  netfilter/iptables FAQ
  Harald Welte <laforge@gnumonks.org>
  Version $Revision: 1.36 $, $Date: 2002/06/15 00:31:22 $
  {: yomoyomo <ymgrtq@ma.neweb.ne.jp>
  v1.36j 2002 N 08  09 

  ́̕Anetfilter [OXgł݂A悭鎿
  (Frequently Asked Questions)W߂̂łBRg / ǉ / 
  }܂̂ŁA FAQ Ǘ҂ɂ܂킵ĂB
  <http://www.netfilter.org/documentation/FAQ/netfilter-faq.html> ɂ
  ܂B
  ______________________________________________________________________

  ڎ

  1. ʓIȎ
     1.1 netfilter/iptables ͂ǂł܂H
     1.2 netfilter  Linux 2.2 nփobN|[ĝ͂܂H
     1.3 ICQ conntrack/NAT wp[EW[͂܂H
     1.4 ip_masq_vdolive  ip_masq_quake Ȃǂ̃W[Q͂ǂɍŝłH
     1.5 patch-o-matic Ƃ͈̉łH ܂͂ǂ̂悤Ɏg΂悢̂łH
     1.6 ipnatctl ƁAɊւڍׂȏ͂ǂɂ܂H

  2. rh̉ߒŋN
     2.1 iptables-1.1.1 AJ[l 2.4.0-test4 ȏ̂ƂA RpCłȂłB
     2.2 iptables 1.1.0 ŋ߂̃J[l(2.3.99-pre8 ȍ~) ŃRpCłȂłB
     2.3 iptables ȍ~ 1.2.1a  patch-o-matic łĂpb`ɁAJ[l 2.4.4 ȍ~ƓȂ̂܂B
     2.4 ipt_BALANCE, ip_nat_ftp, ip_nat_irc, ipt_SAME, ipt_NETMAP RpCł܂B
     2.5  Alan Cox ɂ 2.4.x-acXX V[ỸJ[lgĂ̂łA 肪܂B

  3. s̖
     3.1 NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> 224.bbb.bbb.bbb
     3.2 NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> bbb.bbb.bbb.bbb
     3.3 netfilter ALinux ubWɂR[hƑgݍ킹Ďg ƂłȂł
     3.4 IRC W[ADCC RESUME ł܂
     3.5 ̃AhXɑ΂ SNAT ́Aǂ̂悤ɓ삷̂łH
     3.6 ip_conntrack: maximum limit of XXX entries exceeded
     3.7 2.2.x nJ[l̂Ƃ 'ipchains -L -M' ł悤ɁA ǐՂĂ / }XJ[hĂRlNVׂ XgAbv@͂܂H
     3.8 LȂׂĂ IP e[uꗗ@͂܂H
     3.9 iptables-1.2  iptables-save  iptables-restore  Segmentation Fault o悤ɂȂ܂
     3.10 iptables -L ƂƁA[̕\ɑώԂ܂
     3.11 LOG ^[QbgɂR\[ւ̃Oo͂~߂ɂ ǂ΂悢łH
     3.12 squid  iptables gēߌ^vLV\zɂ ǂ΂悢ł傤H
     3.13 LOG ^[Qbg͂ǂ̂悤ɎĝłH LOG  DROP 𗼕gƂ͂ł܂H
     3.14 XYZ [ netfilter Ŏ~߂ɂ͂ǂ悢ł?
     3.15 kernel logs: Out of window data xxx
     3.16 ́ARlNVǐՃVXéAUNREPLIED RlNVɑ傫 ^CAEgl蓖ĂĒǐՂĂ̂łH
     3.17 Ȃ 'iptables -C' (--check)IvVĂȂ̂ł?

  4. netfilter ̊JɊւ鎿
     4.1 [UԂ QUEUE ^[Qbg̎gȂł
     4.2  libipq AvP[V "Failed to received netlink message: No buffer space available" ƂbZ[Woł
     4.3 ̓R[hɍv̂łAΗǂ܂
     4.4 oOCAg܂Bǂ΂񑡂ł܂H

  5. {ɂ

  ______________________________________________________________________

  1.  ʓIȎ

  ̐߂́A[OXgŕpɂɂ݂ĂA netfilter Ɋ֘A
  ʓIȎ( netfilter Ɋ֌WȂ) ΏۂƂ܂B

  1.1.  netfilter/iptables ͂ǂł܂H

  Netfilter  IPtables ́ALinux 2.4.x nJ[lɓ܂B
  <http://www.kernel.org/> Ȃ̓~[TCgAVJ[l
  肵ĂB

  [UԂ̃c[ł 'iptables' ́A <http://www.netfilter.org/>A
  <http://www.iptables.org/>A <http://netfilter.samba.org/>A
  <http://netfilter.gnumonks.org/> A
  <http://netfilter.filewatcher.org/> Ƃ~[ɂ netfilter z
  [y[W\łB

  1.2.  netfilter  Linux 2.2 nփobN|[ĝ͂܂H

  Â݂Ƃ날܂BAn߂ƎvȂAlbg[N
  EX^bÑC^tF[X͂ꂢɂłĂ܂̂ŁAقǓƂ
  Ƃ͂Ȃ͂łB

  ̕ʂŉ܂AXɒm点ĂB

  1.3.  ICQ conntrack/NAT wp[EW[͂܂H

  Linux 2.2 ̃}Vł IP }XJ[hɊĂȂANCAg
  Œ ICQ ʐM̂ɂ́A ip_masq_icq W[gĂ
  Ƃł傤B (:ŐGĂ ip_masq_icq W[́A
  <http://djsf.narod.ru/masq-icq/> \)B

  AÑW[ netfilter pɍĎ܂łBƂ
  ̂AICQ vgR͂Ђǂł:) łAꂪpł悤
  ɂȂ̂AԂ̖肾Ǝ͎vĂ܂B

  Rusty(: netfilter ̎vJ҂ł Rusty Russell ̂) ͂
  āAvgR̃W[ netfilter fBXgr[Vɑg
  ݍނɂ́At[ȃNCAgƃt[ȃT[oȂƂ
  ݂Ȃ΂ȂȂAƌ܂B ICQ ɊւČ΁At[ȃN
  CAg݂̕܂̂ŁÅɂ͓K܂B(Ńt
  [Ƃ͎̂R̂ƂŁAr[(free beer)̃t[ł͂܂
  B܂ARMS ̒`ʂAƂƂł)

  1.4.  ip_masq_vdolive  ip_masq_quake Ȃǂ̃W[Q͂ǂɍs
  ̂łH

  ̕KvȂȂ̂܂A܂ netfilter ɈڐAĂȂ
  ̂܂Bnetfilter ́A UDP ɂĂSȃRlNV̒ǐ
  s܂A܂pPbg̗łWȂ悤ɂ|V[
  ܂̂ŁAuĂ݂瓮vƂ̂܂B

  1.5.  patch-o-matic Ƃ͈̉łH ܂͂ǂ̂悤Ɏg
  悢̂łH

  2.4.x nJ[l͈Ń[Xł̂ŁAX݊Ĵ̂A
  [Xł̃J[lɎނƂ͂ł܂BX̃R[hׂ͂āA
   netfilter patch-o-matic ɂĊJA܂B netfilter
  ̍Ő[̋@\gȂApatch-o-matic pb`ȏ゠Ă
  Ă͂ȂȂ܂BŐV iptables pbP[W( CVS
  ̃\[Xłvł)  netfilter z[y[W_E[h
  ΁Apatch-o-matic gƂł܂B

  patch-o-matic ɂ͌݁AOނ̃IvV܂:

  o  make pending-patches

  o  make most-of-pom

  o  make patch-o-matic

  Ԗڂ̃IvV́ASĂ̏dvȃoOtBbNXi炩̌`ŁAɃJ
  [lǗ҂ɒoẮjAȂ̃J[lɊmɓKp
  ̂łBԖڂ `most-of-pom` ́A̋@\ƏՓ˂NƂȂ
  Kp\ȑSĂ̐V@\Xɓ悤̂łBOԖڂ̃IvV
  ł `patch-o-matic` ́ASẴpb`ɂĊmF悤Ǝv^̃G
  LXp[ĝ̂ł - Aꂾƃpb`mŏՓ˂N
  Ȃ̂ɋCĂB

  patch-o-matic ́A肵[UEC^tF[XĂ܂B

       make most-of-pom ( pending-patches  patch-o-maticBLQ)

  Ɠ͂邾łBJ[lEc[ /usr/src/linux ɂȂꍇ
  Aiptables pbP[W̃gbvEfBNg

       make KERNEL_DIR={your-kernel-dir} most-of-pom

  ƂĂBpatch-o-matic ́Apb`ɁACXg[ĂJ
  [lE\[Xɂ̃pb`K邩ǂ`FbN܂Bpb`
  K΁Ãpb`Ɋւڂ\邩Apb`Kp
  邩AXLbvĎ̃pb`ɍscȂǂ̑IłAȃv
  vg\܂B

  patch-o-matic ɂĂ̏񂪂ƕKvȂA
  <http://www.netfilter.org/documentation/index.html#HOWTO> ɂ
  ANetfilter Extensions HOWTO QƂB

  1.6.  ipnatctl ƁAɊւڍׂȏ͂ǂɂ܂H

  ipnatctl ́A2.3.x J[l̍Anetfilter ̂̊Jłɂ
  A[UԂ NAT [ݒ肷̂ɎgĂ܂BKv
  Ȃ̂ŁAłȂȂ܂B ipatctl ̋@\ׂ͂
  Aiptables gɂ񋟂Ă܂B Netfilter z[y[Wɂ
  NAT HOWTO QƂ (: NAT HOWTO ̓{́A
  <http://www.linux.or.jp/JF/JFdocs/NAT-HOWTO.html> ɂ܂)B

  2.  rh̉ߒŋN

  2.1.  iptables-1.1.1 AJ[l 2.4.0-test4 ȏ̂ƂA RpC
  łȂłB

  ͊m̖łBǂ̃pb`Kp邩o郁JjY
  ̂łB"make" ̂ "make build" ĂB

  ǂ@́Aiptables  1.1.2 ȍ~ɃAbvO[h邱ƂłB

  2.2.  iptables 1.1.0 ŋ߂̃J[l(2.3.99-pre8 ȍ~) ŃRpC
  ȂłB

  iptables ̓\ςĂ܂Biptables  1.1.1 ȍ~ɃAbvO
  [hĂB

  2.3.  iptables ȍ~ 1.2.1a  patch-o-matic łĂpb`ɁAJ[l
   2.4.4 ȍ~ƓȂ̂܂B

  ŐV iptables [Xł𗘗pĂB

  2.4.  ipt_BALANCE, ip_nat_ftp, ip_nat_irc, ipt_SAME, ipt_NETMAP R
  pCł܂B

  炭 ip_nat_setup_info ƂO̊֐RpCۂɖ肪
  N̂ł傤B

  1.2.2 ȑO iptables gpĂȂA`dropped-table' pb`
  `ftp-fixes' pb`ĂKv܂B

  1.2.2  iptables Aŋ߂ CVS ̃\[X𗘗pĂꍇ
  A'dropped-table' pb`ĂȂłB̃pb` BALANCE,
  NETMAP, irc-nat, SAME, talk-nat Ƃ̌݊܂B

  2.5.   Alan Cox ɂ 2.4.x-acXX V[ỸJ[lgĂ
  łA 肪܂B

  netfilter RAE`[́ALinus ̃J[lEc[̌ŊJĂ
  ̂ŁA-ac V[ÝAg̐ӔČłpB

  3.  s̖

  3.1.  NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa ->
  224.bbb.bbb.bbb

  ̃bZ[ẂA}`LXgEpPbg NAT e[uʂۂ
  NAT ̃R[hɂo͂̂ŁÂƂRlNVǐՕ}
  `LXgEpPbg܂łȂ̂łB}`LXg
  ł邩ȂA܂̓}`LXg܂KvƂȂȂ
  Aȉ̂悤ɂĂ:

       iptables -t mangle -I PREROUTING -j DROP -d 224.0.0.0/8

  3.2.  NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa ->
  bbb.bbb.bbb.bbb

  syslog R\[Ɉȉ̃bZ[W\܂:

       NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> bbb.bbb.bbb.bbb

  ̃bZ[ẂANAT ̃R[hɂ\܂B NAT sɂ́AL
  ȃRlNVǐՏ񂪂ȂƂȂ̂ŁApPbgjĂ
  łBRlNVǐՕ conntrack łȂpPbg
  ׂĂɑ΂ÃbZ[W\܂B

  l闝RƂĂ:

  o  conntrack f[^x[X̃GgɒB

  o  t̑głȂ(}`LXgAu[hLXg)

  o  kmem_cache_alloc Ɏs(s)

  o  mĂȂRlNṼvC

  o  }`LXgEpPbg(O̎QƂĂ)

  o  Z ICMP pPbg

  o  ICMP pPbgtOgĂ

  o  ICMP pPbg̃`FbNTlԈĂ

  pPbĝƏڍׂȃO肽Ȃ(܂A[gEv
  [uXLjOEpPbgƋ^Ȃ)Aȉ̃[𗘗pĂ
  :

       iptables -t mangle -A PREROUTING -j LOG -m state --state INVALID

  łApPbg̓tB^Ee[uɓBOɁANAT ̃R[hɂ
  ĔjĂ܂̂ŁÃ[ mangle e[uɐݒ肵ȂĂ
  Ȃ܂B

  3.3.  netfilter ALinux ubWɂR[hƑgݍ킹Ďg 
  ƂłȂł

  ܂ASȓߌ^t@CAEH[\z킯łˁHf炵
  lłˁIJ[l 2.4.16 ̎_łȂA𓮂ɂ͒ǉpb`
  J[lɂĂKv܂B̃pb`́A
  <http://bridge.sourceforge.net/> œł܂B

  3.4.  IRC W[ADCC RESUME ł܂

  łˁA͔{̂ƂłBNAT W[ł͏ł
  BNAT Ńt@CAEH[𗘗p΁A͂܂܂B

  3.5.  ̃AhXɑ΂ SNAT ́Aǂ̂悤ɓ삷̂łH

  netfilter ́AłpPbgɎȂ悤ɓw߂܂Bł̂
  AX̂ƂɃu[gẴ}VA SNAT {bNX̔wɂ
  N[JE|[g 1234 ԂŃRlNVJꍇAnetfilter
  {bNX IP AhXɎA|[gԍ͂̂܂܂ɂĂ
  B

  SNAT p IP AhXȂꍇANM|[gԍ
  ʂ̃RlNVJƓɁAnetfilter  IP AhXƃ|[gԍ
  ɎȂĂ͂ȂȂȂ܂B

  Agp\ IP AhXȏ゠ȂȀꍇ IP Ɏ
  邾ł݂܂B

  3.6.  ip_conntrack: maximum limit of XXX entries exceeded

  ̃bZ[W syslog ̒ɂ̂ɋCtAp̊ł́A
  ǂ conntrack f[^x[X\Ȑ̃GgĂȂ悤
  BftHgł́ARlNVǐՕ̏ł铯ڑɂ́A
  ̏܂B̐́Ap̃VXẽETCY̏
  Ɉ˂܂ ( 64MB ł 4096 A128MB ł 8192 
  ...)B

  ǐՂRlNV̐̏𑝂₷Ƃ͊ȒPɂł܂AǐՂ
  RlNVЂƂAswap łȂJ[lE 350 oC
  gHƂYȂI

  Ⴆ 8192 ɑ₷ɂ́Aȉ̂悤ɓ͂Ă:

       echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max

  3.7.  2.2.x nJ[l̂Ƃ 'ipchains -L -M' ł悤ɁA ǐ
  Ă / }XJ[hĂRlNVׂ XgAbv
  @͂܂H

  proc t@CVXeɁA/proc/net/ip_conntrack ƂÕt@C
  ܂Bȉ̂悤ɂ΁Ãt@Co͂ĕ\ł܂B

       cat /proc/net/ip_conntrack

  3.8.  LȂׂĂ IP e[uꗗ@͂܂H

  LȂׂĂ IP e[úAȉ̂悤ɂăXg\܂B

       cat /proc/net/ip_tables_names

  3.9.  iptables-1.2  iptables-save  iptables-restore  Segmenta-
  tion Fault o悤ɂȂ܂

  m̃oOłBł邾₩ɁAŐV CVS ̃\[XA 1.2.1 ȍ~
   iptables ɃAbvO[hĂB

  3.10.  iptables -L ƂƁA[̕\ɑώԂ܂

   iptables  IP AhX DNS sĂ邽߂łBe
  [ 2 ̃AhX\܂̂ŁAň̏ꍇA[ 2 
  DNS ܂B

  ƂȂ̂́AvCx[g IP AhX(10.x.x.x  192.168.x.x Ȃ)
  gĂꍇŁADNS ̓zXgłA^CAEg܂B
  ^CAEg̍vAp̃[ZbgɂẮAƂĂ
  ԂɂȂ邩܂B

  DNS ̋tsȂ悤ɂɂ́A-n (numeric)IvVāA
  iptables gB
  3.11.  LOG ^[QbgɂR\[ւ̃Oo͂~߂ɂ ǂ
  ΂悢łH

  syslogd  klogd K؂ɐݒ肵ȂĂ͂Ȃ܂ - LOG ^[QbǵA
  vCIeBl warning(4) ŁAt@VeBl kern ̃MOs
  Bt@VeBlƃvCIeBlɂĂ̏ڍׂ́A syslogd.conf 
  man y[WQƂĂB

  ftHgł́AvCIeBl debug(7) dvȃJ[l̃bZ
  [WׂăR\[ɑ܂B̒l 7  4 ܂ŏグ΁AR
  \[ LOG bZ[W\邱Ƃ͂܂B

  ƁȀdvȃbZ[WR\[ɕ\ȂȂ邩m
  ܂BCĂ (syslog t@Cɂ͉e܂)B

  3.12.  squid  iptables gēߌ^vLV\zɂ ǂ
  ΂悢ł傤H

  ܂ɁARȂAK؂ DNAT  REDIRECT ̃[KvƂȂ
  B squid  NAT {bNXg̏œȂAREDIRECT ̂ݎgĂ
  BႦ:

       iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.22.33:3128

  ̌Asquid 𐳂ݒ肵ȂĂ͂Ȃ܂BXŒ񋟂ł
  ͌Ă܂̂ŁAXɏڂɂẮAsquid ̃hL
  gQƂB

  Squid 2.3 ł squid.conf ɁAȉ̂悤Ȑݒ肪Kvł:

       http_port 3128
       httpd_accel_host virtual
       httpd_accel_port 80
       httpd_accel_with_proxy  on
       httpd_accel_uses_host_header on

  Squid 2.4 ɂȂƁAɐݒsKvɂȂ܂:

       httpd_accel_single_host off

  3.13.  LOG ^[Qbg͂ǂ̂悤ɎĝłH LOG  DROP 𗼕g
  Ƃ͂ł܂H

  LOG ^[QbǵAuIȂ^[QbgvłB܂肻́A
  pPbg[ɓKĂAŏI܂B LOG ^[Qbg
  pƁApPbg̓MOA[Ǩ̃[Ɉp
  ܂B

  ł́AOAɔjɂ͂ǂ΂悢̂ł傤HłȒP
  Ȃ̂́A̃[܂ރ`FC炦邱Ƃł:
       iptables -N logdrop
       iptables -A logdrop -j LOG
       iptables -A logdrop -j DROP

  pPbgOɋL^Ăjꍇ́A "-j logdrop" g
  ł݂܂B

  3.14.  XYZ [ netfilter Ŏ~߂ɂ͂ǂ悢ł?

  netfilter ł͊mɎ~߂邱Ƃ͂łȂAƂ̂[Iȉ񓚂ɂȂ
  B啔̃[́AK̍x̃vgR(܂AHTTP  SMTP
  (dq[ VB XNvgYt)AvgR
  f[ɌƎ㐫˂vO)𗘗p̂łB
  łx̃vgRƂ́ATCP/IP ̑wɂvgR
  ƂłBiptables ͂x̃vgRȂ̂ŁAK؂
  tB^Ô͂قƂǕs\łBsɂ́AAvP[V
  EvLVEtB^OKvɂȂ܂B

  AvP[VEvLVEtB^OsɁApatch-o-
  matic ɂ string ^[Qbgĝ͎~߂ĉBꂾƁAtO
  gꂽpPbg(HTTP NGXg TCP pPbgɕ
  悤ȏꍇ)AIDS 蔲ZpꂽȂ̏
  ɎsĂ܂܂Bx͂܂!  string }b`͗LpłA
  ʂ̗pr̂߂ɂ̂łB

  3.15.  kernel logs: Out of window data xxx

  Ȃ patch-o-matic  tcp-window-tracking pb`KpĂ܂
  B̃R[h́ApPbg̃V[PX^mFԍAZOgETCY
  ȂǂɂAꂽ TCP Xg[ɊւāA𖞂ĂpP
  bgǐՂ܂BpPbg̈𖞂ĂȂ(͈͊O)̂
  oƁÃpPbgłƂ݂ȂAL̃bZ[W\
  ܂B

  Vo[WÃpPbgƁA̕sǨ𐳊mɋL^悤
  ɂĂ܂B

  o  ACK ԍĂ (ЂƂƁAߓxɒx ACK 
     \͂)

  o  ACK ԍ𒴂Ă(ACK f[^܂͂ĂȂ)

  o  SEQ ԍĂ( ACK f[^đĂ)

  o  SEQ ԍ𒴂Ă (M҂̃EBhEETCY𒴂Ă)

  ܂Vo[Wł́Asysctl ɂ肻̃MOSɎ~߂邱Ƃ
  \łB

       echo 0 > /proc/sys/net/ipv4/netfilter/ip_ct_tcp_log_out_of_window

  3.16.  ́ARlNVǐՃVXéAUNREPLIED RlNVɑ傫
   ^CAEgl蓖ĂĒǐՂĂ̂łH

  Ȃ /proc/net/ip_conntrack āAUNREPLIED Ggɔɑ傫
  ȃ^C}l(ō5)蓖ĂĂ̂ɋCtAǂĉX (
  炩ɃRlNVł͂Ȃ) UNREPLIED Ggɖʂ conntrack G
  ggƂ̂ƕsvcɎvꂽ̂ł?

  ̓͊ȒPł: UNREPLIED GǵAe|ȃGg
  B܂ARlNVǐՃGgE܂ŗ炷ɁAÂ
  UNREPLIED Gg폜܂BƁAconntrack Ȃ
  ́A UNREPLIED Gg̗̒LpȂAꂪۂ
  KvƂ܂ŕێĂ̂悢낤Ƃ킯łB

  3.17.  Ȃ 'iptables -C' (--check)IvVĂȂ̂ł
  ?

  [ƁA܂ƂXӑĂł;) ͂茾āAXe[gt
  ȃt@CEH[On߂_ŁA`FbNIvV
  قƂǕs\ɂȂ܂B`IȃXe[gXȃt@CEH[O
  ̏ꍇAtB^Osǂ́ApPbgwb_ɂ̂Ă
  Ō܂܂BARlNVǐ( '-m state' x[X̃[
  ) sꍇAtB^Osǂ́ÃpPbg̃wb_
  yC[h̓ełȂÃRlNVɈȑOꂽpPbg̃wb
  _ƃyC[h̓eɂĂς܂B

  4.  netfilter ̊JɊւ鎿

  4.1.  [UԂ QUEUE ^[Qbg̎gȂł

  libipq ƂCuA[UԂł̃pPbĝ߂ɒ񋟂
  Ă܂BɊւhLǵA man y[W̌`ő݂
  Biptables ̊JR|[lgrhACXg[Kv
  ܂:

       make install-devel

  CXg[ libipq(3) QƂB

  libipq p Perl oCfBOłAPerlipq
  <http://www.intercode.com.au/jmorris/perlipq/> ɂ邩
  ܂B̃oCfBOgACu̗p̈ɂȂ܂B

  ̑̃R[hƂ:

  o  netfilter CVS ɂAtestsuite/tools/intercept.c

  o  ipqmpd( <http://www.gnumonks.org/projects/> Q)

  o  netfilter-tools ̈ꕔłAnfqtest(
     <http://www.gnumonks.org/projects/> Q)

  o  Jerome Etienne  WAN V~[^( <http://www.off.net/~jme/> Q
     )

  4.2.   libipq AvP[V "Failed to received netlink
  message: No buffer space available" ƂbZ[Woł

  ́AJ[l Netlink \Pbgobt@̈sɊׂĂ܂
  BȂƁA[UXy[X̃AvP[V́AJ[l͂f
  [^S͏ł܂B

       ̖邽߂ɃJ[lobt@傫邱
       Ƃ͉\ł?

  ͂AWI Netlink \Pbgł̂ŁA/proc/sys/net/core ɏ
  A sysctl sA̓t@CfBXNv^ɂ
  SO_RCVBUF \PbgIvV𗘗p邱ƂŎMobt@TCY𒲐
  ܂B

  AvP[Vł邾ɎMf[^ǂނ悤ɂ邱Ƃ\
  łBpPbgŜKvłȂȂA[UXy[XɃRs[f[^T
  CYĂ݂܂傤(ipq_set_mode(3) Q)B

  4.3.  ̓R[hɍv̂łAΗǂ܂

  netfilter RA`[́A]܂ύXV@\̑SĂꗗɂA TODO
  XgǗĂ܂B̃Xg anonymous CVS oRœ\ŁA
   netfilter z[y[Wɂ܂B邢́ACVSweb gāA
  <http://cvs.samba.org/cgi-bin/cvsweb/netfilter/TODO/> 擾\ł
  B

  4.4.  oOCAg܂Bǂ΂񑡂ł
  ܂H

  Jꍇ́Anetfilter-devel [OXg܂őĂ
  BwǂɊւ́A
  <http://lists.samba.org/mailman/listinfo/netfilter-devel/> ɂ܂
  B

  pb`𑗂鐳́Aȉ̂悤Ȃ̂ł:

  o   Subject ́A[PATCH] Ŏn߂

  o  bZ[W{̂ɒڊ܂߁AMIME ȂB

  o   diff ȊOɁAcvs-checkin/Changelog Gg

  o  [gEfBNg `diff -u old new' `ɂ (܂A
     ̃fBNgɂĂA -p1 IvVŃpb`Kpł悤)

  ȂVgA͈ȑO炠gɐVIv
  VǉȂA̐VK̊g/@\ɊւLq
  Anetfilter-extension-HOWTO XV̂ǂlłB΁A
  葽̃[UɂȂgm炵߂܂Aʃ[Ũt
  B[hobN蓾悤ɂȂ܂B

  5.  {ɂ

  { Linux Japanese FAQ Project 쐬܂B|Ɋւ邲
   JF vWFNg <JF@linux.or.jp> ܂́Ayomoyomo
  <ymgrtq@ma.neweb.ne.jp> ɘAĂB

  {{ɂāAEL̎wEĉ̕XɊӂ
  (50)B

  o  office  <office@office.ac>

  o  щT <zap03216@nifty.ne.jp>

  o  앐Y <nakano@apm.seikei.ac.jp>

  o   <mizuhara@acm.org>

  o  X{~ <morimoto@xantia.citroen.org>

  o  RX_K <h-yamamo@db3.so-net.ne.jp>

