--- embedaddon/bird/doc/bird.sgml	2017/08/22 12:33:54	1.1.1.1
+++ embedaddon/bird/doc/bird.sgml	2017/08/22 13:06:49	1.1.1.1.2.1
@@ -3942,6 +3942,40 @@ protocol static {
 </code>
 
 
+<sect>Firewall
+
+<p>Firewall protocol doesn't communicate with any network devices,
+but instead it allows you to add announced prefixes to given firewall table.
+At the moment IPFW and PF are supported. One can also specify special integer tag
+that can be passed as argument to IPFW table. Any number of instances can be configured.
+
+<p>Firewall protocol does not have many configuration options.
+
+<descrip>
+	<tag>fwtype pf|ipfw</tag> Select firewall type.
+	<tag>fwtable <m/name/</tag> Specifies firewall table name.
+	<tag>keep on startup|shutdown</tag>Do not flush table on protocol startup or shutdown.
+	<tag>keep always</tag>Do not flush table on protocol startup and shutdown.
+</descrip>
+
+<p>Firewall defines single route attribute:
+
+<descrip>
+	<tag>int <cf/fw_value/</tag> Value that can be passed with prefix.
+	Value is unsigned 4-byte integer. It can be set when importing routes from the other
+	protocols or on protocol export.
+</descrip>
+
+<p>Example firewall config might look like this:
+
+<p><code>
+protocol firewall {
+	table testable;			 # Connect to a non-default routing table
+	fwtype ipfw;			 # Use IPFW as backend
+	fwtable "2";			 # Use table 2
+	export filter { fw_value = 125; accept; }; # Set value 125 for all prefixes
+}
+</code>
 <chapt>Conclusions
 <label id="conclusion">