--- /dev/null
+THRESH = 100
+EXTFLAGS =
+PO4AFLAGS += -k $(THRESH) $(EXTFLAGS)
+
+LANGS = ja
+
+PACKAGE = iptables
+PO4A_SUBDIRS = cmd lib
+
+WORK_DIR = .
+
+all: translate
+
+translate: $(patsubst %, translate-%, $(PO4A_SUBDIRS))
+
+translate-%:
+ po4a $(PO4AFLAGS) -v --variable langs='$(LANGS)' \
+ --previous --srcdir $(WORK_DIR) --destdir $(WORK_DIR) \
+ po4a/$*/$(PACKAGE)-$*.cfg
+
+stats: $(patsubst %, stat-%, $(PO4A_SUBDIRS))
+
+stat-%:
+ @for l in $(LANGS); do \
+ echo -n "$*($$l): "; \
+ msgfmt --statistics -o /dev/null po4a/$*/$$l.po; \
+ done
+
+page-stat:
+ @LC_ALL=C po4a $(PO4AFLAGS) --force -v -k 0 --variable langs='$(LANGS)' \
+ --previous --srcdir $(WORK_DIR) --destdir $(WORK_DIR) $(PO4ACFG) | \
+ grep translated | \
+ sed -e 's/(\([1-9][0-9]*\) strings)/(\1 of \1 strings)/' \
+ -e 's/[()]//g' \
+ -e 's/^draft\/man[1-9]\///' | \
+ awk '{printf("%-15s: %7s (%3s/%3s)\n",$$1,$$3,$$5,$$7);}'
--- /dev/null
+[po_directory] po4a/cmd
+
+[type: man] original/man8/ip6tables-restore.8 $lang:draft/man8/ip6tables-restore.8 \
+ add_$lang:?po4a/add_$lang/copyright/ip6tables-restore.8.txt
+
+[type: man] original/man8/ip6tables-save.8 $lang:draft/man8/ip6tables-save.8 \
+ add_$lang:?po4a/add_$lang/copyright/ip6tables-save.8.txt
+
+[type: man] original/man8/ip6tables.8 $lang:draft/man8/ip6tables.8 \
+ add_$lang:?po4a/add_$lang/copyright/ip6tables.8.txt
+
+[type: man] original/man8/iptables-restore.8 $lang:draft/man8/iptables-restore.8 \
+ add_$lang:?po4a/add_$lang/copyright/iptables-restore.8.txt
+
+[type: man] original/man8/iptables-save.8 $lang:draft/man8/iptables-save.8 \
+ add_$lang:?po4a/add_$lang/copyright/iptables-save.8.txt
+
+[type: man] original/man8/iptables.8 $lang:draft/man8/iptables.8 \
+ add_$lang:?po4a/add_$lang/copyright/iptables.8.txt
--- /dev/null
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2012-05-09 02:21+0900\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: original/man8/ip6tables-restore.8:1
+#, no-wrap
+msgid "IP6TABLES-RESTORE"
+msgstr ""
+
+#. type: TH
+#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1
+#, no-wrap
+msgid "Jan 30, 2002"
+msgstr ""
+
+#
+#. Man page written by Herve Eychenne <rv@wallfire.org> (May 1999)
+#. It is based on ipchains page.
+#. TODO: add a word for protocol helpers (FTP, IRC, SNMP-ALG)
+#
+#. ipchains page by Paul ``Rusty'' Russell March 1997
+#. Based on the original ipfwadm man page by Jos Vos <jos@xos.nl>
+#
+#. This program is free software; you can redistribute it and/or modify
+#. it under the terms of the GNU General Public License as published by
+#. the Free Software Foundation; either version 2 of the License, or
+#. (at your option) any later version.
+#
+#. This program is distributed in the hope that it will be useful,
+#. but WITHOUT ANY WARRANTY; without even the implied warranty of
+#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#. GNU General Public License for more details.
+#
+#. You should have received a copy of the GNU General Public License
+#. along with this program; if not, write to the Free Software
+#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#. type: SH
+#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 original/man8/iptables-save.8:21 original/man8/iptables.8:25
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:23
+msgid "ip6tables-restore - Restore IPv6 Tables"
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 original/man8/iptables-save.8:23 original/man8/iptables.8:27
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:25
+msgid "B<ip6tables-restore >[-c] [-n]"
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26 original/man8/ip6tables.8:47 original/man8/iptables-restore.8:26 original/man8/iptables-save.8:26 original/man8/iptables.8:45
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:31
+msgid ""
+"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
+"STDIN. Use I/O redirection provided by your shell to read from a file"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:31 original/man8/iptables-restore.8:31 original/man8/iptables-save.8:31
+#, no-wrap
+msgid "B<-c>, B<--counters>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+msgid "restore the values of all packet and byte counters"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#, no-wrap
+msgid "B<-n>, B<--noflush> "
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:39
+msgid ""
+"don't flush the previous contents of the table. If not specified, "
+"B<ip6tables-restore> flushes (deletes) all previous contents of the "
+"respective IPv6 Table."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:39 original/man8/ip6tables-save.8:38 original/man8/ip6tables.8:745 original/man8/iptables-restore.8:39 original/man8/iptables-save.8:38 original/man8/iptables.8:1000
+#, no-wrap
+msgid "BUGS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40 original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+msgid "None known as of iptables-1.2.1 release"
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40 original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+#, no-wrap
+msgid "AUTHORS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:42 original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42
+msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
+msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44 original/man8/ip6tables.8:784 original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42 original/man8/iptables.8:1038
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:47
+msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:50 original/man8/ip6tables-save.8:49 original/man8/iptables-restore.8:48 original/man8/iptables-save.8:47
+msgid ""
+"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
+"details NAT, and the netfilter-hacking-HOWTO which details the internals."
+msgstr ""
+
+#. type: TH
+#: original/man8/ip6tables-save.8:1
+#, no-wrap
+msgid "IP6TABLES-SAVE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:23
+msgid "ip6tables-save - Save IPv6 Tables"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:25
+msgid "B<ip6tables-save >[-c] [-t table]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:31
+msgid ""
+"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily "
+"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+"write to a file."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+msgid "include the current values of all packet and byte counters in the output"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+#, no-wrap
+msgid "B<-t>, B<--table> B<tablename>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
+msgid ""
+"restrict output to only one table. If not specified, output includes all "
+"available tables."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:46
+msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
+msgstr ""
+
+#. type: TH
+#: original/man8/ip6tables.8:1
+#, no-wrap
+msgid "IP6TABLES"
+msgstr ""
+
+#. type: TH
+#: original/man8/ip6tables.8:1 original/man8/iptables.8:1
+#, no-wrap
+msgid "Mar 09, 2002"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:29
+msgid "ip6tables - IPv6 packet filter administration"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:31
+msgid "B<ip6tables [-t table] -[AD] >chain rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:33
+msgid "B<ip6tables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:35
+msgid "B<ip6tables [-t table] -R >chain rulenum rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:37
+msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:39
+msgid "B<ip6tables [-t table] -[LFZ] >[chain] [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:41
+msgid "B<ip6tables [-t table] -N >chain"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:43
+msgid "B<ip6tables [-t table] -X >[chain]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:45
+msgid "B<ip6tables [-t table] -P >chain target [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:47
+msgid "B<ip6tables [-t table] -E >old-chain-name new-chain-name"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:53
+msgid ""
+"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
+"packet filter rules in the Linux kernel. Several different tables may be "
+"defined. Each table contains a number of built-in chains and may also "
+"contain user-defined chains."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:58 original/man8/iptables.8:56
+msgid ""
+"Each chain is a list of rules which can match a set of packets. Each rule "
+"specifies what to do with a packet that matches. This is called a `target', "
+"which may be a jump to a user-defined chain in the same table."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:59 original/man8/iptables.8:57
+#, no-wrap
+msgid "TARGETS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:70 original/man8/iptables.8:68
+msgid ""
+"A firewall rule specifies criteria for a packet, and a target. If the "
+"packet does not match, the next rule in the chain is the examined; if it "
+"does match, then the next rule is specified by the value of the target, "
+"which can be the name of a user-defined chain or one of the special values "
+"I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+msgid ""
+"I<ACCEPT> means to let the packet through. I<DROP> means to drop the packet "
+"on the floor. I<QUEUE> means to pass the packet to userspace (if supported "
+"by the kernel). I<RETURN> means stop traversing this chain and resume at "
+"the next rule in the previous (calling) chain. If the end of a built-in "
+"chain is reached or a rule in a built-in chain with target I<RETURN> is "
+"matched, the target specified by the chain policy determines the fate of the "
+"packet."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+#, no-wrap
+msgid "TABLES"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:88
+msgid ""
+"There are currently two independent tables (which tables are present at any "
+"time depends on the kernel configuration options and which modules are "
+"present), as nat table has not been implemented yet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:88 original/man8/iptables.8:86
+#, no-wrap
+msgid "B<-t, --table >I<table>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:94 original/man8/iptables.8:92
+msgid ""
+"This option specifies the packet matching table which the command should "
+"operate on. If the kernel is configured with automatic module loading, an "
+"attempt will be made to load the appropriate module for that table if it is "
+"not already there."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:96 original/man8/iptables.8:94
+msgid "The tables are as follows:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:97 original/man8/iptables.8:95
+#, no-wrap
+msgid "B<filter>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:107 original/man8/iptables.8:105
+msgid ""
+"This is the default table (if no -t option is passed). It contains the "
+"built-in chains B<INPUT> (for packets coming into the box itself), "
+"B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
+"locally-generated packets)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:107 original/man8/iptables.8:115
+#, no-wrap
+msgid "B<mangle>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:122 original/man8/iptables.8:130
+msgid ""
+"This table is used for specialized packet alteration. Until kernel 2.4.17 "
+"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
+"before routing) and B<OUTPUT> (for altering locally-generated packets before "
+"routing). Since kernel 2.4.18, three other built-in chains are also "
+"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> "
+"(for altering packets being routed through the box), and B<POSTROUTING> (for "
+"altering packets as they are about to go out)."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:123 original/man8/iptables.8:131
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:127
+msgid ""
+"The options that are recognized by B<ip6tables> can be divided into several "
+"different groups."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:127 original/man8/iptables.8:135
+#, no-wrap
+msgid "COMMANDS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:134
+msgid ""
+"These options specify the specific action to perform. Only one of them can "
+"be specified on the command line unless otherwise specified below. For all "
+"the long versions of the command and option names, you need to use only "
+"enough letters to ensure that B<ip6tables> can differentiate it from all "
+"other options."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:134 original/man8/iptables.8:142
+#, no-wrap
+msgid "B<-A, --append >I<chain rule-specification>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+msgid ""
+"Append one or more rules to the end of the selected chain. When the source "
+"and/or destination names resolve to more than one address, a rule will be "
+"added for each possible address combination."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+#, no-wrap
+msgid "B<-D, --delete >I<chain rule-specification>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:142 original/man8/iptables.8:150
+#, no-wrap
+msgid "B<-D, --delete >I<chain rulenum>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:147 original/man8/iptables.8:155
+msgid ""
+"Delete one or more rules from the selected chain. There are two versions of "
+"this command: the rule can be specified as a number in the chain (starting "
+"at 1 for the first rule) or a rule to match."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:147
+#, no-wrap
+msgid "B<-I, --insert>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+msgid ""
+"Insert one or more rules in the selected chain as the given rule number. "
+"So, if the rule number is 1, the rule or rules are inserted at the head of "
+"the chain. This is also the default if no rule number is specified."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+#, no-wrap
+msgid "B<-R, --replace >I<chain rulenum rule-specification>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+msgid ""
+"Replace a rule in the selected chain. If the source and/or destination "
+"names resolve to multiple addresses, the command will fail. Rules are "
+"numbered starting at 1."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+#, no-wrap
+msgid "B<-L, --list >[I<chain>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:163
+msgid ""
+"List all rules in the selected chain. If no chain is selected, all chains "
+"are listed. As every other iptables command, it applies to the specified "
+"table (filter is the default), so mangle rules get listed by"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:165
+#, no-wrap
+msgid " ip6tables -t mangle -n -L\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:174 original/man8/iptables.8:182
+msgid ""
+"Please note that it is often used with the B<-n> option, in order to avoid "
+"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
+"well, in which case the chain(s) will be atomically listed and zeroed. The "
+"exact output is affected by the other arguments given. The exact rules are "
+"suppressed until you use"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:176
+#, no-wrap
+msgid " ip6tables -L -v\n"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:185
+#, no-wrap
+msgid "B<-F, --flush >[I<chain>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+msgid ""
+"Flush the selected chain (all the chains in the table if none is given). "
+"This is equivalent to deleting all the rules one by one."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+#, no-wrap
+msgid "B<-Z, --zero >[I<chain>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+msgid ""
+"Zero the packet and byte counters in all chains. It is legal to specify the "
+"B<-L, --list> (list) option as well, to see the counters immediately before "
+"they are cleared. (See above.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+#, no-wrap
+msgid "B<-N, --new-chain >I<chain>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+msgid ""
+"Create a new user-defined chain by the given name. There must be no target "
+"of that name already."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#, no-wrap
+msgid "B<-X, --delete-chain >[I<chain>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+msgid ""
+"Delete the optional user-defined chain specified. There must be no "
+"references to the chain. If there are, you must delete or replace the "
+"referring rules before the chain can be deleted. If no argument is given, "
+"it will attempt to delete every non-builtin chain in the table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+#, no-wrap
+msgid "B<-P, --policy >I<chain target>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+msgid ""
+"Set the policy for the chain to the given target. See the section "
+"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
+"can have policies, and neither built-in nor user-defined chains can be "
+"policy targets."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+#, no-wrap
+msgid "B<-E, --rename-chain >I<old-chain new-chain>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+msgid ""
+"Rename the user specified chain to the user supplied name. This is "
+"cosmetic, and has no effect on the structure of the table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#, no-wrap
+msgid "B<-h>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+msgid "Help. Give a (currently very brief) description of the command syntax."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#, no-wrap
+msgid "PARAMETERS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+msgid ""
+"The following parameters make up a rule specification (as used in the add, "
+"delete, insert, replace and append commands)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+#, no-wrap
+msgid "B<-p, --protocol >[!] I<protocol>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:234
+msgid ""
+"The protocol of the rule or of the packet to check. The specified protocol "
+"can be one of I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, or I<all>, or it can be a "
+"numeric value, representing one of these protocols or a different one. A "
+"protocol name from /etc/protocols is also allowed. A \"!\" argument before "
+"the protocol inverts the test. The number zero is equivalent to I<all>. "
+"Protocol I<all> will match with all protocols and is taken as default when "
+"this option is omitted."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:234 original/man8/iptables.8:242
+#, no-wrap
+msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:254
+msgid ""
+"Source specification. I<Address> can be either a hostname (please note that "
+"specifying any name to be resolved with a remote query such as DNS is a "
+"really bad idea), a network IPv6 address (with /mask), or a plain IPv6 "
+"address. (the network name isn't supported now). The I<mask> can be either "
+"a network mask or a plain number, specifying the number of 1's at the left "
+"side of the network mask. Thus, a mask of I<64> is equivalent to "
+"I<ffff:ffff:ffff:ffff:0000:0000:0000:0000>. A \"!\" argument before the "
+"address specification inverts the sense of the address. The flag B<--src> is "
+"an alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:254 original/man8/iptables.8:261
+#, no-wrap
+msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+msgid ""
+"Destination specification. See the description of the B<-s> (source) flag "
+"for a detailed description of the syntax. The flag B<--dst> is an alias for "
+"this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+#, no-wrap
+msgid "B<-j, --jump >I<target>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+msgid ""
+"This specifies the target of the rule; i.e., what to do if the packet "
+"matches it. The target can be a user-defined chain (other than the one this "
+"rule is in), one of the special builtin targets which decide the fate of the "
+"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
+"option is omitted in a rule, then matching the rule will have no effect on "
+"the packet's fate, but the counters on the rule will be incremented."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+#, no-wrap
+msgid "B<-i, --in-interface >[!] I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+msgid ""
+"Name of an interface via which a packet is going to be received (only for "
+"packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When "
+"the \"!\" argument is used before the interface name, the sense is "
+"inverted. If the interface name ends in a \"+\", then any interface which "
+"begins with this name will match. If this option is omitted, any interface "
+"name will match."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+#, no-wrap
+msgid "B<-o, --out-interface >[!] I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:296
+msgid ""
+"Name of an interface via which a packet is going to be sent (for packets "
+"entering the B<FORWARD> and B<OUTPUT> chains). When the \"!\" argument is "
+"used before the interface name, the sense is inverted. If the interface "
+"name ends in a \"+\", then any interface which begins with this name will "
+"match. If this option is omitted, any interface name will match."
+msgstr ""
+
+#. Currently not supported (header-based)
+#. .B "[!] " "-f, --fragment"
+#. This means that the rule only refers to second and further fragments
+#. of fragmented packets. Since there is no way to tell the source or
+#. destination ports of such a packet (or ICMP type), such a packet will
+#. not match any rules which specify them. When the "!" argument
+#. precedes the "-f" flag, the rule will only match head fragments, or
+#. unfragmented packets.
+#. .TP
+#. type: TP
+#: original/man8/ip6tables.8:296
+#, no-wrap
+msgid "B<-c, --set-counters PKTS BYTES>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+msgid ""
+"This enables the administrator to initialize the packet and byte counters of "
+"a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#, no-wrap
+msgid "OTHER OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+msgid "The following additional options can be specified:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+#, no-wrap
+msgid "B<-v, --verbose>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+msgid ""
+"Verbose output. This option makes the list command show the interface name, "
+"the rule options (if any), and the TOS masks. The packet and byte counters "
+"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
+"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
+"this). For appending, insertion, deletion and replacement, this causes "
+"detailed information on the rule or rules to be printed."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+#, no-wrap
+msgid "B<-n, --numeric>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+msgid ""
+"Numeric output. IP addresses and port numbers will be printed in numeric "
+"format. By default, the program will try to display them as host names, "
+"network names, or services (whenever applicable)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+#, no-wrap
+msgid "B<-x, --exact>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+msgid ""
+"Expand numbers. Display the exact value of the packet and byte counters, "
+"instead of only the rounded number in K's (multiples of 1000) M's "
+"(multiples of 1000K) or G's (multiples of 1000M). This option is only "
+"relevant for the B<-L> command."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#, no-wrap
+msgid "B<--line-numbers>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+msgid ""
+"When listing rules, add line numbers to the beginning of each rule, "
+"corresponding to that rule's position in the chain."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+#, no-wrap
+msgid "B<--modprobe=command>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+msgid ""
+"When adding or inserting rules into a chain, use B<command> to load any "
+"necessary modules (targets, match extensions, etc)."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#, no-wrap
+msgid "MATCH EXTENSIONS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:370
+msgid ""
+"ip6tables can use extended packet matching modules. These are loaded in two "
+"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the "
+"B<-m> or B<--match> options, followed by the matching module name; after "
+"these, various extra command line options become available, depending on the "
+"specific module. You can specify multiple extended match modules in one "
+"line, and you can use the B<-h> or B<--help> options after the module has "
+"been specified to receive help specific to that module."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:375 original/man8/iptables.8:381
+msgid ""
+"The following are included in the base package, and most of these can be "
+"preceded by a B<!> to invert the sense of the match."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:375 original/man8/iptables.8:630
+#, no-wrap
+msgid "tcp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:378 original/man8/iptables.8:633
+msgid ""
+"These extensions are loaded if `--protocol tcp' is specified. It provides "
+"the following options:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:378 original/man8/ip6tables.8:424 original/man8/iptables.8:633 original/man8/iptables.8:698
+#, no-wrap
+msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:390 original/man8/iptables.8:645
+msgid ""
+"Source port or port range specification. This can either be a service name "
+"or a port number. An inclusive range can also be specified, using the format "
+"I<port>:I<port>. If the first port is omitted, \"0\" is assumed; if the "
+"last is omitted, \"65535\" is assumed. If the second port greater then the "
+"first they will be swapped. The flag B<--sport> is a convenient alias for "
+"this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:390 original/man8/ip6tables.8:430 original/man8/iptables.8:645 original/man8/iptables.8:704
+#, no-wrap
+msgid "B<--destination-port >[!] I<port>[:I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+msgid ""
+"Destination port or port range specification. The flag B<--dport> is a "
+"convenient alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+#, no-wrap
+msgid "B<--tcp-flags >[!] I<mask> I<comp>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:658
+msgid ""
+"Match when the TCP flags are as specified. The first argument is the flags "
+"which we should examine, written as a comma-separated list, and the second "
+"argument is a comma-separated list of flags which must be set. Flags are: "
+"B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:405
+#, no-wrap
+msgid " ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+msgid ""
+"will only match packets with the SYN flag set, and the ACK, FIN and RST "
+"flags unset."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+#, no-wrap
+msgid "B<[!] --syn>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+msgid ""
+"Only match TCP packets with the SYN bit set and the ACK and RST bits "
+"cleared. Such packets are used to request TCP connection initiation; for "
+"example, blocking such packets coming in an interface will prevent incoming "
+"TCP connections, but outgoing TCP connections will be unaffected. It is "
+"equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the \"!\" flag precedes "
+"the \"--syn\", the sense of the option is inverted."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+#, no-wrap
+msgid "B<--tcp-option >[!] I<number>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:421 original/man8/iptables.8:676
+msgid "Match if TCP option set."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:421 original/man8/iptables.8:695
+#, no-wrap
+msgid "udp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:424 original/man8/iptables.8:698
+msgid ""
+"These extensions are loaded if `--protocol udp' is specified. It provides "
+"the following options:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:430 original/man8/iptables.8:704
+msgid ""
+"Source port or port range specification. See the description of the "
+"B<--source-port> option of the TCP extension for details."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:436 original/man8/iptables.8:710
+msgid ""
+"Destination port or port range specification. See the description of the "
+"B<--destination-port> option of the TCP extension for details."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:436
+#, no-wrap
+msgid "ipv6-icmp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:439
+msgid ""
+"This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' is "
+"specified. It provides the following option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:439
+#, no-wrap
+msgid "B<--icmpv6-type >[!] I<typename>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:443
+msgid ""
+"This allows specification of the ICMP type, which can be a numeric IPv6-ICMP "
+"type, or one of the IPv6-ICMP type names shown by the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:445
+#, no-wrap
+msgid " ip6tables -p ipv6-icmp -h\n"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:446 original/man8/iptables.8:493
+#, no-wrap
+msgid "mac"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:447 original/man8/iptables.8:494
+#, no-wrap
+msgid "B<--mac-source >[!] I<address>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:457 original/man8/iptables.8:504
+msgid ""
+"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
+"that this only makes sense for packets coming from an Ethernet device and "
+"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:457 original/man8/iptables.8:477
+#, no-wrap
+msgid "limit"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
+msgid ""
+"This module matches at a limited rate using a token bucket filter. A rule "
+"using this extension will match until this limit is reached (unless the `!' "
+"flag is used). It can be used in combination with the B<LOG> target to give "
+"limited logging, for example."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
+#, no-wrap
+msgid "B<--limit >I<rate>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+msgid ""
+"Maximum average matching rate: specified as a number, with an optional "
+"`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+#, no-wrap
+msgid "B<--limit-burst >I<number>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:473 original/man8/iptables.8:493
+msgid ""
+"Maximum initial number of packets to match: this number gets recharged by "
+"one every time the limit specified above is not reached, up to this number; "
+"the default is 5."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:473 original/man8/iptables.8:514
+#, no-wrap
+msgid "multiport"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+msgid ""
+"This module matches a set of source or destination ports. Up to 15 ports "
+"can be specified. It can only be used in conjunction with B<-p tcp> or B<-p "
+"udp>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+#, no-wrap
+msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
+msgid ""
+"Match if the source port is one of the given ports. The flag B<--sports> is "
+"a convenient alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
+#, no-wrap
+msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+msgid ""
+"Match if the destination port is one of the given ports. The flag "
+"B<--dports> is a convenient alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+#, no-wrap
+msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:534
+msgid ""
+"Match if the both the source and destination ports are equal to each other "
+"and to one of the given ports."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:504
+#, no-wrap
+msgid "mark"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+msgid ""
+"This module matches the netfilter mark field associated with a packet (which "
+"can be set using the B<MARK> target below)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+#, no-wrap
+msgid "B<--mark >I<value>[/I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:503 original/man8/iptables.8:514
+msgid ""
+"Matches packets with the given unsigned mark value (if a mask is specified, "
+"this is logically ANDed with the mask before the comparison)."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:503 original/man8/iptables.8:534
+#, no-wrap
+msgid "owner"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:509
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
+"even this some packets (such as ICMP ping responses) may have no owner, and "
+"hence never match. This is regarded as experimental."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:509 original/man8/iptables.8:540
+#, no-wrap
+msgid "B<--uid-owner >I<userid>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+msgid ""
+"Matches if the packet was created by a process with the given effective user "
+"id."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+#, no-wrap
+msgid "B<--gid-owner >I<groupid>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+msgid ""
+"Matches if the packet was created by a process with the given effective "
+"group id."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+#, no-wrap
+msgid "B<--pid-owner >I<processid>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+msgid "Matches if the packet was created by a process with the given process id."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+#, no-wrap
+msgid "B<--sid-owner >I<sessionid>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:558 original/man8/iptables.8:556
+msgid "Matches if the packet was created by a process in the given session group."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:558 original/man8/iptables.8:713
+#, no-wrap
+msgid "TARGET EXTENSIONS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:561
+msgid ""
+"ip6tables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:561 original/man8/iptables.8:762
+#, no-wrap
+msgid "LOG"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:573
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
+"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", "
+"i.e. rule traversal continues at the next rule. So if you want to LOG the "
+"packets you refuse, use two separate rules with the same matching criteria, "
+"first using target LOG then DROP (or REJECT)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:573 original/man8/iptables.8:774
+#, no-wrap
+msgid "B<--log-level >I<level>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
+msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
+#, no-wrap
+msgid "B<--log-prefix >I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+msgid ""
+"Prefix log messages with the specified prefix; up to 29 letters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+#, no-wrap
+msgid "B<--log-tcp-sequence>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+msgid ""
+"Log TCP sequence numbers. This is a security risk if the log is readable by "
+"users."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+#, no-wrap
+msgid "B<--log-tcp-options>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
+msgid "Log options from the TCP packet header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
+#, no-wrap
+msgid "B<--log-ip-options>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:590
+msgid "Log options from the IPv6 packet header."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:590 original/man8/iptables.8:791
+#, no-wrap
+msgid "MARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:595
+msgid ""
+"This is used to set the netfilter mark value associated with the packet. It "
+"is only valid in the B<mangle> table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:796
+#, no-wrap
+msgid "B<--set-mark >I<mark>"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:597 original/man8/iptables.8:853
+#, no-wrap
+msgid "REJECT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+msgid ""
+"This is used to send back an error packet in response to the matched packet: "
+"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
+"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. The following option controls the nature of the error packet "
+"returned:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+#, no-wrap
+msgid "B<--reject-with >I<type>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:613 original/man8/iptables.8:869
+msgid "The type given can be"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:622
+#, no-wrap
+msgid ""
+"B<icmp6-no-route>\n"
+"B<no-route>\n"
+"B<icmp6-adm-prohibited>\n"
+"B<adm-prohibited>\n"
+"B<icmp6-addr-unreachable>\n"
+"B<addr-unreach>\n"
+"B<icmp6-port-unreachable>\n"
+"B<port-unreach>\n"
+msgstr ""
+
+#. .SS TOS
+#. This is used to set the 8-bit Type of Service field in the IP header.
+#. It is only valid in the
+#. .B mangle
+#. table.
+#. .TP
+#. .BI "--set-tos " "tos"
+#. You can use a numeric TOS values, or use
+#. .br
+#. iptables -j TOS -h
+#. .br
+#. to see the list of valid TOS names.
+#. .SS MIRROR
+#. This is an experimental demonstration target which inverts the source
+#. and destination fields in the IP header and retransmits the packet.
+#. It is only valid in the
+#. .BR INPUT ,
+#. .B FORWARD
+#. and
+#. .B PREROUTING
+#. chains, and user-defined chains which are only called from those
+#. chains. Note that the outgoing packets are
+#. .B NOT
+#. seen by any packet filtering chains, connection tracking or NAT, to
+#. avoid loops and other problems.
+#. .SS SNAT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B POSTROUTING
+#. chain. It specifies that the source address of the packet should be
+#. modified (and all future packets in this connection will also be
+#. mangled), and rules should cease being examined. It takes one option:
+#. .TP
+#. .BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+#. which can specify a single new source IP address, an inclusive range
+#. of IP addresses, and optionally, a port range (which is only valid if
+#. the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" ).
+#. If no port range is specified, then source ports below 512 will be
+#. mapped to other ports below 512: those between 512 and 1023 inclusive
+#. will be mapped to ports below 1024, and other ports will be mapped to
+#. 1024 or above. Where possible, no port alteration will occur.
+#. .SS DNAT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B PREROUTING
+#. and
+#. .B OUTPUT
+#. chains, and user-defined chains which are only called from those
+#. chains. It specifies that the destination address of the packet
+#. should be modified (and all future packets in this connection will
+#. also be mangled), and rules should cease being examined. It takes one
+#. option:
+#. .TP
+#. .BR "--to-destination " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+#. which can specify a single new destination IP address, an inclusive
+#. range of IP addresses, and optionally, a port range (which is only
+#. valid if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" ).
+#. If no port range is specified, then the destination port will never be
+#. modified.
+#. .SS MASQUERADE
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B POSTROUTING
+#. chain. It should only be used with dynamically assigned IP (dialup)
+#. connections: if you have a static IP address, you should use the SNAT
+#. target. Masquerading is equivalent to specifying a mapping to the IP
+#. address of the interface the packet is going out, but also has the
+#. effect that connections are
+#. .I forgotten
+#. when the interface goes down. This is the correct behavior when the
+#. next dialup is unlikely to have the same interface address (and hence
+#. any established connections are lost anyway). It takes one option:
+#. .TP
+#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
+#. This specifies a range of source ports to use, overriding the default
+#. .B SNAT
+#. source port-selection heuristics (see above). This is only valid
+#. if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" .
+#. .SS REDIRECT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B PREROUTING
+#. and
+#. .B OUTPUT
+#. chains, and user-defined chains which are only called from those
+#. chains. It alters the destination IP address to send the packet to
+#. the machine itself (locally-generated packets are mapped to the
+#. 127.0.0.1 address). It takes one option:
+#. .TP
+#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
+#. This specifies a destination port or range of ports to use: without
+#. this, the destination port is never altered. This is only valid
+#. if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" .
+#. type: Plain text
+#: original/man8/ip6tables.8:740
+msgid ""
+"which return the appropriate IPv6-ICMP error message (B<port-unreach> is the "
+"default). Finally, the option B<tcp-reset> can be used on rules which only "
+"match the TCP protocol: this causes a TCP RST packet to be sent back. This "
+"is mainly useful for blocking I<ident> (113/tcp) probes which frequently "
+"occur when sending mail to broken mail hosts (which won't accept your mail "
+"otherwise)."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:740 original/man8/iptables.8:995
+#, no-wrap
+msgid "DIAGNOSTICS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:745 original/man8/iptables.8:1000
+msgid ""
+"Various error messages are printed to standard error. The exit code is 0 "
+"for correct functioning. Errors which appear to be caused by invalid or "
+"abused command line parameters cause an exit code of 2, and other errors "
+"cause an exit code of 1."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+msgid "Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#, no-wrap
+msgid "COMPATIBILITY WITH IPCHAINS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:761
+msgid ""
+"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
+"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
+"packets coming into the local host and originating from the local host "
+"respectively. Hence every packet only passes through one of the three "
+"chains (except loopback traffic, which involves both INPUT and OUTPUT "
+"chains); previously a forwarded packet would pass through all three."
+msgstr ""
+
+#. .PP The various forms of NAT have been separated out;
+#. .B iptables
+#. is a pure packet filter when using the default `filter' table, with
+#. optional extension modules. This should simplify much of the previous
+#. confusion over the combination of IP masquerading and packet filtering
+#. seen previously. So the following options are handled differently:
+#. .br
+#. -j MASQ
+#. .br
+#. -M -S
+#. .br
+#. -M -L
+#. .br
+#. type: Plain text
+#: original/man8/ip6tables.8:784
+msgid ""
+"The other main difference is that B<-i> refers to the input interface; B<-o> "
+"refers to the output interface, and both are available for packets entering "
+"the B<FORWARD> chain. There are several other changes in ip6tables."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:790
+msgid ""
+"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), "
+"B<iptables-save>(8), B<iptables-restore>(8)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:796 original/man8/iptables.8:1050
+msgid ""
+"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
+"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
+"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
+"details the netfilter internals."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+msgid "See B<http://www.netfilter.org/>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:802 original/man8/iptables.8:1056
+msgid "Rusty Russell wrote iptables, in early consultation with Michael Neuling."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:806 original/man8/iptables.8:1060
+msgid ""
+"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
+"selection framework in iptables, then wrote the mangle table, the owner "
+"match, the mark stuff, and ran around doing cool stuff everywhere."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:1062
+msgid "James Morris wrote the TOS target, and tos match."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:810 original/man8/iptables.8:1064
+msgid "Jozsef Kadlecsik wrote the REJECT target."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:812
+msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:1069
+msgid ""
+"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
+"Kadlecsik, James Morris, Harald Welte and Rusty Russell."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:817
+msgid ""
+"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
+"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-restore.8:1
+#, no-wrap
+msgid "IPTABLES-RESTORE"
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
+#, no-wrap
+msgid "Jan 04, 2001"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:23
+msgid "iptables-restore - Restore IP Tables"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:25
+msgid "B<iptables-restore >[-c] [-n]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:31
+msgid ""
+"B<iptables-restore> is used to restore IP Tables from data specified on "
+"STDIN. Use I/O redirection provided by your shell to read from a file"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:39
+msgid ""
+"don't flush the previous contents of the table. If not specified, "
+"B<iptables-restore> flushes (deletes) all previous contents of the "
+"respective IP Table."
+msgstr ""
+
+#. type: SH
+#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#, no-wrap
+msgid "AUTHOR"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:45
+msgid "B<iptables-save>(8), B<iptables>(8)"
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-save.8:1
+#, no-wrap
+msgid "IPTABLES-SAVE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-save.8:23
+msgid "iptables-save - Save IP Tables"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-save.8:25
+msgid "B<iptables-save >[-c] [-t table]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-save.8:31
+msgid ""
+"B<iptables-save> is used to dump the contents of an IP Table in easily "
+"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+"write to a file."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-save.8:44
+msgid "B<iptables-restore>(8), B<iptables>(8)"
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables.8:1
+#, no-wrap
+msgid "IPTABLES"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:27
+msgid "iptables - administration tool for IPv4 packet filtering and NAT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:29
+msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:31
+msgid "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:33
+msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:35
+msgid "B<iptables [-t table] -D >chain rulenum [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:37
+msgid "B<iptables [-t table] -[LFZ] >[chain] [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:39
+msgid "B<iptables [-t table] -N >chain"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:41
+msgid "B<iptables [-t table] -X >[chain]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:43
+msgid "B<iptables [-t table] -P >chain target [options]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:45
+msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:51
+msgid ""
+"B<Iptables> is used to set up, maintain, and inspect the tables of IP packet "
+"filter rules in the Linux kernel. Several different tables may be defined. "
+"Each table contains a number of built-in chains and may also contain "
+"user-defined chains."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:86
+msgid ""
+"There are currently three independent tables (which tables are present at "
+"any time depends on the kernel configuration options and which modules are "
+"present)."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:105
+#, no-wrap
+msgid "B<nat>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:115
+msgid ""
+"This table is consulted when a packet that creates a new connection is "
+"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
+"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
+"packets before routing), and B<POSTROUTING> (for altering packets as they "
+"are about to go out)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:135
+msgid ""
+"The options that are recognized by B<iptables> can be divided into several "
+"different groups."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:142
+msgid ""
+"These options specify the specific action to perform. Only one of them can "
+"be specified on the command line unless otherwise specified below. For all "
+"the long versions of the command and option names, you need to use only "
+"enough letters to ensure that B<iptables> can differentiate it from all "
+"other options."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:155
+#, no-wrap
+msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:171
+msgid ""
+"List all rules in the selected chain. If no chain is selected, all chains "
+"are listed. As every other iptables command, it applies to the specified "
+"table (filter is the default), so NAT rules get listed by"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:173
+#, no-wrap
+msgid " iptables -t nat -n -L\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:184
+#, no-wrap
+msgid " iptables -L -v\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:242
+msgid ""
+"The protocol of the rule or of the packet to check. The specified protocol "
+"can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a numeric "
+"value, representing one of these protocols or a different one. A protocol "
+"name from /etc/protocols is also allowed. A \"!\" argument before the "
+"protocol inverts the test. The number zero is equivalent to I<all>. "
+"Protocol I<all> will match with all protocols and is taken as default when "
+"this option is omitted."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:261
+msgid ""
+"Source specification. I<Address> can be either a network name, a hostname "
+"(please note that specifying any name to be resolved with a remote query "
+"such as DNS is a really bad idea), a network IP address (with /mask), or a "
+"plain IP address. The I<mask> can be either a network mask or a plain "
+"number, specifying the number of 1's at the left side of the network mask. "
+"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
+"before the address specification inverts the sense of the address. The flag "
+"B<--src> is an alias for this option."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:304
+msgid ""
+"Name of an interface via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the "
+"\"!\" argument is used before the interface name, the sense is inverted. If "
+"the interface name ends in a \"+\", then any interface which begins with "
+"this name will match. If this option is omitted, any interface name will "
+"match."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:304
+#, no-wrap
+msgid "B<[!] -f, --fragment>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:312
+msgid ""
+"This means that the rule only refers to second and further fragments of "
+"fragmented packets. Since there is no way to tell the source or destination "
+"ports of such a packet (or ICMP type), such a packet will not match any "
+"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
+"the rule will only match head fragments, or unfragmented packets."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:312
+#, no-wrap
+msgid "B<-c, --set-counters >I<PKTS BYTES>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:376
+msgid ""
+"iptables can use extended packet matching modules. These are loaded in two "
+"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the "
+"B<-m> or B<--match> options, followed by the matching module name; after "
+"these, various extra command line options become available, depending on the "
+"specific module. You can specify multiple extended match modules in one "
+"line, and you can use the B<-h> or B<--help> options after the module has "
+"been specified to receive help specific to that module."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:381
+#, no-wrap
+msgid "ah"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:383
+msgid "This module matches the SPIs in AH header of IPSec packets."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:383
+#, no-wrap
+msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:385
+#, no-wrap
+msgid "conntrack"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:390
+msgid ""
+"This module, when combined with connection tracking, allows access to more "
+"connection tracking information than the \"state\" match. (this module is "
+"present only if iptables was compiled under a kernel supporting this "
+"feature)"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:390
+#, no-wrap
+msgid "B<--ctstate >I<state>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:413
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet is associated with no "
+"known connection, B<ESTABLISHED> meaning that the packet is associated with "
+"a connection which has seen packets in both directions, B<NEW> meaning that "
+"the packet has started a new connection, or otherwise associated with a "
+"connection which has not seen packets in both directions, and B<RELATED> "
+"meaning that the packet is starting a new connection, but is associated with "
+"an existing connection, such as an FTP data transfer, or an ICMP error. "
+"B<SNAT> A virtual state, matching if the original source address differs "
+"from the reply destination. B<DNAT> A virtual state, matching if the "
+"original destination differs from the reply source."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:413
+#, no-wrap
+msgid "B<--ctproto >I<proto>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:416
+msgid "Protocol to match (by number or name)"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:416
+#, no-wrap
+msgid "B<--ctorigsrc >I<[!] address[/mask]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:419
+msgid "Match against original source address"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:419
+#, no-wrap
+msgid "B<--ctorigdst >I<[!] address[/mask]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:422
+msgid "Match against original destination address"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:422
+#, no-wrap
+msgid "B<--ctreplsrc >I<[!] address[/mask]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:425
+msgid "Match against reply source address"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:425
+#, no-wrap
+msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:428
+msgid "Match against reply destination address"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:428
+#, no-wrap
+msgid "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:431
+msgid "Match against internal conntrack states"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:431
+#, no-wrap
+msgid "B<--ctexpire >I<time[:time]>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:435
+msgid ""
+"Match remaining lifetime in seconds against given value or range of values "
+"(inclusive)"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:435
+#, no-wrap
+msgid "dscp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:438
+msgid ""
+"This module matches the 6 bit DSCP field within the TOS field in the IP "
+"header. DSCP has superseded TOS within the IETF."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:438
+#, no-wrap
+msgid "B<--dscp >I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:441
+msgid "Match against a numeric (decimal or hex) value [0-32]."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:441
+#, no-wrap
+msgid "B<--dscp-class >I<DiffServ Class>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:446
+msgid ""
+"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
+"classes. It will then be converted into it's according numeric value."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:446
+#, no-wrap
+msgid "esp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:448
+msgid "This module matches the SPIs in ESP header of IPSec packets."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:448
+#, no-wrap
+msgid "B<--espspi >[!] I<spi>[:I<spi>]"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:450
+#, no-wrap
+msgid "helper"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:452
+msgid "This module matches packets related to a specific conntrack-helper."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:452
+#, no-wrap
+msgid "B<--helper >I<string>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:455
+msgid "Matches packets related to the specified conntrack-helper."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:459
+msgid ""
+"string can be \"ftp\" for packets related to a ftp-session on default port. "
+"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:461
+msgid "Same rules apply for other conntrack-helpers."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:462
+#, no-wrap
+msgid "icmp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:465
+msgid ""
+"This extension is loaded if `--protocol icmp' is specified. It provides the "
+"following option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:465
+#, no-wrap
+msgid "B<--icmp-type >[!] I<typename>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:469
+msgid ""
+"This allows specification of the ICMP type, which can be a numeric ICMP "
+"type, or one of the ICMP type names shown by the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:471
+#, no-wrap
+msgid " iptables -p icmp -h\n"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:472
+#, no-wrap
+msgid "length"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:475
+msgid ""
+"This module matches the length of a packet against a specific value or range "
+"of values."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:475
+#, no-wrap
+msgid "B<--length >I<length>[:I<length>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:540
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
+"even this some packets (such as ICMP ping responses) may have no owner, and "
+"hence never match."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:556
+#, no-wrap
+msgid "B<--cmd-owner >I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:561
+msgid ""
+"Matches if the packet was created by a process with the given command name. "
+"(this option is present only if iptables was compiled under a kernel "
+"supporting this feature)"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:561
+#, no-wrap
+msgid "physdev"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:566
+msgid ""
+"This module matches on the bridge port input and output devices enslaved to "
+"a bridge device. This module is a part of the infrastructure that enables a "
+"transparent bridging IP firewall and is only useful for kernel versions "
+"above version 2.5.44."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:566
+#, no-wrap
+msgid "B<--physdev-in name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:577
+msgid ""
+"Name of a bridge port via which a packet is received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If the packet didn't arrive through a bridge device, this "
+"packet won't match this option, unless '!' is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:577
+#, no-wrap
+msgid "B<--physdev-out name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:594
+msgid ""
+"Name of a bridge port via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
+"cannot match on the bridge output port, however one can in the B<filter "
+"OUTPUT> chain. If the packet won't leave by a bridge device or it is yet "
+"unknown what the output device will be, then the packet won't match this "
+"option, unless '!' is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:594
+#, no-wrap
+msgid "B<--physdev-is-in>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:597
+msgid "Matches if the packet has entered through a bridge interface."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:597
+#, no-wrap
+msgid "B<--physdev-is-out>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:600
+msgid "Matches if the packet will leave through a bridge interface."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:600
+#, no-wrap
+msgid "B<--physdev-is-bridged>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:604
+msgid ""
+"Matches if the packet is being bridged and therefore is not being routed. "
+"This is only useful in the FORWARD and POSTROUTING chains."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:604
+#, no-wrap
+msgid "pkttype"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:606
+msgid "This module matches the link-layer packet type."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:606
+#, no-wrap
+msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:608
+#, no-wrap
+msgid "state"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:611
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:611
+#, no-wrap
+msgid "B<--state >I<state>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:630
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet could not be "
+"identified for some reason which includes running out of memory and ICMP "
+"errors which don't correspond to any known connection, B<ESTABLISHED> "
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions, B<NEW> meaning that the packet has started a new "
+"connection, or otherwise associated with a connection which has not seen "
+"packets in both directions, and B<RELATED> meaning that the packet is "
+"starting a new connection, but is associated with an existing connection, "
+"such as an FTP data transfer, or an ICMP error."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:660
+#, no-wrap
+msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:676
+#, no-wrap
+msgid "B<--mss >I<value>[:I<value>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:680
+msgid ""
+"Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), "
+"which control the maximum packet size for that connection."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:680
+#, no-wrap
+msgid "tos"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:683
+msgid ""
+"This module matches the 8 bits of Type of Service field in the IP header "
+"(ie. including the precedence bits)."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:683
+#, no-wrap
+msgid "B<--tos >I<tos>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:686
+msgid "The argument is either a standard name, (use"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:688
+#, no-wrap
+msgid " iptables -m tos -h\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:690
+msgid "to see the list), or a numeric value to match."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:690
+#, no-wrap
+msgid "ttl"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:692
+msgid "This module matches the time to live field in the IP header."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:692
+#, no-wrap
+msgid "B<--ttl >I<ttl>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:695
+msgid "Matches the given TTL value."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:710
+#, no-wrap
+msgid "unclean"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:713
+msgid ""
+"This module takes no options, but attempts to match packets which seem "
+"malformed or unusual. This is regarded as experimental."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:716
+msgid ""
+"iptables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:716
+#, no-wrap
+msgid "DNAT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:728
+msgid ""
+"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. It specifies that the destination address of the packet should be "
+"modified (and all future packets in this connection will also be mangled), "
+"and rules should cease being examined. It takes one type of option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:728
+#, no-wrap
+msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:738
+msgid ""
+"which can specify a single new destination IP address, an inclusive range of "
+"IP addresses, and optionally, a port range (which is only valid if the rule "
+"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
+"the destination port will never be modified."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:744
+msgid ""
+"You can add several --to-destination options. If you specify more than one "
+"destination address, either via an address range or multiple "
+"--to-destination options, a simple round-robin (one after another in cycle) "
+"load balancing takes place between these adresses."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:744
+#, no-wrap
+msgid "DSCP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:748
+msgid ""
+"This target allows to alter the value of the DSCP bits within the TOS header "
+"of the IPv4 packet. As this manipulates a packet, it can only be used in "
+"the mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:748
+#, no-wrap
+msgid "B<--set-dscp >I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:751
+msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:751
+#, no-wrap
+msgid "B<--set-dscp-class >I<class>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:754
+msgid "Set the DSCP field to a DiffServ class."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:754
+#, no-wrap
+msgid "ECN"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:757
+msgid ""
+"This target allows to selectively work around known ECN blackholes. It can "
+"only be used in the mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:757
+#, no-wrap
+msgid "B<--ecn-tcp-remove>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:762
+msgid ""
+"Remove all ECN bits from the TCP header. Of course, it can only be used in "
+"conjunction with B<-p tcp>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:774
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IP header fields) via the kernel log (where it can be read with "
+"I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. rule "
+"traversal continues at the next rule. So if you want to LOG the packets you "
+"refuse, use two separate rules with the same matching criteria, first using "
+"target LOG then DROP (or REJECT)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:791
+msgid "Log options from the IP packet header."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:796
+msgid ""
+"This is used to set the netfilter mark value associated with the packet. It "
+"is only valid in the B<mangle> table. It can for example be used in "
+"conjunction with iproute2."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:798
+#, no-wrap
+msgid "MASQUERADE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:812
+msgid ""
+"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
+"It should only be used with dynamically assigned IP (dialup) connections: "
+"if you have a static IP address, you should use the SNAT target. "
+"Masquerading is equivalent to specifying a mapping to the IP address of the "
+"interface the packet is going out, but also has the effect that connections "
+"are I<forgotten> when the interface goes down. This is the correct behavior "
+"when the next dialup is unlikely to have the same interface address (and "
+"hence any established connections are lost anyway). It takes one option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:812 original/man8/iptables.8:845
+#, no-wrap
+msgid "B<--to-ports >I<port>[-I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:821
+msgid ""
+"This specifies a range of source ports to use, overriding the default "
+"B<SNAT> source port-selection heuristics (see above). This is only valid if "
+"the rule also specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:821
+#, no-wrap
+msgid "MIRROR"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:834
+msgid ""
+"This is an experimental demonstration target which inverts the source and "
+"destination fields in the IP header and retransmits the packet. It is only "
+"valid in the B<INPUT>, B<FORWARD> and B<PREROUTING> chains, and user-defined "
+"chains which are only called from those chains. Note that the outgoing "
+"packets are B<NOT> seen by any packet filtering chains, connection tracking "
+"or NAT, to avoid loops and other problems."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:834
+#, no-wrap
+msgid "REDIRECT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:845
+msgid ""
+"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. It alters the destination IP address to send the packet to the "
+"machine itself (locally-generated packets are mapped to the 127.0.0.1 "
+"address). It takes one option:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:853
+msgid ""
+"This specifies a destination port or range of ports to use: without this, "
+"the destination port is never altered. This is only valid if the rule also "
+"specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:877
+#, no-wrap
+msgid ""
+"B<icmp-net-unreachable>\n"
+"B<icmp-host-unreachable>\n"
+"B<icmp-port-unreachable>\n"
+"B<icmp-proto-unreachable>\n"
+"B<icmp-net-prohibited>\n"
+"B<icmp-host-prohibited or>\n"
+"B<icmp-admin-prohibited (*)>\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:886
+msgid ""
+"which return the appropriate ICMP error message (B<port-unreachable> is the "
+"default). The option B<tcp-reset> can be used on rules which only match the "
+"TCP protocol: this causes a TCP RST packet to be sent back. This is mainly "
+"useful for blocking I<ident> (113/tcp) probes which frequently occur when "
+"sending mail to broken mail hosts (which won't accept your mail otherwise)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:889
+msgid ""
+"(*) Using icmp-admin-prohibited with kernels that do not support it will "
+"result in a plain DROP instead of REJECT"
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:889
+#, no-wrap
+msgid "SNAT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:898
+msgid ""
+"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
+"It specifies that the source address of the packet should be modified (and "
+"all future packets in this connection will also be mangled), and rules "
+"should cease being examined. It takes one type of option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:898
+#, no-wrap
+msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:910
+msgid ""
+"which can specify a single new source IP address, an inclusive range of IP "
+"addresses, and optionally, a port range (which is only valid if the rule "
+"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
+"source ports below 512 will be mapped to other ports below 512: those "
+"between 512 and 1023 inclusive will be mapped to ports below 1024, and other "
+"ports will be mapped to 1024 or above. Where possible, no port alteration "
+"will occur."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:916
+msgid ""
+"You can add several --to-source options. If you specify more than one "
+"source address, either via an address range or multiple --to-source options, "
+"a simple round-robin (one after another in cycle) takes place between these "
+"adresses."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:916
+#, no-wrap
+msgid "TCPMSS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:922
+msgid ""
+"This target allows to alter the MSS value of TCP SYN packets, to control the "
+"maximum size for that connection (usually limiting it to your outgoing "
+"interface's MTU minus 40). Of course, it can only be used in conjunction "
+"with B<-p tcp>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:928
+msgid ""
+"This target is used to overcome criminally braindead ISPs or servers which "
+"block ICMP Fragmentation Needed packets. The symptoms of this problem are "
+"that everything works fine from your Linux firewall/router, but machines "
+"behind it can never exchange large packets:"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:930
+#, no-wrap
+msgid "1)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:933
+msgid "Web browsers connect, then hang with no data received."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:933
+#, no-wrap
+msgid "2)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:936
+msgid "Small mail works fine, but large emails hang."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:936
+#, no-wrap
+msgid "3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:939
+msgid "ssh works fine, but scp hangs after initial handshaking."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:943
+msgid ""
+"Workaround: activate this option and add a rule to your firewall "
+"configuration like:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:946
+#, no-wrap
+msgid ""
+" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:947
+#, no-wrap
+msgid "B<--set-mss >I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:950
+msgid "Explicitly set MSS option to specified value."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:950
+#, no-wrap
+msgid "B<--clamp-mss-to-pmtu>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:953
+msgid "Automatically clamp MSS value to (path_MTU - 40)."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:953
+#, no-wrap
+msgid "These options are mutually exclusive."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:955
+#, no-wrap
+msgid "TOS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:960
+msgid ""
+"This is used to set the 8-bit Type of Service field in the IP header. It is "
+"only valid in the B<mangle> table."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:960
+#, no-wrap
+msgid "B<--set-tos >I<tos>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:963
+msgid "You can use a numeric TOS values, or use"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:965
+#, no-wrap
+msgid " iptables -j TOS -h\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:967
+msgid "to see the list of valid TOS names."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:967
+#, no-wrap
+msgid "ULOG"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:976
+msgid ""
+"This target provides userspace logging of matching packets. When this "
+"target is set for a rule, the Linux kernel will multicast this packet "
+"through a I<netlink> socket. One or more userspace processes may then "
+"subscribe to various multicast groups and receive the packets. Like LOG, "
+"this is a \"non-terminating target\", i.e. rule traversal continues at the "
+"next rule."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:976
+#, no-wrap
+msgid "B<--ulog-nlgroup >I<nlgroup>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:980
+msgid ""
+"This specifies the netlink group (1-32) to which the packet is sent. "
+"Default value is 1."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:980
+#, no-wrap
+msgid "B<--ulog-prefix >I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:984
+msgid ""
+"Prefix log messages with the specified prefix; up to 32 characters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:984
+#, no-wrap
+msgid "B<--ulog-cprange >I<size>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:988
+msgid ""
+"Number of bytes to be copied to userspace. A value of 0 always copies the "
+"entire packet, regardless of its size. Default is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:988
+#, no-wrap
+msgid "B<--ulog-qthreshold >I<size>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:994
+msgid ""
+"Number of packet to queue inside kernel. Setting this value to, e.g. 10 "
+"accumulates ten packets inside the kernel and transmits them as one netlink "
+"multipart message to userspace. Default is 1 (for backwards compatibility)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1016
+msgid ""
+"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
+"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
+"packets coming into the local host and originating from the local host "
+"respectively. Hence every packet only passes through one of the three "
+"chains (except loopback traffic, which involves both INPUT and OUTPUT "
+"chains); previously a forwarded packet would pass through all three."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1025
+msgid ""
+"The other main difference is that B<-i> refers to the input interface; B<-o> "
+"refers to the output interface, and both are available for packets entering "
+"the B<FORWARD> chain."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1032
+msgid ""
+"The various forms of NAT have been separated out; B<iptables> is a pure "
+"packet filter when using the default `filter' table, with optional extension "
+"modules. This should simplify much of the previous confusion over the "
+"combination of IP masquerading and packet filtering seen previously. So the "
+"following options are handled differently:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1036
+#, no-wrap
+msgid ""
+" -j MASQ\n"
+" -M -S\n"
+" -M -L\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1038
+msgid "There are several other changes in iptables."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1044
+msgid ""
+"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), "
+"B<ip6tables-save>(8), B<ip6tables-restore>(8)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1066
+msgid "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1070
+msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr ""
--- /dev/null
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2012-05-09 02:21+0900\n"
+"PO-Revision-Date: 2012-05-09 03:09+0900\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: original/man8/ip6tables-restore.8:1
+#, no-wrap
+msgid "IP6TABLES-RESTORE"
+msgstr "IP6TABLES-RESTORE"
+
+#. type: TH
+#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1
+#, no-wrap
+msgid "Jan 30, 2002"
+msgstr "Jan 30, 2002"
+
+#. Man page written by Herve Eychenne <rv@wallfire.org> (May 1999)
+#. It is based on ipchains page.
+#. TODO: add a word for protocol helpers (FTP, IRC, SNMP-ALG)
+#. ipchains page by Paul ``Rusty'' Russell March 1997
+#. Based on the original ipfwadm man page by Jos Vos <jos@xos.nl>
+#. This program is free software; you can redistribute it and/or modify
+#. it under the terms of the GNU General Public License as published by
+#. the Free Software Foundation; either version 2 of the License, or
+#. (at your option) any later version.
+#. This program is distributed in the hope that it will be useful,
+#. but WITHOUT ANY WARRANTY; without even the implied warranty of
+#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#. GNU General Public License for more details.
+#. You should have received a copy of the GNU General Public License
+#. along with this program; if not, write to the Free Software
+#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#. type: SH
+#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21
+#: original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21
+#: original/man8/iptables-save.8:21 original/man8/iptables.8:25
+#, no-wrap
+msgid "NAME"
+msgstr "名前"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:23
+msgid "ip6tables-restore - Restore IPv6 Tables"
+msgstr "ip6tables-restore - IPv6 テーブルを復元する"
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23
+#: original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23
+#: original/man8/iptables-save.8:23 original/man8/iptables.8:27
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr "書式"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:25
+msgid "B<ip6tables-restore >[-c] [-n]"
+msgstr "B<ip6tables-restore >[-c] [-n]"
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26
+#: original/man8/ip6tables.8:47 original/man8/iptables-restore.8:26
+#: original/man8/iptables-save.8:26 original/man8/iptables.8:45
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr "説明"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:31
+msgid ""
+"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
+"STDIN. Use I/O redirection provided by your shell to read from a file"
+msgstr ""
+"B<ip6tables-restore> は標準入力で指定されたデータから IPv6 テーブルを復元する"
+"ために使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リ"
+"ダイレクションを使うこと。"
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:31
+#: original/man8/iptables-restore.8:31 original/man8/iptables-save.8:31
+#, no-wrap
+msgid "B<-c>, B<--counters>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+msgid "restore the values of all packet and byte counters"
+msgstr "全てのパケットカウンタとバイトカウンタの値を復元する。"
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#, no-wrap
+msgid "B<-n>, B<--noflush> "
+msgstr "B<-n>, B<--noflush> "
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:39
+msgid ""
+"don't flush the previous contents of the table. If not specified, "
+"B<ip6tables-restore> flushes (deletes) all previous contents of the "
+"respective IPv6 Table."
+msgstr ""
+"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<ip6tables-"
+"restore> は、これまでの各 IPv6 テーブルの内容を全てフラッシュ (削除) する。"
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:39 original/man8/ip6tables-save.8:38
+#: original/man8/ip6tables.8:745 original/man8/iptables-restore.8:39
+#: original/man8/iptables-save.8:38 original/man8/iptables.8:1000
+#, no-wrap
+msgid "BUGS"
+msgstr "バグ"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40
+#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+msgid "None known as of iptables-1.2.1 release"
+msgstr "iptables-1.2.1 リリースでは知られていない。"
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40
+#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+#, no-wrap
+msgid "AUTHORS"
+msgstr "作者"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:42
+#: original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42
+msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
+msgstr "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
+msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
+msgstr "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
+
+#. type: SH
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
+#: original/man8/ip6tables.8:784 original/man8/iptables-restore.8:43
+#: original/man8/iptables-save.8:42 original/man8/iptables.8:1038
+#, no-wrap
+msgid "SEE ALSO"
+msgstr "関連項目"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:47
+msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
+msgstr "B<ip6tables-save>(8), B<ip6tables>(8)"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:50 original/man8/ip6tables-save.8:49
+#: original/man8/iptables-restore.8:48 original/man8/iptables-save.8:47
+msgid ""
+"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
+"details NAT, and the netfilter-hacking-HOWTO which details the internals."
+msgstr ""
+"より多くの iptables の使用法について 詳細に説明している iptables-HOWTO。 NAT "
+"について詳細に説明している NAT-HOWTO。 内部構造について詳細に説明している "
+"netfilter-hacking-HOWTO。"
+
+#. type: TH
+#: original/man8/ip6tables-save.8:1
+#, no-wrap
+msgid "IP6TABLES-SAVE"
+msgstr "IP6TABLES-SAVE"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:23
+msgid "ip6tables-save - Save IPv6 Tables"
+msgstr "ip6tables-save - IPv6 テーブルを保存する"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:25
+msgid "B<ip6tables-save >[-c] [-t table]"
+msgstr "B<ip6tables-save >[-c] [-t table]"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:31
+msgid ""
+"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily "
+"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+"write to a file."
+msgstr ""
+"B<ip6tables-save> は IPv6 テーブルの内容を簡単に解析できる形式で 標準出力にダ"
+"ンプするために使われる。 ファイルに書き出すためには、 シェルで提供されている "
+"I/O リダイレクションを使うこと。"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+msgid ""
+"include the current values of all packet and byte counters in the output"
+msgstr "全てのパケットカウンタとバイトカウンタの現在の値を出力する。"
+
+#. type: TP
+#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+#, no-wrap
+msgid "B<-t>, B<--table> B<tablename>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
+msgid ""
+"restrict output to only one table. If not specified, output includes all "
+"available tables."
+msgstr ""
+"出力を 1 つのテーブルのみに制限する。 指定されない場合、得られた全てのテーブ"
+"ルを出力する。"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:46
+msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
+msgstr "B<ip6tables-restore>(8), B<ip6tables>(8)"
+
+#. type: TH
+#: original/man8/ip6tables.8:1
+#, no-wrap
+msgid "IP6TABLES"
+msgstr "IP6TABLES"
+
+#. type: TH
+#: original/man8/ip6tables.8:1 original/man8/iptables.8:1
+#, no-wrap
+msgid "Mar 09, 2002"
+msgstr "Mar 09, 2002"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:29
+msgid "ip6tables - IPv6 packet filter administration"
+msgstr "ip6tables - IPv6 パケットフィルタを管理する"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:31
+msgid "B<ip6tables [-t table] -[AD] >chain rule-specification [options]"
+msgstr "B<ip6tables [-t テーブル] -[AD] >チェイン ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:33
+msgid "B<ip6tables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgstr ""
+"B<ip6tables [-t テーブル] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:35
+msgid "B<ip6tables [-t table] -R >chain rulenum rule-specification [options]"
+msgstr ""
+"B<ip6tables [-t テーブル] -R >チェイン ルール番号 ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:37
+msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+msgstr "B<ip6tables [-t テーブル] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:39
+msgid "B<ip6tables [-t table] -[LFZ] >[chain] [options]"
+msgstr "B<ip6tables [-t テーブル] -[LFZ] >[チェイン] [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:41
+msgid "B<ip6tables [-t table] -N >chain"
+msgstr "B<ip6tables [-t テーブル] -N >チェイン"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:43
+msgid "B<ip6tables [-t table] -X >[chain]"
+msgstr "B<ip6tables [-t テーブル] -X >[チェイン]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:45
+msgid "B<ip6tables [-t table] -P >chain target [options]"
+msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:47
+msgid "B<ip6tables [-t table] -E >old-chain-name new-chain-name"
+msgstr "B<ip6tables [-t テーブル] -E >旧チェイン名 新チェイン名"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:53
+msgid ""
+"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
+"packet filter rules in the Linux kernel. Several different tables may be "
+"defined. Each table contains a number of built-in chains and may also "
+"contain user-defined chains."
+msgstr ""
+"B<ip6tables> は Linux カーネルの IPv6 パケットフィルタルールのテーブルを 設"
+"定・管理・検査するために使われる。 複数の異なるテーブルが定義される可能性があ"
+"る。 各テーブルは組み込み済みチェインを含む。 さらにユーザー定義のチェインを"
+"含むこともできる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:58 original/man8/iptables.8:56
+msgid ""
+"Each chain is a list of rules which can match a set of packets. Each rule "
+"specifies what to do with a packet that matches. This is called a `target', "
+"which may be a jump to a user-defined chain in the same table."
+msgstr ""
+"各チェインは、パケット群にマッチするルールのリストである。 各ルールは\n"
+"マッチしたパケットに対して何をするかを指定する。 これは「ターゲット」と\n"
+"呼ばれ、 同じテーブル内のユーザー定義チェインにジャンプすることもできる。"
+
+#. type: SH
+#: original/man8/ip6tables.8:59 original/man8/iptables.8:57
+#, no-wrap
+msgid "TARGETS"
+msgstr "ターゲット"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:70 original/man8/iptables.8:68
+msgid ""
+"A firewall rule specifies criteria for a packet, and a target. If the "
+"packet does not match, the next rule in the chain is the examined; if it "
+"does match, then the next rule is specified by the value of the target, "
+"which can be the name of a user-defined chain or one of the special values "
+"I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
+msgstr ""
+"ファイアウォールのルールは、パケットを判断する基準とターゲットを指定する。\n"
+"パケットがマッチしない場合、チェイン内の次のルールが評価される。\n"
+"パケットがマッチした場合、 ターゲットの値によって次のルールが指定される。\n"
+"ターゲットの値は、ユーザー定義チェインの名前、または特別な値\n"
+"I<ACCEPT>, I<DROP>, I<QUEUE>, I<RETURN> のうちの 1 つである。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+msgid ""
+"I<ACCEPT> means to let the packet through. I<DROP> means to drop the packet "
+"on the floor. I<QUEUE> means to pass the packet to userspace (if supported "
+"by the kernel). I<RETURN> means stop traversing this chain and resume at "
+"the next rule in the previous (calling) chain. If the end of a built-in "
+"chain is reached or a rule in a built-in chain with target I<RETURN> is "
+"matched, the target specified by the chain policy determines the fate of the "
+"packet."
+msgstr ""
+"I<ACCEPT> はパケットを通すという意味である。 \n"
+"I<DROP> はパケットを床に落す (捨てる) という意味である。 \n"
+"I<QUEUE> はパケットをユーザー空間に渡すという意味である \n"
+"(カーネルがサポートしていればであるが)。\n"
+"I<RETURN> は、このチェインを辿るのを中止して、\n"
+"前の (呼び出し元) チェインの次のルールから再開するという意味である。\n"
+"組み込み済みチェインの最後に到達した場合、 または組み込み済みチェインで\n"
+"ターゲット I<RETURN> を持つルールにマッチした場合、\n"
+"チェインポリシーで指定されたターゲットが パケットの行方を決定する。"
+
+#. type: SH
+#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+#, no-wrap
+msgid "TABLES"
+msgstr "テーブル"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:88
+msgid ""
+"There are currently two independent tables (which tables are present at any "
+"time depends on the kernel configuration options and which modules are "
+"present), as nat table has not been implemented yet."
+msgstr ""
+"現在のところ 2 つの独立なテーブルが存在する (どのテーブルがどの時点で現れるか"
+"は、 カーネルの設定やどういったモジュールが存在するかに依存する)。 nat テーブ"
+"ルは、まだ実装されていない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:88 original/man8/iptables.8:86
+#, no-wrap
+msgid "B<-t, --table >I<table>"
+msgstr "B<-t, --table >I<table>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:94 original/man8/iptables.8:92
+msgid ""
+"This option specifies the packet matching table which the command should "
+"operate on. If the kernel is configured with automatic module loading, an "
+"attempt will be made to load the appropriate module for that table if it is "
+"not already there."
+msgstr ""
+"このオプションは、このコマンドが操作するパケットマッチングテーブルを\n"
+"指定する。 カーネルに自動モジュールローディングが設定されている場合、\n"
+"そのテーブルに対する適切なモジュールがまだロードされていなければ、\n"
+"そのモジュールがロードされる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:96 original/man8/iptables.8:94
+msgid "The tables are as follows:"
+msgstr "テーブルは以下の通りである。"
+
+#. type: TP
+#: original/man8/ip6tables.8:97 original/man8/iptables.8:95
+#, no-wrap
+msgid "B<filter>:"
+msgstr "B<filter>:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:107 original/man8/iptables.8:105
+msgid ""
+"This is the default table (if no -t option is passed). It contains the "
+"built-in chains B<INPUT> (for packets coming into the box itself), "
+"B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
+"locally-generated packets)."
+msgstr ""
+"(-t オプションが指定されていない場合は) これがデフォルトのテーブルである。\n"
+"これには B<INPUT> (マシン自体に入ってくるパケットに対するチェイン)・\n"
+"B<FORWARD> (マシンを経由するパケットに対するチェイン)・ \n"
+"B<OUTPUT> (ローカルマシンで生成されたパケットに対するチェイン) という\n"
+"組み込み済みチェインが含まれる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:107 original/man8/iptables.8:115
+#, no-wrap
+msgid "B<mangle>:"
+msgstr "B<mangle>:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:122 original/man8/iptables.8:130
+msgid ""
+"This table is used for specialized packet alteration. Until kernel 2.4.17 "
+"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
+"before routing) and B<OUTPUT> (for altering locally-generated packets before "
+"routing). Since kernel 2.4.18, three other built-in chains are also "
+"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> "
+"(for altering packets being routed through the box), and B<POSTROUTING> (for "
+"altering packets as they are about to go out)."
+msgstr ""
+"このテーブルは特別なパケット変換に使われる。 カーネル 2.4.17 までは、\n"
+"B<PREROUTING> (パケットが入ってきた場合、 すぐにそのパケットを変換する\n"
+"ためのチェイン)・ B<OUTPUT> (ローカルで生成されたパケットを ルーティン\n"
+"グの前に変換するためのチェイン) という 2 つの組み込み済みチェインが含ま\n"
+"れていた。 カーネル 2.4.18 からは、これらの他に B<INPUT> (マシン自体に\n"
+"入ってくるパケットに対するチェイン)・ B<FORWARD> (マシンを経由するパケッ\n"
+"トに対するチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換する\n"
+"ためのチェイン)・ という 3 つの組み込み済みチェインもサポートされる。"
+
+#. type: SH
+#: original/man8/ip6tables.8:123 original/man8/iptables.8:131
+#, no-wrap
+msgid "OPTIONS"
+msgstr "オプション"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:127
+msgid ""
+"The options that are recognized by B<ip6tables> can be divided into several "
+"different groups."
+msgstr "B<ip6tables> で使えるオプションは、いくつかのグループに分けられる。"
+
+#. type: SS
+#: original/man8/ip6tables.8:127 original/man8/iptables.8:135
+#, no-wrap
+msgid "COMMANDS"
+msgstr "コマンド"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:134
+msgid ""
+"These options specify the specific action to perform. Only one of them can "
+"be specified on the command line unless otherwise specified below. For all "
+"the long versions of the command and option names, you need to use only "
+"enough letters to ensure that B<ip6tables> can differentiate it from all "
+"other options."
+msgstr ""
+"これらのオプションは、実行する特定の動作を指定する。 以下の説明で許可されてい"
+"ない限り、 この中の 1 つしかコマンドラインで指定することができない。 長いバー"
+"ジョンのコマンド名とオプション名は、 B<ip6tables> が他のコマンド名やオプショ"
+"ン名と区別できる範囲で (文字を省略して) 指定することもできる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:134 original/man8/iptables.8:142
+#, no-wrap
+msgid "B<-A, --append >I<chain rule-specification>"
+msgstr "B<-A, --append >I<chain rule-specification>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+msgid ""
+"Append one or more rules to the end of the selected chain. When the source "
+"and/or destination names resolve to more than one address, a rule will be "
+"added for each possible address combination."
+msgstr ""
+"選択されたチェインの最後に 1 つ以上のルールを追加する。\n"
+"送信元や送信先の名前の解決を行って、 1 つ以上のアドレスに展開された\n"
+"場合は、可能なアドレスの組合せそれぞれに対してルールが追加される。"
+
+#. type: TP
+#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+#, no-wrap
+msgid "B<-D, --delete >I<chain rule-specification>"
+msgstr "B<-D, --delete >I<chain rule-specification>"
+
+#. type: TP
+#: original/man8/ip6tables.8:142 original/man8/iptables.8:150
+#, no-wrap
+msgid "B<-D, --delete >I<chain rulenum>"
+msgstr "B<-D, --delete >I<chain rulenum>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:147 original/man8/iptables.8:155
+msgid ""
+"Delete one or more rules from the selected chain. There are two versions of "
+"this command: the rule can be specified as a number in the chain (starting "
+"at 1 for the first rule) or a rule to match."
+msgstr ""
+"選択されたチェインから 1 つ以上のルールを削除する。 このコマンドには 2 つの使"
+"い方がある: チェインの中の番号 (最初のルールを 1 とする) を指定する場合と、 "
+"マッチするルールを指定する場合である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:147
+#, no-wrap
+msgid "B<-I, --insert>"
+msgstr "B<-I, --insert>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+msgid ""
+"Insert one or more rules in the selected chain as the given rule number. "
+"So, if the rule number is 1, the rule or rules are inserted at the head of "
+"the chain. This is also the default if no rule number is specified."
+msgstr ""
+"選択されたチェインにルール番号を指定して 1 つ以上のルールを挿入する。 ルール"
+"番号が 1 の場合、ルールはチェインの先頭に挿入される。 これはルール番号が指定"
+"されない場合のデフォルトでもある。"
+
+#. type: TP
+#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+#, no-wrap
+msgid "B<-R, --replace >I<chain rulenum rule-specification>"
+msgstr "B<-R, --replace >I<chain rulenum rule-specification>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+msgid ""
+"Replace a rule in the selected chain. If the source and/or destination "
+"names resolve to multiple addresses, the command will fail. Rules are "
+"numbered starting at 1."
+msgstr ""
+"選択されたチェインにあるルールを置き換える。\n"
+"送信元や送信先の名前が 1 つ以上のアドレスに解決された場合は、\n"
+"このコマンドは失敗する。ルール番号は 1 からはじまる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+#, no-wrap
+msgid "B<-L, --list >[I<chain>]"
+msgstr "B<-L, --list >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:163
+msgid ""
+"List all rules in the selected chain. If no chain is selected, all chains "
+"are listed. As every other iptables command, it applies to the specified "
+"table (filter is the default), so mangle rules get listed by"
+msgstr ""
+"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
+"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
+"様に、 指定されたテーブル (デフォルトは filter) に対して作用する。 よって "
+"mangle ルールを表示するには以下のようにする。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:165
+#, no-wrap
+msgid " ip6tables -t mangle -n -L\n"
+msgstr " ip6tables -t mangle -n -L\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:174 original/man8/iptables.8:182
+msgid ""
+"Please note that it is often used with the B<-n> option, in order to avoid "
+"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
+"well, in which case the chain(s) will be atomically listed and zeroed. The "
+"exact output is affected by the other arguments given. The exact rules are "
+"suppressed until you use"
+msgstr ""
+"DNS の逆引きを避けるために、よく B<-n> オプションと共に使用される。\n"
+"B<-Z> (ゼロ化) オプションを同時に指定することもできる。この場合、\n"
+"チェインは要素毎にリストされて、 (訳註: パケットカウンタとバイト\n"
+"カウンタが) ゼロにされる。出力表示は同時に与えられた他の引き数に\n"
+"影響される。以下のように、 B<-v> オプションを指定しない限り、\n"
+"実際のルールそのものは表示されない。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:176
+#, no-wrap
+msgid " ip6tables -L -v\n"
+msgstr " ip6tables -L -v\n"
+
+#. type: TP
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:185
+#, no-wrap
+msgid "B<-F, --flush >[I<chain>]"
+msgstr "B<-F, --flush >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+msgid ""
+"Flush the selected chain (all the chains in the table if none is given). "
+"This is equivalent to deleting all the rules one by one."
+msgstr ""
+"選択されたチェイン (何も指定されなければテーブル内の全てのチェイン) \n"
+"の内容を全消去する。これは全てのルールを 1 個ずつ削除するのと\n"
+"同じである。"
+
+#. type: TP
+#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+#, no-wrap
+msgid "B<-Z, --zero >[I<chain>]"
+msgstr "B<-Z, --zero >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+msgid ""
+"Zero the packet and byte counters in all chains. It is legal to specify the "
+"B<-L, --list> (list) option as well, to see the counters immediately before "
+"they are cleared. (See above.)"
+msgstr ""
+"すべてのチェインのパケットカウンタとバイトカウンタをゼロにする。 クリアされる"
+"直前のカウンタを見るために、 B<-L, --list> (一覧表示) オプションと同時に指定"
+"することもできる (上記を参照)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+#, no-wrap
+msgid "B<-N, --new-chain >I<chain>"
+msgstr "B<-N, --new-chain >I<chain>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+msgid ""
+"Create a new user-defined chain by the given name. There must be no target "
+"of that name already."
+msgstr ""
+"指定した名前でユーザー定義チェインを作成する。 同じ名前のターゲットが既に存在"
+"してはならない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#, no-wrap
+msgid "B<-X, --delete-chain >[I<chain>]"
+msgstr "B<-X, --delete-chain >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+msgid ""
+"Delete the optional user-defined chain specified. There must be no "
+"references to the chain. If there are, you must delete or replace the "
+"referring rules before the chain can be deleted. If no argument is given, "
+"it will attempt to delete every non-builtin chain in the table."
+msgstr ""
+"指定したユーザー定義チェインを削除する。 そのチェインが参照されていては\n"
+"ならない。 チェインを削除する前に、そのチェインを参照しているルールを\n"
+"削除するか置き換えるかしなければならない。 引き数が与えられない場合、テー\n"
+"ブルにあるチェインのうち 組み込み済みチェインでないものを全て削除する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+#, no-wrap
+msgid "B<-P, --policy >I<chain target>"
+msgstr "B<-P, --policy >I<chain target>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+msgid ""
+"Set the policy for the chain to the given target. See the section "
+"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
+"can have policies, and neither built-in nor user-defined chains can be "
+"policy targets."
+msgstr ""
+"チェインのポリシーを指定したターゲットに設定する。指定可能なターゲット\n"
+"は「B<ターゲット>」の章を参照すること。 (ユーザー定義ではない) 組み込み\n"
+"済みチェインにしかポリシーは設定できない。 また、組み込み済みチェインも\n"
+"ユーザー定義チェインも ポリシーのターゲットに設定することはできない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+#, no-wrap
+msgid "B<-E, --rename-chain >I<old-chain new-chain>"
+msgstr "B<-E, --rename-chain >I<old-chain new-chain>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+msgid ""
+"Rename the user specified chain to the user supplied name. This is "
+"cosmetic, and has no effect on the structure of the table."
+msgstr ""
+"ユーザー定義チェインを指定した名前に変更する。 これは見た目だけの変更なので、"
+"テーブルの構造には何も影響しない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#, no-wrap
+msgid "B<-h>"
+msgstr "B<-h>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+msgid "Help. Give a (currently very brief) description of the command syntax."
+msgstr "ヘルプ。 (今のところはとても簡単な) コマンド書式の説明を表示する。"
+
+#. type: SS
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#, no-wrap
+msgid "PARAMETERS"
+msgstr "パラメータ"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+msgid ""
+"The following parameters make up a rule specification (as used in the add, "
+"delete, insert, replace and append commands)."
+msgstr ""
+"以下のパラメータは (add, delete, insert, replace, append コマンドで用いられ"
+"て) ルールの仕様を決める。"
+
+#. type: TP
+#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+#, no-wrap
+msgid "B<-p, --protocol >[!] I<protocol>"
+msgstr "B<-p, --protocol >[!] I<protocol>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:234
+msgid ""
+"The protocol of the rule or of the packet to check. The specified protocol "
+"can be one of I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, or I<all>, or it can be a "
+"numeric value, representing one of these protocols or a different one. A "
+"protocol name from /etc/protocols is also allowed. A \"!\" argument before "
+"the protocol inverts the test. The number zero is equivalent to I<all>. "
+"Protocol I<all> will match with all protocols and is taken as default when "
+"this option is omitted."
+msgstr ""
+"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
+"きるプロトコルは、 I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, I<all> のいずれか 1 "
+"つか、数値である。 数値は、これらのプロトコルの 1 つ、もしくは別のプロトコル"
+"を表す。 /etc/protocols にあるプロトコル名も指定できる。 プロトコルの前に \"!"
+"\" を置くと、そのプロトコルを指定しないという意味になる。 数値 0 は I<all> と"
+"等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオプションが省"
+"略された際のデフォルトである。"
+
+#. type: TP
+#: original/man8/ip6tables.8:234 original/man8/iptables.8:242
+#, no-wrap
+msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:254
+msgid ""
+"Source specification. I<Address> can be either a hostname (please note that "
+"specifying any name to be resolved with a remote query such as DNS is a "
+"really bad idea), a network IPv6 address (with /mask), or a plain IPv6 "
+"address. (the network name isn't supported now). The I<mask> can be either "
+"a network mask or a plain number, specifying the number of 1's at the left "
+"side of the network mask. Thus, a mask of I<64> is equivalent to I<ffff:"
+"ffff:ffff:ffff:0000:0000:0000:0000>. A \"!\" argument before the address "
+"specification inverts the sense of the address. The flag B<--src> is an "
+"alias for this option."
+msgstr ""
+"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
+"決する名前を指定するのは 非常に良くない)・ ネットワーク IPv6 アドレス (/mask "
+"を指定する)・ 通常の IPv6 アドレス (今のところ、ネットワーク名はサポートされ"
+"ていない)、のいずれかである。 I<mask> はネットワークマスクか、 ネットワークマ"
+"スクの左側にある 1 の数を指定する数値である。 つまり、 I<64> という mask は "
+"I<ffff:ffff:ffff:ffff:0000:0000:0000:0000> に等しい。 アドレス指定の前に \"!"
+"\" を置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、こ"
+"のオプションの別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:254 original/man8/iptables.8:261
+#, no-wrap
+msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+msgstr "B<-d, --destination >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+msgid ""
+"Destination specification. See the description of the B<-s> (source) flag "
+"for a detailed description of the syntax. The flag B<--dst> is an alias for "
+"this option."
+msgstr ""
+"送信先の指定。 書式の詳しい説明については、 B<-s> (送信元) フラグの説明を参照"
+"すること。 フラグ B<--dst> は、このオプションの別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+#, no-wrap
+msgid "B<-j, --jump >I<target>"
+msgstr "B<-j, --jump >I<target>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+msgid ""
+"This specifies the target of the rule; i.e., what to do if the packet "
+"matches it. The target can be a user-defined chain (other than the one this "
+"rule is in), one of the special builtin targets which decide the fate of the "
+"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
+"option is omitted in a rule, then matching the rule will have no effect on "
+"the packet's fate, but the counters on the rule will be incremented."
+msgstr ""
+"ルールのターゲット、つまり、パケットがマッチした場合にどうするかを指定\n"
+"する。ターゲットはユーザー定義チェイン (そのルール自身が入っている\n"
+"チェイン以外) でも、パケットの行方を即時に決定する特別な組み込み済み\n"
+"ターゲットでも、拡張されたターゲット (以下の 「B<ターゲットの拡張>」 を\n"
+"参照) でもよい。 このオプションがルールの中で省略された場合、 ルールに\n"
+"マッチしてもパケットの行方に何も影響しないが、 ルールのカウンタは 1 つ\n"
+"加算される。"
+
+#. type: TP
+#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+#, no-wrap
+msgid "B<-i, --in-interface >[!] I<name>"
+msgstr "B<-i, --in-interface >[!] I<name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+msgid ""
+"Name of an interface via which a packet is going to be received (only for "
+"packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When "
+"the \"!\" argument is used before the interface name, the sense is "
+"inverted. If the interface name ends in a \"+\", then any interface which "
+"begins with this name will match. If this option is omitted, any interface "
+"name will match."
+msgstr ""
+"パケットを受信することになるインターフェース名 (B<INPUT>, B<FORWARD>,\n"
+"B<PREROUTING> チェインに入るパケットのみ)。インターフェース名の前に\n"
+"\"!\" を置くと、 そのインターフェースを除外するという意味になる。\n"
+"インターフェース名が \"+\" で終っている場合、 その名前で始まる任意の\n"
+"インターフェース名にマッチする。このオプションが省略された場合、\n"
+"任意のインターフェース名にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+#, no-wrap
+msgid "B<-o, --out-interface >[!] I<name>"
+msgstr "B<-o, --out-interface >[!] I<name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:296
+msgid ""
+"Name of an interface via which a packet is going to be sent (for packets "
+"entering the B<FORWARD> and B<OUTPUT> chains). When the \"!\" argument is "
+"used before the interface name, the sense is inverted. If the interface "
+"name ends in a \"+\", then any interface which begins with this name will "
+"match. If this option is omitted, any interface name will match."
+msgstr ""
+"(B<FORWARD>, B<OUTPUT> チェインに入る) パケットを送信するインターフェース"
+"名。 インターフェース名の前に \"!\" を置くと、 そのインターフェースを除外する"
+"という意味になる。 インターフェース名が \"+\" で終っている場合、 その名前で始"
+"まる任意のインターフェース名にマッチする。 このオプションが省略された場合、 "
+"任意のインターフェース名にマッチする。"
+
+#. Currently not supported (header-based)
+#. .B "[!] " "-f, --fragment"
+#. This means that the rule only refers to second and further fragments
+#. of fragmented packets. Since there is no way to tell the source or
+#. destination ports of such a packet (or ICMP type), such a packet will
+#. not match any rules which specify them. When the "!" argument
+#. precedes the "-f" flag, the rule will only match head fragments, or
+#. unfragmented packets.
+#. .TP
+#. type: TP
+#: original/man8/ip6tables.8:296
+#, no-wrap
+msgid "B<-c, --set-counters PKTS BYTES>"
+msgstr "B<-c, --set-counters PKTS BYTES>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+msgid ""
+"This enables the administrator to initialize the packet and byte counters of "
+"a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
+msgstr ""
+"このオプションを使うと、 (B<insert>, B<append>, B<replace> 操作において) 管理"
+"者はパケットカウンタとバイトカウンタを 初期化することができる。"
+
+#. type: SS
+#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#, no-wrap
+msgid "OTHER OPTIONS"
+msgstr "その他のオプション"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+msgid "The following additional options can be specified:"
+msgstr "その他に以下のオプションを指定することができる:"
+
+#. type: TP
+#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+#, no-wrap
+msgid "B<-v, --verbose>"
+msgstr "B<-v, --verbose>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+msgid ""
+"Verbose output. This option makes the list command show the interface name, "
+"the rule options (if any), and the TOS masks. The packet and byte counters "
+"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
+"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
+"this). For appending, insertion, deletion and replacement, this causes "
+"detailed information on the rule or rules to be printed."
+msgstr ""
+"詳細な出力を行う。 list コマンドの際に、インターフェース名・ (もしあれば) "
+"ルールのオプション・TOS マスクを表示させる。 パケットとバイトカウンタも表示さ"
+"れる。 添字 'K', 'M', 'G' は、 それぞれ 1000, 1,000,000, 1,000,000,000 倍を表"
+"す (これを変更する B<-x> フラグも見よ)。 このオプションを append, insert, "
+"delete, replace コマンドに適用すると、 ルールについての詳細な情報を表示する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+#, no-wrap
+msgid "B<-n, --numeric>"
+msgstr "B<-n, --numeric>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+msgid ""
+"Numeric output. IP addresses and port numbers will be printed in numeric "
+"format. By default, the program will try to display them as host names, "
+"network names, or services (whenever applicable)."
+msgstr ""
+"数値による出力を行う。 IP アドレスやポート番号を数値によるフォーマット\n"
+"で表示する。 デフォルトでは、iptables は (可能であれば) これらの情報を\n"
+"ホスト名・ネットワーク名・サービス名で表示しようとする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+#, no-wrap
+msgid "B<-x, --exact>"
+msgstr "B<-x, --exact>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+msgid ""
+"Expand numbers. Display the exact value of the packet and byte counters, "
+"instead of only the rounded number in K's (multiples of 1000) M's "
+"(multiples of 1000K) or G's (multiples of 1000M). This option is only "
+"relevant for the B<-L> command."
+msgstr ""
+"厳密な数値で表示する。 パケットカウンタとバイトカウンタを、 K (1000 の何倍"
+"か)・M (1000K の何倍か)・G (1000M の何倍か) ではなく、 厳密な値で表示する。 "
+"このオプションは、 B<-L> コマンドとしか関係しない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#, no-wrap
+msgid "B<--line-numbers>"
+msgstr "B<--line-numbers>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+msgid ""
+"When listing rules, add line numbers to the beginning of each rule, "
+"corresponding to that rule's position in the chain."
+msgstr ""
+"ルールを一覧表示する際、そのルールがチェインのどの位置にあるかを表す 行番号を"
+"各行の始めに付加する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+#, no-wrap
+msgid "B<--modprobe=command>"
+msgstr "B<--modprobe=command>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+msgid ""
+"When adding or inserting rules into a chain, use B<command> to load any "
+"necessary modules (targets, match extensions, etc)."
+msgstr ""
+"チェインにルールを追加または挿入する際に、 (ターゲットやマッチングの拡張など"
+"で) 必要なモジュールをロードするために使う B<command> を指定する。"
+
+#. type: SH
+#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#, no-wrap
+msgid "MATCH EXTENSIONS"
+msgstr "マッチングの拡張"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:370
+msgid ""
+"ip6tables can use extended packet matching modules. These are loaded in two "
+"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the B<-"
+"m> or B<--match> options, followed by the matching module name; after these, "
+"various extra command line options become available, depending on the "
+"specific module. You can specify multiple extended match modules in one "
+"line, and you can use the B<-h> or B<--help> options after the module has "
+"been specified to receive help specific to that module."
+msgstr ""
+"ip6tables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
+"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
+"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー"
+"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他"
+"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ"
+"ングモジュールを 1 行で指定することができる。 また、モジュールに特有のヘルプ"
+"を表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定"
+"すればよい。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:375 original/man8/iptables.8:381
+msgid ""
+"The following are included in the base package, and most of these can be "
+"preceded by a B<!> to invert the sense of the match."
+msgstr ""
+"以下の拡張がベースパッケージに含まれている。大部分のものは、 B<!> を\n"
+"前におくことによってマッチングの意味を逆にできる。"
+
+#. type: SS
+#: original/man8/ip6tables.8:375 original/man8/iptables.8:630
+#, no-wrap
+msgid "tcp"
+msgstr "tcp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:378 original/man8/iptables.8:633
+msgid ""
+"These extensions are loaded if `--protocol tcp' is specified. It provides "
+"the following options:"
+msgstr ""
+"これらの拡張は `--protocol tcp' が指定され場合にロードされ、 以下のオプション"
+"が提供される:"
+
+#. type: TP
+#: original/man8/ip6tables.8:378 original/man8/ip6tables.8:424
+#: original/man8/iptables.8:633 original/man8/iptables.8:698
+#, no-wrap
+msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgstr "B<--source-port >[!] I<port>[:I<port>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:390 original/man8/iptables.8:645
+msgid ""
+"Source port or port range specification. This can either be a service name "
+"or a port number. An inclusive range can also be specified, using the format "
+"I<port>:I<port>. If the first port is omitted, \"0\" is assumed; if the "
+"last is omitted, \"65535\" is assumed. If the second port greater then the "
+"first they will be swapped. The flag B<--sport> is a convenient alias for "
+"this option."
+msgstr ""
+"送信元ポートまたはポート範囲の指定。 サービス名またはポート番号を指定で\n"
+"きる。 I<port>:I<port> という形式で、2 つの番号を含む範囲を指定すること\n"
+"もできる。 最初のポートを省略した場合、\"0\" を仮定する。 最後のポートを\n"
+"省略した場合、\"65535\" を仮定する。 最初のポートが最後のポートより大きい\n"
+"場合、2 つは入れ換えられる。 フラグ B<--sport> は、このオプションの便利\n"
+"な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:390 original/man8/ip6tables.8:430
+#: original/man8/iptables.8:645 original/man8/iptables.8:704
+#, no-wrap
+msgid "B<--destination-port >[!] I<port>[:I<port>]"
+msgstr "B<--destination-port >[!] I<port>[:I<port>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+msgid ""
+"Destination port or port range specification. The flag B<--dport> is a "
+"convenient alias for this option."
+msgstr ""
+"送信先ポートまたはポート範囲の指定。 フラグ B<--dport> は、このオプションの便"
+"利な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+#, no-wrap
+msgid "B<--tcp-flags >[!] I<mask> I<comp>"
+msgstr "B<--tcp-flags >[!] I<mask> I<comp>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:658
+msgid ""
+"Match when the TCP flags are as specified. The first argument is the flags "
+"which we should examine, written as a comma-separated list, and the second "
+"argument is a comma-separated list of flags which must be set. Flags are: "
+"B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+msgstr ""
+"TCP フラグが指定されたものと等しい場合にマッチする。 第 1 引き数は評価\n"
+"対象とするフラグで、コンマ区切りのリストである。 第 2 引き数は必ず設定\n"
+"しなければならないフラグで、コンマ区切りのリストである。 指定できるフラ\n"
+"グは B<SYN ACK FIN RST URG PSH ALL NONE> である。 よって、コマンド"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:405
+#, no-wrap
+msgid " ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr "ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+msgid ""
+"will only match packets with the SYN flag set, and the ACK, FIN and RST "
+"flags unset."
+msgstr ""
+"は、SYN フラグが設定され ACK, FIN, RST フラグが設定されていない パケットにの"
+"みマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+#, no-wrap
+msgid "B<[!] --syn>"
+msgstr "B<[!] --syn>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+msgid ""
+"Only match TCP packets with the SYN bit set and the ACK and RST bits "
+"cleared. Such packets are used to request TCP connection initiation; for "
+"example, blocking such packets coming in an interface will prevent incoming "
+"TCP connections, but outgoing TCP connections will be unaffected. It is "
+"equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the \"!\" flag precedes "
+"the \"--syn\", the sense of the option is inverted."
+msgstr ""
+"SYN ビットが設定され ACK と RST ビットがクリアされている TCP パケットに\n"
+"のみマッチする。このようなパケットは TCP 接続の開始要求に使われる。例え\n"
+"ば、あるインターフェースに入ってくるこのようなパケットをブロックすれば、\n"
+"内側への TCP 接続は禁止されるが、外側への TCP 接続には影響しない。 これ\n"
+"は B<--tcp-flags SYN,RST,ACK SYN> と等しい。 \"--syn\" の前に \"!\" フラグ\n"
+"を置くと、 SYN ビットがクリアされ ACK と RST ビットが設定されている\n"
+"TCP パケットにのみマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+#, no-wrap
+msgid "B<--tcp-option >[!] I<number>"
+msgstr "B<--tcp-option >[!] I<number>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:421 original/man8/iptables.8:676
+msgid "Match if TCP option set."
+msgstr "TCP オプションが設定されている場合にマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:421 original/man8/iptables.8:695
+#, no-wrap
+msgid "udp"
+msgstr "udp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:424 original/man8/iptables.8:698
+msgid ""
+"These extensions are loaded if `--protocol udp' is specified. It provides "
+"the following options:"
+msgstr ""
+"これらの拡張は `--protocol udp' が指定された場合にロードされ、 以下のオプショ"
+"ンが提供される:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:430 original/man8/iptables.8:704
+msgid ""
+"Source port or port range specification. See the description of the B<--"
+"source-port> option of the TCP extension for details."
+msgstr ""
+"送信元ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--source-port> オプ"
+"ションの説明を参照すること。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:436 original/man8/iptables.8:710
+msgid ""
+"Destination port or port range specification. See the description of the "
+"B<--destination-port> option of the TCP extension for details."
+msgstr ""
+"送信先ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--destination-port> "
+"オプションの説明を参照すること。"
+
+#. type: SS
+#: original/man8/ip6tables.8:436
+#, no-wrap
+msgid "ipv6-icmp"
+msgstr "ipv6-icmp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:439
+msgid ""
+"This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' is "
+"specified. It provides the following option:"
+msgstr ""
+"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
+"場合にロードされ、 以下のオプションが提供される:"
+
+#. type: TP
+#: original/man8/ip6tables.8:439
+#, no-wrap
+msgid "B<--icmpv6-type >[!] I<typename>"
+msgstr "B<--icmpv6-type >[!] I<typename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:443
+msgid ""
+"This allows specification of the ICMP type, which can be a numeric IPv6-ICMP "
+"type, or one of the IPv6-ICMP type names shown by the command"
+msgstr ""
+"ICMP タイプを指定できる。タイプ指定には、 数値の IPv6-ICMP タイプ、または以下"
+"のコマンド で表示される IPv6-ICMP タイプ名を使用できる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:445
+#, no-wrap
+msgid " ip6tables -p ipv6-icmp -h\n"
+msgstr " ip6tables -p ipv6-icmp -h\n"
+
+#. type: SS
+#: original/man8/ip6tables.8:446 original/man8/iptables.8:493
+#, no-wrap
+msgid "mac"
+msgstr "mac"
+
+#. type: TP
+#: original/man8/ip6tables.8:447 original/man8/iptables.8:494
+#, no-wrap
+msgid "B<--mac-source >[!] I<address>"
+msgstr "B<--mac-source >[!] I<address>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:457 original/man8/iptables.8:504
+msgid ""
+"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
+"that this only makes sense for packets coming from an Ethernet device and "
+"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+msgstr ""
+"送信元 MAC アドレスにマッチする。 I<address> は XX:XX:XX:XX:XX:XX と\n"
+"いう形式でなければならない。イーサーネットデバイスから入ってくるパケッ\n"
+"トで、 B<PREROUTING>, B<FORWARD>, B<INPUT> チェインに入るパケットにしか\n"
+"意味がない。"
+
+#. type: SS
+#: original/man8/ip6tables.8:457 original/man8/iptables.8:477
+#, no-wrap
+msgid "limit"
+msgstr "limit"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
+msgid ""
+"This module matches at a limited rate using a token bucket filter. A rule "
+"using this extension will match until this limit is reached (unless the `!' "
+"flag is used). It can be used in combination with the B<LOG> target to give "
+"limited logging, for example."
+msgstr ""
+"このモジュールは、トークンバケツフィルタを使い、 単位時間あたり制限され\n"
+"た回数だけマッチする。 この拡張を使ったルールは、(`!' フラグが指定され\n"
+"ない限り) 制限に達するまでマッチする。 例えば、このモジュールはログ記録\n"
+"を制限するために B<LOG> ターゲットと組み合わせて使うことができる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
+#, no-wrap
+msgid "B<--limit >I<rate>"
+msgstr "B<--limit >I<rate>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+msgid ""
+"Maximum average matching rate: specified as a number, with an optional `/"
+"second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+msgstr ""
+"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
+"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+#, no-wrap
+msgid "B<--limit-burst >I<number>"
+msgstr "B<--limit-burst >I<number>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:473 original/man8/iptables.8:493
+msgid ""
+"Maximum initial number of packets to match: this number gets recharged by "
+"one every time the limit specified above is not reached, up to this number; "
+"the default is 5."
+msgstr ""
+"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n"
+"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n"
+"デフォルトは 5 である。"
+
+#. type: SS
+#: original/man8/ip6tables.8:473 original/man8/iptables.8:514
+#, no-wrap
+msgid "multiport"
+msgstr "multiport"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+msgid ""
+"This module matches a set of source or destination ports. Up to 15 ports "
+"can be specified. It can only be used in conjunction with B<-p tcp> or B<-p "
+"udp>."
+msgstr ""
+"このモジュールは送信元や送信先のポートの集合にマッチする。 ポートは 15 個まで"
+"指定できる。 このモジュールは B<-p tcp> または B<-p udp> と組み合わせて使うこ"
+"としかできない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+#, no-wrap
+msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
+msgid ""
+"Match if the source port is one of the given ports. The flag B<--sports> is "
+"a convenient alias for this option."
+msgstr ""
+"送信元ポートが指定されたポートのうちのいずれかであればマッチする。 フラグ "
+"B<--sports> は、このオプションの便利な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
+#, no-wrap
+msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+msgid ""
+"Match if the destination port is one of the given ports. The flag B<--"
+"dports> is a convenient alias for this option."
+msgstr ""
+"宛先ポートが指定されたポートのうちのいずれかであればマッチする。\n"
+"フラグ B<--dports> は、このオプションの便利な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+#, no-wrap
+msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
+msgstr "B<--ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:534
+msgid ""
+"Match if the both the source and destination ports are equal to each other "
+"and to one of the given ports."
+msgstr ""
+"送信元ポートと宛先ポートが等しく、 かつそのポートが指定されたポートの\n"
+"うちのいずれかであればマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:504
+#, no-wrap
+msgid "mark"
+msgstr "mark"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+msgid ""
+"This module matches the netfilter mark field associated with a packet (which "
+"can be set using the B<MARK> target below)."
+msgstr ""
+"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
+"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+#, no-wrap
+msgid "B<--mark >I<value>[/I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:503 original/man8/iptables.8:514
+msgid ""
+"Matches packets with the given unsigned mark value (if a mask is specified, "
+"this is logically ANDed with the mask before the comparison)."
+msgstr ""
+"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
+"前に mask との論理積 (AND) がとられる)。"
+
+#. type: SS
+#: original/man8/ip6tables.8:503 original/man8/iptables.8:534
+#, no-wrap
+msgid "owner"
+msgstr "owner"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:509
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
+"even this some packets (such as ICMP ping responses) may have no owner, and "
+"hence never match. This is regarded as experimental."
+msgstr ""
+"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
+"いろな特性とのマッチングをとる。 これは B<OUTPUT> チェインのみでしか有効でな"
+"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
+"チしない。 これは実験的なものという扱いである。"
+
+#. type: TP
+#: original/man8/ip6tables.8:509 original/man8/iptables.8:540
+#, no-wrap
+msgid "B<--uid-owner >I<userid>"
+msgstr "B<--uid-owner >I<userid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+msgid ""
+"Matches if the packet was created by a process with the given effective user "
+"id."
+msgstr ""
+"指定された実効ユーザー ID のプロセスにより パケットが生成されている場合にマッ"
+"チする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+#, no-wrap
+msgid "B<--gid-owner >I<groupid>"
+msgstr "B<--gid-owner >I<groupid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+msgid ""
+"Matches if the packet was created by a process with the given effective "
+"group id."
+msgstr ""
+"指定された実効グループ ID のプロセスにより パケットが生成されている場合にマッ"
+"チする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+#, no-wrap
+msgid "B<--pid-owner >I<processid>"
+msgstr "B<--pid-owner >I<processid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+msgid ""
+"Matches if the packet was created by a process with the given process id."
+msgstr ""
+"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
+"る。"
+
+#. type: TP
+#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+#, no-wrap
+msgid "B<--sid-owner >I<sessionid>"
+msgstr "B<--sid-owner >I<sessionid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:558 original/man8/iptables.8:556
+msgid ""
+"Matches if the packet was created by a process in the given session group."
+msgstr ""
+"指定されたセッショングループのプロセスにより パケットが生成されている場合に"
+"マッチする。"
+
+#. type: SH
+#: original/man8/ip6tables.8:558 original/man8/iptables.8:713
+#, no-wrap
+msgid "TARGET EXTENSIONS"
+msgstr "ターゲットの拡張"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:561
+msgid ""
+"ip6tables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
+"ディストリビューションに含まれている。"
+
+#. type: SS
+#: original/man8/ip6tables.8:561 original/man8/iptables.8:762
+#, no-wrap
+msgid "LOG"
+msgstr "LOG"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:573
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
+"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. "
+"rule traversal continues at the next rule. So if you want to LOG the "
+"packets you refuse, use two separate rules with the same matching criteria, "
+"first using target LOG then DROP (or REJECT)."
+msgstr ""
+"マッチしたパケットをカーネルログに記録する。 このオプションがルールに対して設"
+"定されると、 Linux カーネルはマッチしたパケットについての (IPv6 における大部"
+"分の IPv6 ヘッダフィールドのような) 何らかの情報を カーネルログに表示する "
+"(カーネルログは I<dmesg> または I<syslogd>(8) で見ることができる)。 これは"
+"「非終了タ ーゲット」である。 すなわち、ルールの検討は、次のルールへと継続さ"
+"れる。 よって、拒否するパケットをログ記録したければ、 同じマッチング判断基準"
+"を持つ 2 つのルールを使用し、 最初のルールで LOG ターゲットを、 次のルールで "
+"DROP (または REJECT) ターゲットを指定する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:573 original/man8/iptables.8:774
+#, no-wrap
+msgid "B<--log-level >I<level>"
+msgstr "B<--log-level >I<level>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
+msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+msgstr ""
+"ログ記録のレベル (数値て指定するか、(名前で指定する場合は)\n"
+"I<syslog.conf>(5) を参照すること)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
+#, no-wrap
+msgid "B<--log-prefix >I<prefix>"
+msgstr "B<--log-prefix >I<prefix>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+msgid ""
+"Prefix log messages with the specified prefix; up to 29 letters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+"指定したプレフィックスをログメッセージの前に付ける。\n"
+"プレフィックスは 29 文字までの長さで、\n"
+"ログの中でメッセージを区別するのに役立つ。"
+
+#. type: TP
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+#, no-wrap
+msgid "B<--log-tcp-sequence>"
+msgstr "B<--log-tcp-sequence>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+msgid ""
+"Log TCP sequence numbers. This is a security risk if the log is readable by "
+"users."
+msgstr ""
+"TCP シーケンス番号をログに記録する。 ログがユーザーから読める場合、セキュリ"
+"ティ上の危険がある。"
+
+#. type: TP
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+#, no-wrap
+msgid "B<--log-tcp-options>"
+msgstr "B<--log-tcp-options>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
+msgid "Log options from the TCP packet header."
+msgstr "TCP パケットヘッダのオプションをログに記録する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
+#, no-wrap
+msgid "B<--log-ip-options>"
+msgstr "B<--log-ip-options>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:590
+msgid "Log options from the IPv6 packet header."
+msgstr "IPv6 パケットヘッダのオプションをログに記録する。"
+
+#. type: SS
+#: original/man8/ip6tables.8:590 original/man8/iptables.8:791
+#, no-wrap
+msgid "MARK"
+msgstr "MARK"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:595
+msgid ""
+"This is used to set the netfilter mark value associated with the packet. It "
+"is only valid in the B<mangle> table."
+msgstr ""
+"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
+"のみで有効である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:796
+#, no-wrap
+msgid "B<--set-mark >I<mark>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: SS
+#: original/man8/ip6tables.8:597 original/man8/iptables.8:853
+#, no-wrap
+msgid "REJECT"
+msgstr "REJECT"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+msgid ""
+"This is used to send back an error packet in response to the matched packet: "
+"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
+"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. The following option controls the nature of the error packet "
+"returned:"
+msgstr ""
+"マッチしたパケットの応答としてエラーパケットを送信するために使われる。\n"
+"エラーパケットを送らなければ、 B<DROP> と同じであり、TARGET を終了し、\n"
+"ルールの検討を終了する。 このターゲットは、 B<INPUT>, B<FORWARD>,\n"
+"B<OUTPUT> チェインと、これらのチェインから呼ばれる ユーザー定義チェイン\n"
+"だけで有効である。以下のオプションは、返されるエラーパケットの特性を\n"
+"制御する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+#, no-wrap
+msgid "B<--reject-with >I<type>"
+msgstr "B<--reject-with >I<type>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:613 original/man8/iptables.8:869
+msgid "The type given can be"
+msgstr "type として指定可能なものは"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:622
+#, no-wrap
+msgid ""
+"B<icmp6-no-route>\n"
+"B<no-route>\n"
+"B<icmp6-adm-prohibited>\n"
+"B<adm-prohibited>\n"
+"B<icmp6-addr-unreachable>\n"
+"B<addr-unreach>\n"
+"B<icmp6-port-unreachable>\n"
+"B<port-unreach>\n"
+msgstr ""
+"B<icmp6-no-route>\n"
+"B<no-route>\n"
+"B<icmp6-adm-prohibited>\n"
+"B<adm-prohibited>\n"
+"B<icmp6-addr-unreachable>\n"
+"B<addr-unreach>\n"
+"B<icmp6-port-unreachable>\n"
+"B<port-unreach>\n"
+
+#. .SS TOS
+#. This is used to set the 8-bit Type of Service field in the IP header.
+#. It is only valid in the
+#. .B mangle
+#. table.
+#. .TP
+#. .BI "--set-tos " "tos"
+#. You can use a numeric TOS values, or use
+#. .br
+#. iptables -j TOS -h
+#. .br
+#. to see the list of valid TOS names.
+#. .SS MIRROR
+#. This is an experimental demonstration target which inverts the source
+#. and destination fields in the IP header and retransmits the packet.
+#. It is only valid in the
+#. .BR INPUT ,
+#. .B FORWARD
+#. and
+#. .B PREROUTING
+#. chains, and user-defined chains which are only called from those
+#. chains. Note that the outgoing packets are
+#. .B NOT
+#. seen by any packet filtering chains, connection tracking or NAT, to
+#. avoid loops and other problems.
+#. .SS SNAT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B POSTROUTING
+#. chain. It specifies that the source address of the packet should be
+#. modified (and all future packets in this connection will also be
+#. mangled), and rules should cease being examined. It takes one option:
+#. .TP
+#. .BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+#. which can specify a single new source IP address, an inclusive range
+#. of IP addresses, and optionally, a port range (which is only valid if
+#. the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" ).
+#. If no port range is specified, then source ports below 512 will be
+#. mapped to other ports below 512: those between 512 and 1023 inclusive
+#. will be mapped to ports below 1024, and other ports will be mapped to
+#. 1024 or above. Where possible, no port alteration will occur.
+#. .SS DNAT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B PREROUTING
+#. and
+#. .B OUTPUT
+#. chains, and user-defined chains which are only called from those
+#. chains. It specifies that the destination address of the packet
+#. should be modified (and all future packets in this connection will
+#. also be mangled), and rules should cease being examined. It takes one
+#. option:
+#. .TP
+#. .BR "--to-destination " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+#. which can specify a single new destination IP address, an inclusive
+#. range of IP addresses, and optionally, a port range (which is only
+#. valid if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" ).
+#. If no port range is specified, then the destination port will never be
+#. modified.
+#. .SS MASQUERADE
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B POSTROUTING
+#. chain. It should only be used with dynamically assigned IP (dialup)
+#. connections: if you have a static IP address, you should use the SNAT
+#. target. Masquerading is equivalent to specifying a mapping to the IP
+#. address of the interface the packet is going out, but also has the
+#. effect that connections are
+#. .I forgotten
+#. when the interface goes down. This is the correct behavior when the
+#. next dialup is unlikely to have the same interface address (and hence
+#. any established connections are lost anyway). It takes one option:
+#. .TP
+#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
+#. This specifies a range of source ports to use, overriding the default
+#. .B SNAT
+#. source port-selection heuristics (see above). This is only valid
+#. if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" .
+#. .SS REDIRECT
+#. This target is only valid in the
+#. .B nat
+#. table, in the
+#. .B PREROUTING
+#. and
+#. .B OUTPUT
+#. chains, and user-defined chains which are only called from those
+#. chains. It alters the destination IP address to send the packet to
+#. the machine itself (locally-generated packets are mapped to the
+#. 127.0.0.1 address). It takes one option:
+#. .TP
+#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
+#. This specifies a destination port or range of ports to use: without
+#. this, the destination port is never altered. This is only valid
+#. if the rule also specifies
+#. .B "-p tcp"
+#. or
+#. .BR "-p udp" .
+#. type: Plain text
+#: original/man8/ip6tables.8:740
+msgid ""
+"which return the appropriate IPv6-ICMP error message (B<port-unreach> is the "
+"default). Finally, the option B<tcp-reset> can be used on rules which only "
+"match the TCP protocol: this causes a TCP RST packet to be sent back. This "
+"is mainly useful for blocking I<ident> (113/tcp) probes which frequently "
+"occur when sending mail to broken mail hosts (which won't accept your mail "
+"otherwise)."
+msgstr ""
+"であり、適切な IPv6-ICMP エラーメッセージを返す (B<port-unreach> がデフォルト"
+"である)。 さらに、TCP プロトコルにのみマッチするルールに対して、オプション "
+"B<tcp-reset> を使うことができる。 このオプションを使うと、TCP RST パケットが"
+"送り返される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
+"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
+"ルが送られる場合に頻繁に起こる。"
+
+#. type: SH
+#: original/man8/ip6tables.8:740 original/man8/iptables.8:995
+#, no-wrap
+msgid "DIAGNOSTICS"
+msgstr "返り値"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:745 original/man8/iptables.8:1000
+msgid ""
+"Various error messages are printed to standard error. The exit code is 0 "
+"for correct functioning. Errors which appear to be caused by invalid or "
+"abused command line parameters cause an exit code of 2, and other errors "
+"cause an exit code of 1."
+msgstr ""
+"いろいろなエラーメッセージが標準エラーに表示される。 正しく機能した場合、終了"
+"コードは 0 である。 不正なコマンドラインパラメータによりエラーが発生した場合"
+"は、 終了コード 2 が返される。 その他のエラーの場合は、終了コード 1 が返され"
+"る。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+msgid ""
+"Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
+msgstr ""
+"バグ? バグって何? ;-) えーと…、sparc64 ではカウンター値が信頼できない。"
+
+#. type: SH
+#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#, no-wrap
+msgid "COMPATIBILITY WITH IPCHAINS"
+msgstr "IPCHAINS との互換性"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:761
+msgid ""
+"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
+"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
+"packets coming into the local host and originating from the local host "
+"respectively. Hence every packet only passes through one of the three "
+"chains (except loopback traffic, which involves both INPUT and OUTPUT "
+"chains); previously a forwarded packet would pass through all three."
+msgstr ""
+"B<ip6tables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
+"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
+"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
+"る。 よって、全てのパケットは 3 つあるチェインのうち 1 つしか通らない (ループ"
+"バックトラフィックは例外で、INPUT と OUTPUT チェインの両方を通る)。 以前は "
+"(ipchains では)、 フォワードされるパケットが 3 つのチェイン全てを通っていた。"
+
+#. .PP The various forms of NAT have been separated out;
+#. .B iptables
+#. is a pure packet filter when using the default `filter' table, with
+#. optional extension modules. This should simplify much of the previous
+#. confusion over the combination of IP masquerading and packet filtering
+#. seen previously. So the following options are handled differently:
+#. .br
+#. -j MASQ
+#. .br
+#. -M -S
+#. .br
+#. -M -L
+#. .br
+#. type: Plain text
+#: original/man8/ip6tables.8:784
+msgid ""
+"The other main difference is that B<-i> refers to the input interface; B<-o> "
+"refers to the output interface, and both are available for packets entering "
+"the B<FORWARD> chain. There are several other changes in ip6tables."
+msgstr ""
+"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
+"フェースを指定し、 ともに B<FORWARD> チェインに入るパケットに対して指定可能な"
+"点である。 ip6tables では、その他にもいくつかの変更がある。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:790
+msgid ""
+"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
+"save>(8), B<iptables-restore>(8)."
+msgstr ""
+"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
+"save>(8), B<iptables-restore>(8)."
+
+#. type: Plain text
+#: original/man8/ip6tables.8:796 original/man8/iptables.8:1050
+msgid ""
+"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
+"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
+"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
+"details the netfilter internals."
+msgstr ""
+"パケットフィルタリングについての詳細な iptables の使用法を\n"
+"説明している packet-filtering-HOWTO。\n"
+"NAT について詳細に説明している NAT-HOWTO。\n"
+"標準的な配布には含まれない拡張の詳細を 説明している \n"
+"netfilter-extensions-HOWTO。\n"
+"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+msgid "See B<http://www.netfilter.org/>."
+msgstr "B<http://www.netfilter.org/> を参照。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:802 original/man8/iptables.8:1056
+msgid ""
+"Rusty Russell wrote iptables, in early consultation with Michael Neuling."
+msgstr ""
+"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:806 original/man8/iptables.8:1060
+msgid ""
+"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
+"selection framework in iptables, then wrote the mangle table, the owner "
+"match, the mark stuff, and ran around doing cool stuff everywhere."
+msgstr ""
+"Marc Boucher は Rusty に iptables の一般的なパケット選択の考え方を勧めて、 "
+"ipnatctl を止めさせた。 そして、mangle テーブル・所有者マッチング・ mark 機能"
+"を書き、いたるところで使われている素晴らしいコードを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:1062
+msgid "James Morris wrote the TOS target, and tos match."
+msgstr "James Morris が TOS ターゲットと tos マッチングを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:810 original/man8/iptables.8:1064
+msgid "Jozsef Kadlecsik wrote the REJECT target."
+msgstr "Jozsef Kadlecsik が REJECT ターゲットを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:812
+msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
+msgstr ""
+"Harald Welte が ULOG ターゲット・TTL マッチングと TTL ターゲット・ libipulog "
+"を書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:1069
+msgid ""
+"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
+"Kadlecsik, James Morris, Harald Welte and Rusty Russell."
+msgstr ""
+"Netfilter コアチームは、Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, "
+"James Morris, Harald Welte, Rusty Russell である。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:817
+msgid ""
+"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
+"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr ""
+"ip6tables の man ページは、Andras Kis-Szabo によって作成された。 これは "
+"Herve Eychenne E<lt>rv@wallfire.orgE<gt> によって書かれた iptables の man "
+"ページを元にしている。"
+
+#. type: TH
+#: original/man8/iptables-restore.8:1
+#, no-wrap
+msgid "IPTABLES-RESTORE"
+msgstr "IPTABLES-RESTORE"
+
+#. type: TH
+#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
+#, no-wrap
+msgid "Jan 04, 2001"
+msgstr "Jan 04, 2001"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:23
+msgid "iptables-restore - Restore IP Tables"
+msgstr "iptables-restore - IP テーブルを復元する"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:25
+msgid "B<iptables-restore >[-c] [-n]"
+msgstr "B<iptables-restore >[-c] [-n]"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:31
+msgid ""
+"B<iptables-restore> is used to restore IP Tables from data specified on "
+"STDIN. Use I/O redirection provided by your shell to read from a file"
+msgstr ""
+"B<iptables-restore> は標準入力で指定されたデータから IP テーブルを復元するた"
+"めに使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リダ"
+"イレクションを使うこと。"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:39
+msgid ""
+"don't flush the previous contents of the table. If not specified, B<iptables-"
+"restore> flushes (deletes) all previous contents of the respective IP Table."
+msgstr ""
+"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<iptables-"
+"restore> は、これまでの各 IP テーブルの内容を全てフラッシュ (削除) する。"
+
+#. type: SH
+#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#, no-wrap
+msgid "AUTHOR"
+msgstr "作者"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:45
+msgid "B<iptables-save>(8), B<iptables>(8)"
+msgstr "B<iptables-save>(8), B<iptables>(8)"
+
+#. type: TH
+#: original/man8/iptables-save.8:1
+#, no-wrap
+msgid "IPTABLES-SAVE"
+msgstr "IPTABLES-SAVE"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:23
+msgid "iptables-save - Save IP Tables"
+msgstr "iptables-save - IP テーブルを保存する"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:25
+msgid "B<iptables-save >[-c] [-t table]"
+msgstr "B<iptables-save >[-c] [-t table]"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:31
+msgid ""
+"B<iptables-save> is used to dump the contents of an IP Table in easily "
+"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+"write to a file."
+msgstr ""
+"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン"
+"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/"
+"O リダイレクションを使うこと。"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:44
+msgid "B<iptables-restore>(8), B<iptables>(8)"
+msgstr "B<iptables-restore>(8), B<iptables>(8)"
+
+#. type: TH
+#: original/man8/iptables.8:1
+#, no-wrap
+msgid "IPTABLES"
+msgstr "IPTABLES"
+
+#. type: Plain text
+#: original/man8/iptables.8:27
+msgid "iptables - administration tool for IPv4 packet filtering and NAT"
+msgstr "iptables - IPv4 のパケットフィルタと NAT を管理するツール"
+
+#. type: Plain text
+#: original/man8/iptables.8:29
+msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
+msgstr "B<iptables [-t table] -[AD] >チェイン ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:31
+msgid "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgstr ""
+"B<iptables [-t table] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:33
+msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
+msgstr ""
+"B<iptables [-t table] -R >チェイン ルール番号 ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:35
+msgid "B<iptables [-t table] -D >chain rulenum [options]"
+msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:37
+msgid "B<iptables [-t table] -[LFZ] >[chain] [options]"
+msgstr "B<iptables [-t table] -[LFZ] >[チェイン] [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:39
+msgid "B<iptables [-t table] -N >chain"
+msgstr "B<iptables [-t table] -N >チェイン"
+
+#. type: Plain text
+#: original/man8/iptables.8:41
+msgid "B<iptables [-t table] -X >[chain]"
+msgstr "B<iptables [-t table] -X >[チェイン]"
+
+#. type: Plain text
+#: original/man8/iptables.8:43
+msgid "B<iptables [-t table] -P >chain target [options]"
+msgstr "B<iptables [-t table] -P >チェイン ターゲット [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:45
+msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
+msgstr "B<iptables [-t table] -E >旧チェイン名 新チェイン名"
+
+#. type: Plain text
+#: original/man8/iptables.8:51
+msgid ""
+"B<Iptables> is used to set up, maintain, and inspect the tables of IP packet "
+"filter rules in the Linux kernel. Several different tables may be defined. "
+"Each table contains a number of built-in chains and may also contain user-"
+"defined chains."
+msgstr ""
+"B<iptables> は Linux カーネルの IP パケットフィルタルールのテーブルを 設定・"
+"管理・検査するために使われる。 複数の異なるテーブルを定義できる。 各テーブル"
+"にはたくさんの組み込み済みチェインが含まれており、 さらにユーザー定義のチェイ"
+"ンを加えることもできる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:86
+msgid ""
+"There are currently three independent tables (which tables are present at "
+"any time depends on the kernel configuration options and which modules are "
+"present)."
+msgstr ""
+"現在のところ 3 つの独立なテーブルが存在する (ある時点でどのテーブルが存在する"
+"かは、 カーネルの設定やどういったモジュールが存在するかに依存する)。"
+
+#. type: TP
+#: original/man8/iptables.8:105
+#, no-wrap
+msgid "B<nat>:"
+msgstr "B<nat>:"
+
+#. type: Plain text
+#: original/man8/iptables.8:115
+msgid ""
+"This table is consulted when a packet that creates a new connection is "
+"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
+"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
+"packets before routing), and B<POSTROUTING> (for altering packets as they "
+"are about to go out)."
+msgstr ""
+"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには "
+"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための"
+"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す"
+"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための"
+"チェイン) という 3 つの組み込み済みチェインが含まれる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:135
+msgid ""
+"The options that are recognized by B<iptables> can be divided into several "
+"different groups."
+msgstr "B<iptables> で使えるオプションは、いくつかのグループに分けられる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:142
+msgid ""
+"These options specify the specific action to perform. Only one of them can "
+"be specified on the command line unless otherwise specified below. For all "
+"the long versions of the command and option names, you need to use only "
+"enough letters to ensure that B<iptables> can differentiate it from all "
+"other options."
+msgstr ""
+"これらのオプションは、実行する特定の動作を指定する。 以下の説明で注記されてい"
+"ない限り、 コマンドラインで指定できるのはこの中の 1 つだけである。 長いバー"
+"ジョンのコマンド名とオプション名は、 B<iptables> が他のコマンド名やオプション"
+"名と区別できる範囲で (文字を省略して) 指定することもできる。"
+
+#. type: TP
+#: original/man8/iptables.8:155
+#, no-wrap
+msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
+msgstr "B<-I, --insert >I<チェイン> [I<ルール番号>] I<ルールの詳細>"
+
+#. type: Plain text
+#: original/man8/iptables.8:171
+msgid ""
+"List all rules in the selected chain. If no chain is selected, all chains "
+"are listed. As every other iptables command, it applies to the specified "
+"table (filter is the default), so NAT rules get listed by"
+msgstr ""
+"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
+"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
+"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
+"ルールを表示するには以下のようにする。"
+
+#. type: Plain text
+#: original/man8/iptables.8:173
+#, no-wrap
+msgid " iptables -t nat -n -L\n"
+msgstr " iptables -t nat -n -L\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:184
+#, no-wrap
+msgid " iptables -L -v\n"
+msgstr " iptables -L -v\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:242
+msgid ""
+"The protocol of the rule or of the packet to check. The specified protocol "
+"can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a numeric "
+"value, representing one of these protocols or a different one. A protocol "
+"name from /etc/protocols is also allowed. A \"!\" argument before the "
+"protocol inverts the test. The number zero is equivalent to I<all>. "
+"Protocol I<all> will match with all protocols and is taken as default when "
+"this option is omitted."
+msgstr ""
+"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
+"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
+"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を"
+"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
+"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
+"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
+"プションが省略された際のデフォルトである。"
+
+#. type: Plain text
+#: original/man8/iptables.8:261
+msgid ""
+"Source specification. I<Address> can be either a network name, a hostname "
+"(please note that specifying any name to be resolved with a remote query "
+"such as DNS is a really bad idea), a network IP address (with /mask), or a "
+"plain IP address. The I<mask> can be either a network mask or a plain "
+"number, specifying the number of 1's at the left side of the network mask. "
+"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
+"before the address specification inverts the sense of the address. The flag "
+"B<--src> is an alias for this option."
+msgstr ""
+"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
+"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
+"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
+"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
+"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
+"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
+"ションの別名である。"
+
+#. type: Plain text
+#: original/man8/iptables.8:304
+msgid ""
+"Name of an interface via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the \"!"
+"\" argument is used before the interface name, the sense is inverted. If "
+"the interface name ends in a \"+\", then any interface which begins with "
+"this name will match. If this option is omitted, any interface name will "
+"match."
+msgstr ""
+"パケットを送信することになるインターフェース名 (B<FORWARD>, B<OUTPUT>, "
+"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名の前に \"!\" "
+"を置くと、 そのインターフェースを除外するという意味になる。 インターフェース"
+"名が \"+\" で終っている場合、 その名前で始まる任意のインターフェース名にマッ"
+"チする。 このオプションが省略された場合、 任意のインターフェース名にマッチす"
+"る。"
+
+#. type: TP
+#: original/man8/iptables.8:304
+#, no-wrap
+msgid "B<[!] -f, --fragment>"
+msgstr "B<[!] -f, --fragment>"
+
+#. type: Plain text
+#: original/man8/iptables.8:312
+msgid ""
+"This means that the rule only refers to second and further fragments of "
+"fragmented packets. Since there is no way to tell the source or destination "
+"ports of such a packet (or ICMP type), such a packet will not match any "
+"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
+"the rule will only match head fragments, or unfragmented packets."
+msgstr ""
+"このオプションは、分割されたパケット (fragmented packet) のうち 2 番目以降の"
+"パケットだけを参照するルールであることを意味する。 このようなパケット (また"
+"は ICMP タイプのパケット) は 送信元・送信先ポートを知る方法がないので、 送信"
+"元や送信先を指定するようなルールにはマッチしない。 \"-f\" フラグの前に \"!\" "
+"を置くと、 分割されたパケットのうち最初のものか、 分割されていないパケットだ"
+"けにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:312
+#, no-wrap
+msgid "B<-c, --set-counters >I<PKTS BYTES>"
+msgstr "B<-c, --set-counters >I<PKTS BYTES>"
+
+#. type: Plain text
+#: original/man8/iptables.8:376
+msgid ""
+"iptables can use extended packet matching modules. These are loaded in two "
+"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the B<-"
+"m> or B<--match> options, followed by the matching module name; after these, "
+"various extra command line options become available, depending on the "
+"specific module. You can specify multiple extended match modules in one "
+"line, and you can use the B<-h> or B<--help> options after the module has "
+"been specified to receive help specific to that module."
+msgstr ""
+"iptables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
+"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
+"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー"
+"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他"
+"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ"
+"ングモジュールを一行で指定することができる。 また、モジュールに特有のヘルプを"
+"表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定す"
+"ればよい。"
+
+#. type: SS
+#: original/man8/iptables.8:381
+#, no-wrap
+msgid "ah"
+msgstr "ah"
+
+#. type: Plain text
+#: original/man8/iptables.8:383
+msgid "This module matches the SPIs in AH header of IPSec packets."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:383
+#, no-wrap
+msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
+msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
+
+#. type: SS
+#: original/man8/iptables.8:385
+#, no-wrap
+msgid "conntrack"
+msgstr "conntrack"
+
+#. type: Plain text
+#: original/man8/iptables.8:390
+msgid ""
+"This module, when combined with connection tracking, allows access to more "
+"connection tracking information than the \"state\" match. (this module is "
+"present only if iptables was compiled under a kernel supporting this feature)"
+msgstr ""
+"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 "
+"\"state\" マッチよりもさらに多くの、 パケットについての接続追跡状態を知ること"
+"ができる (この機能をサポートしたカーネルのもとで iptables がコンパイルされた"
+"場合 にのみ、このモジュールは存在する)。"
+
+#. type: TP
+#: original/man8/iptables.8:390
+#, no-wrap
+msgid "B<--ctstate >I<state>"
+msgstr "B<--ctstate >I<state>"
+
+#. type: Plain text
+#: original/man8/iptables.8:413
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet is associated with no "
+"known connection, B<ESTABLISHED> meaning that the packet is associated with "
+"a connection which has seen packets in both directions, B<NEW> meaning that "
+"the packet has started a new connection, or otherwise associated with a "
+"connection which has not seen packets in both directions, and B<RELATED> "
+"meaning that the packet is starting a new connection, but is associated with "
+"an existing connection, such as an FTP data transfer, or an ICMP error. "
+"B<SNAT> A virtual state, matching if the original source address differs "
+"from the reply destination. B<DNAT> A virtual state, matching if the "
+"original destination differs from the reply source."
+msgstr ""
+"state は、マッチング対象となる、コンマ区切りの接続状態リストである。 指定可能"
+"な state は以下の通り。 B<INVALID>: メモリを使い果たした為や、 既知の接続とは"
+"対応しない ICMP エラーなど、 何らかの理由によりパケットが識別できない。 "
+"B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされた接続に属"
+"するパケットである。 B<NEW>: このパケットが新しい接続を開始したか、 双方向に"
+"はパケットがやり取りされていない接続に属するパケットである。 B<RELATED>: この"
+"パケットが新しい接続を開始しているが、 FTP データ転送や ICMP エラーのように、"
+"既存の接続に関係している。 B<SNAT>: 仮想的な状態であり、書き換え前の送信元ア"
+"ドレスが応答の宛先アドレスと 異なる場合にマッチする。 B<DNAT>: 仮想的な状態で"
+"あり、書き換え前の宛先アドレスが応答の送信元アドレスと 異なる場合にマッチす"
+"る。"
+
+#. type: TP
+#: original/man8/iptables.8:413
+#, no-wrap
+msgid "B<--ctproto >I<proto>"
+msgstr "B<--ctproto >I<proto>"
+
+#. type: Plain text
+#: original/man8/iptables.8:416
+msgid "Protocol to match (by number or name)"
+msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:416
+#, no-wrap
+msgid "B<--ctorigsrc >I<[!] address[/mask]>"
+msgstr "B<--ctorigsrc >I<[!] address[/mask]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:419
+msgid "Match against original source address"
+msgstr "書き換え前の送信元アドレスにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:419
+#, no-wrap
+msgid "B<--ctorigdst >I<[!] address[/mask]>"
+msgstr "B<--ctorigdst >I<[!] address[/mask]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:422
+msgid "Match against original destination address"
+msgstr "書き換え前の宛先アドレスにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:422
+#, no-wrap
+msgid "B<--ctreplsrc >I<[!] address[/mask]>"
+msgstr "B<--ctreplsrc >I<[!] address[/mask]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:425
+msgid "Match against reply source address"
+msgstr "応答の送信元アドレスにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:425
+#, no-wrap
+msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:428
+msgid "Match against reply destination address"
+msgstr "応答の宛先アドレスにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:428
+#, no-wrap
+msgid "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+msgstr "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:431
+msgid "Match against internal conntrack states"
+msgstr "接続追跡の内部的な状態にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:431
+#, no-wrap
+msgid "B<--ctexpire >I<time[:time]>"
+msgstr "B<--ctexpire >I<time[:time]>"
+
+#. type: Plain text
+#: original/man8/iptables.8:435
+msgid ""
+"Match remaining lifetime in seconds against given value or range of values "
+"(inclusive)"
+msgstr "有効期間の残り秒数、またはその範囲(両端を含む)にマッチする。"
+
+#. type: SS
+#: original/man8/iptables.8:435
+#, no-wrap
+msgid "dscp"
+msgstr "dscp"
+
+#. type: Plain text
+#: original/man8/iptables.8:438
+msgid ""
+"This module matches the 6 bit DSCP field within the TOS field in the IP "
+"header. DSCP has superseded TOS within the IETF."
+msgstr ""
+"このモジュールは、IP ヘッダーの TOS フィールド内にある、 6 bit の DSCP フィー"
+"ルドにマッチする。 IETF では DSCP が TOS に取って代わった。"
+
+#. type: TP
+#: original/man8/iptables.8:438
+#, no-wrap
+msgid "B<--dscp >I<value>"
+msgstr "B<--dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/iptables.8:441
+msgid "Match against a numeric (decimal or hex) value [0-32]."
+msgstr "(10 進または 16 進の) 数値 [0-63] にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:441
+#, no-wrap
+msgid "B<--dscp-class >I<DiffServ Class>"
+msgstr "B<--dscp-class >I<DiffServ Class>"
+
+#. type: Plain text
+#: original/man8/iptables.8:446
+msgid ""
+"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
+"classes. It will then be converted into it's according numeric value."
+msgstr ""
+"DiffServ クラスにマッチする。 値は BE, EF, AFxx, CSx クラスのいずれかであ"
+"る。 これらは、対応する数値で指定するのと同じである。"
+
+#. type: SS
+#: original/man8/iptables.8:446
+#, no-wrap
+msgid "esp"
+msgstr "esp"
+
+#. type: Plain text
+#: original/man8/iptables.8:448
+msgid "This module matches the SPIs in ESP header of IPSec packets."
+msgstr "このモジュールは IPSec パケットの ESP ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:448
+#, no-wrap
+msgid "B<--espspi >[!] I<spi>[:I<spi>]"
+msgstr "B<--espspi >[!] I<spi>[:I<spi>]"
+
+#. type: SS
+#: original/man8/iptables.8:450
+#, no-wrap
+msgid "helper"
+msgstr "helper"
+
+#. type: Plain text
+#: original/man8/iptables.8:452
+msgid "This module matches packets related to a specific conntrack-helper."
+msgstr ""
+"このモジュールは、指定された接続追跡ヘルパーモジュールに 関連するパケットに"
+"マッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:452
+#, no-wrap
+msgid "B<--helper >I<string>"
+msgstr "B<--helper >I<string>"
+
+#. type: Plain text
+#: original/man8/iptables.8:455
+msgid "Matches packets related to the specified conntrack-helper."
+msgstr "指定された接続追跡ヘルパーモジュールに 関連するパケットにマッチする。"
+
+#. type: Plain text
+#: original/man8/iptables.8:459
+msgid ""
+"string can be \"ftp\" for packets related to a ftp-session on default port. "
+"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+msgstr ""
+"デフォルトのポートを使った ftp-セッションに関連するパケットでは、 string に "
+"\"ftp\" と書ける。 他のポートでは \"-ポート番号\" を値に付け加える。 すなわ"
+"ち \"ftp-2121\" となる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:461
+msgid "Same rules apply for other conntrack-helpers."
+msgstr "他の接続追跡ヘルパーでも同じルールが適用される。"
+
+#. type: SS
+#: original/man8/iptables.8:462
+#, no-wrap
+msgid "icmp"
+msgstr "icmp"
+
+#. type: Plain text
+#: original/man8/iptables.8:465
+msgid ""
+"This extension is loaded if `--protocol icmp' is specified. It provides the "
+"following option:"
+msgstr ""
+"この拡張は `--protocol icmp' が指定された場合にロードされ、 以下のオプション"
+"が提供される:"
+
+#. type: TP
+#: original/man8/iptables.8:465
+#, no-wrap
+msgid "B<--icmp-type >[!] I<typename>"
+msgstr "B<--icmp-type >[!] I<typename>"
+
+#. type: Plain text
+#: original/man8/iptables.8:469
+msgid ""
+"This allows specification of the ICMP type, which can be a numeric ICMP "
+"type, or one of the ICMP type names shown by the command"
+msgstr ""
+"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
+"マンド で表示される ICMP タイプ名を指定できる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:471
+#, no-wrap
+msgid " iptables -p icmp -h\n"
+msgstr " iptables -p icmp -h\n"
+
+#. type: SS
+#: original/man8/iptables.8:472
+#, no-wrap
+msgid "length"
+msgstr "length"
+
+#. type: Plain text
+#: original/man8/iptables.8:475
+msgid ""
+"This module matches the length of a packet against a specific value or range "
+"of values."
+msgstr "このモジュールは、指定されたパケット長、またはその範囲にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:475
+#, no-wrap
+msgid "B<--length >I<length>[:I<length>]"
+msgstr "B<--length >I<length>[:I<length>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:540
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
+"even this some packets (such as ICMP ping responses) may have no owner, and "
+"hence never match."
+msgstr ""
+"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
+"いろな特性に対してマッチを行う。 これは B<OUTPUT> チェインのみでしか有効でな"
+"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
+"チしない。"
+
+#. type: TP
+#: original/man8/iptables.8:556
+#, no-wrap
+msgid "B<--cmd-owner >I<name>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/iptables.8:561
+msgid ""
+"Matches if the packet was created by a process with the given command name. "
+"(this option is present only if iptables was compiled under a kernel "
+"supporting this feature)"
+msgstr ""
+"指定されたコマンド名を持つプロセスにより パケットが生成されている場合にマッチ"
+"する (この機能をサポートしたカーネルのもとで iptables がコンパイルされた場合 "
+"にのみ、このモジュールは存在する)。"
+
+#. type: SS
+#: original/man8/iptables.8:561
+#, no-wrap
+msgid "physdev"
+msgstr "physdev"
+
+#. type: Plain text
+#: original/man8/iptables.8:566
+msgid ""
+"This module matches on the bridge port input and output devices enslaved to "
+"a bridge device. This module is a part of the infrastructure that enables a "
+"transparent bridging IP firewall and is only useful for kernel versions "
+"above version 2.5.44."
+msgstr ""
+"このモジュールは、ブリッジデバイスのスレーブにされた、 ブリッジポートの入出力"
+"デバイスにマッチする。 このモジュールは、ブリッジによる透過的な IP ファイア"
+"ウォールの基盤の一部であり、 カーネルバージョン 2.5.44 以降でのみ有効である。"
+
+#. type: TP
+#: original/man8/iptables.8:566
+#, no-wrap
+msgid "B<--physdev-in name>"
+msgstr "B<--physdev-in name>"
+
+#. type: Plain text
+#: original/man8/iptables.8:577
+msgid ""
+"Name of a bridge port via which a packet is received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If the packet didn't arrive through a bridge device, this "
+"packet won't match this option, unless '!' is used."
+msgstr ""
+"パケットが受信されるブリッジのポート名 (B<INPUT>, B<FORWARD>, B<PREROUTING> "
+"チェインに入るパケットのみ)。 インターフェース名が \"+\" で終っている場合、 "
+"その名前で始まる任意のインターフェース名にマッチする。 ブリッジデバイスを通し"
+"て受け取られなかったパケットは、 \\&'!' が指定されていない限り、このオプショ"
+"ンにマッチしない。"
+
+#. type: TP
+#: original/man8/iptables.8:577
+#, no-wrap
+msgid "B<--physdev-out name>"
+msgstr "B<--physdev-out name>"
+
+#. type: Plain text
+#: original/man8/iptables.8:594
+msgid ""
+"Name of a bridge port via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
+"cannot match on the bridge output port, however one can in the B<filter "
+"OUTPUT> chain. If the packet won't leave by a bridge device or it is yet "
+"unknown what the output device will be, then the packet won't match this "
+"option, unless '!' is used."
+msgstr ""
+"パケットを送信することになるブリッジのポート名 (B<FORWARD>, B<OUTPUT>, "
+"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名が \"+\" で"
+"終っている場合、 その名前で始まる任意のインターフェース名にマッチする。 "
+"B<nat> と B<mangle> テーブルの B<OUTPUT> チェインではブリッジの出力ポートに"
+"マッチさせることができないが、 B<filter> テーブルの B<OUPUT> チェインではマッ"
+"チ可能である。 パケットがブリッジデバイスから送られなかった場合、 またはパ"
+"ケットの出力デバイスが不明であった場合は、 \\&'!' が指定されていない限り、パ"
+"ケットはこのオプションにマッチしない。"
+
+#. type: TP
+#: original/man8/iptables.8:594
+#, no-wrap
+msgid "B<--physdev-is-in>"
+msgstr "B<--physdev-is-in>"
+
+#. type: Plain text
+#: original/man8/iptables.8:597
+msgid "Matches if the packet has entered through a bridge interface."
+msgstr "パケットがブリッジインターフェースに入った場合にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:597
+#, no-wrap
+msgid "B<--physdev-is-out>"
+msgstr "B<--physdev-is-out>"
+
+#. type: Plain text
+#: original/man8/iptables.8:600
+msgid "Matches if the packet will leave through a bridge interface."
+msgstr "パケットがブリッジインターフェースから出ようとした場合にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:600
+#, no-wrap
+msgid "B<--physdev-is-bridged>"
+msgstr "B<--physdev-is-bridged>"
+
+#. type: Plain text
+#: original/man8/iptables.8:604
+msgid ""
+"Matches if the packet is being bridged and therefore is not being routed. "
+"This is only useful in the FORWARD and POSTROUTING chains."
+msgstr ""
+"パケットがブリッジされることにより、 ルーティングされなかった場合にマッチす"
+"る。 これは FORWARD, POSTROUTING チェインにおいてのみ役立つ。"
+
+#. type: SS
+#: original/man8/iptables.8:604
+#, no-wrap
+msgid "pkttype"
+msgstr "pkttype"
+
+#. type: Plain text
+#: original/man8/iptables.8:606
+msgid "This module matches the link-layer packet type."
+msgstr "このモジュールは、リンク層のパケットタイプにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:606
+#, no-wrap
+msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+msgstr "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+
+#. type: SS
+#: original/man8/iptables.8:608
+#, no-wrap
+msgid "state"
+msgstr "state"
+
+#. type: Plain text
+#: original/man8/iptables.8:611
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet."
+msgstr ""
+"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
+"ケットについての接続追跡状態を知ることができる。"
+
+#. type: TP
+#: original/man8/iptables.8:611
+#, no-wrap
+msgid "B<--state >I<state>"
+msgstr "B<--state >I<state>"
+
+#. type: Plain text
+#: original/man8/iptables.8:630
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet could not be "
+"identified for some reason which includes running out of memory and ICMP "
+"errors which don't correspond to any known connection, B<ESTABLISHED> "
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions, B<NEW> meaning that the packet has started a new "
+"connection, or otherwise associated with a connection which has not seen "
+"packets in both directions, and B<RELATED> meaning that the packet is "
+"starting a new connection, but is associated with an existing connection, "
+"such as an FTP data transfer, or an ICMP error."
+msgstr ""
+"state は、マッチングを行うための、コンマで区切られた接続状態のリストである。 "
+"指定可能な state は以下の通り。 B<INVALID>: このパケットは既知の接続と関係し"
+"ていない。 B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされ"
+"た接続に属するパケットである。 B<NEW>: このパケットが新しい接続を開始した"
+"か、 双方向にはパケットがやり取りされていない接続に属するパケットである。 "
+"B<RELATED>: このパケットが新しい接続を開始しているが、 FTP データ転送や ICMP "
+"エラーのように、既存の接続に関係している。"
+
+#. type: Plain text
+#: original/man8/iptables.8:660
+#, no-wrap
+msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+
+#. type: TP
+#: original/man8/iptables.8:676
+#, no-wrap
+msgid "B<--mss >I<value>[:I<value>]"
+msgstr "B<--mss >I<value>[:I<value>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:680
+msgid ""
+"Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), "
+"which control the maximum packet size for that connection."
+msgstr ""
+"指定された MSS 値 (の範囲) を持つ TCP の SYN または SYN/ACK パケットにマッチ"
+"する。 MSS は接続に対するパケットの最大サイズを制御する。"
+
+#. type: SS
+#: original/man8/iptables.8:680
+#, no-wrap
+msgid "tos"
+msgstr "tos"
+
+#. type: Plain text
+#: original/man8/iptables.8:683
+msgid ""
+"This module matches the 8 bits of Type of Service field in the IP header "
+"(ie. including the precedence bits)."
+msgstr ""
+"このモジュールは IP ヘッダーの 8 ビットの (つまり上位ビットを含む) Type of "
+"Service フィールドにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:683
+#, no-wrap
+msgid "B<--tos >I<tos>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/iptables.8:686
+msgid "The argument is either a standard name, (use"
+msgstr ""
+"引き数は、マッチを行う標準的な名前でも数値でもよい (名前のリストを見るには"
+
+#. type: Plain text
+#: original/man8/iptables.8:688
+#, no-wrap
+msgid " iptables -m tos -h\n"
+msgstr " iptables -m tos -h\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:690
+msgid "to see the list), or a numeric value to match."
+msgstr "を使うこと)。"
+
+#. type: SS
+#: original/man8/iptables.8:690
+#, no-wrap
+msgid "ttl"
+msgstr "ttl"
+
+#. type: Plain text
+#: original/man8/iptables.8:692
+msgid "This module matches the time to live field in the IP header."
+msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:692
+#, no-wrap
+msgid "B<--ttl >I<ttl>"
+msgstr "B<--ttl >I<ttl>"
+
+#. type: Plain text
+#: original/man8/iptables.8:695
+msgid "Matches the given TTL value."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: SS
+#: original/man8/iptables.8:710
+#, no-wrap
+msgid "unclean"
+msgstr "unclean"
+
+#. type: Plain text
+#: original/man8/iptables.8:713
+msgid ""
+"This module takes no options, but attempts to match packets which seem "
+"malformed or unusual. This is regarded as experimental."
+msgstr ""
+"このモジュールにはオプションがないが、 おかしく正常でないように見えるパケット"
+"にマッチする。 これは実験的なものとして扱われている。"
+
+#. type: Plain text
+#: original/man8/iptables.8:716
+msgid ""
+"iptables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
+"ディストリビューションに含まれている。"
+
+#. type: SS
+#: original/man8/iptables.8:716
+#, no-wrap
+msgid "DNAT"
+msgstr "DNAT"
+
+#. type: Plain text
+#: original/man8/iptables.8:728
+msgid ""
+"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. It specifies that the destination address of the packet should be "
+"modified (and all future packets in this connection will also be mangled), "
+"and rules should cease being examined. It takes one type of option:"
+msgstr ""
+"このターゲットは B<nat> テーブルの B<PREROUTING>, B<OUTPUT> チェイン、これら"
+"のチェインから呼び出される ユーザー定義チェインのみで有効である。 このター"
+"ゲットはパケットの送信先アドレスを修正する (この接続の以降のパケットも修正し"
+"て分からなく (mangle) する)。 さらに、ルールによるチェックを止めさせる。 この"
+"ターゲットにはオプションが 1 種類ある:"
+
+#. type: TP
+#: original/man8/iptables.8:728
+#, no-wrap
+msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgstr "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:738
+msgid ""
+"which can specify a single new destination IP address, an inclusive range of "
+"IP addresses, and optionally, a port range (which is only valid if the rule "
+"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
+"the destination port will never be modified."
+msgstr ""
+"1 つの新しい送信先 IP アドレス、または IP アドレスの範囲が指定できる。 ポート"
+"の範囲を指定することもできる (これはルールで B<-p tcp> または B<-p udp> を指"
+"定している場合にのみ有効)。 ポートの範囲が指定されていない場合、送信先ポート"
+"は変更されない。"
+
+#. type: Plain text
+#: original/man8/iptables.8:744
+msgid ""
+"You can add several --to-destination options. If you specify more than one "
+"destination address, either via an address range or multiple --to-"
+"destination options, a simple round-robin (one after another in cycle) load "
+"balancing takes place between these adresses."
+msgstr ""
+"複数の --to-destination オプションを指定することができる。 アドレスの範囲に"
+"よって、 もしくは複数の --to-destination オプションによって 2 つ以上の送信先"
+"アドレスを指定した場合、 それらのアドレスを使った単純なラウンド・ロビン (順々"
+"に循環させる) がおこなわれる。"
+
+#. type: SS
+#: original/man8/iptables.8:744
+#, no-wrap
+msgid "DSCP"
+msgstr "DSCP"
+
+#. type: Plain text
+#: original/man8/iptables.8:748
+msgid ""
+"This target allows to alter the value of the DSCP bits within the TOS header "
+"of the IPv4 packet. As this manipulates a packet, it can only be used in "
+"the mangle table."
+msgstr ""
+"このターゲットは、IPv4 パケットの TOS ヘッダーにある DSCP ビットの値の書き換"
+"えを可能にする。 これはパケットを操作するので、mangle テーブルでのみ使用でき"
+"る。"
+
+#. type: TP
+#: original/man8/iptables.8:748
+#, no-wrap
+msgid "B<--set-dscp >I<value>"
+msgstr "B<--set-dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/iptables.8:751
+msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
+msgstr "DSCP フィールドの数値を設定する (10 進または 16 進)。"
+
+#. type: TP
+#: original/man8/iptables.8:751
+#, no-wrap
+msgid "B<--set-dscp-class >I<class>"
+msgstr "B<--set-dscp-class >I<class>"
+
+#. type: Plain text
+#: original/man8/iptables.8:754
+msgid "Set the DSCP field to a DiffServ class."
+msgstr "DSCP フィールドの DiffServ クラスを設定する。"
+
+#. type: SS
+#: original/man8/iptables.8:754
+#, no-wrap
+msgid "ECN"
+msgstr "ECN"
+
+#. type: Plain text
+#: original/man8/iptables.8:757
+msgid ""
+"This target allows to selectively work around known ECN blackholes. It can "
+"only be used in the mangle table."
+msgstr ""
+"このターゲットは ECN ブラックホール問題への対処を可能にする。 mangle テーブル"
+"でのみ使用できる。"
+
+#. type: TP
+#: original/man8/iptables.8:757
+#, no-wrap
+msgid "B<--ecn-tcp-remove>"
+msgstr "B<--ecn-tcp-remove>"
+
+#. type: Plain text
+#: original/man8/iptables.8:762
+msgid ""
+"Remove all ECN bits from the TCP header. Of course, it can only be used in "
+"conjunction with B<-p tcp>."
+msgstr ""
+"TCP ヘッダーから全ての ECN ビット (訳注: ECE/CWR フラグ) を取り除く。 当然、 "
+"B<-p tcp> オプションとの組合わせでのみ使用できる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:774
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IP header fields) via the kernel log (where it can be read with "
+"I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. rule "
+"traversal continues at the next rule. So if you want to LOG the packets you "
+"refuse, use two separate rules with the same matching criteria, first using "
+"target LOG then DROP (or REJECT)."
+msgstr ""
+"マッチしたパケットをカーネルログに記録する。 このオプションがルールに対して設"
+"定されると、 Linux カーネルはマッチしたパケットについての (大部分の IP ヘッ"
+"ダーフィールドのような) 何らかの情報を カーネルログに表示する (カーネルログ"
+"は I<dmesg> または I<syslogd>(8) で見ることができる)。 これは \"非終了ター"
+"ゲット\" である。 すなわち、ルールの検討は、次のルールへと継続される。 よっ"
+"て、拒否するパケットをログ記録したければ、 同じマッチング判断基準を持つ 2 つ"
+"のルールを使用し、 最初のルールで LOG ターゲットを、 次のルールで DROP (また"
+"は REJECT) ターゲットを指定する。"
+
+#. type: Plain text
+#: original/man8/iptables.8:791
+msgid "Log options from the IP packet header."
+msgstr "IP パケットヘッダーのオプションをログに記録する。"
+
+#. type: Plain text
+#: original/man8/iptables.8:796
+msgid ""
+"This is used to set the netfilter mark value associated with the packet. It "
+"is only valid in the B<mangle> table. It can for example be used in "
+"conjunction with iproute2."
+msgstr ""
+"パケットに関連づけられた netfilter の mark 値を設定する。 B<mangle> テーブル"
+"のみで有効である。 例えば、iproute2 と組み合わせて使うことができる。"
+
+#. type: SS
+#: original/man8/iptables.8:798
+#, no-wrap
+msgid "MASQUERADE"
+msgstr "MASQUERADE"
+
+#. type: Plain text
+#: original/man8/iptables.8:812
+msgid ""
+"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
+"It should only be used with dynamically assigned IP (dialup) connections: "
+"if you have a static IP address, you should use the SNAT target. "
+"Masquerading is equivalent to specifying a mapping to the IP address of the "
+"interface the packet is going out, but also has the effect that connections "
+"are I<forgotten> when the interface goes down. This is the correct behavior "
+"when the next dialup is unlikely to have the same interface address (and "
+"hence any established connections are lost anyway). It takes one option:"
+msgstr ""
+"このターゲットは B<nat> テーブルの B<POSTROUTING> チェインのみで有効である。 "
+"動的割り当て IP (ダイヤルアップ) 接続の場合にのみ使うべきである。 固定 IP ア"
+"ドレスならば、SNAT ターゲットを使うべきである。 マスカレーディングは、パケッ"
+"トが送信されるインターフェースの IP アドレスへのマッピングを指定するのと同じ"
+"であるが、 インターフェースが停止した場合に接続をI<忘れる>という効果がある。 "
+"次のダイヤルアップでは同じインターフェースアドレスになる可能性が低い (そのた"
+"め、前回確立された接続は失われる) 場合、 この動作は正しい。 このターゲットに"
+"はオプションが 1 つある。"
+
+#. type: TP
+#: original/man8/iptables.8:812 original/man8/iptables.8:845
+#, no-wrap
+msgid "B<--to-ports >I<port>[-I<port>]"
+msgstr "B<--to-ports >I<port>[-I<port>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:821
+msgid ""
+"This specifies a range of source ports to use, overriding the default "
+"B<SNAT> source port-selection heuristics (see above). This is only valid if "
+"the rule also specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+"このオプションは、使用する送信元ポートの範囲を指定し、 デフォルトの B<SNAT> "
+"送信元ポートの選択方法 (上記) よりも優先される。 ルールが B<-p tcp> または "
+"B<-p udp> を指定している場合にのみ有効である。"
+
+#. type: SS
+#: original/man8/iptables.8:821
+#, no-wrap
+msgid "MIRROR"
+msgstr "MIRROR"
+
+#. type: Plain text
+#: original/man8/iptables.8:834
+msgid ""
+"This is an experimental demonstration target which inverts the source and "
+"destination fields in the IP header and retransmits the packet. It is only "
+"valid in the B<INPUT>, B<FORWARD> and B<PREROUTING> chains, and user-defined "
+"chains which are only called from those chains. Note that the outgoing "
+"packets are B<NOT> seen by any packet filtering chains, connection tracking "
+"or NAT, to avoid loops and other problems."
+msgstr ""
+"実験的なデモンストレーション用のターゲットであり、 IP ヘッダーの送信元と送信"
+"先フィールドを入れ換え、 パケットを再送信するものである。 これは B<INPUT>, "
+"B<FORWARD>, B<PREROUTING> チェインと、これらのチェインから呼び出される ユー"
+"ザー定義チェインだけで有効である。 ループ等の問題を回避するため、外部に送られ"
+"るパケットは いかなるパケットフィルタリングチェイン・接続追跡・NAT からも 監"
+"視B<されない>。"
+
+#. type: SS
+#: original/man8/iptables.8:834
+#, no-wrap
+msgid "REDIRECT"
+msgstr "REDIRECT"
+
+#. type: Plain text
+#: original/man8/iptables.8:845
+msgid ""
+"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. It alters the destination IP address to send the packet to the "
+"machine itself (locally-generated packets are mapped to the 127.0.0.1 "
+"address). It takes one option:"
+msgstr ""
+"このターゲットは、 B<nat> テーブル内の B<PREROUTING> チェイン及び B<OUTPUT> "
+"チェイン、そしてこれらチェインから呼び出される ユーザー定義チェインでのみ有効"
+"である。 このターゲットはパケットの送信先 IP アドレスを マシン自身の IP アド"
+"レスに変換する。 (ローカルで生成されたパケットは、アドレス 127.0.0.1 にマップ"
+"される)。 このターゲットにはオプションが 1 つある:"
+
+#. type: Plain text
+#: original/man8/iptables.8:853
+msgid ""
+"This specifies a destination port or range of ports to use: without this, "
+"the destination port is never altered. This is only valid if the rule also "
+"specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+"このオプションは使用される送信先ポート・ポート範囲・複数ポートを指定する。 こ"
+"のオプションが指定されない場合、送信先ポートは変更されない。 ルールが B<-p "
+"tcp> または B<-p udp> を指定している場合にのみ有効である。"
+
+#. type: Plain text
+#: original/man8/iptables.8:877
+#, no-wrap
+msgid ""
+"B<icmp-net-unreachable>\n"
+"B<icmp-host-unreachable>\n"
+"B<icmp-port-unreachable>\n"
+"B<icmp-proto-unreachable>\n"
+"B<icmp-net-prohibited>\n"
+"B<icmp-host-prohibited or>\n"
+"B<icmp-admin-prohibited (*)>\n"
+msgstr ""
+"B<icmp-net-unreachable>\n"
+"B<icmp-host-unreachable>\n"
+"B<icmp-port-unreachable>\n"
+"B<icmp-proto-unreachable>\n"
+"B<icmp-net-prohibited>\n"
+"B<icmp-host-prohibited or>\n"
+"B<icmp-admin-prohibited (*)>\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:886
+msgid ""
+"which return the appropriate ICMP error message (B<port-unreachable> is the "
+"default). The option B<tcp-reset> can be used on rules which only match the "
+"TCP protocol: this causes a TCP RST packet to be sent back. This is mainly "
+"useful for blocking I<ident> (113/tcp) probes which frequently occur when "
+"sending mail to broken mail hosts (which won't accept your mail otherwise)."
+msgstr ""
+"であり、適切な ICMP エラーメッセージを返す (B<port-unreachable> がデフォルト"
+"である)。 TCP プロトコルにのみマッチするルールに対して、オプション B<tcp-"
+"reset> を使うことができる。 このオプションを使うと、TCP RST パケットが送り返"
+"される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
+"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
+"ルが送られる場合に頻繁に起こる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:889
+msgid ""
+"(*) Using icmp-admin-prohibited with kernels that do not support it will "
+"result in a plain DROP instead of REJECT"
+msgstr ""
+"(*) icmp-admin-prohibited をサポートしないカーネルで、 icmp-admin-prohibited "
+"を使用すると、 REJECT ではなく単なる DROP になる。"
+
+#. type: SS
+#: original/man8/iptables.8:889
+#, no-wrap
+msgid "SNAT"
+msgstr "SNAT"
+
+#. type: Plain text
+#: original/man8/iptables.8:898
+msgid ""
+"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
+"It specifies that the source address of the packet should be modified (and "
+"all future packets in this connection will also be mangled), and rules "
+"should cease being examined. It takes one type of option:"
+msgstr ""
+"このターゲットは B<nat> テーブルの B<POSTROUTING> チェインのみで有効である。 "
+"このターゲットはパケットの送信元アドレスを修正させる (この接続の以降のパケッ"
+"トも修正して分からなく (mangle) する)。 さらに、ルールが評価を中止するように"
+"指示する。 このターゲットにはオプションが 1 種類ある:"
+
+#. type: TP
+#: original/man8/iptables.8:898
+#, no-wrap
+msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgstr "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:910
+msgid ""
+"which can specify a single new source IP address, an inclusive range of IP "
+"addresses, and optionally, a port range (which is only valid if the rule "
+"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
+"source ports below 512 will be mapped to other ports below 512: those "
+"between 512 and 1023 inclusive will be mapped to ports below 1024, and other "
+"ports will be mapped to 1024 or above. Where possible, no port alteration "
+"will occur."
+msgstr ""
+"1 つの新しい送信元 IP アドレス、または IP アドレスの範囲が指定できる。 ポート"
+"の範囲を指定することもできる (ルールが B<-p tcp> または B<-p udp> を指定して"
+"いる場合にのみ有効)。 ポートの範囲が指定されていない場合、 512 未満の送信元"
+"ポートは、他の 512 未満のポートにマッピングされる。 512 〜 1023 までのポート"
+"は、1024 未満のポートにマッピングされる。 それ以外のポートは、1024 以上のポー"
+"トにマッピングされる。 可能であれば、ポートの変換は起こらない。"
+
+#. type: Plain text
+#: original/man8/iptables.8:916
+msgid ""
+"You can add several --to-source options. If you specify more than one "
+"source address, either via an address range or multiple --to-source options, "
+"a simple round-robin (one after another in cycle) takes place between these "
+"adresses."
+msgstr ""
+"複数の --to-source オプションを指定することができる。 アドレスの範囲によっ"
+"て、 もしくは複数の --to-source オプションによって 2 つ以上の送信元アドレスを"
+"指定した場合、 それらのアドレスを使った単純なラウンド・ロビン (順々に循環させ"
+"る) がおこなわれる。"
+
+#. type: SS
+#: original/man8/iptables.8:916
+#, no-wrap
+msgid "TCPMSS"
+msgstr "TCPMSS"
+
+#. type: Plain text
+#: original/man8/iptables.8:922
+msgid ""
+"This target allows to alter the MSS value of TCP SYN packets, to control the "
+"maximum size for that connection (usually limiting it to your outgoing "
+"interface's MTU minus 40). Of course, it can only be used in conjunction "
+"with B<-p tcp>."
+msgstr ""
+"このターゲットを用いると、TCP の SYN パケットの MSS 値を書き換え、 そのコネク"
+"ションの最大サイズ (通常は、送信インターフェースの MTU から 40 引いた値) を"
+"制御できる。 もちろん B<-p tcp> と組み合わせてしか使えない。"
+
+#. type: Plain text
+#: original/man8/iptables.8:928
+msgid ""
+"This target is used to overcome criminally braindead ISPs or servers which "
+"block ICMP Fragmentation Needed packets. The symptoms of this problem are "
+"that everything works fine from your Linux firewall/router, but machines "
+"behind it can never exchange large packets:"
+msgstr ""
+"このターゲットは犯罪的に頭のいかれた ISP や ICMP Fragmentation Needed パケッ"
+"トをブロックしてしまうサーバーを 乗り越えるために使用する。 Linux ファイア"
+"ウォール/ルーターでは何も問題がないのに、 そこにぶら下がるマシンでは以下のよ"
+"うに大きなパケットを やりとりできないというのが、この問題の兆候である。"
+
+#. type: TP
+#: original/man8/iptables.8:930
+#, no-wrap
+msgid "1)"
+msgstr "1)"
+
+#. type: Plain text
+#: original/man8/iptables.8:933
+msgid "Web browsers connect, then hang with no data received."
+msgstr "ウェブ・ブラウザで接続が、何のデータも受け取らずにハングする"
+
+#. type: TP
+#: original/man8/iptables.8:933
+#, no-wrap
+msgid "2)"
+msgstr "2)"
+
+#. type: Plain text
+#: original/man8/iptables.8:936
+msgid "Small mail works fine, but large emails hang."
+msgstr "短いメールは問題ないが、長いメールがハングする"
+
+#. type: TP
+#: original/man8/iptables.8:936
+#, no-wrap
+msgid "3)"
+msgstr "3)"
+
+#. type: Plain text
+#: original/man8/iptables.8:939
+msgid "ssh works fine, but scp hangs after initial handshaking."
+msgstr "ssh は問題ないが、scp は最初のハンドシェーク後にハングする"
+
+#. type: Plain text
+#: original/man8/iptables.8:943
+msgid ""
+"Workaround: activate this option and add a rule to your firewall "
+"configuration like:"
+msgstr ""
+"回避方法: このオプションを有効にし、以下のようなルールを ファイアウォールの設"
+"定に追加する。"
+
+#. type: Plain text
+#: original/man8/iptables.8:946
+#, no-wrap
+msgid ""
+" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+msgstr ""
+" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+
+#. type: TP
+#: original/man8/iptables.8:947
+#, no-wrap
+msgid "B<--set-mss >I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/iptables.8:950
+msgid "Explicitly set MSS option to specified value."
+msgstr "MSS オプションの値に指定した値を明示的に設定する。"
+
+#. type: TP
+#: original/man8/iptables.8:950
+#, no-wrap
+msgid "B<--clamp-mss-to-pmtu>"
+msgstr "B<--clamp-mss-to-pmtu>"
+
+#. type: Plain text
+#: original/man8/iptables.8:953
+msgid "Automatically clamp MSS value to (path_MTU - 40)."
+msgstr "自動的に、MSS 値を (path_MTU - 40) に強制する。"
+
+#. type: TP
+#: original/man8/iptables.8:953
+#, no-wrap
+msgid "These options are mutually exclusive."
+msgstr "これらのオプションはどちらか 1 つしか指定できない。"
+
+#. type: SS
+#: original/man8/iptables.8:955
+#, no-wrap
+msgid "TOS"
+msgstr "TOS"
+
+#. type: Plain text
+#: original/man8/iptables.8:960
+msgid ""
+"This is used to set the 8-bit Type of Service field in the IP header. It is "
+"only valid in the B<mangle> table."
+msgstr ""
+"IP ヘッダーの 8 ビットの Type of Service フィールドを設定するために使われ"
+"る。 B<mangle> テーブルのみで有効である。"
+
+#. type: TP
+#: original/man8/iptables.8:960
+#, no-wrap
+msgid "B<--set-tos >I<tos>"
+msgstr "B<--set-tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/iptables.8:963
+msgid "You can use a numeric TOS values, or use"
+msgstr "TOS を番号で指定することができる。 また、"
+
+#. type: Plain text
+#: original/man8/iptables.8:965
+#, no-wrap
+msgid " iptables -j TOS -h\n"
+msgstr " iptables -j TOS -h\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:967
+msgid "to see the list of valid TOS names."
+msgstr "を実行して得られる、使用可能な TOS 名の一覧にある TOS 名も指定できる。"
+
+#. type: SS
+#: original/man8/iptables.8:967
+#, no-wrap
+msgid "ULOG"
+msgstr "ULOG"
+
+#. type: Plain text
+#: original/man8/iptables.8:976
+msgid ""
+"This target provides userspace logging of matching packets. When this "
+"target is set for a rule, the Linux kernel will multicast this packet "
+"through a I<netlink> socket. One or more userspace processes may then "
+"subscribe to various multicast groups and receive the packets. Like LOG, "
+"this is a \"non-terminating target\", i.e. rule traversal continues at the "
+"next rule."
+msgstr ""
+"このターゲットは、マッチしたパケットを ユーザー空間でログ記録する機能を提供す"
+"る。 このターゲットがルールに設定されると、 Linux カーネルは、そのパケットを "
+"I<netlink> ソケットを用いてマルチキャストする。 そして、1 つ以上のユーザー空"
+"間プロセスが いろいろなマルチキャストグループに登録をおこない、 パケットを受"
+"信する。 LOG と同様、これは \"非終了ターゲット\" であり、 ルールの検討は次の"
+"ルールへと継続される。"
+
+#. type: TP
+#: original/man8/iptables.8:976
+#, no-wrap
+msgid "B<--ulog-nlgroup >I<nlgroup>"
+msgstr "B<--ulog-nlgroup >I<nlgroup>"
+
+#. type: Plain text
+#: original/man8/iptables.8:980
+msgid ""
+"This specifies the netlink group (1-32) to which the packet is sent. "
+"Default value is 1."
+msgstr ""
+"パケットを送信する netlink グループ (1-32) を指定する。 デフォルトの値は 1 で"
+"ある。"
+
+#. type: TP
+#: original/man8/iptables.8:980
+#, no-wrap
+msgid "B<--ulog-prefix >I<prefix>"
+msgstr "B<--ulog-prefix >I<prefix>"
+
+#. type: Plain text
+#: original/man8/iptables.8:984
+msgid ""
+"Prefix log messages with the specified prefix; up to 32 characters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+"指定したプレフィックスをログメッセージの前に付ける。 32 文字までの指定でき"
+"る。 ログの中でメッセージを区別するのに便利である。"
+
+#. type: TP
+#: original/man8/iptables.8:984
+#, no-wrap
+msgid "B<--ulog-cprange >I<size>"
+msgstr "B<--ulog-cprange >I<size>"
+
+#. type: Plain text
+#: original/man8/iptables.8:988
+msgid ""
+"Number of bytes to be copied to userspace. A value of 0 always copies the "
+"entire packet, regardless of its size. Default is 0."
+msgstr ""
+"ユーザー空間にコピーするパケットのバイト数。 値が 0 の場合、サイズに関係なく"
+"全パケットをコピーする。 デフォルトは 0 である。"
+
+#. type: TP
+#: original/man8/iptables.8:988
+#, no-wrap
+msgid "B<--ulog-qthreshold >I<size>"
+msgstr "B<--ulog-qthreshold >I<size>"
+
+#. type: Plain text
+#: original/man8/iptables.8:994
+msgid ""
+"Number of packet to queue inside kernel. Setting this value to, e.g. 10 "
+"accumulates ten packets inside the kernel and transmits them as one netlink "
+"multipart message to userspace. Default is 1 (for backwards compatibility)."
+msgstr ""
+"カーネル内部のキューに入れられるパケットの数。 例えば、この値を 10 にした場"
+"合、 カーネル内部で 10 個のパケットをまとめ、 1 つの netlink マルチパートメッ"
+"セージとしてユーザー空間に送る。 (過去のものとの互換性のため) デフォルトは 1 "
+"である。"
+
+#. type: Plain text
+#: original/man8/iptables.8:1016
+msgid ""
+"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
+"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
+"packets coming into the local host and originating from the local host "
+"respectively. Hence every packet only passes through one of the three "
+"chains (except loopback traffic, which involves both INPUT and OUTPUT "
+"chains); previously a forwarded packet would pass through all three."
+msgstr ""
+"B<iptables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
+"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
+"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
+"る。 よって、(INPUT と OUTPUT の両方のチェインを起動する ループバックトラ"
+"フィックを除く) 全てのパケットは 3 つあるチェインのうち 1 しか通らない。 以"
+"前は (ipchains では)、 フォワードされるパケットは 3 つのチェイン全てを通って"
+"いた。"
+
+#. type: Plain text
+#: original/man8/iptables.8:1025
+msgid ""
+"The other main difference is that B<-i> refers to the input interface; B<-o> "
+"refers to the output interface, and both are available for packets entering "
+"the B<FORWARD> chain."
+msgstr ""
+"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
+"フェースを参照すること、 そしてともに B<FORWARD> チェインに入るパケットに対し"
+"て指定可能な点である。"
+
+#. type: Plain text
+#: original/man8/iptables.8:1032
+msgid ""
+"The various forms of NAT have been separated out; B<iptables> is a pure "
+"packet filter when using the default `filter' table, with optional extension "
+"modules. This should simplify much of the previous confusion over the "
+"combination of IP masquerading and packet filtering seen previously. So the "
+"following options are handled differently:"
+msgstr ""
+"NAT のいろいろな形式が分割された。 オプションの拡張モジュールとともに デフォ"
+"ルトの「フィルタ」テーブルを用いた場合、 B<iptables> は純粋なパケットフィルタ"
+"となる。 これは、以前みられた IP マスカレーディングとパケットフィルタリング"
+"の 組合せによる混乱を簡略化する。 よって、オプション"
+
+#. type: Plain text
+#: original/man8/iptables.8:1036
+#, no-wrap
+msgid ""
+" -j MASQ\n"
+" -M -S\n"
+" -M -L\n"
+msgstr ""
+" -j MASQ\n"
+" -M -S\n"
+" -M -L\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:1038
+msgid "There are several other changes in iptables."
+msgstr ""
+"は別のものとして扱われる。 iptables では、その他にもいくつかの変更がある。"
+
+#. type: Plain text
+#: original/man8/iptables.8:1044
+msgid ""
+"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
+"save>(8), B<ip6tables-restore>(8)."
+msgstr ""
+"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
+"save>(8), B<ip6tables-restore>(8)."
+
+#. type: Plain text
+#: original/man8/iptables.8:1066
+msgid "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
+msgstr ""
+"Harald Welte が ULOG ターゲットと、 TTL, DSCP, ECN のマッチ・ターゲットを書い"
+"た。"
+
+#. type: Plain text
+#: original/man8/iptables.8:1070
+msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr "man ページは Herve Eychenne E<lt>rv@wallfire.orgE<gt> が書いた。"
--- /dev/null
+[po_directory] po4a/lib
+
+[type: man] original/man3/ipq_create_handle.3 $lang:draft/man3/ipq_create_handle.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_create_handle.3.txt
+
+[type: man] original/man3/ipq_errstr.3 $lang:draft/man3/ipq_errstr.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_errstr.3.txt
+
+[type: man] original/man3/ipq_message_type.3 $lang:draft/man3/ipq_message_type.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_message_type.3.txt
+
+[type: man] original/man3/ipq_read.3 $lang:draft/man3/ipq_read.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_read.3.txt
+
+[type: man] original/man3/ipq_set_mode.3 $lang:draft/man3/ipq_set_mode.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_set_mode.3.txt
+
+[type: man] original/man3/ipq_set_verdict.3 $lang:draft/man3/ipq_set_verdict.3 \
+ add_$lang:?po4a/add_$lang/copyright/ipq_set_verdict.3.txt
+
+[type: man] original/man3/libipq.3 $lang:draft/man3/libipq.3 \
+ add_$lang:?po4a/add_$lang/copyright/libipq.3.txt
--- /dev/null
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2012-05-09 02:19+0900\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1
+#, no-wrap
+msgid "IPQ_CREATE_HANDLE"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "16 October 2001"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "Linux iptables 1.2"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "Linux Programmer's Manual"
+msgstr ""
+
+#
+#. $Id: libipq.3,v 1.5 2001/11/24 15:09:20 jamesm Exp $
+#
+#. Copyright (c) 2000-2001 Netfilter Core Team
+#
+#. This program is free software; you can redistribute it and/or modify
+#. it under the terms of the GNU General Public License as published by
+#. the Free Software Foundation; either version 2 of the License, or
+#. (at your option) any later version.
+#
+#. This program is distributed in the hope that it will be useful,
+#. but WITHOUT ANY WARRANTY; without even the implied warranty of
+#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#. GNU General Public License for more details.
+#
+#. You should have received a copy of the GNU General Public License
+#. along with this program; if not, write to the Free Software
+#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#. type: SH
+#: original/man3/ipq_create_handle.3:22 original/man3/ipq_errstr.3:22 original/man3/ipq_message_type.3:22 original/man3/ipq_read.3:22 original/man3/ipq_set_mode.3:22 original/man3/ipq_set_verdict.3:22 original/man3/libipq.3:22
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:24
+msgid "ipq_create_handle, ipq_destroy_handle - create and destroy libipq handles."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:24 original/man3/ipq_errstr.3:24 original/man3/ipq_message_type.3:24 original/man3/ipq_read.3:24 original/man3/ipq_set_mode.3:24 original/man3/ipq_set_verdict.3:24 original/man3/libipq.3:24
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:26 original/man3/ipq_errstr.3:26 original/man3/ipq_message_type.3:26 original/man3/ipq_read.3:26 original/man3/ipq_set_mode.3:26 original/man3/ipq_set_verdict.3:26 original/man3/libipq.3:26
+msgid "B<#include E<lt>linux/netfilter.hE<gt>>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:28 original/man3/ipq_errstr.3:28 original/man3/ipq_message_type.3:28 original/man3/ipq_read.3:28 original/man3/ipq_set_mode.3:28 original/man3/ipq_set_verdict.3:28 original/man3/libipq.3:28
+msgid "B<#include E<lt>libipq.hE<gt>>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:30
+msgid ""
+"B<struct ipq_handle *ipq_create_handle(u_int32_t >I<flags>B<, u_int32_t "
+">I<protocol>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:32
+msgid "B<int ipq_destroy_handle(struct ipq_handle *>I<h>B<);>"
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:32 original/man3/ipq_errstr.3:32 original/man3/ipq_message_type.3:34 original/man3/ipq_read.3:30 original/man3/ipq_set_mode.3:30 original/man3/ipq_set_verdict.3:30 original/man3/libipq.3:28
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:40
+msgid ""
+"The B<ipq_create_handle> function initialises libipq for an application, "
+"attempts to bind to the Netlink socket used by ip_queue, and returns an "
+"opaque context handle. It should be the first libipq function to be called "
+"by an application. The handle returned should be used in all subsequent "
+"library calls which require a handle parameter."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:45
+msgid ""
+"The I<flags> parameter is not currently used and should be set to zero by "
+"the application for forward compatibility."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:51
+msgid ""
+"The I<protocol> parameter is used to specify the protocol of the packets to "
+"be queued. Valid values are PF_INET for IPv4 and PF_INET6 for IPv6. "
+"Currently, only one protocol may be queued at a time for a handle."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:57
+msgid ""
+"The B<ipq_destroy_handle> function frees up resources allocated by "
+"B<ipq_create_handle>, and should be used when the handle is no longer "
+"required by the application."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:57
+#, no-wrap
+msgid "RETURN VALUES"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:61
+msgid "On success, B<ipq_create_handle> returns a pointer to a context handle."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:63
+msgid "On failure, NULL is returned."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:67
+msgid "On success, B<ipq_destroy_handle> returns zero."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:69 original/man3/ipq_read.3:68 original/man3/ipq_set_mode.3:72 original/man3/ipq_set_verdict.3:77
+msgid "On failure, -1 is returned."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:69 original/man3/ipq_read.3:78 original/man3/ipq_set_mode.3:74 original/man3/ipq_set_verdict.3:79
+#, no-wrap
+msgid "ERRORS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:74 original/man3/ipq_set_mode.3:79
+msgid ""
+"On failure, a descriptive error message will be available via the "
+"B<ipq_errstr> function."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:74 original/man3/ipq_errstr.3:56 original/man3/ipq_message_type.3:126 original/man3/ipq_read.3:92 original/man3/ipq_set_mode.3:97 original/man3/ipq_set_verdict.3:84 original/man3/libipq.3:248
+#, no-wrap
+msgid "BUGS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:76 original/man3/ipq_errstr.3:58 original/man3/ipq_message_type.3:128 original/man3/ipq_read.3:94 original/man3/ipq_set_mode.3:99 original/man3/ipq_set_verdict.3:86
+msgid "None known."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:76 original/man3/ipq_errstr.3:58 original/man3/ipq_message_type.3:128 original/man3/ipq_read.3:94 original/man3/ipq_set_mode.3:99 original/man3/ipq_set_verdict.3:86 original/man3/libipq.3:250
+#, no-wrap
+msgid "AUTHOR"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:78 original/man3/ipq_errstr.3:60 original/man3/ipq_message_type.3:130 original/man3/ipq_read.3:96 original/man3/ipq_set_mode.3:101 original/man3/ipq_set_verdict.3:88 original/man3/libipq.3:252
+msgid "James Morris E<lt>jmorris@intercode.com.auE<gt>"
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:78 original/man3/ipq_errstr.3:60 original/man3/ipq_message_type.3:130 original/man3/ipq_read.3:96 original/man3/ipq_set_mode.3:101 original/man3/ipq_set_verdict.3:88 original/man3/libipq.3:252
+#, no-wrap
+msgid "COPYRIGHT"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:80 original/man3/ipq_errstr.3:62 original/man3/ipq_message_type.3:132 original/man3/ipq_read.3:98 original/man3/ipq_set_mode.3:103 original/man3/ipq_set_verdict.3:90 original/man3/libipq.3:254
+msgid "Copyright (c) 2000-2001 Netfilter Core Team."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:82 original/man3/ipq_errstr.3:64 original/man3/ipq_message_type.3:134 original/man3/ipq_read.3:100 original/man3/ipq_set_mode.3:105 original/man3/ipq_set_verdict.3:92 original/man3/libipq.3:256
+msgid "Distributed under the GNU General Public License."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:82 original/man3/ipq_errstr.3:64 original/man3/ipq_message_type.3:134 original/man3/ipq_read.3:102 original/man3/ipq_set_mode.3:105 original/man3/ipq_set_verdict.3:92 original/man3/libipq.3:262
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:84 original/man3/ipq_errstr.3:66 original/man3/ipq_message_type.3:136 original/man3/ipq_set_verdict.3:95
+msgid "B<iptables>(8), B<libipq>(3)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_errstr.3:1
+#, no-wrap
+msgid "IPQ_ERRSTR"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:24
+msgid "ipq_errstr, ipq_perror - libipq error handling routines"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:30
+msgid "B<char *ipq_errstr(>I<void>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:32
+msgid "B<void ipq_perror(const char *>I<s>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:40
+msgid ""
+"The B<ipq_errstr> function returns a descriptive error message based on the "
+"current value of the internal B<ipq_errno> variable. All libipq API "
+"functions set this internal variable upon failure."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:53
+msgid ""
+"The B<ipq_perror> function prints an error message to stderr corresponding "
+"to the current value of the internal B<ipq_error> variable, and the global "
+"B<errno> variable (if set). The error message is prefixed with the string "
+"I<s> as supplied by the application. If I<s> is NULL, the error message is "
+"prefixed with the string \"ERROR\"."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_errstr.3:53 original/man3/ipq_read.3:66 original/man3/ipq_set_mode.3:70 original/man3/ipq_set_verdict.3:75
+#, no-wrap
+msgid "RETURN VALUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:56
+msgid "B<ipq_errstr> returns an error message as outlined above."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_message_type.3:1
+#, no-wrap
+msgid "IPQ_MESSAGE_TYPE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:24
+msgid "ipq_message_type, ipq_get_packet, ipq_getmsgerr - query queue messages"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:30
+msgid "B<int ipq_message_type(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:32
+msgid "B<ipq_packet_msg_t *ipq_get_packet(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:34
+msgid "B<int ipq_get_msgerr(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:40
+msgid ""
+"The B<ipq_message_type> function returns the type of queue message returned "
+"to userspace via B<ipq_read>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:50
+msgid ""
+"B<ipq_message_type> should always be called following a successful call to "
+"B<ipq_read> to determine whether the message is a packet message or an error "
+"message. The I<buf> parameter should be the same data obtained from the "
+"previous call to B<ipq_read>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:53
+msgid "B<ipq_message_type> will return one of the following values:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_message_type.3:53
+#, no-wrap
+msgid "B<NLMSG_ERROR>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:56
+msgid "An error message generated by the Netlink transport."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_message_type.3:57
+#, no-wrap
+msgid "B<IPQM_PACKET>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:60
+msgid ""
+"A packet message containing packet metadata and optional packet payload "
+"data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:74
+msgid ""
+"The B<ipq_get_packet> function should be called if B<ipq_message_type> "
+"returns B<IPQM_PACKET>. The I<buf> parameter should point to the same data "
+"used for the call to B<ipq_message_type>. The pointer returned by "
+"B<ipq_get_packet> points to a packet message, which is declared as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:92
+#, no-wrap
+msgid ""
+"typedef struct ipq_packet_msg {\n"
+"\tunsigned long packet_id; /* ID of queued packet */\n"
+"\tunsigned long mark; /* Netfilter mark value */\n"
+"\tlong timestamp_sec; /* Packet arrival time (seconds) */\n"
+"\tlong timestamp_usec; /* Packet arrvial time (+useconds) */\n"
+"\tunsigned int hook; /* Netfilter hook we rode in on */\n"
+"\tchar indev_name[IFNAMSIZ]; /* Name of incoming interface */\n"
+"\tchar outdev_name[IFNAMSIZ]; /* Name of outgoing interface */\n"
+"\tunsigned short hw_protocol; /* Hardware protocol (network order) */\n"
+"\tunsigned short hw_type; /* Hardware type */\n"
+"\tunsigned char hw_addrlen; /* Hardware address length */\n"
+"\tunsigned char hw_addr[8]; /* Hardware address */\n"
+"\tsize_t data_len; /* Length of packet data */\n"
+"\tunsigned char payload[0]; /* Optional packet data */\n"
+"} ipq_packet_msg_t;\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:105
+msgid ""
+"Each of these fields may be read by the application. If the queue mode is "
+"B<IPQ_COPY_PACKET> and the I<data_len> value is greater than zero, the "
+"packet payload contents may be accessed in the memory following the "
+"B<ipq_packet_msg_t> structure to a range of I<data_len.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:110
+msgid ""
+"The I<packet_id> field contains a packet identifier to be used when calling "
+"B<ipq_set_verdict>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:126
+msgid ""
+"The B<ipq_get_msgerr> function should be called if B<ipq_message_type> "
+"returns B<NLMSG_ERROR.> The I<buf> parameter should point to the same data "
+"used for the call to B<ipq_message_type>. The value returned by "
+"B<ipq_get_msgerr> is set by higher level kernel code and corresponds to "
+"standard B<errno> values."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_read.3:1
+#, no-wrap
+msgid "IPQ_READ"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:24
+msgid "ipq_read - read queue messages from ip_queue and read into supplied buffer"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:30
+msgid ""
+"B<ssize_t ipq_read(const struct ipq_handle *>I<h>B<, unsigned char "
+"*>I<buf>B<, size_t >I<len>B<, int >I<timeout>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:38
+msgid ""
+"The B<ipq_read> function reads a queue message from the kernel and copies it "
+"to the memory pointed to by I<buf> to a maximum length of I<len>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:44 original/man3/ipq_set_mode.3:42 original/man3/ipq_set_verdict.3:43
+msgid ""
+"The I<h> parameter is a context handle which must previously have been "
+"returned successfully from a call to B<ipq_create_handle>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:50
+msgid ""
+"The caller is responsible for ensuring that the memory pointed to by I<buf> "
+"is large enough to contain I<len> bytes."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:58
+msgid ""
+"The I<timeout> parameter may be used to set a timeout for the operation, "
+"specified in microseconds. This is implemented internally by the library "
+"via the B<select> system call. A value of zero provides normal, "
+"backwards-compatible blocking behaviour with no timeout. A negative value "
+"causes the function to return immediately."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:66
+msgid ""
+"Data returned via I<buf> should not be accessed directly. Use the "
+"B<ipq_message_type>, B<ipq_get_packet>, and B<ipq_get_msgerr> functions to "
+"access the queue message in the buffer."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:71
+msgid ""
+"On success, a non-zero positive value is returned when no timeout value is "
+"specified."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:78
+msgid ""
+"On success with a timeout value specified, zero is returned if no data was "
+"available to read, or if a non-blocked signal was caught. In the latter "
+"case, the global B<errno> value will be set to B<EINTR>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:83 original/man3/ipq_set_verdict.3:84
+msgid ""
+"On error, a descriptive error message will be available via the "
+"B<ipq_errstr> function."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_read.3:83 original/man3/ipq_set_mode.3:79 original/man3/libipq.3:233
+#, no-wrap
+msgid "DIAGNOSTICS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:92
+msgid ""
+"While the B<ipq_read> function may return successfully, the queue message "
+"copied to the buffer may itself be an error message from a higher level "
+"kernel component. Use B<ipq_message_type> to determine if it is an error "
+"message, and B<ipq_get_msgerr> to access the value of the message."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_read.3:100 original/man3/libipq.3:256
+#, no-wrap
+msgid "CREDITS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:102
+msgid ""
+"Joost Remijn implemented the timeout feature, which appeared in the 1.2.4 "
+"release of iptables."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:106
+msgid "B<iptables>(8), B<libipq>(3), B<select>(2)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_set_mode.3:1
+#, no-wrap
+msgid "IPQ_SET_MODE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:24
+msgid "ipq_set_mode - set the ip_queue queuing mode"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:30
+msgid ""
+"B<int ipq_set_mode(const struct ipq_handle *>I<h>B<, u_int8_t >I<mode>B<, "
+"size_t >I<range>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:36
+msgid ""
+"The B<ipq_set_mode> function sends a message to the kernel ip_queue module, "
+"specifying whether packet metadata only, or packet payloads as well as "
+"metadata should be copied to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:46
+msgid "The I<mode> parameter must be one of:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_mode.3:46
+#, no-wrap
+msgid "B<IPQ_COPY_META>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:49
+msgid "Copy only packet metadata to userspace."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_mode.3:49
+#, no-wrap
+msgid "B<IPQ_COPY_PACKET>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:52
+msgid "Copy packet metadata and packet payloads to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:61
+msgid ""
+"The I<range> parameter is used to specify how many bytes of the payload to "
+"copy to userspace. It is only valid for B<IPQ_COPY_PACKET> mode and is "
+"otherwise ignored. The maximum useful value for I<range> is 65535 (greater "
+"values will be clamped to this by ip_queue)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:66
+msgid ""
+"B<ipq_set_mode> is usually used immediately following B<ipq_create_handle> "
+"to enable the flow of packets to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:70
+msgid ""
+"Note that as the underlying Netlink messaging transport is connectionless, "
+"the ip_queue module does not know that a userspace application is ready to "
+"communicate until it receives a message such as this."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:74 original/man3/ipq_set_verdict.3:79
+msgid "On success, a non-zero positive value is returned."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:82
+msgid ""
+"A relatively common failure may occur if the ip_queue module is not loaded. "
+"In this case, the following code excerpt:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:91
+#, no-wrap
+msgid ""
+"status = ipq_set_mode(h, IPQ_COPY_META, 0);\n"
+"if (status E<lt> 0) {\n"
+"\tipq_perror(\"myapp\");\n"
+"\tipq_destroy_handle(h);\n"
+"\texit(1);\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:95
+msgid "would generate the following output:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:97
+msgid "I<myapp: Failed to send netlink message: Connection refused>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:107
+msgid "B<libipq>(3), B<iptables>(8)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_set_verdict.3:1
+#, no-wrap
+msgid "IPQ_SET_VERDICT"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:24
+msgid "ipq_set_verdict - issue verdict and optionally modified packet to kernel"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:30
+msgid ""
+"B<int ipq_set_verdict(const struct ipq_handle *>I<h>B<, ipq_id_t >I<id>B<, "
+"unsigned int >I<verdict>B<, size_t >I<data_len>B<, unsigned char "
+"*>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:37
+msgid ""
+"The B<ipq_set_verdict> function issues a verdict on a packet previously "
+"obtained with B<ipq_read>, specifing the intended disposition of the packet, "
+"and optionally supplying a modified version of the payload data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:48
+msgid "The I<id> parameter is the packet identifier obtained via B<ipq_get_packet>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:52
+msgid "The I<verdict> parameter must be one of:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_verdict.3:52
+#, no-wrap
+msgid "B<NF_ACCEPT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:55
+msgid "Accept the packet and continue traversal within the kernel."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_verdict.3:56
+#, no-wrap
+msgid "B<NF_DROP>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:59
+msgid "Drop the packet."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:66
+msgid ""
+"The I<data_len> parameter is the length of the data pointed to by I<buf>, "
+"the optional replacement payload data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:72
+msgid ""
+"If simply setting a verdict without modifying the payload data, use zero for "
+"I<data_len> and NULL for I<buf>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:75
+msgid ""
+"The application is responsible for recalculating any packet checksums when "
+"modifying packets."
+msgstr ""
+
+#. type: TH
+#: original/man3/libipq.3:1
+#, no-wrap
+msgid "LIBIPQ"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:24
+msgid "libipq - iptables userspace packet queuing library."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:30
+msgid "libipq is a development library for iptables userspace packet queuing."
+msgstr ""
+
+#. type: SS
+#: original/man3/libipq.3:30
+#, no-wrap
+msgid "Userspace Packet Queuing"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:36
+msgid ""
+"Netfilter provides a mechanism for passing packets out of the stack for "
+"queueing to userspace, then receiving these packets back into the kernel "
+"with a verdict specifying what to do with the packets (such as ACCEPT or "
+"DROP). These packets may also be modified in userspace prior to reinjection "
+"back into the kernel."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:41
+msgid ""
+"For each supported protocol, a kernel module called a I<queue handler> may "
+"register with Netfilter to perform the mechanics of passing packets to and "
+"from userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:45
+msgid ""
+"The standard queue handler for IPv4 is ip_queue. It is provided as an "
+"experimental module with 2.4 kernels, and uses a Netlink socket for "
+"kernel/userspace communication."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:49
+msgid ""
+"Once ip_queue is loaded, IP packets may be selected with iptables and queued "
+"for userspace processing via the QUEUE target. For example, running the "
+"following commands:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:51
+msgid " # modprobe iptable_filter"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:53
+msgid " # modprobe ip_queue"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:55
+msgid " # iptables -A OUTPUT -p icmp -j QUEUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:60
+msgid ""
+"will cause any locally generated ICMP packets (e.g. ping output) to be sent "
+"to the ip_queue module, which will then attempt to deliver the packets to a "
+"userspace application. If no userspace application is waiting, the packets "
+"will be dropped"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:62
+msgid "An application may receive and process these packets via libipq."
+msgstr ""
+
+#. type: SS
+#: original/man3/libipq.3:64
+#, no-wrap
+msgid "Libipq Overview"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:68
+msgid ""
+"Libipq provides an API for communicating with ip_queue. The following is an "
+"overview of API usage, refer to individual man pages for more details on "
+"each function."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:70
+msgid "B<Initialisation>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:75
+msgid ""
+"To initialise the library, call B<ipq_create_handle>(3). This will attempt "
+"to bind to the Netlink socket used by ip_queue and return an opaque context "
+"handle for subsequent library calls."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:77
+msgid "B<Setting the Queue Mode>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:83
+msgid ""
+"B<ipq_set_mode>(3) allows the application to specify whether packet "
+"metadata, or packet payloads as well as metadata are copied to userspace. "
+"It is also used to initially notify ip_queue that an application is ready to "
+"receive queue messages."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:85
+msgid "B<Receiving Packets from the Queue>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:93
+msgid ""
+"B<ipq_read>(3) waits for queue messages to arrive from ip_queue and copies "
+"them into a supplied buffer. Queue messages may be I<packet messages> or "
+"I<error messages.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:96
+msgid "The type of packet may be determined with B<ipq_message_type>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:99
+msgid ""
+"If it's a packet message, the metadata and optional payload may be retrieved "
+"with B<ipq_get_packet>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:102
+msgid "To retrieve the value of an error message, use B<ipq_get_msgerr>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:104
+msgid "B<Issuing Verdicts on Packets>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:108
+msgid ""
+"To issue a verdict on a packet, and optionally return a modified version of "
+"the packet to the kernel, call B<ipq_set_verdict>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:110
+msgid "B<Error Handling>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:116
+msgid ""
+"An error string corresponding to the current value of the internal error "
+"variable B<ipq_errno> may be obtained with B<ipq_errstr>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:124
+msgid ""
+"For simple applications, calling B<ipq_perror>(3) will print the same "
+"message as B<ipq_errstr>(3), as well as the string corresponding to the "
+"global B<errno> value (if set) to stderr."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:126
+msgid "B<Cleaning Up>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:130
+msgid ""
+"To free up the Netlink socket and destroy resources associated with the "
+"context handle, call B<ipq_destroy_handle>(3)."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:130
+#, no-wrap
+msgid "SUMMARY"
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:131
+#, no-wrap
+msgid "B<ipq_create_handle>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:134
+msgid "Initialise library, return context handle."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:134
+#, no-wrap
+msgid "B<ipq_set_mode>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:138
+msgid ""
+"Set the queue mode, to copy either packet metadata, or payloads as well as "
+"metadata to userspace."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:138
+#, no-wrap
+msgid "B<ipq_read>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:142
+msgid "Wait for a queue message to arrive from ip_queue and read it into a buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:142
+#, no-wrap
+msgid "B<ipq_message_type>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:145
+msgid "Determine message type in the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:145
+#, no-wrap
+msgid "B<ipq_get_packet>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:148
+msgid "Retrieve a packet message from the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:148
+#, no-wrap
+msgid "B<ipq_get_msgerr>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:151
+msgid "Retrieve an error message from the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:151
+#, no-wrap
+msgid "B<ipq_set_verdict>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:154
+msgid "Set a verdict on a packet, optionally replacing its contents."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:154
+#, no-wrap
+msgid "B<ipq_errstr>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:157
+msgid "Return an error message corresponding to the internal ipq_errno variable."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:157
+#, no-wrap
+msgid "B<ipq_perror>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:160
+msgid "Helper function to print error messages to stderr."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:160
+#, no-wrap
+msgid "B<ipq_destroy_handle>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:163
+msgid "Destroy context handle and associated resources."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:163
+#, no-wrap
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:166
+msgid ""
+"The following is an example of a simple application which receives packets "
+"and issues NF_ACCEPT verdicts on each packet."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:174
+#, no-wrap
+msgid ""
+"/*\n"
+" * This code is GPL.\n"
+" */\n"
+"#include E<lt>linux/netfilter.hE<gt>\n"
+"#include E<lt>libipq.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:176
+#, no-wrap
+msgid "#define BUFSIZE 2048 \n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:183
+#, no-wrap
+msgid ""
+"static void die(struct ipq_handle *h)\n"
+"{\n"
+"\tipq_perror(\"passer\");\n"
+"\tipq_destroy_handle(h);\n"
+"\texit(1);\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:228
+#, no-wrap
+msgid ""
+"int main(int argc, char **argv)\n"
+"{\n"
+"\tint status;\n"
+"\tunsigned char buf[BUFSIZE];\n"
+"\tstruct ipq_handle *h;\n"
+"\t\n"
+"\th = ipq_create_handle(0, PF_INET);\n"
+"\tif (!h)\n"
+"\t\tdie(h);\n"
+"\t\t\n"
+"\tstatus = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);\n"
+"\tif (status E<lt> 0)\n"
+"\t\tdie(h);\n"
+"\t\t\n"
+"\tdo{\n"
+"\t\tstatus = ipq_read(h, buf, BUFSIZE, 0);\n"
+"\t\tif (status E<lt> 0)\n"
+"\t\t\tdie(h);\n"
+"\t\t\t\n"
+"\t\tswitch (ipq_message_type(buf)) {\n"
+"\t\t\tcase NLMSG_ERROR:\n"
+"\t\t\t\tfprintf(stderr, \"Received error message %d\\en\",\n"
+"\t\t\t\t ipq_get_msgerr(buf));\n"
+"\t\t\t\tbreak;\n"
+"\t\t\t\t\n"
+"\t\t\tcase IPQM_PACKET: {\n"
+"\t\t\t\tipq_packet_msg_t *m = ipq_get_packet(buf);\n"
+"\t\t\t\t\n"
+"\t\t\t\tstatus = ipq_set_verdict(h, m-E<gt>packet_id,\n"
+"\t\t\t\t NF_ACCEPT, 0, NULL);\n"
+"\t\t\t\tif (status E<lt> 0)\n"
+"\t\t\t\t\tdie(h);\n"
+"\t\t\t\tbreak;\n"
+"\t\t\t}\n"
+"\t\t\t\n"
+"\t\t\tdefault:\n"
+"\t\t\t\tfprintf(stderr, \"Unknown message type!\\en\");\n"
+"\t\t\t\tbreak;\n"
+"\t\t}\n"
+"\t} while (1);\n"
+"\t\n"
+"\tipq_destroy_handle(h);\n"
+"\treturn 0;\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:233
+msgid ""
+"Pointers to more libipq application examples may be found in The Netfilter "
+"FAQ."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:236
+msgid ""
+"For information about monitoring and tuning ip_queue, refer to the Linux 2.4 "
+"Packet Filtering HOWTO."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:240
+msgid ""
+"If an application modifies a packet, it needs to also update any checksums "
+"for the packet. Typically, the kernel will silently discard modified "
+"packets with invalid checksums."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:240
+#, no-wrap
+msgid "SECURITY"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:244
+msgid ""
+"Processes require CAP_NET_ADMIN capabilty to access the kernel ip_queue "
+"module. Such processes can potentially access and modify any IP packets "
+"received, generated or forwarded by the kernel."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:244
+#, no-wrap
+msgid "TODO"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:248
+msgid "Per-handle B<ipq_errno> values."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:250
+msgid "Probably."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:260
+msgid ""
+"Joost Remijn implemented the B<ipq_read> timeout feature, which appeared in "
+"the 1.2.4 release of iptables."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:262
+msgid "Fernando Anton added support for IPv6."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:274
+msgid ""
+"B<iptables>(8), B<ipq_create_handle>(3), B<ipq_destroy_handle>(3), "
+"B<ipq_errstr>(3), B<ipq_get_msgerr>(3), B<ipq_get_packet>(3), "
+"B<ipq_message_type>(3), B<ipq_perror>(3), B<ipq_read>(3), "
+"B<ipq_set_mode>(3), B<ipq_set_verdict>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:279
+msgid ""
+"The Netfilter home page at http://netfilter.samba.org/ which has links to "
+"The Networking Concepts HOWTO, The Linux 2.4 Packet Filtering HOWTO, The "
+"Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO, The Netfilter FAQ and many "
+"other useful resources."
+msgstr ""
--- /dev/null
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2012-05-09 02:19+0900\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1
+#, no-wrap
+msgid "IPQ_CREATE_HANDLE"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "16 October 2001"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "Linux iptables 1.2"
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_create_handle.3:1 original/man3/ipq_errstr.3:1 original/man3/ipq_message_type.3:1 original/man3/ipq_read.3:1 original/man3/ipq_set_mode.3:1 original/man3/ipq_set_verdict.3:1 original/man3/libipq.3:1
+#, no-wrap
+msgid "Linux Programmer's Manual"
+msgstr ""
+
+#
+#. $Id: libipq.3,v 1.5 2001/11/24 15:09:20 jamesm Exp $
+#
+#. Copyright (c) 2000-2001 Netfilter Core Team
+#
+#. This program is free software; you can redistribute it and/or modify
+#. it under the terms of the GNU General Public License as published by
+#. the Free Software Foundation; either version 2 of the License, or
+#. (at your option) any later version.
+#
+#. This program is distributed in the hope that it will be useful,
+#. but WITHOUT ANY WARRANTY; without even the implied warranty of
+#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#. GNU General Public License for more details.
+#
+#. You should have received a copy of the GNU General Public License
+#. along with this program; if not, write to the Free Software
+#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#. type: SH
+#: original/man3/ipq_create_handle.3:22 original/man3/ipq_errstr.3:22 original/man3/ipq_message_type.3:22 original/man3/ipq_read.3:22 original/man3/ipq_set_mode.3:22 original/man3/ipq_set_verdict.3:22 original/man3/libipq.3:22
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:24
+msgid "ipq_create_handle, ipq_destroy_handle - create and destroy libipq handles."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:24 original/man3/ipq_errstr.3:24 original/man3/ipq_message_type.3:24 original/man3/ipq_read.3:24 original/man3/ipq_set_mode.3:24 original/man3/ipq_set_verdict.3:24 original/man3/libipq.3:24
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:26 original/man3/ipq_errstr.3:26 original/man3/ipq_message_type.3:26 original/man3/ipq_read.3:26 original/man3/ipq_set_mode.3:26 original/man3/ipq_set_verdict.3:26 original/man3/libipq.3:26
+msgid "B<#include E<lt>linux/netfilter.hE<gt>>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:28 original/man3/ipq_errstr.3:28 original/man3/ipq_message_type.3:28 original/man3/ipq_read.3:28 original/man3/ipq_set_mode.3:28 original/man3/ipq_set_verdict.3:28 original/man3/libipq.3:28
+msgid "B<#include E<lt>libipq.hE<gt>>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:30
+msgid ""
+"B<struct ipq_handle *ipq_create_handle(u_int32_t >I<flags>B<, u_int32_t "
+">I<protocol>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:32
+msgid "B<int ipq_destroy_handle(struct ipq_handle *>I<h>B<);>"
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:32 original/man3/ipq_errstr.3:32 original/man3/ipq_message_type.3:34 original/man3/ipq_read.3:30 original/man3/ipq_set_mode.3:30 original/man3/ipq_set_verdict.3:30 original/man3/libipq.3:28
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:40
+msgid ""
+"The B<ipq_create_handle> function initialises libipq for an application, "
+"attempts to bind to the Netlink socket used by ip_queue, and returns an "
+"opaque context handle. It should be the first libipq function to be called "
+"by an application. The handle returned should be used in all subsequent "
+"library calls which require a handle parameter."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:45
+msgid ""
+"The I<flags> parameter is not currently used and should be set to zero by "
+"the application for forward compatibility."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:51
+msgid ""
+"The I<protocol> parameter is used to specify the protocol of the packets to "
+"be queued. Valid values are PF_INET for IPv4 and PF_INET6 for IPv6. "
+"Currently, only one protocol may be queued at a time for a handle."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:57
+msgid ""
+"The B<ipq_destroy_handle> function frees up resources allocated by "
+"B<ipq_create_handle>, and should be used when the handle is no longer "
+"required by the application."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:57
+#, no-wrap
+msgid "RETURN VALUES"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:61
+msgid "On success, B<ipq_create_handle> returns a pointer to a context handle."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:63
+msgid "On failure, NULL is returned."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:67
+msgid "On success, B<ipq_destroy_handle> returns zero."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:69 original/man3/ipq_read.3:68 original/man3/ipq_set_mode.3:72 original/man3/ipq_set_verdict.3:77
+msgid "On failure, -1 is returned."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:69 original/man3/ipq_read.3:78 original/man3/ipq_set_mode.3:74 original/man3/ipq_set_verdict.3:79
+#, no-wrap
+msgid "ERRORS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:74 original/man3/ipq_set_mode.3:79
+msgid ""
+"On failure, a descriptive error message will be available via the "
+"B<ipq_errstr> function."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:74 original/man3/ipq_errstr.3:56 original/man3/ipq_message_type.3:126 original/man3/ipq_read.3:92 original/man3/ipq_set_mode.3:97 original/man3/ipq_set_verdict.3:84 original/man3/libipq.3:248
+#, no-wrap
+msgid "BUGS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:76 original/man3/ipq_errstr.3:58 original/man3/ipq_message_type.3:128 original/man3/ipq_read.3:94 original/man3/ipq_set_mode.3:99 original/man3/ipq_set_verdict.3:86
+msgid "None known."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:76 original/man3/ipq_errstr.3:58 original/man3/ipq_message_type.3:128 original/man3/ipq_read.3:94 original/man3/ipq_set_mode.3:99 original/man3/ipq_set_verdict.3:86 original/man3/libipq.3:250
+#, no-wrap
+msgid "AUTHOR"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:78 original/man3/ipq_errstr.3:60 original/man3/ipq_message_type.3:130 original/man3/ipq_read.3:96 original/man3/ipq_set_mode.3:101 original/man3/ipq_set_verdict.3:88 original/man3/libipq.3:252
+msgid "James Morris E<lt>jmorris@intercode.com.auE<gt>"
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:78 original/man3/ipq_errstr.3:60 original/man3/ipq_message_type.3:130 original/man3/ipq_read.3:96 original/man3/ipq_set_mode.3:101 original/man3/ipq_set_verdict.3:88 original/man3/libipq.3:252
+#, no-wrap
+msgid "COPYRIGHT"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:80 original/man3/ipq_errstr.3:62 original/man3/ipq_message_type.3:132 original/man3/ipq_read.3:98 original/man3/ipq_set_mode.3:103 original/man3/ipq_set_verdict.3:90 original/man3/libipq.3:254
+msgid "Copyright (c) 2000-2001 Netfilter Core Team."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:82 original/man3/ipq_errstr.3:64 original/man3/ipq_message_type.3:134 original/man3/ipq_read.3:100 original/man3/ipq_set_mode.3:105 original/man3/ipq_set_verdict.3:92 original/man3/libipq.3:256
+msgid "Distributed under the GNU General Public License."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_create_handle.3:82 original/man3/ipq_errstr.3:64 original/man3/ipq_message_type.3:134 original/man3/ipq_read.3:102 original/man3/ipq_set_mode.3:105 original/man3/ipq_set_verdict.3:92 original/man3/libipq.3:262
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_create_handle.3:84 original/man3/ipq_errstr.3:66 original/man3/ipq_message_type.3:136 original/man3/ipq_set_verdict.3:95
+msgid "B<iptables>(8), B<libipq>(3)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_errstr.3:1
+#, no-wrap
+msgid "IPQ_ERRSTR"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:24
+msgid "ipq_errstr, ipq_perror - libipq error handling routines"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:30
+msgid "B<char *ipq_errstr(>I<void>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:32
+msgid "B<void ipq_perror(const char *>I<s>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:40
+msgid ""
+"The B<ipq_errstr> function returns a descriptive error message based on the "
+"current value of the internal B<ipq_errno> variable. All libipq API "
+"functions set this internal variable upon failure."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:53
+msgid ""
+"The B<ipq_perror> function prints an error message to stderr corresponding "
+"to the current value of the internal B<ipq_error> variable, and the global "
+"B<errno> variable (if set). The error message is prefixed with the string "
+"I<s> as supplied by the application. If I<s> is NULL, the error message is "
+"prefixed with the string \"ERROR\"."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_errstr.3:53 original/man3/ipq_read.3:66 original/man3/ipq_set_mode.3:70 original/man3/ipq_set_verdict.3:75
+#, no-wrap
+msgid "RETURN VALUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_errstr.3:56
+msgid "B<ipq_errstr> returns an error message as outlined above."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_message_type.3:1
+#, no-wrap
+msgid "IPQ_MESSAGE_TYPE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:24
+msgid "ipq_message_type, ipq_get_packet, ipq_getmsgerr - query queue messages"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:30
+msgid "B<int ipq_message_type(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:32
+msgid "B<ipq_packet_msg_t *ipq_get_packet(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:34
+msgid "B<int ipq_get_msgerr(const unsigned char *>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:40
+msgid ""
+"The B<ipq_message_type> function returns the type of queue message returned "
+"to userspace via B<ipq_read>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:50
+msgid ""
+"B<ipq_message_type> should always be called following a successful call to "
+"B<ipq_read> to determine whether the message is a packet message or an error "
+"message. The I<buf> parameter should be the same data obtained from the "
+"previous call to B<ipq_read>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:53
+msgid "B<ipq_message_type> will return one of the following values:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_message_type.3:53
+#, no-wrap
+msgid "B<NLMSG_ERROR>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:56
+msgid "An error message generated by the Netlink transport."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_message_type.3:57
+#, no-wrap
+msgid "B<IPQM_PACKET>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:60
+msgid ""
+"A packet message containing packet metadata and optional packet payload "
+"data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:74
+msgid ""
+"The B<ipq_get_packet> function should be called if B<ipq_message_type> "
+"returns B<IPQM_PACKET>. The I<buf> parameter should point to the same data "
+"used for the call to B<ipq_message_type>. The pointer returned by "
+"B<ipq_get_packet> points to a packet message, which is declared as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:92
+#, no-wrap
+msgid ""
+"typedef struct ipq_packet_msg {\n"
+"\tunsigned long packet_id; /* ID of queued packet */\n"
+"\tunsigned long mark; /* Netfilter mark value */\n"
+"\tlong timestamp_sec; /* Packet arrival time (seconds) */\n"
+"\tlong timestamp_usec; /* Packet arrvial time (+useconds) */\n"
+"\tunsigned int hook; /* Netfilter hook we rode in on */\n"
+"\tchar indev_name[IFNAMSIZ]; /* Name of incoming interface */\n"
+"\tchar outdev_name[IFNAMSIZ]; /* Name of outgoing interface */\n"
+"\tunsigned short hw_protocol; /* Hardware protocol (network order) */\n"
+"\tunsigned short hw_type; /* Hardware type */\n"
+"\tunsigned char hw_addrlen; /* Hardware address length */\n"
+"\tunsigned char hw_addr[8]; /* Hardware address */\n"
+"\tsize_t data_len; /* Length of packet data */\n"
+"\tunsigned char payload[0]; /* Optional packet data */\n"
+"} ipq_packet_msg_t;\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:105
+msgid ""
+"Each of these fields may be read by the application. If the queue mode is "
+"B<IPQ_COPY_PACKET> and the I<data_len> value is greater than zero, the "
+"packet payload contents may be accessed in the memory following the "
+"B<ipq_packet_msg_t> structure to a range of I<data_len.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:110
+msgid ""
+"The I<packet_id> field contains a packet identifier to be used when calling "
+"B<ipq_set_verdict>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_message_type.3:126
+msgid ""
+"The B<ipq_get_msgerr> function should be called if B<ipq_message_type> "
+"returns B<NLMSG_ERROR.> The I<buf> parameter should point to the same data "
+"used for the call to B<ipq_message_type>. The value returned by "
+"B<ipq_get_msgerr> is set by higher level kernel code and corresponds to "
+"standard B<errno> values."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_read.3:1
+#, no-wrap
+msgid "IPQ_READ"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:24
+msgid "ipq_read - read queue messages from ip_queue and read into supplied buffer"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:30
+msgid ""
+"B<ssize_t ipq_read(const struct ipq_handle *>I<h>B<, unsigned char "
+"*>I<buf>B<, size_t >I<len>B<, int >I<timeout>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:38
+msgid ""
+"The B<ipq_read> function reads a queue message from the kernel and copies it "
+"to the memory pointed to by I<buf> to a maximum length of I<len>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:44 original/man3/ipq_set_mode.3:42 original/man3/ipq_set_verdict.3:43
+msgid ""
+"The I<h> parameter is a context handle which must previously have been "
+"returned successfully from a call to B<ipq_create_handle>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:50
+msgid ""
+"The caller is responsible for ensuring that the memory pointed to by I<buf> "
+"is large enough to contain I<len> bytes."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:58
+msgid ""
+"The I<timeout> parameter may be used to set a timeout for the operation, "
+"specified in microseconds. This is implemented internally by the library "
+"via the B<select> system call. A value of zero provides normal, "
+"backwards-compatible blocking behaviour with no timeout. A negative value "
+"causes the function to return immediately."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:66
+msgid ""
+"Data returned via I<buf> should not be accessed directly. Use the "
+"B<ipq_message_type>, B<ipq_get_packet>, and B<ipq_get_msgerr> functions to "
+"access the queue message in the buffer."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:71
+msgid ""
+"On success, a non-zero positive value is returned when no timeout value is "
+"specified."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:78
+msgid ""
+"On success with a timeout value specified, zero is returned if no data was "
+"available to read, or if a non-blocked signal was caught. In the latter "
+"case, the global B<errno> value will be set to B<EINTR>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:83 original/man3/ipq_set_verdict.3:84
+msgid ""
+"On error, a descriptive error message will be available via the "
+"B<ipq_errstr> function."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_read.3:83 original/man3/ipq_set_mode.3:79 original/man3/libipq.3:233
+#, no-wrap
+msgid "DIAGNOSTICS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:92
+msgid ""
+"While the B<ipq_read> function may return successfully, the queue message "
+"copied to the buffer may itself be an error message from a higher level "
+"kernel component. Use B<ipq_message_type> to determine if it is an error "
+"message, and B<ipq_get_msgerr> to access the value of the message."
+msgstr ""
+
+#. type: SH
+#: original/man3/ipq_read.3:100 original/man3/libipq.3:256
+#, no-wrap
+msgid "CREDITS"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:102
+msgid ""
+"Joost Remijn implemented the timeout feature, which appeared in the 1.2.4 "
+"release of iptables."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_read.3:106
+msgid "B<iptables>(8), B<libipq>(3), B<select>(2)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_set_mode.3:1
+#, no-wrap
+msgid "IPQ_SET_MODE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:24
+msgid "ipq_set_mode - set the ip_queue queuing mode"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:30
+msgid ""
+"B<int ipq_set_mode(const struct ipq_handle *>I<h>B<, u_int8_t >I<mode>B<, "
+"size_t >I<range>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:36
+msgid ""
+"The B<ipq_set_mode> function sends a message to the kernel ip_queue module, "
+"specifying whether packet metadata only, or packet payloads as well as "
+"metadata should be copied to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:46
+msgid "The I<mode> parameter must be one of:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_mode.3:46
+#, no-wrap
+msgid "B<IPQ_COPY_META>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:49
+msgid "Copy only packet metadata to userspace."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_mode.3:49
+#, no-wrap
+msgid "B<IPQ_COPY_PACKET>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:52
+msgid "Copy packet metadata and packet payloads to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:61
+msgid ""
+"The I<range> parameter is used to specify how many bytes of the payload to "
+"copy to userspace. It is only valid for B<IPQ_COPY_PACKET> mode and is "
+"otherwise ignored. The maximum useful value for I<range> is 65535 (greater "
+"values will be clamped to this by ip_queue)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:66
+msgid ""
+"B<ipq_set_mode> is usually used immediately following B<ipq_create_handle> "
+"to enable the flow of packets to userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:70
+msgid ""
+"Note that as the underlying Netlink messaging transport is connectionless, "
+"the ip_queue module does not know that a userspace application is ready to "
+"communicate until it receives a message such as this."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:74 original/man3/ipq_set_verdict.3:79
+msgid "On success, a non-zero positive value is returned."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:82
+msgid ""
+"A relatively common failure may occur if the ip_queue module is not loaded. "
+"In this case, the following code excerpt:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:91
+#, no-wrap
+msgid ""
+"status = ipq_set_mode(h, IPQ_COPY_META, 0);\n"
+"if (status E<lt> 0) {\n"
+"\tipq_perror(\"myapp\");\n"
+"\tipq_destroy_handle(h);\n"
+"\texit(1);\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:95
+msgid "would generate the following output:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:97
+msgid "I<myapp: Failed to send netlink message: Connection refused>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_mode.3:107
+msgid "B<libipq>(3), B<iptables>(8)."
+msgstr ""
+
+#. type: TH
+#: original/man3/ipq_set_verdict.3:1
+#, no-wrap
+msgid "IPQ_SET_VERDICT"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:24
+msgid "ipq_set_verdict - issue verdict and optionally modified packet to kernel"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:30
+msgid ""
+"B<int ipq_set_verdict(const struct ipq_handle *>I<h>B<, ipq_id_t >I<id>B<, "
+"unsigned int >I<verdict>B<, size_t >I<data_len>B<, unsigned char "
+"*>I<buf>B<);>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:37
+msgid ""
+"The B<ipq_set_verdict> function issues a verdict on a packet previously "
+"obtained with B<ipq_read>, specifing the intended disposition of the packet, "
+"and optionally supplying a modified version of the payload data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:48
+msgid "The I<id> parameter is the packet identifier obtained via B<ipq_get_packet>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:52
+msgid "The I<verdict> parameter must be one of:"
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_verdict.3:52
+#, no-wrap
+msgid "B<NF_ACCEPT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:55
+msgid "Accept the packet and continue traversal within the kernel."
+msgstr ""
+
+#. type: TP
+#: original/man3/ipq_set_verdict.3:56
+#, no-wrap
+msgid "B<NF_DROP>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:59
+msgid "Drop the packet."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:66
+msgid ""
+"The I<data_len> parameter is the length of the data pointed to by I<buf>, "
+"the optional replacement payload data."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:72
+msgid ""
+"If simply setting a verdict without modifying the payload data, use zero for "
+"I<data_len> and NULL for I<buf>."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/ipq_set_verdict.3:75
+msgid ""
+"The application is responsible for recalculating any packet checksums when "
+"modifying packets."
+msgstr ""
+
+#. type: TH
+#: original/man3/libipq.3:1
+#, no-wrap
+msgid "LIBIPQ"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:24
+msgid "libipq - iptables userspace packet queuing library."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:30
+msgid "libipq is a development library for iptables userspace packet queuing."
+msgstr ""
+
+#. type: SS
+#: original/man3/libipq.3:30
+#, no-wrap
+msgid "Userspace Packet Queuing"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:36
+msgid ""
+"Netfilter provides a mechanism for passing packets out of the stack for "
+"queueing to userspace, then receiving these packets back into the kernel "
+"with a verdict specifying what to do with the packets (such as ACCEPT or "
+"DROP). These packets may also be modified in userspace prior to reinjection "
+"back into the kernel."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:41
+msgid ""
+"For each supported protocol, a kernel module called a I<queue handler> may "
+"register with Netfilter to perform the mechanics of passing packets to and "
+"from userspace."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:45
+msgid ""
+"The standard queue handler for IPv4 is ip_queue. It is provided as an "
+"experimental module with 2.4 kernels, and uses a Netlink socket for "
+"kernel/userspace communication."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:49
+msgid ""
+"Once ip_queue is loaded, IP packets may be selected with iptables and queued "
+"for userspace processing via the QUEUE target. For example, running the "
+"following commands:"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:51
+msgid " # modprobe iptable_filter"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:53
+msgid " # modprobe ip_queue"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:55
+msgid " # iptables -A OUTPUT -p icmp -j QUEUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:60
+msgid ""
+"will cause any locally generated ICMP packets (e.g. ping output) to be sent "
+"to the ip_queue module, which will then attempt to deliver the packets to a "
+"userspace application. If no userspace application is waiting, the packets "
+"will be dropped"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:62
+msgid "An application may receive and process these packets via libipq."
+msgstr ""
+
+#. type: SS
+#: original/man3/libipq.3:64
+#, no-wrap
+msgid "Libipq Overview"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:68
+msgid ""
+"Libipq provides an API for communicating with ip_queue. The following is an "
+"overview of API usage, refer to individual man pages for more details on "
+"each function."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:70
+msgid "B<Initialisation>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:75
+msgid ""
+"To initialise the library, call B<ipq_create_handle>(3). This will attempt "
+"to bind to the Netlink socket used by ip_queue and return an opaque context "
+"handle for subsequent library calls."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:77
+msgid "B<Setting the Queue Mode>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:83
+msgid ""
+"B<ipq_set_mode>(3) allows the application to specify whether packet "
+"metadata, or packet payloads as well as metadata are copied to userspace. "
+"It is also used to initially notify ip_queue that an application is ready to "
+"receive queue messages."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:85
+msgid "B<Receiving Packets from the Queue>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:93
+msgid ""
+"B<ipq_read>(3) waits for queue messages to arrive from ip_queue and copies "
+"them into a supplied buffer. Queue messages may be I<packet messages> or "
+"I<error messages.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:96
+msgid "The type of packet may be determined with B<ipq_message_type>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:99
+msgid ""
+"If it's a packet message, the metadata and optional payload may be retrieved "
+"with B<ipq_get_packet>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:102
+msgid "To retrieve the value of an error message, use B<ipq_get_msgerr>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:104
+msgid "B<Issuing Verdicts on Packets>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:108
+msgid ""
+"To issue a verdict on a packet, and optionally return a modified version of "
+"the packet to the kernel, call B<ipq_set_verdict>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:110
+msgid "B<Error Handling>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:116
+msgid ""
+"An error string corresponding to the current value of the internal error "
+"variable B<ipq_errno> may be obtained with B<ipq_errstr>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:124
+msgid ""
+"For simple applications, calling B<ipq_perror>(3) will print the same "
+"message as B<ipq_errstr>(3), as well as the string corresponding to the "
+"global B<errno> value (if set) to stderr."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:126
+msgid "B<Cleaning Up>"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:130
+msgid ""
+"To free up the Netlink socket and destroy resources associated with the "
+"context handle, call B<ipq_destroy_handle>(3)."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:130
+#, no-wrap
+msgid "SUMMARY"
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:131
+#, no-wrap
+msgid "B<ipq_create_handle>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:134
+msgid "Initialise library, return context handle."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:134
+#, no-wrap
+msgid "B<ipq_set_mode>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:138
+msgid ""
+"Set the queue mode, to copy either packet metadata, or payloads as well as "
+"metadata to userspace."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:138
+#, no-wrap
+msgid "B<ipq_read>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:142
+msgid "Wait for a queue message to arrive from ip_queue and read it into a buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:142
+#, no-wrap
+msgid "B<ipq_message_type>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:145
+msgid "Determine message type in the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:145
+#, no-wrap
+msgid "B<ipq_get_packet>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:148
+msgid "Retrieve a packet message from the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:148
+#, no-wrap
+msgid "B<ipq_get_msgerr>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:151
+msgid "Retrieve an error message from the buffer."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:151
+#, no-wrap
+msgid "B<ipq_set_verdict>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:154
+msgid "Set a verdict on a packet, optionally replacing its contents."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:154
+#, no-wrap
+msgid "B<ipq_errstr>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:157
+msgid "Return an error message corresponding to the internal ipq_errno variable."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:157
+#, no-wrap
+msgid "B<ipq_perror>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:160
+msgid "Helper function to print error messages to stderr."
+msgstr ""
+
+#. type: TP
+#: original/man3/libipq.3:160
+#, no-wrap
+msgid "B<ipq_destroy_handle>(3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:163
+msgid "Destroy context handle and associated resources."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:163
+#, no-wrap
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:166
+msgid ""
+"The following is an example of a simple application which receives packets "
+"and issues NF_ACCEPT verdicts on each packet."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:174
+#, no-wrap
+msgid ""
+"/*\n"
+" * This code is GPL.\n"
+" */\n"
+"#include E<lt>linux/netfilter.hE<gt>\n"
+"#include E<lt>libipq.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:176
+#, no-wrap
+msgid "#define BUFSIZE 2048 \n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:183
+#, no-wrap
+msgid ""
+"static void die(struct ipq_handle *h)\n"
+"{\n"
+"\tipq_perror(\"passer\");\n"
+"\tipq_destroy_handle(h);\n"
+"\texit(1);\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:228
+#, no-wrap
+msgid ""
+"int main(int argc, char **argv)\n"
+"{\n"
+"\tint status;\n"
+"\tunsigned char buf[BUFSIZE];\n"
+"\tstruct ipq_handle *h;\n"
+"\t\n"
+"\th = ipq_create_handle(0, PF_INET);\n"
+"\tif (!h)\n"
+"\t\tdie(h);\n"
+"\t\t\n"
+"\tstatus = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);\n"
+"\tif (status E<lt> 0)\n"
+"\t\tdie(h);\n"
+"\t\t\n"
+"\tdo{\n"
+"\t\tstatus = ipq_read(h, buf, BUFSIZE, 0);\n"
+"\t\tif (status E<lt> 0)\n"
+"\t\t\tdie(h);\n"
+"\t\t\t\n"
+"\t\tswitch (ipq_message_type(buf)) {\n"
+"\t\t\tcase NLMSG_ERROR:\n"
+"\t\t\t\tfprintf(stderr, \"Received error message %d\\en\",\n"
+"\t\t\t\t ipq_get_msgerr(buf));\n"
+"\t\t\t\tbreak;\n"
+"\t\t\t\t\n"
+"\t\t\tcase IPQM_PACKET: {\n"
+"\t\t\t\tipq_packet_msg_t *m = ipq_get_packet(buf);\n"
+"\t\t\t\t\n"
+"\t\t\t\tstatus = ipq_set_verdict(h, m-E<gt>packet_id,\n"
+"\t\t\t\t NF_ACCEPT, 0, NULL);\n"
+"\t\t\t\tif (status E<lt> 0)\n"
+"\t\t\t\t\tdie(h);\n"
+"\t\t\t\tbreak;\n"
+"\t\t\t}\n"
+"\t\t\t\n"
+"\t\t\tdefault:\n"
+"\t\t\t\tfprintf(stderr, \"Unknown message type!\\en\");\n"
+"\t\t\t\tbreak;\n"
+"\t\t}\n"
+"\t} while (1);\n"
+"\t\n"
+"\tipq_destroy_handle(h);\n"
+"\treturn 0;\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:233
+msgid ""
+"Pointers to more libipq application examples may be found in The Netfilter "
+"FAQ."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:236
+msgid ""
+"For information about monitoring and tuning ip_queue, refer to the Linux 2.4 "
+"Packet Filtering HOWTO."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:240
+msgid ""
+"If an application modifies a packet, it needs to also update any checksums "
+"for the packet. Typically, the kernel will silently discard modified "
+"packets with invalid checksums."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:240
+#, no-wrap
+msgid "SECURITY"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:244
+msgid ""
+"Processes require CAP_NET_ADMIN capabilty to access the kernel ip_queue "
+"module. Such processes can potentially access and modify any IP packets "
+"received, generated or forwarded by the kernel."
+msgstr ""
+
+#. type: SH
+#: original/man3/libipq.3:244
+#, no-wrap
+msgid "TODO"
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:248
+msgid "Per-handle B<ipq_errno> values."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:250
+msgid "Probably."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:260
+msgid ""
+"Joost Remijn implemented the B<ipq_read> timeout feature, which appeared in "
+"the 1.2.4 release of iptables."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:262
+msgid "Fernando Anton added support for IPv6."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:274
+msgid ""
+"B<iptables>(8), B<ipq_create_handle>(3), B<ipq_destroy_handle>(3), "
+"B<ipq_errstr>(3), B<ipq_get_msgerr>(3), B<ipq_get_packet>(3), "
+"B<ipq_message_type>(3), B<ipq_perror>(3), B<ipq_read>(3), "
+"B<ipq_set_mode>(3), B<ipq_set_verdict>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man3/libipq.3:279
+msgid ""
+"The Netfilter home page at http://netfilter.samba.org/ which has links to "
+"The Networking Concepts HOWTO, The Linux 2.4 Packet Filtering HOWTO, The "
+"Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO, The Netfilter FAQ and many "
+"other useful resources."
+msgstr ""
OSDN Git Service
