--- /var/current/mysrc/sys/netinet/ip_fw.h.orig	2008-12-14 12:26:07.000000000 +0800
+++ /var/current/mysrc/sys/netinet/ip_fw.h	2009-01-03 23:06:33.000000000 +0800
@@ -178,6 +178,9 @@
 	O_SETFIB,		/* arg1=FIB number */
 	O_FIB,			/* arg1=FIB desired fib number */
 
+	O_IP_SRCPORT_LOOKUP,	/* arg1=port table number, u16=value */
+	O_IP_DSTPORT_LOOKUP,	/* arg1=port table number, u16=value */
+
 	O_LAST_OPCODE		/* not an opcode!		*/
 };
 
@@ -557,6 +560,22 @@
 	ipfw_table_entry ent[0];	/* entries			*/
 } ipfw_table;
 
+/*
+ * These are used for port lookup tables.
+ */
+struct ipfw_port_table_entry {
+	u_int16_t	low_port;		/* low port		*/
+	u_int16_t	high_port;		/* high port		*/
+	u_int32_t	value;			/* value		*/
+	u_int16_t	tbl;			/* table number		*/
+};
+
+struct ipfw_port_table {
+	u_int32_t	cnt;			/* # of entries		*/
+	u_int16_t	tbl;			/* table number		*/
+	struct ipfw_port_table_entry ent[0];	/* entries		*/
+};
+
 #define IP_FW_TABLEARG	65535
 
 /*
@@ -655,6 +674,7 @@
 	struct ip_fw	*reap;		/* list of rules to reap */
 	LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
 	struct radix_node_head *tables[IPFW_TABLES_MAX];
+	struct ipfw_port_table *ptables[IPFW_TABLES_MAX];
 	struct rwlock	rwmtx;
 };