Import translated manuals from JM CVS Repository.

[linuxjm/jm.git] / manual / ipfwadm / release / man8 / ipfwadm.8

.\"
.\"     $Id: ipfwadm.8,v 1.9 1996/07/30 11:50:51 jos Exp $
.\"
.\"
.\"     Copyright (c) 1995,1996 by X/OS Experts in Open Systems BV.
.\"     All rights reserved.
.\"
.\"     Author: Jos Vos <jos@xos.nl>
.\"
.\"             X/OS Experts in Open Systems BV
.\"             Kruislaan 419
.\"             1098 VA  Amsterdam
.\"             The Netherlands
.\"
.\"             E-mail: info@xos.nl
.\"             WWW:    http://www.xos.nl/
.\"
.\"
.\"     This program is free software; you can redistribute it and/or modify
.\"     it under the terms of the GNU General Public License as published by
.\"     the Free Software Foundation; either version 2 of the License, or
.\"     (at your option) any later version.
.\"
.\"     This program is distributed in the hope that it will be useful,
.\"     but WITHOUT ANY WARRANTY; without even the implied warranty of
.\"     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\"     GNU General Public License for more details.
.\"
.\"     You should have received a copy of the GNU General Public License
.\"     along with this program; if not, write to the Free Software
.\"     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\"
.TH IPFWADM 8 "July 30, 1996" "" ""
.SH ̾Á°
ipfwadm \- IP ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤È¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Î´ÉÍý
.SH ½ñ¼°
.BR "ipfwadm -A " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
.br
.BR "ipfwadm -I " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
.br
.BR "ipfwadm -O " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
.br
.BR "ipfwadm -F " "¥³¥Þ¥ó¥É ¥Ñ¥é¥á¡¼¥¿ [¥ª¥×¥·¥ç¥ó]"
.br
.BR "ipfwadm -M " "[ -l | -s ] [¥ª¥×¥·¥ç¥ó]"
.SH ÀâÌÀ
.B Ipfwadm
¤Ï¡¢Linux¥«¡¼¥Í¥ë¤Ç¤ÎIP¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤È¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Îµ¬Â§¤ò
ÀßÄꡦ¹¹¿·¤ª¤è¤ÓÄ´ºº¤¹¤ë¤¿¤á¤Î¤â¤Î¤Ç¤¢¤ë¡£
¤³¤ì¤é¤ÎÀ©¸æµ¬Â§¤Ï4¤Ä¤Î¼ïÎà¤Ëʬ¤±¤ë»ö¤¬¤Ç¤­¤ë¡£¤½¤ì¤é¤Ï¤¹¤Ê¤ï¤Á¡¢
IP¥Ñ¥±¥Ã¥È¤Î¥¢¥«¥¦¥ó¥ÈÀ©¸æ(accounting of IP packets)¡¢
IPÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP input firewall)¡¢
IP½ÐÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP output firewall)¡¢
¤½¤·¤ÆIPžÁ÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë(the IP forwarding firewall)
¤Ç¤¢¤ë¡£
¤³¤ì¤é¤½¤ì¤¾¤ì¤Î¼ïÎà¤Ï¡¢¤½¤ì¤¾¤ìÊ̤ξò·ï¥ê¥¹¥È¤ÇÀ©¸æ¤µ¤ì¤ë¡£

¾ÜºÙ¤Ï
.IR ipfw (4)
¤ò»²¾È¤Î»ö¡£
.SH ¥ª¥×¥·¥ç¥ó
.B ipfwadm
¤Ç»ØÄê²Äǽ¤Ê¥ª¥×¥·¥ç¥ó¤Ï¤¤¤¯¤Ä¤«¤Î¥°¥ë¡¼¥×¤ËʬÎà¤Ç¤­¤ë¡£
.SS "CATEGORIES"
°Ê²¼¤Ë¼¨¤¹¥Õ¥é¥°¤Ï¥³¥Þ¥ó¥É¤ËÍ¿¤¨¤ë¾ò·ï¤Î¼ïÎà¤ò»ØÄꤹ¤ë¤Î¤ËÍѤ¤¤ë¡£:
.TP
.BR -A " [\fIdirection\fP]"
IP¥¢¥«¥¦¥ó¥Èµ¬Â§
¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢
.I direction(Êý¸þ)
¤ò»ØÄꤹ¤ë»ö¤¬¤Ç¤­¤ë
.RI ( in (ÆþÎÏÊý¸þ),
.IR out (½ÐÎÏÊý¸þ),
or
.IR both (ÁÐÊý¸þ)),
»ØÄꤵ¤ì¤¿ÆþÎÏÊý¸þ¤Þ¤¿¤Ï½ÐÎÏÊý¸þ¤Î¥Ñ¥±¥Ã¥È¤Î¤ß¤¬¥«¥¦¥ó¥È¤µ¤ì¤ë¡£
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï
.IR both (ÁÐÊý¸þ)
¤Ç¤¢¤ë¡£
.TP
.B -I
IP ÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¡£
.TP
.B -O
IP ½ÐÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¡£
.TP
.B -F
IP žÁ÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¡£
.TP
.B -M
IP ¥Þ¥¹¥«¥ì¡¼¥ÉÀßÄê¡£

¤³¤ÎÀßÄê¤Ï
.B -l
(list:¥ê¥¹¥È) ¤Þ¤¿¤Ï
.B -s
(set timeout values:¥¿¥¤¥à¥¢¥¦¥ÈÃÍÀßÄê) 
¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ß»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.PP
¸·Ì©¤Ë¤Ï¡¢¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Î¤¦¤Á°ì¤Ä¤òɬ¤º»ØÄꤹ¤ë»ö¡£
.SS COMMANDS
¼¡¤Ë¼¨¤¹¥ª¥×¥·¥ç¥ó¤Ï¼ÂºÝ¤ÎÆ°ºî¤ò»ØÄꤹ¤ë¤â¤Î¤Ç¤¢¤ë¡£
¤³¤ì¤é¤Î¤¦¤Á°ì¤Ä¤À¤±¤ò½ñ¼°¤Ç¼¨¤µ¤ì¤¿ÊýË¡¤Ç¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ë¤Æ»ØÄꤹ¤ë¡£
.TP
.BR -a " [\fIpolicy\fP]"
ÀßÄꤷ¤¿¾ò·ï¤ÎºÇ¸å¤Ë°ì¤Ä°Ê¾å¤Î¾ò·ï¤òÄɲ乤롣
¥¢¥«¥¦¥ó¥È¾ò·ï¤ÎÀßÄê¤Î¾ì¹ç¤Ï¡¢policy¤ÎÀßÄê¤ò¹Ô¤ï¤Ê¤¤»ö¡£
¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¾ò·ï¤ÎÀßÄê¤Î¾ì¹ç¤Ï¡¢°Ê²¼¤Ë¼¨¤¹¤¦¤Á¤Î°ì¤Ä¤ò»ØÄꤹ¤ë»ö¡£
.IR accept(µö²Ä) ,
.IR deny (ÉÔµö²Ä),
¤Þ¤¿¤Ï
.IR reject (µñÀä)

¥½¡¼¥¹(¸µ) ¤È¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤Î¥Û¥¹¥È̾¤¬°ì¤Ä°Ê¾å¤Î
¥¢¥É¥ì¥¹¤Ç¤¢¤Ã¤¿¾ì¹ç¤Ï¤½¤ì¤é¤Î¹Í¤¨¤é¤ì¤¦¤ëÁȤ߹ç¤ï¤»¤¬Äɲ䵤ì¤ë¡£
.TP
.BR -i " [\fIpolicy\fP]"
ÀßÄꤷ¤¿¾ò·ï¤ÎÀèƬ¤Ë°ì¤Ä°Ê¾å¤Î¾ò·ï¤òÁÞÆþ¤¹¤ë¡£
¾ÜºÙ¤Ê½ñ¼°¤Ë¤Ä¤¤¤Æ¤Ï
.B -a
¤ò»²¾È¤Î»ö
.TP
.BR -d " [\fIpolicy\fP]"
ÀßÄꤷ¤¿¾ò·ï¤Î¤¦¤Á¡¢°ì¤Ä°Ê¾å¤Î¾ò·ï¤òºï½ü¤¹¤ë¡£
°ÕÌ£¹ç¤¤¤È¤·¤Æ¤ÏÄɲÃ/ÁÞÆþ¥³¥Þ¥ó¥É¤ÈƱ¤¸¤Ç¤¢¤ë¡£
»ØÄꤹ¤ë¥Ñ¥é¥á¡¼¥¿¤Ï¤¹¤Ç¤ËÄɲÃ/ÁÞÆþ¤·¤¿¥³¥Þ¥ó¥É¤ÈÁ´¤¯Æ±¤¸¤Ë¤¹¤ë»ö¡£
°Û¤Ê¤ë¾ì¹ç¤ÏÉÔ°ìÃפȤʤꡢ¤½¤Î¾ò·ï¤Ïºï½ü¤µ¤ì¤Ê¤¤¡£
¤Þ¤¿¡¢ºÇ½é¤Ë°ìÃפ·¤¿¾ò·ï¤À¤±¤¬ºï½ü¤µ¤ì¤ë¡£
.TP
.B -l
ÀßÄꤷ¤¿¾ò·ï¤Î°ìÍ÷¤òɽ¼¨¤¹¤ë¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï
.B -z
(reset counters to zero¡§¥«¥¦¥ó¥¿¤Î£°¥ê¥»¥Ã¥È)¥³¥Þ¥ó¥É¤È
ÁȤ߹ç¤ï¤»¤Æ»ÈÍѤǤ­¤ë ¡£
¤³¤Î¾ì¹ç¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤Ï¡¢¸½ºß¤ÎÃͤòɽ¼¨¤·¤¿Ä¾¸å¤Ë
¥ê¥»¥Ã¥È¤µ¤ì¤ë¡£
.B -x
¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Ê¤¤¤È¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿(¤¬»ØÄꤵ¤ì¤Æ¤¤¤ì¤Ð)
¤Ï
.IR ¿ôÃÍ K
¤Þ¤¿¤Ï
.IR ¿ôÃÍ M
¤Çɽ¼¨¤µ¤ì¤ë¡£
¤³¤³¤Ç¡¢1K¤Ï1000¤Ç¤¢¤ê¡¢1M¤Ï1000K¤ò°ÕÌ£¤¹¤ë¡£(ºÇ¤â¶á¤¤À°¿ô¤Ë´Ý¤á¤é¤ì¤ë)
²¼µ­¤Î
.B -e
¤È
.B -x
¤Î¥Õ¥é¥°¤Î¿¤¯¤Îµ¡Ç½¤â»²¾È¤Î»ö¡£
.TP
.B -z
ÀßÄꤷ¤¿¾ò·ï¤Î¥Ñ¥±¥Ã¥È¿ô¤È¥Ð¥¤¥È¿ô¤Î¥«¥¦¥ó¥¿¤ò¥ê¥»¥Ã¥È¤¹¤ë¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï
.B -l
(¥ê¥¹¥È¡§list)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Æ»ÈÍѤ¹¤ë»ö¤¬Â¿¤¤¤Ç¤¢¤í¤¦¡£
.TP
.B -f
ÀßÄꤷ¤¿¾ò·ï¤òËõ¾Ã¤¹¤ë¡£
.TP
.BI -p " policy"
ÁªÂò¤·¤¿¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¥¿¥¤¥×¤Î¥Ç¥Õ¥©¥ë¥È¤Î"policy"¤òÊѹ¹¤¹¤ë¡£
Í¿¤¨¤ë¤Ù¤­"policy"¤Ï
.IR accept ¡¢
.IR deny ¡¢
¤Þ¤¿¤Ï
.IR reject 
¤ÎÆâ¤Î°ì¤Ä¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
¥Ç¥Õ¥©¥ë¥È"policy"¤Ï°ìÃפ¹¤ë¾ò·ï¤¬¤Ê¤¤¾ì¹ç¤Ë»ÈÍѤ¹¤ë¡£
¤³¤ÎÀßÄê¤ÏIP¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£¤è¤Ã¤Æ²¼µ­¤Î
.BR -I ¡¢
.BR -O ¡¢
¤Þ¤¿¤Ï
.B -F
¤Î¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ¹¤ë¡£
.TP
.BI -s " tcp tcpfin udp"
IP¥Þ¥¹¥«¥ì¡¼¥É¤Ç»ÈÍѤ¹¤ë¥¿¥¤¥à¥¢¥¦¥ÈÃͤòÊѹ¹¤¹¤ë¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï¾ï¤Ë3¤Ä¤Î¥Ñ¥é¥á¡¼¥¿¤ò¤È¤ê¡¢¤½¤ì¤é¤Ï¤½¤ì¤¾¤ì
ÉäÎñ°Ì¤ÇTCP¥»¥·¥ç¥ó¡¢FIN¥Ñ¥±¥Ã¥È¤ò¼õ¤±¤¿¸å¤ÎTCP¥»¥·¥ç¥ó¡¢
UDP¥Ñ¥±¥Ã¥È¤Î¥¿¥¤¥à¥¢¥¦¥ÈÃͤòµ­½Ò¤¹¤ë¡£
¥¿¥¤¥à¥¢¥¦¥ÈÃͤȤ·¤Æ0¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¸½ºß¤½¤Î¥¨¥ó¥È¥ê¤Ç
»ÈÍѤ·¤Æ¤¤¤ëÃͤ¬¤½¤Î¤Þ¤Þ°ú¤­·Ñ¤¬¤ì¤ë¡£
¤³¤ÎÀßÄê¤Ï¡¢
.B -M
¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
.TP
.B -c
ÁªÂò¤·¤¿¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎIP¥Ñ¥±¥Ã¥È¤¬accept(µö²Ä)¡¢
deny (ÉÔµö²Ä)¡¢¤Þ¤¿¤Ïreject (µñÀä)¤Ç¤¢¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¡£
¤³¤ÎÀßÄê¤Ï¡¢
.BR -I ,
.BR -O ,
¤Þ¤¿¤Ï
.B -F
¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
.TP
.B -h
Help(¥Ø¥ë¥×)¤Ç¤¢¤ë¡£
¥³¥Þ¥ó¥É¤Îµ­Ë¡¤ò(¸½ºß¤ÏÈó¾ï¤Ë´Êñ¤Ë)ɽ¼¨¤¹¤ë¡£
.SS PARAMETERS
°Ê²¼¤Ë¼¨¤¹¥Ñ¥é¥á¡¼¥¿¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¡¢delete(ºï½ü)
¤Þ¤¿¤Ïcheck(³Îǧ)¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.TP
.BI "-P " protocol
ÀßÄê¾ò·ï¤Þ¤¿¤Ï³Îǧ¤¹¤Ù¤­¥Ñ¥±¥Ã¥È¤Î¥×¥í¥È¥³¥ë¤ò¼¨¤¹¡£
µ­½Ò¤¹¤ë»ö¤¬¤Ç¤­¤ë¥×¥í¥È¥³¥ë¤È¤·¤Æ¤Ï
.IR tcp ¡¢
.IR udp ¡¢
.IR icmp ¡¢
¤Þ¤¿¤Ï
.IR all(Á´¤Æ)
¤Î¥×¥í¥È¥³¥ë¤Î¤¦¤Á¤Î°ì¤Ä¤Ç¤¢¤ë¡£
.I all
¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤È¤ê¤¦¤ë
¤¹¤Ù¤Æ¤Î¥×¥í¥È¥³¥ë¤¬Âоݤˤʤ롣
.I All
¤Ïcheck(³Îǧ)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤ÇÍѤ¤¤ë»ö¤Ï¤Ê¤¤¤Ç¤¢¤í¤¦¡£
.TP
.BR "-S " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]"
¥½¡¼¥¹¤Î»ØÄê(¥ª¥×¥·¥ç¥ó)¡£
.I Address
¤Ïhost̾¡¢¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¤ª¤è¤ÓIP¥¢¥É¥ì¥¹¤Ë¤è¤ë»ØÄ꤬²Äǽ¤Ç¤¢¤ë¡£
.I mask
¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥Þ¥¹¥¯¤Ë¤è¤ë»ØÄê¤È¿ôÃͤˤè¤ë»ØÄ꤬²Äǽ¤Ç¤¢¤ê¡¢
¿ôÃͤˤè¤ë»ØÄê¤Ïº¸Â¦¤«¤é¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¥Ó¥Ã¥È¿ô¤ò»ØÄꤹ¤ë¡£
¤è¤Ã¤Æ¡¢¥Þ¥¹¥¯ÃÍ
.I 24
¤Ï
.IR 255.255.255.0 
¤ÈÅù²Á¤Ç¤¢¤ë¡£
.sp 0.5
¥½¡¼¥¹¤Ï°ì¤Ä°Ê¾å¤Î¥Ý¡¼¥È¤Þ¤¿¤ÏICMP¥¿¥¤¥×¤ò´Þ¤à¡£
¤½¤ì¤¾¤ì¤Î»ØÄê¤Ïservice̾¡¢portÈֹ桢¤Þ¤¿¤Ï(¿ôÃͤǤÎ)ICMP
¥¿¥¤¥×¤Ç»ØÄê¤Ç¤­¤ë¡£
¤³¤Î¾Ï¤Î»Ä¤ê¤ÎÉôʬ¤Çµ­½Ò¤¹¤ë
.I port
¤Ï¡¢portÈÖ¹æ¤Þ¤¿¤ÏICMP¥¿¥¤¥×¤ò¼¨¤¹¡£
¤³¤ì¤é¤Î»ØÄê¤ÎÆâ¡¢portÈÖ¹æ¤ÎÈϰϤò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢
.IR port : port 
¤È¡¢µ­½Ò¤¹¤ë¡£
¤µ¤é¤Ë¡¢¥½¡¼¥¹(¸µ)¤È¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤Î»ØÄê¤Ç¤­¤ë¹ç·×port
¿ô¤Ï
.B IP_FW_MAX_PORTS
(¸½¾õ 10)¤òĶ¤¨¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£
¤³¤³¤Ç¡¢port¤ÎÈÏ°Ï»ØÄê¤Î¾ì¹ç¤Ï£²¤È¿ô¤¨¤ë¡£
.sp 0.5
TCP¡¢UDP¤Þ¤¿¤ÏICMP¥Ñ¥±¥Ã¥È¤Î¡ÖºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç¤Ê¤¤¡×Éôʬ¤Ï¾ï¤Ë
¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ëµö²Ä¤µ¤ì¤ë¡£
¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤Ë¤ª¤¤¤Æ¤Ï¡¢¤³¤ì¤é¤ÎÆóÈÖÌܰʹߤΥե饰¥á¥ó¥È¤Ï
ÆÃÊ̤˰·¤ï¤ì¡¢¼ï¡¹¤ÎÊýË¡¤Ç¥«¥¦¥ó¥È¤Ç¤­¤ë¡£
portÈÖ¹æ0xFFFF(65535)¤¬ÆóÈÖÌܰʹߤÎTCP¤Þ¤¿¤ÏUDP¥Ñ¥±¥Ã¥È¤È¤·¤Æ
°·¤ï¤ì¤ë¡£
¤³¤ì¤é¤ÎportÈÖ¹æ0xFFFF¤Î¥Ñ¥±¥Ã¥È¤Ï¥¢¥«¥¦¥ó¥ÈÌÜŪ¤ÇÍѤ¤¤é¤ì¤ë¡£
0xFF (255)¤ÏICMP¥Ñ¥±¥Ã¥È¤ÎÆóÈÖÌܰʹߤËÁêÅö¤¹¤ë¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤ë¡£
¤Þ¤¿¡¢ICMP¥¿¥¤¥×¤¬0xFF¤Î¥Ñ¥±¥Ã¥È¤Ï¥¢¥«¥¦¥ó¥ÈÌÜŪ¤ÇÍѤ¤¤é¤ì¤ë¡£
Ãí°Õ¤¹¤Ù¤­¤Ï¡¢µ­½Ò¤·¤¿¥³¥Þ¥ó¥É¤ä¥×¥í¥È¥³¥ë¤Ï¡¢port¤ò°ÅÌÛ¤ËÀ©¸Â¤¹¤ë¡£
port¤Ï²¼µ­¥×¥í¥È¥³¥ë¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ¹¤ë¡£
.IR tcp ¡¢
.IR udp ¡¢
¤Þ¤¿¤Ï
.I icmp
.sp 0.5
¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥¢¥É¥ì¥¹/¥Í¥Ã¥È¥Þ¥¹¥¯¤È¤·¤Æ
.I 0.0.0.0/0
(¤¹¤Ù¤Æ¤Î¥¢¥É¥ì¥¹¤ËŬ¹ç¤¹¤ë¤â¤Î)¤¬¥½¡¼¥¹¥¢¥É¥ì¥¹¤È¤·¤Æ»ÈÍѤµ¤ì¤ë¡£
¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ê¡¢É¬¤º1¤Ä¤Î¥Ý¡¼¥È¤¬
»ØÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
.TP
.BR "-D " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]
¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó(Àè)¤ò»ØÄꤹ¤ë¡£(¥ª¥×¥·¥ç¥ó)
µ­Ë¡¤Î¾ÜºÙ¤Ë´Ø¤·¤Æ¤Ï
.B -S
µ­Ë¡¡¢¾Êά»þɸ½àÃÍ¡¢¤½¤Î¾¤Î»ØÄê¹àÌܤˤĤ¤¤Æ¤Ï(source¡§¥½¡¼¥¹)¥Õ¥é¥°¤Î¹à¤ò
»²¾È¤Î»ö¡£
Ãí°Õ¤¹¤Ù¤­¤Ï¡¢ICMP¥¿¥¤¥×¤Ï
.B -D
¥Õ¥é¥°¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Ï»ÈÍѤǤ­¤Ê¤¤¡£¤¹¤Ê¤ï¤Á¡¢
.B -S
¥Õ¥é¥°¤Î¸å¤Ë»ØÄꤹ¤ë»ö¡£
.TP
.BI "-V " address
¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥Ñ¥±¥Ã¥È¤¬¼õ¤±¼è¤é¤ì¤ë¤Þ¤¿¤ÏÁ÷¤é¤ì¤ë»þ¤Ë
·Ðͳ¤¹¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î¥¢¥É¥ì¥¹¤ò»ØÄꤹ¤ë¡£
.I Address
¤Ïhost̾¤Ç¤â¿ôÃͤˤè¤ëIP¥¢¥É¥ì¥¹¤Ç¤â¤è¤¤¡£
host̾¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ï¡¢¤¿¤À°ì¤Ä¤ÎIP¥¢¥É¥ì¥¹¤Ë³ä¤êÅö¤Æ¤é¤ì¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢¥¢¥É¥ì¥¹¤Ï
.I 0.0.0.0
¤¬²¾Äꤵ¤ì¡¢ÆÃÊ̤ˤɤΥ¤¥ó¥¿¥Õ¥§¡¼¥¹¥¢¥É¥ì¥¹¤âŬ¹ç¤µ¤ì¤ë¡£
¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ë¡£
.TP
.BI "-W " name
¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥Ñ¥±¥Ã¥È¤¬¼õ¤±¼è¤é¤ì¤ë¤Þ¤¿¤ÏÁ÷¤é¤ì¤ë»þ¤Ë
·Ðͳ¤¹¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î̾Á°¤ò»ØÄꤹ¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¤Ï¡¢Ì¾Á°¤Ïempty string(¶õʸ»úÎó)¤¬
²¾Äꤵ¤ì¡¢ÆÃÊ̤ˤɤΥ¤¥ó¥¿¥Õ¥§¡¼¥¹Ì¾¤âŬ¹ç¤µ¤ì¤ë¡£
¥Á¥§¥Ã¥¯¥³¥Þ¥ó¥É¤Ë¤ª¤¤¤Æ¤Ï¤³¤Î¥ª¥×¥·¥ç¥ó¤¬É¬¿Ü¤Ç¤¢¤ë¡£
.SS "OTHER OPTIONS"
°Ê²¼¤Ë¼¨¤¹¥ª¥×¥·¥ç¥ó¤¬»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.TP
.BI -b
Bidirectional(ÁÐÊý¸þ)¥â¡¼¥É¡£

»ØÄꤷ¤¿¾ò·ï¤òÁÐÊý¸þ¤ÎIP¥Ñ¥±¥Ã¥È¤ËŬ¹ç¤¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.TP
.BI -e
Extended output(³ÈÄ¥½ÐÎÏ)¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤Èlist(¥ê¥¹¥È)¥³¥Þ¥ó¥É¤Ç¤Î½ÐÎϤÇ
¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤È(¤â¤·¤¢¤ì¤Ð)ÀßÄê¾ò·ï¤òɽ¼¨¤¹¤ë¡£
¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¥ê¥¹¥È¤Ë¤ª¤¤¤Æ¤Ï¡¢¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃÍ
(¥Ç¥Õ¥©¥ë¥È¤Î¾õÂ֤Ǥϡ¢¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤ò¹Ô¤Ã¤Æ¤¤¤ë¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃÍ
¤Î¤ß¤¬É½¼¨¤µ¤ì¤ë)¤ª¤è¤ÓTOS¥Þ¥¹¥¯¤ò½ÐÎϤ¹¤ë¡£
.BR -M 
¤È¤ÎÁȤ߹ç¤ï¤»¤Ç»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢delta sequence numbers¤Ë´ØÏ¢¤·¤¿
¾ðÊó¤¬É½¼¨¤µ¤ì¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïlist(¥ê¥¹¥È)¥³¥Þ¥ó¥É¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
.TP
.BI -k
TCP¥Ñ¥±¥Ã¥È¤ÎACK¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Î¤ßŬ¹ç¤¹¤ë¡£
(¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¾¤Î¥×¥í¥È¥³¥ë¤Ç¤Ï̵»ë¤µ¤ì¤ë)
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.TP
.BI -m
žÁ÷ÍѤΥޥ¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤Îµö²Ä¡£

¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥Ñ¥±¥Ã¥È¤¬¥í¡¼¥«¥ë¥Û¥¹¥È¤«¤é¤Î
¤â¤Î¤Ç¤¢¤ì¤Ð¥Þ¥¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤È¤·¤Æ°·¤ï¤ì¤ë¡£
¤µ¤é¤Ë¡¢µÕ¸þ¤­¤Î¥Ñ¥±¥Ã¥È¤Ï¼«Æ°Åª¤ËµÕ¥Þ¥¹¥«¥ì¡¼¥É¥Ñ¥±¥Ã¥È¤È¤·¤Æ
°·¤ï¤ì¡¢¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤ò¥Ð¥¤¥Ñ¥¹¤¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢Å¾Á÷¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ç"policy"¤È¤·¤Æ
.I accept
(¤Þ¤¿¤Ï¥Ç¥Õ¥©¥ë¥È¤Î"policy"¤È¤·¤Æ
.I accept
¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç)¤Ë»ÈÍѲÄǽ¤Ç¡¢¤µ¤é¤Ë¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë

.B CONFIG_IP_MASQUERADE
¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
.TP
.BI -n
Numeric output(¿ôÃͤǤνÐÎÏ)¡£
IP¥¢¥É¥ì¥¹¤ÈportÈÖ¹æ¤ò¿ôÃͤÇɽ¼¨¤¹¤ë¡£
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¤½¤ì¤é¤ò(¤Ç¤­¤ë¤Ê¤é¤Ð)host̾¡¢¥Í¥Ã¥È¥ï¡¼¥¯Ì¾
¤ª¤è¤Óservice̾¤Çɽ¼¨¤¹¤ë¡£
.TP
.BI -o
Ŭ¹ç¤·¤¿¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥«¡¼¥Í¥ë¥í¥®¥ó¥°¤ò¹Ô¤¦¡£
¤¢¤ë¾ò·ï¤ËÂФ·¤Æ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÀßÄꤹ¤ë¤ÈLinux¥«¡¼¥Í¥ë¤Ï
Ŭ¹ç¤·¤¿¥Ñ¥±¥Ã¥È(IP¥Ø¥Ã¥À¥Õ¥£¡¼¥ë¥É¤Î¤Û¤È¤ó¤É)¤Î¾ðÊó¤ò
.IR printk ()
´Ø¿ô¤ò»È¤Ã¤Æ½ÐÎϤ¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏLinux¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë
.B CONFIG_IP_FIREWALL_VERBOSE
¤òÄêµÁ¤·¤¿¾ì¹ç¤ËÍ­¸ú¤Ç¤¢¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
.TP
.BR "-r " [\fIport\fP]
¥í¡¼¥«¥ë¥½¥±¥Ã¥È¤Ë¥ê¥À¥¤¥ì¥¯¥È¤¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¤â¤·¤½¤Î¥Ñ¥±¥Ã¥È¤¬¥ê¥â¡¼¥È¤Î
¥Û¥¹¥È¤«¤éÁ÷¤é¤ì¤¿¤â¤Î¤Ç¤¢¤Ã¤Æ¤â¤³¤Î¾ò·ï¤Ë¤·¤¿¤¬¤Ã¤Æ¥í¡¼¥«¥ë¤Î
¥½¥±¥Ã¥È¤Ë¥ê¥À¥¤¥ì¥¯¥È¤µ¤ì¤ë¡£
¥ê¥À¥¤¥ì¥¯¥È¤ò¹Ô¤¦¥Ý¡¼¥ÈÈֹ椬0¤Î¾ì¹ç(¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë)¤Ï¡¢
¤½¤Î¥Ñ¥±¥Ã¥È¤Î¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Ý¡¼¥È¤¬¥ê¥À¥¤¥ì¥¯¥È¤µ¤ì¤ë
¥Ý¡¼¥È¤È¤·¤ÆÍѤ¤¤é¤ì¤ë¡£

¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢ÆþÎÏ¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ç"policy"¤È¤·¤Æ
.I accept
¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë»ÈÍѲÄǽ¤Ç¡¢¤µ¤é¤Ë¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë»þ¤Ë
.B CONFIG_IP_TRANSPARENT_PROXY
¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
.TP
.BI "-t " "andmask xormask"
IP¥Ø¥Ã¥À¤ÎTOS¥Õ¥£¡¼¥ë¥É¤ò²þÊѤ¹¤ë¤È¤­¤ËÍѤ¤¤ë¥Þ¥¹¥¯
(¥Þ¥¹¥«¥ì¡¼¥É¤Î̵ͭ¤Ë´Ø¤ï¤é¤º)¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¾ò·ï¤Ë¤è¤ê
¥Ñ¥±¥Ã¥È¤¬µö²Ä¤µ¤ì¤¿¾ì¹ç¤Ë¡¢¤½¤Î¥Ñ¥±¥Ã¥È¤ÎTOS¥Õ¥£¡¼¥ë¥É¤ËÂФ·¤Æ
½é¤á¤Ë»ØÄꤷ¤¿¥Þ¥¹¥¯ÃͤȥӥåÈËè¤ËAND(ÏÀÍýÀÑ)¤·¡¢¤µ¤é¤Ë¤½¤Î·ë²Ì¤Ë
ÂФ·¤Æ¼¡¤Î¥Þ¥¹¥¯ÃͤȥӥåÈËè¤ËXOR(ÇÓ¾ŪÏÀÍýÏÂ)¤ò¹Ô¤¦¡£
¤½¤ì¤¾¤ì¤Î¥Þ¥¹¥¯¤Ï16¿Ê¿ô¤Î8¥Ó¥Ã¥È¤Ç»ØÄꤹ¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ê¡¢¥¢¥«¥¦¥ó¥ÈÀ©¸æ¤ä¡¢
reject(µñÀä)¤ädeny(ÉÔµö²Ä)¤Î¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ëÀ©¸æ¤Î¥³¥Þ¥ó¥É»þ¤Ë¤Ï
°ÕÌ£¤ò»ý¤¿¤Ê¤¤¡£
.TP
.BI -v
Verbose output(¾ÜºÙ½ÐÎÏ)¡£

¾ò·ï¤ä¥Ñ¥±¥Ã¥È¤ÎÄɲᢺï½ü¤ª¤è¤Ó³Îǧ¤Ë¤ª¤¤¤Æ¾ÜºÙ¾ðÊó¤ò½ÐÎϤ¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¡¢delete(ºï½ü)
¤Þ¤¿¤Ïcheck(³Îǧ)¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Ç¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
.TP
.BI -x
Expand numbers(³ÈÄ¥¿ôÃͽÐÎÏ)¡£
¥Ñ¥±¥Ã¥È¿ô¤ª¤è¤Ó¥Ð¥¤¥È¥«¥¦¥ó¥¿ÃͤνÐÎϤˤª¤¤¤Æ¡¢K(1000ÇÜ)¤ä
M(1000KÇÜ)¤È¤¤¤Ã¤¿´Ý¤á¤¿ÃͤǤϤʤ¯¡¢Àµ³Î¤ÊÃͤò½ÐÎϤ¹¤ë¡£
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥«¥¦¥ó¥ÈÃͤ¬½ÐÎϤµ¤ì¤ë¾ì¹ç¤Ë¤Î¤ßÍ­¸ú¤Ç¤¢¤ë¡£
(¥ª¥×¥·¥ç¥ó
.B -e
»²¾È¤Î»ö)¡£
.TP
.BI -y
TCP¥Ñ¥±¥Ã¥È¤ÎSYN¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤ª¤ê¡¢ACK¥Ó¥Ã¥È¤¬¥ê¥»¥Ã¥È
¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Î¤ßŬ¹ç¤¹¤ë¡£
(¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¾¤Î¥×¥í¥È¥³¥ë¤Ç¤Ï̵»ë¤µ¤ì¤ë)
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ïappend(ÄɲÃ)¡¢insert(ÁÞÆþ)¤Þ¤¿¤Ïdelete(ºï½ü)
¥³¥Þ¥ó¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»ÈÍѲÄǽ¤Ç¤¢¤ë¡£
.SH ¥Õ¥¡¥¤¥ë
.I /proc/net/ip_acct
.br
.I /proc/net/ip_input
.br
.I /proc/net/ip_output
.br
.I /proc/net/ip_forward
.br
.I /proc/net/ip_masquerade
.\" .SH ¥Ð¥°
.SH ´ØÏ¢¹àÌÜ
ipfw(4)
.SH Ãø¼Ô
Jos Vos <jos@xos.nl>
.br
X/OS Experts in Open Systems BV, Amsterdam, The Netherlands

.SH Ìõ¼Ô
¼ÆÅÄ (¤Ò) ¾°ÌÀ <shibata@opost1.netspace.or.jp> 1997/02/15 ver. 0.0