--- /etc/rc.firewall.org	2016-02-27 10:33:06.845684000 +0900
+++ /etc/rc.firewall	2016-02-28 16:02:08.404038000 +0900
@@ -162,6 +162,9 @@
 	case ${firewall_nat_enable} in
 	[Yy][Ee][Ss])
 		if [ -n "${firewall_nat_interface}" ]; then
+			if [ -n "${firewall_nat_rules}" -a -r ${firewall_nat_rules} ]; then
+				firewall_nat_flags="${firewall_nat_flags} `cat ${firewall_nat_rules}`"
+			fi
 			if echo "${firewall_nat_interface}" | \
 				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
 				firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
--- /etc/defaults/rc.conf.org	2016-02-28 15:49:17.768004000 +0900
+++ /etc/defaults/rc.conf	2016-02-28 15:55:56.134648000 +0900
@@ -161,6 +161,7 @@
 firewall_nat_enable="NO"	# Enable kernel NAT (if firewall_enable == YES)
 firewall_nat_interface=""	# Public interface or IPaddress to use
 firewall_nat_flags=""		# Additional configuration parameters
+firewall_nat_rules=""		# A rule file described by ipfw(8) nat redirection.
 dummynet_enable="NO"		# Load the dummynet(4) module
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port