Index: chapter.xml
===================================================================
--- chapter.xml
+++ chapter.xml
@@ -1654,21 +1654,25 @@
 	custom kernel configuration file:</para>
 
       <programlisting>options    IPFIREWALL			# enables IPFW
-options    IPFIREWALL_VERBOSE		# enables logging for rules with log keyword
+options    IPFIREWALL_VERBOSE		# enables logging for rules with log keyword to syslogd(8)
 options    IPFIREWALL_VERBOSE_LIMIT=5	# limits number of logged packets per-entry
 options    IPFIREWALL_DEFAULT_TO_ACCEPT # sets default policy to pass what is not explicitly denied
-options    IPDIVERT			# enables NAT</programlisting>
+options    IPFIREWALL_NAT		# enables in-kernel NAT support
+options    IPFIREWALL_NAT64		# enables in-kernel NAT64 support
+options    IPFIREWALL_NPTV6		# enables in-kernel IPv6 NPT support
+options    IPFIREWALL_PMOD		# enables protocols modification module support
+options    IPDIVERT			# enables NAT through natd(8)</programlisting>
 
       <para>To configure the system to enable
-	<application>IPFW</application> at boot time, add the
-	following entry to <filename>/etc/rc.conf</filename>:</para>
+	<application>IPFW</application> at boot time, add <literal>firewall_enable="YES"</literal>
+	 to <filename>/etc/rc.conf</filename>:</para>
 
-      <programlisting>firewall_enable="YES"</programlisting>
+      <screen>&prompt.root; <userinput>sysrc firewall_enable="YES"</userinput></screen>
 
       <para>To use one of the default firewall types provided by &os;,
 	add another line which specifies the type:</para>
 
-      <programlisting>firewall_type="open"</programlisting>
+      <screen>&prompt.root; <userinput>sysrc firewall_type="open"</userinput></screen>
 
       <para>The available types are:</para>
 
@@ -1720,11 +1724,11 @@
 	<literal>firewall_script</literal> is set to
 	<filename>/etc/ipfw.rules</filename>:</para>
 
-      <programlisting>firewall_script="/etc/ipfw.rules"</programlisting>
+      <screen>&prompt.root; <userinput>sysrc firewall_script="/etc/ipfw.rules"</userinput></screen>		
 
-      <para>To enable logging, include this line:</para>
+      <para>To enable logging through &man.syslogd.8;, include this line:</para>
 
-      <programlisting>firewall_logging="YES"</programlisting>
+      <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen>
 
       <para>There is no <filename>/etc/rc.conf</filename> variable to
 	set logging limits.  To limit the number of times a rule is
@@ -1731,10 +1735,24 @@
 	logged per connection attempt, specify the number using this
 	line in <filename>/etc/sysctl.conf</filename>:</para>
 
-      <programlisting>net.inet.ip.fw.verbose_limit=<replaceable>5</replaceable></programlisting>
+      <screen>&prompt.root; <userinput>sysrc -f /etc/sysctl.conf net.inet.ip.fw.verbose_limit=<replaceable>5</replaceable></userinput></screen>
 
-      <para>After saving the needed edits, start the firewall.  To
-	enable logging limits now, also set the
+			<para>To enable logging through a dedicated interface named <literal>ipfw0</literal>, add this line
+			to <filename>/etc/rc.conf</filename> instead:</para>
+
+			<screen>&prompt.root; <userinput>sysrc firewall_logif="YES"</userinput></screen>
+
+			<para>Then use <application>tcpdump</application> to see what is being logged:</para>
+
+			<screen>&prompt.root; <userinput>tcpdump -t -n -i ipfw0</userinput></screen>
+
+			<tip>
+				<para>There's no overhead due to logging unless <application>tcpdump</application> is
+				attached.</para>
+			</tip>
+			
+      <para>After saving the needed edits, start the firewall. To
+	enable &man.syslogd.8; logging limits now, also set the
 	<command>sysctl</command> value specified above:</para>
 
       <screen>&prompt.root; <userinput>service ipfw start</userinput>
