfw pipe 10 config plr 0.05"
@@ -781,9 +998,10 @@
 .Dl "ipfw add pipe 1 ip from 192.168.2.0/24 to any out"
 .Dl "ipfw pipe 1 config bw 300Kbit/s queue 50KBytes"
 .Pp
-.Ql out
+.Cm out
 $B;X<(;R$r;HMQ$7$F$$$k$N$G!"%k!<%k$,(B 2 $BEY;H$o$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B
-ipfw $B%k!<%k$O!"<B:]$K$O!"(B
+.Nm
+$B%k!<%k$O!"<B:]$K$O!"(B
 $BF~NO%Q%1%C%H$H=PNO%Q%1%C%H$NN>J}$KE,MQ$5$l$k$3$H$r3P$($F$*$$$F$/$@$5$$!#(B
 .Pp
 $B%P%s%II}$K@)8B$,$"$kAPJ}8~%j%s%/$r%7%_%e%l!<%H$9$k>l9g!"(B
@@ -814,7 +1032,7 @@
 .Dl "ipfw pipe 1 config delay 250ms bw 1Mbit/s"
 .Dl "ipfw pipe 2 config delay 250ms bw 1Mbit/s"
 .Pp
-$B%U%m!<Kh$N%-%e!<$OMM!9$JMQES$KM-MQ$G$9!#(B
+$B%U%m!<$4$H$N%-%e!<$O$5$^$6$^$JMQES$KM-MQ$G$9!#(B
 $BHs>o$KC1=c$JMQES$O!"%H%i%U%#%C%/$N7W?t$G$9(B:
 .Pp
 .Dl "ipfw add pipe 1 tcp from any to any"
@@ -823,10 +1041,11 @@
 .Dl "ipfw pipe 1 config mask all"
 .Pp
 $B>e=R$N%k!<%k%;%C%H$O!"(B
-$B$9$Y$F$N%H%i%U%#%C%/$KBP$7$F%-%e!<$r@8@.(B ($B$7$FE}7W>pJs$r<}=8(B) $B$7$^$9!#(B
-$B%Q%$%W$K$O@)8B$,$"$j$^$;$s$N$G!"E}7W>pJs$r=8$a$k8z2L$7$+$"$j$^$;$s!#(B
+$B$9$Y$F$N%H%i%U%#%C%/$KBP$9$k%-%e!<$r@8@.(B ($B$7$FE}7W>pJs$r<}=8(B) $B$7$^$9!#(B
+$B%Q%$%W$K$O@)8B$r$D$1$F$$$J$$$N$G!"E}7W>pJs$r=8$a$k8z2L$7$+$"$j$^$;$s!#(B
 $B:G8e$N%k!<%k$@$1$G$J$/(B 3 $B8D$N%k!<%k$,I,MW$J$3$H$KCm0U$7$F$/$@$5$$!#(B
-ipfw $B$,(B IP $B%Q%1%C%H$N%^%C%A$r;n$_$k$H$-$K%]!<%H$r9MN8$7$J$$$?$a!"(B
+.Nm
+$B$,(B IP $B%Q%1%C%H$N%^%C%A$r;n$_$k$H$-$K%]!<%H$r9MN8$7$J$$$?$a!"(B
 $BJL!9$N%]!<%H>e$N@\B3$O2f!9$K$OF1$8$b$N$K8+$($^$9!#(B
 .Pp
 $B$h$j@vN}$5$l$?Nc$O!"(B
@@ -854,26 +1073,27 @@
 .Xr syslogd 8
 .Sh $B%P%0(B
 .Pp
-$BJ8K!$,!"?tG/$GBg$-$/$J$C$F$7$^$$!"Hs>o$Ke:No$@$H$O8@$$Fq$$$G$9!#(B
+$B$3$N?tG/$GJ8K!$,Bg$-$/$J$C$F$7$^$$!"(B
+$BHs>o$K$9$C$-$j$7$F$$$k$H$O8@$$Fq$$$G$9!#(B
 .Pp
 .Em WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!WARNING!!
 .Pp
-$B$3$N%W%m%0%i%`$O%3%s%T%e!<%?$r$+$J$j;H$$$K$/$$>uBV$K$7$F$7$^$&2DG=@-$,$"$j$^$9(B
-$B!#(B
+$B$3$N%W%m%0%i%`$O%3%s%T%e!<%?$r$+$J$j;H$$$K$/$$>uBV$K$7$F$7$^$&(B
+$B2DG=@-$,$"$j$^$9!#(B
 $B$O$8$a$F;HMQ$9$k;~$O%3%s%=!<%k>e$G<B9T$7!"M}2r$7$F$$$J$$A`:n$O(B
 .Em $B@dBP$K<B9T$7$J$$(B
 $B$h$&$K$7$F2<$5$$!#(B
 .Pp
-$BO"B3$7$?%(%s%H%j$NA`:n$b$7$/$ODI2C$K:]$7!"%5!<%S%9L>$d%W%m%H%3%kL>$O;HMQ$G$-$^(B
-$B$;$s!#(B
+$BO"B3$7$?%(%s%H%j$NA`:n$b$7$/$ODI2C$K:]$7!"(B
+$B%5!<%S%9L>$d%W%m%H%3%kL>$O;HMQ$G$-$^$;$s!#(B
 .Pp
 $BF~$C$F$-$?%Q%1%C%H$NCGJR(B ($B%U%i%0%a%s%H(B) $B$,(B
-.Ar divert
+.Cm divert
 $B$K$h$C$F9T$-@h$rJQ99$5$l$k$+(B
-.Ar tee
-$B$5$l$k$H!"%=%1%C%H$KG[Aw$5$l$kA0$K!"AH$_N)$FD>$7$r$7$^$9!#(B
+.Cm tee
+$B$5$l$k$H!"%=%1%C%H$KG[Aw$5$l$kA0$K%Q%1%C%H$O:F9=@.$5$l$^$9!#(B
 .Pp
-.Dq tee
+.Cm tee
 $B%k!<%k$K%^%C%A$9$k%Q%1%C%H$O!"(B
 $BB(;~$K<uM}$5$l$k$Y$-$G$O$J$/!"%k!<%k%j%9%H$r99$KDL$k$Y$-$G$9!#(B
 $B$3$l$O!"0J9_$N%P!<%8%g%s$G=$@5$5$l$k$+$b$7$l$^$;$s!#(B
@@ -886,15 +1106,19 @@
 .Pp
 API $B$O(B
 Daniel Boulet
-$B$,(B BSDI $B8~$1$K5-=R$7$?%3!<%I$K4p$E$$$F$$$^$9!#(B
+$B$,(B BSDI $BMQ$K5-=R$7$?%3!<%I$K4p$E$$$F$$$^$9!#(B
 .Pp
-dummynet $B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp $B$,%5%]!<%H$7$^$7$?!#(B
+.Xr dummynet 4
+$B%H%i%U%#%C%/%7%'%$%Q$O(B Akamba Corp $B$,%5%]!<%H$7$^$7$?!#(B
 .Sh $BNr;K(B
 .Nm
 $B$O!"(B
 .Fx 2.0
 $B$G:G=i$K8=$l$^$7$?!#(B
-.Nm dummynet
+.Xr dummynet 4
 $B$O(B
 .Fx 2.2.8
+$B$+$iF3F~$5$l$^$7$?!#(B
+$B%9%F!<%H%U%k3HD%$O!"(B
+.Fx 4.0
 $B$+$iF3F~$5$l$^$7$?!#(B
