--- /usr/src/sys/netinet/ip_fw.h.orig	2008-10-04 21:41:59.000000000 +0800
+++ /usr/src/sys/netinet/ip_fw.h	2008-10-07 10:06:08.000000000 +0800
@@ -146,6 +146,8 @@
 	O_IPSEC,		/* has ipsec history 		*/
 	O_IP_SRC_LOOKUP,	/* arg1=table number, u32=value	*/
 	O_IP_DST_LOOKUP,	/* arg1=table number, u32=value	*/
+	O_IP_SRCPORT_LOOKUP,    /* arg1=port table number, u16=value    */
+	O_IP_DSTPORT_LOOKUP,    /* arg1=port table number, u16=value    */
 	O_ANTISPOOF,		/* none				*/
 	O_JAIL,			/* u32 = id			*/
 	O_ALTQ,			/* u32 = altq classif. qid	*/
@@ -557,6 +559,25 @@
 	ipfw_table_entry ent[0];	/* entries			*/
 } ipfw_table;
 
+/*
+ * These are used for port lookup tables.
+ */
+struct ipfw_port_table_entry {
+       u_int16_t       port;                   /* port                         */
+       u_int16_t       port1;                  /* port, it will be set if there is range */  
+       u_int32_t       value;                  /* value                        */
+       u_int16_t       tbl;                    /* table number                 */
+       LIST_ENTRY(ipfw_port_table_entry) _next;
+};
+
+struct ipfw_port_table {
+       u_int32_t       size;                    /* size of entries in bytes     */
+       u_int32_t       cnt;                     /* # of entries                 */
+       u_int16_t       tbl;                     /* table number                 */
+       LIST_HEAD(plhead, ipfw_port_table_entry) port_head;
+       struct ipfw_port_table_entry ent[0];     /* entries                      */  
+};
+
 #define IP_FW_TABLEARG	65535
 
 /*
@@ -657,6 +678,7 @@
 	struct ip_fw	*reap;		/* list of rules to reap */
 	LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
 	struct radix_node_head *tables[IPFW_TABLES_MAX];
+	struct ipfw_port_table *ptables[IPFW_TABLES_MAX];
 	struct rwlock	rwmtx;
 };
 #define	IPFW_LOCK_INIT(_chain) \