File: ipfwadm.8

package info (click to toggle)
manpages-ja 0.5.0.0.20080615-1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 20,508 kB
  • ctags: 1
  • sloc: sh: 13,690; perl: 157; makefile: 114
file content (430 lines) | stat: -rw-r--r-- 12,915 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
 
.\"
.\"	$Id: ipfwadm.8,v 1.9 1996/07/30 11:50:51 jos Exp $
.\"
.\"
.\"	Copyright (c) 1995,1996 by X/OS Experts in Open Systems BV.
.\"	All rights reserved.
.\"
.\"	Author: Jos Vos <jos@xos.nl>
.\"
.\"		X/OS Experts in Open Systems BV
.\"		Kruislaan 419
.\"		1098 VA  Amsterdam
.\"		The Netherlands
.\"
.\"		E-mail: info@xos.nl
.\"		WWW:    http://www.xos.nl/
.\"
.\"
.\"	This program is free software; you can redistribute it and/or modify
.\"	it under the terms of the GNU General Public License as published by
.\"	the Free Software Foundation; either version 2 of the License, or
.\"	(at your option) any later version.
.\"
.\"	This program is distributed in the hope that it will be useful,
.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\"	GNU General Public License for more details.
.\"
.\"	You should have received a copy of the GNU General Public License
.\"	along with this program; if not, write to the Free Software
.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\"
.TH IPFWADM 8 "July 30, 1996" "" ""
.SH ̾
ipfwadm \- IP ե䡼ȥδ
.SH 
.BR "ipfwadm -A " "ޥ ѥ᡼ [ץ]"
.br
.BR "ipfwadm -I " "ޥ ѥ᡼ [ץ]"
.br
.BR "ipfwadm -O " "ޥ ѥ᡼ [ץ]"
.br
.BR "ipfwadm -F " "ޥ ѥ᡼ [ץ]"
.br
.BR "ipfwadm -M " "[ -l | -s ] [ץ]"
.SH 
.B Ipfwadm
ϡLinuxͥǤIPե䡼ȥε§
ꡦĴ뤿ΤΤǤ롣
浬§4ĤμʬǤ롣Ϥʤ
IPѥåȤΥ(accounting of IP packets)
IPϥե䡼(the IP input firewall)
IPϥե䡼(the IP output firewall)
IPžե䡼(the IP forwarding firewall)
Ǥ롣
餽줾μϡ줾̤ξꥹȤ椵롣

ܺ٤
.IR ipfw (4)
򻲾Ȥλ
.SH ץ
.B ipfwadm
ǻǽʥץϤĤΥ롼פʬǤ롣
.SS "CATEGORIES"
ʲ˼ե饰ϥޥɤͿμꤹΤѤ롣:
.TP
.BR -A " [\fIdirection\fP]"
IPȵ§
ץȤơ
.I direction()
ꤹǤ
.RI ( in (),
.IR out (),
or
.IR both ()),
ꤵ줿ޤϽΥѥåȤΤߤȤ롣
ǥեȤǤ
.IR both ()
Ǥ롣
.TP
.B -I
IP ϥե䡼
.TP
.B -O
IP ϥե䡼
.TP
.B -F
IP žե䡼롣
.TP
.B -M
IP ޥ졼ꡣ


.B -l
(list:ꥹ) ޤ
.B -s
(set timeout values:ॢ) 
ޥɤȤȤ߹碌ǤΤ߻ѲǽǤ롣
.PP
̩ˤϡΥץΤĤɬꤹ
.SS COMMANDS
˼ץϼºݤưꤹΤǤ롣
ΤĤ񼰤Ǽ줿ˡǥޥɥ饤ˤƻꤹ롣
.TP
.BR -a " [\fIpolicy\fP]"
ꤷκǸ˰İʾξɲä롣
ȾξϡpolicyԤʤ
ե䡼ξϡʲ˼ΰĤꤹ
.IR accept() ,
.IR deny (Ե),
ޤ
.IR reject ()

() ȥǥƥ͡()Υۥ̾İʾ
ɥ쥹ǤäϤιͤ줦Ȥ߹碌ɲä롣
.TP
.BR -i " [\fIpolicy\fP]"
ꤷƬ˰İʾξ롣
ܺ٤ʽ񼰤ˤĤƤ
.B -a
򻲾Ȥλ
.TP
.BR -d " [\fIpolicy\fP]"
ꤷΤİʾξ롣
̣礤ȤƤɲ/ޥɤƱǤ롣
ꤹѥ᡼ϤǤɲ/ޥɤƱˤ
ۤʤ԰פȤʤꡢξϺʤ
ޤǽ˰פ롣
.TP
.B -l
ꤷΰɽ롣
Υޥɤ
.B -z
(reset counters to zero󥿤Σꥻå)ޥɤ
Ȥ߹碌ƻѤǤ 
ξ硢ѥåȤȥХȥ󥿤ϡߤͤɽľ
ꥻåȤ롣
.B -x
ץդʤȡѥåȤȥХȥ(ꤵƤ)

.IR  K
ޤ
.IR  M
ɽ롣
ǡ1K1000Ǥꡢ1M1000Ḳ롣(Ǥᤤ˴ݤ)

.B -e

.B -x
Υե饰¿εǽ⻲Ȥλ
.TP
.B -z
ꤷΥѥåȿȥХȿΥ󥿤ꥻåȤ롣
Υޥɤ
.B -l
(ꥹȡlist)ޥɤȤȤ߹碌ƻѤ¿Ǥ
.TP
.B -f
ꤷä롣
.TP
.BI -p " policy"
򤷤ե䡼륿פΥǥեȤ"policy"ѹ롣
Ϳ٤"policy"
.IR accept 
.IR deny 
ޤ
.IR reject 
ΰĤǤʤФʤʤ
ǥե"policy"ϰפ郎ʤ˻Ѥ롣
IPե䡼ˤΤͭǤ롣äƲ
.BR -I 
.BR -O 
ޤ
.B -F
Υե饰ȤȤ߹碌ǻѤ롣
.TP
.BI -s " tcp tcpfin udp"
IPޥ졼ɤǻѤ륿ॢͤѹ롣
ΥޥɤϾ3ĤΥѥ᡼ȤꡢϤ줾
äñ̤TCPFINѥåȤTCP
UDPѥåȤΥॢͤ򵭽Ҥ롣
ॢͤȤ0ꤷϡߤΥȥ
ѤƤͤΤޤްѤ롣
ϡ
.B -M
ե饰ȤȤ߹碌ǤΤͭǤ롣
.TP
.B -c
򤷤ե䡼ˤơIPѥåȤaccept()
deny (Ե)ޤreject ()Ǥ뤫ɤǧ롣
ϡ
.BR -I ,
.BR -O ,
ޤ
.B -F
ե饰ȤȤ߹碌ǤΤͭǤ롣
.TP
.B -h
Help(إ)Ǥ롣
ޥɤεˡ(ߤ˴ñ)ɽ롣
.SS PARAMETERS
ʲ˼ѥ᡼append(ɲ)insert()delete()
ޤcheck(ǧ)Ȥ߹碌ƻѲǽǤ롣
.TP
.BI "-P " protocol
ޤϳǧ٤ѥåȤΥץȥ򼨤
ҤǤץȥȤƤ
.IR tcp 
.IR udp 
.IR icmp 
ޤ
.IR all()
ΥץȥΤΰĤǤ롣
.I all
ꤷϤΥץ󤬾άƤˤȤꤦ
٤ƤΥץȥ뤬оݤˤʤ롣
.I All
check(ǧ)ޥɤȤȤ߹碌ѤϤʤǤ
.TP
.BR "-S " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]"
λ(ץ)
.I Address
host̾ͥåȥ̾IPɥ쥹ˤ꤬ǽǤ롣
.I mask
ϥͥåȥޥˤȿͤˤ꤬ǽǤꡢ
ͤˤϺ¦Υͥåȥޥӥåȿꤹ롣
äơޥ
.I 24

.IR 255.255.255.0 
Ǥ롣
.sp 0.5
ϰİʾΥݡȤޤICMPפޤࡣ
줾λservice̾portֹ桢ޤ(ͤǤ)ICMP
פǻǤ롣
ξϤλĤʬǵҤ
.I port
ϡportֹޤICMPפ򼨤
λ⡢portֹϰϤꤹϡ
.IR port : port 
ȡҤ롣
ˡ()ȥǥƥ͡()λǤport

.B IP_FW_MAX_PORTS
( 10)ĶƤϤʤʤ
ǡportϰϻξϣȿ롣
.sp 0.5
TCPUDPޤICMPѥåȤΡֺǽΥե饰ȤǤʤʬϾ
ե䡼˵Ĥ롣
ˤƤϡܰʹߤΥե饰Ȥ
̤˰졢ˡǥȤǤ롣
portֹ0xFFFF(65535)ܰʹߤTCPޤUDPѥåȤȤ
portֹ0xFFFFΥѥåȤϥŪѤ롣
0xFF (255)ICMPѥåȤܰʹߤΤȤư롣
ޤICMPפ0xFFΥѥåȤϥŪѤ롣
դ٤ϡҤޥɤץȥϡportۤ¤롣
portϲץȥȤȤ߹碌ǻѤ롣
.IR tcp 
.IR udp 
ޤ
.I icmp
.sp 0.5
Υץ󤬾ά줿ϡǥեȤΥɥ쥹/ͥåȥޥȤ
.I 0.0.0.0/0
(٤ƤΥɥ쥹Ŭ礹)ɥ쥹ȤƻѤ롣
åޥɤˤƤϤΥץɬܤǤꡢɬ1ĤΥݡȤ
ꤵƤʤФʤʤ
.TP
.BR "-D " "\fIaddress\fP[/\fImask\fP] [\fIport\fP ...]
ǥƥ͡()ꤹ롣(ץ)
ˡξܺ٤˴ؤƤ
.B -S
ˡάɸ͡¾λܤˤĤƤ(source)ե饰ι
Ȥλ
դ٤ϡICMPפ
.B -D
ե饰ȤȤ߹碌ǤϻѤǤʤʤ
.B -S
ե饰θ˻ꤹ
.TP
.BI "-V " address
ץȤơѥåȤޤ
ͳ륤󥿥եΥɥ쥹ꤹ롣
.I Address
host̾ǤͤˤIPɥ쥹Ǥ褤
host̾ꤵ줿ϡĤIPɥ쥹˳Ƥ롣
Υץ󤬾ά줿ϡɥ쥹
.I 0.0.0.0
ꤵ졢̤ˤɤΥ󥿥եɥ쥹Ŭ礵롣
åޥɤˤƤϤΥץɬܤǤ롣
.TP
.BI "-W " name
ץȤơѥåȤޤ
ͳ륤󥿥ե̾ꤹ롣
Υץ󤬾ά줿ϡ̾empty string(ʸ)
ꤵ졢̤ˤɤΥ󥿥ե̾Ŭ礵롣
åޥɤˤƤϤΥץɬܤǤ롣
.SS "OTHER OPTIONS"
ʲ˼ץ󤬻ѲǽǤ롣
.TP
.BI -b
Bidirectional()⡼ɡ

ꤷIPѥåȤŬ礹롣
Υץappend(ɲ)insert()ޤdelete()
ޥɤȤ߹碌ƻѲǽǤ롣
.TP
.BI -e
Extended output(ĥ)
Υץꤹlist(ꥹ)ޥɤǤνϤ
󥿥ե(⤷)ɽ롣
ե䡼ꥹȤˤƤϡѥåȤȥХȥ
(ǥեȤξ֤ǤϡԤäƤХȥ
Τߤɽ)TOSޥϤ롣
.BR -M 
ȤȤ߹碌ǻѤϡdelta sequence numbers˴Ϣ
ɽ롣
Υץlist(ꥹ)ޥɤȤȤ߹碌ǤΤͭǤ롣
.TP
.BI -k
TCPѥåȤACKӥåȤåȤƤΤΤŬ礹롣
(Υץ¾ΥץȥǤ̵뤵)
Υץappend(ɲ)insert()ޤdelete()
ޥɤȤ߹碌ƻѲǽǤ롣
.TP
.BI -m
žѤΥޥ졼ɥѥåȤεġ

Υץꤷ硢ѥåȤۥȤ
ΤǤХޥ졼ɥѥåȤȤư롣
ˡոΥѥåȤϼưŪ˵եޥ졼ɥѥåȤȤ
졢ե䡼Хѥ롣
Υץϡžե䡼ξ"policy"Ȥ
.I accept
(ޤϥǥեȤ"policy"Ȥ
.I accept
ꤵƤ)˻Ѳǽǡ˥ͥ륳ѥ

.B CONFIG_IP_MASQUERADE
ƤʤФʤʤ
.TP
.BI -n
Numeric output(ͤǤν)
IPɥ쥹portֹͤɽ롣
ǥեȤǤϡ(Ǥʤ)host̾ͥåȥ̾
service̾ɽ롣
.TP
.BI -o
Ŭ礷ѥåȤФ륫ͥ󥰤Ԥ
ФƤΥץꤹLinuxͥ
Ŭ礷ѥå(IPإåեɤΤۤȤ)ξ
.IR printk ()
ؿȤäƽϤ롣
ΥץLinuxͥ륳ѥ
.B CONFIG_IP_FIREWALL_VERBOSE
ͭǤ롣
Υץappend(ɲ)insert()ޤdelete()
ޥɤȤ߹碌ǤΤͭǤ롣
.TP
.BR "-r " [\fIport\fP]
륽åȤ˥쥯Ȥ롣
ΥץꤵƤϡ⤷ΥѥåȤ⡼Ȥ
ۥȤ줿ΤǤäƤ⤳ξˤäƥ
åȤ˥쥯Ȥ롣
쥯ȤԤݡֹ椬0ξ(ǥեȤǤ)ϡ
ΥѥåȤΥǥƥ͡ݡȤ쥯Ȥ
ݡȤȤѤ롣

Υץϡϥե䡼ξ"policy"Ȥ
.I accept
ꤵƤ˻Ѳǽǡ˥ͥ륳ѥ
.B CONFIG_IP_TRANSPARENT_PROXY
ƤʤФʤʤ
.TP
.BI "-t " "andmask xormask"
IPإåTOSեɤѤȤѤޥ
(ޥ졼ɤ̵ͭ˴ؤ餺)ե䡼ξˤ
ѥåȤĤ줿ˡΥѥåȤTOSեɤФ
˻ꤷޥͤȥӥåAND()ˤη̤
ФƼΥޥͤȥӥåXOR(¾Ū)Ԥ
줾Υޥ16ʿ8ӥåȤǻꤹ롣
Υץappend(ɲ)insert()ޤdelete()
ޥɤȤ߹碌ƤǤΤͭǤꡢ䡢
reject()deny(Ե)Υե䡼Υޥɻˤ
̣ʤ
.TP
.BI -v
Verbose output(ܺٽ)

ѥåȤɲáӳǧˤƾܺپϤ롣
Υץappend(ɲ)insert()delete()
ޤcheck(ǧ)ޥɤȤ߹碌ǤΤͭǤ롣
.TP
.BI -x
Expand numbers(ĥͽ)
ѥåȿӥХȥͤνϤˤơK(1000)
M(1000K)Ȥäݤ᤿ͤǤϤʤΤͤϤ롣
ΥץϥͤϤˤΤͭǤ롣
.B -e
Ȥλ)
.TP
.BI -y
TCPѥåȤSYNӥåȤåȤƤꡢACKӥåȤꥻå
ƤΤΤŬ礹롣
(Υץ¾ΥץȥǤ̵뤵)
Υץappend(ɲ)insert()ޤdelete()
ޥɤȤ߹碌ƻѲǽǤ롣
.SH ե
.I /proc/net/ip_acct
.br
.I /proc/net/ip_input
.br
.I /proc/net/ip_output
.br
.I /proc/net/ip_forward
.br
.I /proc/net/ip_masquerade
.\" .SH Х
.SH Ϣ
ipfw(4)
.SH 
Jos Vos <jos@xos.nl>
.br
X/OS Experts in Open Systems BV, Amsterdam, The Netherlands

.SH 
 ()  <shibata@opost1.netspace.or.jp> 1997/02/15 ver. 0.0