2 .\" $Id: ipfwadm.8,v 1.9 1996/07/30 11:50:51 jos Exp $
5 .\" Copyright (c) 1995,1996 by X/OS Experts in Open Systems BV.
6 .\" All rights reserved.
8 .\" Author: Jos Vos <jos@xos.nl>
10 .\" X/OS Experts in Open Systems BV
15 .\" E-mail: info@xos.nl
16 .\" WWW: http://www.xos.nl/
19 .\" This program is free software; you can redistribute it and/or modify
20 .\" it under the terms of the GNU General Public License as published by
21 .\" the Free Software Foundation; either version 2 of the License, or
22 .\" (at your option) any later version.
24 .\" This program is distributed in the hope that it will be useful,
25 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
26 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 .\" GNU General Public License for more details.
29 .\" You should have received a copy of the GNU General Public License
30 .\" along with this program; if not, write to the Free Software
31 .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
34 .TH IPFWADM 8 "July 30, 1996" "" ""
36 ipfwadm \- IP ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤È¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Î´ÉÍý
38 .BR "ipfwadm -A " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
40 .BR "ipfwadm -I " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
42 .BR "ipfwadm -O " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
44 .BR "ipfwadm -F " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
46 .BR "ipfwadm -M " "[ -l | -s ] [¥ª¥×¥·¥ç¥ó]"
49 ¤Ï¡¢Linux¥«¡¼¥Í¥ë¤Ç¤ÎIP¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤È¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Îµ¬Â§¤ò
50 ÀßÄꡦ¹¹¿·¤ª¤è¤ÓÄ´ºº¤¹¤ë¤¿¤á¤Î¤â¤Î¤Ç¤¢¤ë¡£
51 ¤³¤ì¤é¤ÎÀ©¸æµ¬Â§¤Ï4¤Ä¤Î¼ïÎà¤Ëʬ¤±¤ë»ö¤¬¤Ç¤¤ë¡£¤½¤ì¤é¤Ï¤¹¤Ê¤ï¤Á¡¢
52 IP¥Ñ¥±¥Ã¥È¤Î¥¢¥«¥¦¥ó¥ÈÀ©¸æ(accounting of IP packets)¡¢
53 IPÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP input firewall)¡¢
54 IP½ÐÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP output firewall)¡¢
55 ¤½¤·¤ÆIPžÁ÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP forwarding firewall)
57 ¤³¤ì¤é¤½¤ì¤¾¤ì¤Î¼ïÎà¤Ï¡¢¤½¤ì¤¾¤ìÊ̤ξò·ï¥ê¥¹¥È¤ÇÀ©¸æ¤µ¤ì¤ë¡£
64 ¤Ç»ØÄê²Äǽ¤Ê¥ª¥×¥·¥ç¥ó¤Ï¤¤¤¯¤Ä¤«¤Î¥°¥ë¡¼¥×¤ËʬÎà¤Ç¤¤ë¡£
66 °Ê²¼¤Ë¼¨¤¹¥Õ¥é¥°¤Ï¥³¥Þ¥ó¥É¤ËÍ¿¤¨¤ë¾ò·ï¤Î¼ïÎà¤ò»ØÄꤹ¤ë¤Î¤ËÍѤ¤¤ë¡£:
68 .BR -A " [\fIdirection\fP]"
77 »ØÄꤵ¤ì¤¿ÆþÎÏÊý¸þ¤Þ¤¿¤Ï½ÐÎÏÊý¸þ¤Î¥Ñ¥±¥Ã¥È¤Î¤ß¤¬¥«¥¦¥ó¥È¤µ¤ì¤ë¡£
83 IP ÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¡£
86 IP ½ÐÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¡£
89 IP žÁ÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¡£
98 (set timeout values:¥¿¥¤¥à¥¢¥¦¥ÈÃÍÀßÄê)
99 ¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ß»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
101 ¸·Ì©¤Ë¤Ï¡¢¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Î¤¦¤Á°ì¤Ä¤òɬ¤º»ØÄꤹ¤ë»ö¡£
103 ¼¡¤Ë¼¨¤¹¥ª¥×¥·¥ç¥ó¤Ï¼ÂºÝ¤ÎÆ°ºî¤ò»ØÄꤹ¤ë¤â¤Î¤Ç¤¢¤ë¡£
104 ¤³¤ì¤é¤Î¤¦¤Á°ì¤Ä¤À¤±¤ò½ñ¼°¤Ç¼¨¤µ¤ì¤¿ÊýË¡¤Ç¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ë¤Æ»ØÄꤹ¤ë¡£
106 .BR -a " [\fIpolicy\fP]"
107 ÀßÄꤷ¤¿¾ò·ï¤ÎºÇ¸å¤Ë°ì¤Ä°Ê¾å¤Î¾ò·ï¤òÄɲ乤롣
108 ¥¢¥«¥¦¥ó¥È¾ò·ï¤ÎÀßÄê¤Î¾ì¹ç¤Ï¡¢policy¤ÎÀßÄê¤ò¹Ô¤ï¤Ê¤¤»ö¡£
109 ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¤ÎÀßÄê¤Î¾ì¹ç¤Ï¡¢°Ê²¼¤Ë¼¨¤¹¤¦¤Á¤Î°ì¤Ä¤ò»ØÄꤹ¤ë»ö¡£
115 ¥½¡¼¥¹(¸µ) ¤È¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤Î¥Û¥¹¥È̾¤¬°ì¤Ä°Ê¾å¤Î
116 ¥¢¥É¥ì¥¹¤Ç¤¢¤Ã¤¿¾ì¹ç¤Ï¤½¤ì¤é¤Î¹Í¤¨¤é¤ì¤¦¤ëÁȤ߹ç¤ï¤»¤¬Äɲ䵤ì¤ë¡£
118 .BR -i " [\fIpolicy\fP]"
119 ÀßÄꤷ¤¿¾ò·ï¤ÎÀèƬ¤Ë°ì¤Ä°Ê¾å¤Î¾ò·ï¤òÁÞÆþ¤¹¤ë¡£
124 .BR -d " [\fIpolicy\fP]"
125 ÀßÄꤷ¤¿¾ò·ï¤Î¤¦¤Á¡¢°ì¤Ä°Ê¾å¤Î¾ò·ï¤òºï½ü¤¹¤ë¡£
126 °ÕÌ£¹ç¤¤¤È¤·¤Æ¤ÏÄɲÃ/ÁÞÆþ¥³¥Þ¥ó¥É¤ÈƱ¤¸¤Ç¤¢¤ë¡£
127 »ØÄꤹ¤ë¥Ñ¥é¥á¡¼¥¿¤Ï¤¹¤Ç¤ËÄɲÃ/ÁÞÆþ¤·¤¿¥³¥Þ¥ó¥É¤ÈÁ´¤¯Æ±¤¸¤Ë¤¹¤ë»ö¡£
128 °Û¤Ê¤ë¾ì¹ç¤ÏÉÔ°ìÃפȤʤꡢ¤½¤Î¾ò·ï¤Ïºï½ü¤µ¤ì¤Ê¤¤¡£
129 ¤Þ¤¿¡¢ºÇ½é¤Ë°ìÃפ·¤¿¾ò·ï¤À¤±¤¬ºï½ü¤µ¤ì¤ë¡£
132 ÀßÄꤷ¤¿¾ò·ï¤Î°ìÍ÷¤òɽ¼¨¤¹¤ë¡£
135 (reset counters to zero¡§¥«¥¦¥ó¥¿¤Î£°¥ê¥»¥Ã¥È)¥³¥Þ¥ó¥É¤È
136 ÁȤ߹ç¤ï¤»¤Æ»ÈÍѤǤ¤ë ¡£
137 ¤³¤Î¾ì¹ç¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤Ï¡¢¸½ºß¤ÎÃͤòɽ¼¨¤·¤¿Ä¾¸å¤Ë
140 ¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Ê¤¤¤È¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿(¤¬»ØÄꤵ¤ì¤Æ¤¤¤ì¤Ð)
146 ¤³¤³¤Ç¡¢1K¤Ï1000¤Ç¤¢¤ê¡¢1M¤Ï1000K¤ò°ÕÌ£¤¹¤ë¡£(ºÇ¤â¶á¤¤À°¿ô¤Ë´Ý¤á¤é¤ì¤ë)
151 ¤Î¥Õ¥é¥°¤Î¿¤¯¤Îµ¡Ç½¤â»²¾È¤Î»ö¡£
154 ÀßÄꤷ¤¿¾ò·ï¤Î¥Ñ¥±¥Ã¥È¿ô¤È¥Ð¥¤¥È¿ô¤Î¥«¥¦¥ó¥¿¤ò¥ê¥»¥Ã¥È¤¹¤ë¡£
157 (¥ê¥¹¥È¡§list)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Æ»ÈÍѤ¹¤ë»ö¤¬Â¿¤¤¤Ç¤¢¤í¤¦¡£
160 ÀßÄꤷ¤¿¾ò·ï¤òËõ¾Ã¤¹¤ë¡£
163 ÁªÂò¤·¤¿¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¥¿¥¤¥×¤Î¥Ç¥Õ¥©¥ë¥È¤Î"policy"¤òÊѹ¹¤¹¤ë¡£
169 ¤ÎÆâ¤Î°ì¤Ä¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
170 ¥Ç¥Õ¥©¥ë¥È"policy"¤Ï°ìÃפ¹¤ë¾ò·ï¤¬¤Ê¤¤¾ì¹ç¤Ë»ÈÍѤ¹¤ë¡£
171 ¤³¤ÎÀßÄê¤ÏIP¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤Î¤ß͸ú¤Ç¤¢¤ë¡£¤è¤Ã¤Æ²¼µ¤Î
176 ¤Î¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ¹¤ë¡£
178 .BI -s " tcp tcpfin udp"
179 IP¥Þ¥¹¥«¥ì¡¼¥É¤Ç»ÈÍѤ¹¤ë¥¿¥¤¥à¥¢¥¦¥ÈÃͤòÊѹ¹¤¹¤ë¡£
180 ¤³¤Î¥³¥Þ¥ó¥É¤Ï¾ï¤Ë3¤Ä¤Î¥Ñ¥é¥á¡¼¥¿¤ò¤È¤ê¡¢¤½¤ì¤é¤Ï¤½¤ì¤¾¤ì
181 ÉäÎñ°Ì¤ÇTCP¥»¥·¥ç¥ó¡¢FIN¥Ñ¥±¥Ã¥È¤ò¼õ¤±¤¿¸å¤ÎTCP¥»¥·¥ç¥ó¡¢
182 UDP¥Ñ¥±¥Ã¥È¤Î¥¿¥¤¥à¥¢¥¦¥ÈÃͤòµ½Ò¤¹¤ë¡£
183 ¥¿¥¤¥à¥¢¥¦¥ÈÃͤȤ·¤Æ0¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¸½ºß¤½¤Î¥¨¥ó¥È¥ê¤Ç
184 »ÈÍѤ·¤Æ¤¤¤ëÃͤ¬¤½¤Î¤Þ¤Þ°ú¤·Ñ¤¬¤ì¤ë¡£
187 ¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ß͸ú¤Ç¤¢¤ë¡£
190 ÁªÂò¤·¤¿¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎIP¥Ñ¥±¥Ã¥È¤¬accept(µö²Ä)¡¢
191 deny (ÉÔµö²Ä)¡¢¤Þ¤¿¤Ïreject (µñÀä)¤Ç¤¢¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¡£
197 ¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ß͸ú¤Ç¤¢¤ë¡£
201 ¥³¥Þ¥ó¥É¤ÎµË¡¤ò(¸½ºß¤ÏÈó¾ï¤Ë´Êñ¤Ë)ɽ¼¨¤¹¤ë¡£
203 °Ê²¼¤Ë¼¨¤¹¥Ñ¥é¥á¡¼¥¿¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¡¢delete(ºï½ü)
204 ¤Þ¤¿¤Ïcheck(³Îǧ)¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
207 ÀßÄê¾ò·ï¤Þ¤¿¤Ï³Îǧ¤¹¤Ù¤¥Ñ¥±¥Ã¥È¤Î¥×¥í¥È¥³¥ë¤ò¼¨¤¹¡£
208 µ½Ò¤¹¤ë»ö¤¬¤Ç¤¤ë¥×¥í¥È¥³¥ë¤È¤·¤Æ¤Ï
214 ¤Î¥×¥í¥È¥³¥ë¤Î¤¦¤Á¤Î°ì¤Ä¤Ç¤¢¤ë¡£
216 ¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤È¤ê¤¦¤ë
217 ¤¹¤Ù¤Æ¤Î¥×¥í¥È¥³¥ë¤¬Âоݤˤʤ롣
219 ¤Ïcheck(³Îǧ)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤ÇÍѤ¤¤ë»ö¤Ï¤Ê¤¤¤Ç¤¢¤í¤¦¡£
221 .BR "-S " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]"
222 ¥½¡¼¥¹¤Î»ØÄê(¥ª¥×¥·¥ç¥ó)¡£
224 ¤Ïhost̾¡¢¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¤ª¤è¤ÓIP¥¢¥É¥ì¥¹¤Ë¤è¤ë»ØÄ꤬²Äǽ¤Ç¤¢¤ë¡£
226 ¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥Þ¥¹¥¯¤Ë¤è¤ë»ØÄê¤È¿ôÃͤˤè¤ë»ØÄ꤬²Äǽ¤Ç¤¢¤ê¡¢
227 ¿ôÃͤˤè¤ë»ØÄê¤Ïº¸Â¦¤«¤é¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¥Ó¥Ã¥È¿ô¤ò»ØÄꤹ¤ë¡£
234 ¥½¡¼¥¹¤Ï°ì¤Ä°Ê¾å¤Î¥Ý¡¼¥È¤Þ¤¿¤ÏICMP¥¿¥¤¥×¤ò´Þ¤à¡£
235 ¤½¤ì¤¾¤ì¤Î»ØÄê¤Ïservice̾¡¢portÈֹ桢¤Þ¤¿¤Ï(¿ôÃͤǤÎ)ICMP
237 ¤³¤Î¾Ï¤Î»Ä¤ê¤ÎÉôʬ¤Çµ½Ò¤¹¤ë
239 ¤Ï¡¢portÈÖ¹æ¤Þ¤¿¤ÏICMP¥¿¥¤¥×¤ò¼¨¤¹¡£
240 ¤³¤ì¤é¤Î»ØÄê¤ÎÆâ¡¢portÈÖ¹æ¤ÎÈϰϤò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢
243 ¤µ¤é¤Ë¡¢¥½¡¼¥¹(¸µ)¤È¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤Î»ØÄê¤Ç¤¤ë¹ç·×port
246 (¸½¾õ 10)¤òĶ¤¨¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£
247 ¤³¤³¤Ç¡¢port¤ÎÈÏ°Ï»ØÄê¤Î¾ì¹ç¤Ï£²¤È¿ô¤¨¤ë¡£
249 TCP¡¢UDP¤Þ¤¿¤ÏICMP¥Ñ¥±¥Ã¥È¤Î¡ÖºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç¤Ê¤¤¡×Éôʬ¤Ï¾ï¤Ë
250 ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ëµö²Ä¤µ¤ì¤ë¡£
251 ¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Ë¤ª¤¤¤Æ¤Ï¡¢¤³¤ì¤é¤ÎÆóÈÖÌܰʹߤΥե饰¥á¥ó¥È¤Ï
252 ÆÃÊ̤˰·¤ï¤ì¡¢¼ï¡¹¤ÎÊýË¡¤Ç¥«¥¦¥ó¥È¤Ç¤¤ë¡£
253 portÈÖ¹æ0xFFFF(65535)¤¬ÆóÈÖÌܰʹߤÎTCP¤Þ¤¿¤ÏUDP¥Ñ¥±¥Ã¥È¤È¤·¤Æ
255 ¤³¤ì¤é¤ÎportÈÖ¹æ0xFFFF¤Î¥Ñ¥±¥Ã¥È¤Ï¥¢¥«¥¦¥ó¥ÈÌÜŪ¤ÇÍѤ¤¤é¤ì¤ë¡£
256 0xFF (255)¤ÏICMP¥Ñ¥±¥Ã¥È¤ÎÆóÈÖÌܰʹߤËÁêÅö¤¹¤ë¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤ë¡£
257 ¤Þ¤¿¡¢ICMP¥¿¥¤¥×¤¬0xFF¤Î¥Ñ¥±¥Ã¥È¤Ï¥¢¥«¥¦¥ó¥ÈÌÜŪ¤ÇÍѤ¤¤é¤ì¤ë¡£
258 Ãí°Õ¤¹¤Ù¤¤Ï¡¢µ½Ò¤·¤¿¥³¥Þ¥ó¥É¤ä¥×¥í¥È¥³¥ë¤Ï¡¢port¤ò°ÅÌÛ¤ËÀ©¸Â¤¹¤ë¡£
259 port¤Ï²¼µ¥×¥í¥È¥³¥ë¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ¹¤ë¡£
265 ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥¢¥É¥ì¥¹/¥Í¥Ã¥È¥Þ¥¹¥¯¤È¤·¤Æ
267 (¤¹¤Ù¤Æ¤Î¥¢¥É¥ì¥¹¤ËŬ¹ç¤¹¤ë¤â¤Î)¤¬¥½¡¼¥¹¥¢¥É¥ì¥¹¤È¤·¤Æ»ÈÍѤµ¤ì¤ë¡£
268 ¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ê¡¢É¬¤º1¤Ä¤Î¥Ý¡¼¥È¤¬
269 »ØÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
271 .BR "-D " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]
272 ¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤ò»ØÄꤹ¤ë¡£(¥ª¥×¥·¥ç¥ó)
275 µË¡¡¢¾Êά»þɸ½àÃÍ¡¢¤½¤Î¾¤Î»ØÄê¹àÌܤˤĤ¤¤Æ¤Ï(source¡§¥½¡¼¥¹)¥Õ¥é¥°¤Î¹à¤ò
277 Ãí°Õ¤¹¤Ù¤¤Ï¡¢ICMP¥¿¥¤¥×¤Ï
279 ¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Ï»ÈÍѤǤ¤Ê¤¤¡£¤¹¤Ê¤ï¤Á¡¢
281 ¥Õ¥é¥°¤Î¸å¤Ë»ØÄꤹ¤ë»ö¡£
284 ¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥Ñ¥±¥Ã¥È¤¬¼õ¤±¼è¤é¤ì¤ë¤Þ¤¿¤ÏÁ÷¤é¤ì¤ë»þ¤Ë
285 ·Ðͳ¤¹¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î¥¢¥É¥ì¥¹¤ò»ØÄꤹ¤ë¡£
287 ¤Ïhost̾¤Ç¤â¿ôÃͤˤè¤ëIP¥¢¥É¥ì¥¹¤Ç¤â¤è¤¤¡£
288 host̾¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ï¡¢¤¿¤À°ì¤Ä¤ÎIP¥¢¥É¥ì¥¹¤Ë³ä¤êÅö¤Æ¤é¤ì¤ë¡£
289 ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢¥¢¥É¥ì¥¹¤Ï
291 ¤¬²¾Äꤵ¤ì¡¢ÆÃÊ̤ˤɤΥ¤¥ó¥¿¥Õ¥§¡¼¥¹¥¢¥É¥ì¥¹¤âŬ¹ç¤µ¤ì¤ë¡£
292 ¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ë¡£
295 ¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥Ñ¥±¥Ã¥È¤¬¼õ¤±¼è¤é¤ì¤ë¤Þ¤¿¤ÏÁ÷¤é¤ì¤ë»þ¤Ë
296 ·Ðͳ¤¹¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î̾Á°¤ò»ØÄꤹ¤ë¡£
297 ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢Ì¾Á°¤Ïempty string(¶õʸ»úÎó)¤¬
298 ²¾Äꤵ¤ì¡¢ÆÃÊ̤ˤɤΥ¤¥ó¥¿¥Õ¥§¡¼¥¹Ì¾¤âŬ¹ç¤µ¤ì¤ë¡£
299 ¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ë¡£
301 °Ê²¼¤Ë¼¨¤¹¥ª¥×¥·¥ç¥ó¤¬»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
304 Bidirectional(ÁÐÊý¸þ)¥â¡¼¥É¡£
306 »ØÄꤷ¤¿¾ò·ï¤òÁÐÊý¸þ¤ÎIP¥Ñ¥±¥Ã¥È¤ËŬ¹ç¤¹¤ë¡£
307 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
308 ¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
311 Extended output(³ÈÄ¥½ÐÎÏ)¡£
312 ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤Èlist(¥ê¥¹¥È)¥³¥Þ¥ó¥É¤Ç¤Î½ÐÎϤÇ
313 ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤È(¤â¤·¤¢¤ì¤Ð)ÀßÄê¾ò·ï¤òɽ¼¨¤¹¤ë¡£
314 ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¥ê¥¹¥È¤Ë¤ª¤¤¤Æ¤Ï¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃÍ
315 (¥Ç¥Õ¥©¥ë¥È¤Î¾õÂ֤Ǥϡ¢¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤ò¹Ô¤Ã¤Æ¤¤¤ë¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃÍ
316 ¤Î¤ß¤¬É½¼¨¤µ¤ì¤ë)¤ª¤è¤ÓTOS¥Þ¥¹¥¯¤ò½ÐÎϤ¹¤ë¡£
318 ¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢delta sequence numbers¤Ë´ØÏ¢¤·¤¿
320 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïlist(¥ê¥¹¥È)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ß͸ú¤Ç¤¢¤ë¡£
323 TCP¥Ñ¥±¥Ã¥È¤ÎACK¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Î¤ßŬ¹ç¤¹¤ë¡£
324 (¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¾¤Î¥×¥í¥È¥³¥ë¤Ç¤Ï̵»ë¤µ¤ì¤ë)
325 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
326 ¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
329 žÁ÷ÍѤΥޥ¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤Îµö²Ä¡£
331 ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥Ñ¥±¥Ã¥È¤¬¥í¡¼¥«¥ë¥Û¥¹¥È¤«¤é¤Î
332 ¤â¤Î¤Ç¤¢¤ì¤Ð¥Þ¥¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤È¤·¤Æ°·¤ï¤ì¤ë¡£
333 ¤µ¤é¤Ë¡¢µÕ¸þ¤¤Î¥Ñ¥±¥Ã¥È¤Ï¼«Æ°Åª¤ËµÕ¥Þ¥¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤È¤·¤Æ
334 °·¤ï¤ì¡¢¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤ò¥Ð¥¤¥Ñ¥¹¤¹¤ë¡£
335 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢Å¾Á÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ç"policy"¤È¤·¤Æ
337 (¤Þ¤¿¤Ï¥Ç¥Õ¥©¥ë¥È¤Î"policy"¤È¤·¤Æ
339 ¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç)¤Ë»ÈÍѲÄǽ¤Ç¡¢¤µ¤é¤Ë¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë
341 .B CONFIG_IP_MASQUERADE
342 ¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
345 Numeric output(¿ôÃͤǤνÐÎÏ)¡£
346 IP¥¢¥É¥ì¥¹¤ÈportÈÖ¹æ¤ò¿ôÃͤÇɽ¼¨¤¹¤ë¡£
347 ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¤½¤ì¤é¤ò(¤Ç¤¤ë¤Ê¤é¤Ð)host̾¡¢¥Í¥Ã¥È¥ï¡¼¥¯Ì¾
348 ¤ª¤è¤Óservice̾¤Çɽ¼¨¤¹¤ë¡£
351 Ŭ¹ç¤·¤¿¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥«¡¼¥Í¥ë¥í¥®¥ó¥°¤ò¹Ô¤¦¡£
352 ¤¢¤ë¾ò·ï¤ËÂФ·¤Æ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÀßÄꤹ¤ë¤ÈLinux¥«¡¼¥Í¥ë¤Ï
353 Ŭ¹ç¤·¤¿¥Ñ¥±¥Ã¥È(IP¥Ø¥Ã¥À¥Õ¥£¡¼¥ë¥É¤Î¤Û¤È¤ó¤É)¤Î¾ðÊó¤ò
355 ´Ø¿ô¤ò»È¤Ã¤Æ½ÐÎϤ¹¤ë¡£
356 ¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏLinux¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë
357 .B CONFIG_IP_FIREWALL_VERBOSE
358 ¤òÄêµÁ¤·¤¿¾ì¹ç¤Ë͸ú¤Ç¤¢¤ë¡£
359 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
360 ¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Ç¤Î¤ß͸ú¤Ç¤¢¤ë¡£
362 .BR "-r " [\fIport\fP]
363 ¥í¡¼¥«¥ë¥½¥±¥Ã¥È¤Ë¥ê¥À¥¤¥ì¥¯¥È¤¹¤ë¡£
364 ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¤â¤·¤½¤Î¥Ñ¥±¥Ã¥È¤¬¥ê¥â¡¼¥È¤Î
365 ¥Û¥¹¥È¤«¤éÁ÷¤é¤ì¤¿¤â¤Î¤Ç¤¢¤Ã¤Æ¤â¤³¤Î¾ò·ï¤Ë¤·¤¿¤¬¤Ã¤Æ¥í¡¼¥«¥ë¤Î
366 ¥½¥±¥Ã¥È¤Ë¥ê¥À¥¤¥ì¥¯¥È¤µ¤ì¤ë¡£
367 ¥ê¥À¥¤¥ì¥¯¥È¤ò¹Ô¤¦¥Ý¡¼¥ÈÈֹ椬0¤Î¾ì¹ç(¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë)¤Ï¡¢
368 ¤½¤Î¥Ñ¥±¥Ã¥È¤Î¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Ý¡¼¥È¤¬¥ê¥À¥¤¥ì¥¯¥È¤µ¤ì¤ë
369 ¥Ý¡¼¥È¤È¤·¤ÆÍѤ¤¤é¤ì¤ë¡£
371 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢ÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ç"policy"¤È¤·¤Æ
373 ¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë»ÈÍѲÄǽ¤Ç¡¢¤µ¤é¤Ë¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë
374 .B CONFIG_IP_TRANSPARENT_PROXY
375 ¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
377 .BI "-t " "andmask xormask"
378 IP¥Ø¥Ã¥À¤ÎTOS¥Õ¥£¡¼¥ë¥É¤ò²þÊѤ¹¤ë¤È¤¤ËÍѤ¤¤ë¥Þ¥¹¥¯
379 (¥Þ¥¹¥«¥ì¡¼¥É¤ÎÍ̵¤Ë´Ø¤ï¤é¤º)¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ò·ï¤Ë¤è¤ê
380 ¥Ñ¥±¥Ã¥È¤¬µö²Ä¤µ¤ì¤¿¾ì¹ç¤Ë¡¢¤½¤Î¥Ñ¥±¥Ã¥È¤ÎTOS¥Õ¥£¡¼¥ë¥É¤ËÂФ·¤Æ
381 ½é¤á¤Ë»ØÄꤷ¤¿¥Þ¥¹¥¯ÃͤȥӥåÈËè¤ËAND(ÏÀÍýÀÑ)¤·¡¢¤µ¤é¤Ë¤½¤Î·ë²Ì¤Ë
382 ÂФ·¤Æ¼¡¤Î¥Þ¥¹¥¯ÃͤȥӥåÈËè¤ËXOR(ÇÓ¾ŪÏÀÍýÏÂ)¤ò¹Ô¤¦¡£
383 ¤½¤ì¤¾¤ì¤Î¥Þ¥¹¥¯¤Ï16¿Ê¿ô¤Î8¥Ó¥Ã¥È¤Ç»ØÄꤹ¤ë¡£
384 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
385 ¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ¤Ç¤Î¤ß͸ú¤Ç¤¢¤ê¡¢¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤ä¡¢
386 reject(µñÀä)¤ädeny(ÉÔµö²Ä)¤Î¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ëÀ©¸æ¤Î¥³¥Þ¥ó¥É»þ¤Ë¤Ï
390 Verbose output(¾ÜºÙ½ÐÎÏ)¡£
392 ¾ò·ï¤ä¥Ñ¥±¥Ã¥È¤ÎÄɲᢺï½ü¤ª¤è¤Ó³Îǧ¤Ë¤ª¤¤¤Æ¾ÜºÙ¾ðÊó¤ò½ÐÎϤ¹¤ë¡£
393 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¡¢delete(ºï½ü)
394 ¤Þ¤¿¤Ïcheck(³Îǧ)¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Ç¤Î¤ß͸ú¤Ç¤¢¤ë¡£
397 Expand numbers(³ÈÄ¥¿ôÃͽÐÎÏ)¡£
398 ¥Ñ¥±¥Ã¥È¿ô¤ª¤è¤Ó¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃͤνÐÎϤˤª¤¤¤Æ¡¢K(1000ÇÜ)¤ä
399 M(1000KÇÜ)¤È¤¤¤Ã¤¿´Ý¤á¤¿ÃͤǤϤʤ¯¡¢Àµ³Î¤ÊÃͤò½ÐÎϤ¹¤ë¡£
400 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥«¥¦¥ó¥ÈÃͤ¬½ÐÎϤµ¤ì¤ë¾ì¹ç¤Ë¤Î¤ß͸ú¤Ç¤¢¤ë¡£
406 TCP¥Ñ¥±¥Ã¥È¤ÎSYN¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤ª¤ê¡¢ACK¥Ó¥Ã¥È¤¬¥ê¥»¥Ã¥È
407 ¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Î¤ßŬ¹ç¤¹¤ë¡£
408 (¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¾¤Î¥×¥í¥È¥³¥ë¤Ç¤Ï̵»ë¤µ¤ì¤ë)
409 ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
410 ¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
414 .I /proc/net/ip_input
416 .I /proc/net/ip_output
418 .I /proc/net/ip_forward
420 .I /proc/net/ip_masquerade
427 X/OS Experts in Open Systems BV, Amsterdam, The Netherlands
430 ¼ÆÅÄ (¤Ò) ¾°ÌÀ <shibata@opost1.netspace.or.jp> 1997/02/15 ver. 0.0