--- src/iface.c.orig	2013-06-11 16:00:00.000000000 +0700
+++ src/iface.c	2013-06-25 17:34:46.000000000 +0700
@@ -140,7 +140,7 @@
 #ifdef USE_IPFW
   static int	IfaceAllocACL (struct acl_pool ***ap, int start, char * ifname, int number);
   static int	IfaceFindACL (struct acl_pool *ap, char * ifname, int number);
-  static char *	IFaceParseACL (char * src, char * ifname);
+  static char *	IFaceParseACL (char * src, char * ifname, Bund b);
 #endif
 
   static int	IfaceSetName(Bund b, const char * ifname);
@@ -584,7 +584,7 @@ IfaceUp(Bund b, int ready)
   }
   acls = b->params.acl_queue;
   while (acls != NULL) {
-    buf = IFaceParseACL(acls->rule,iface->ifname);
+    buf = IFaceParseACL(acls->rule,iface->ifname, b);
     ExecCmd(LG_IFACE2, b->name, "%s queue %d config %s", PATH_IPFW, acls->real_number, buf);
     Freee(buf);
     acls = acls->next;
@@ -594,12 +594,14 @@ IfaceUp(Bund b, int ready)
     acl = Mdup(MB_IPFW, acls, sizeof(struct acl) + strlen(acls->rule));
     acl->next = iface->tables;
     iface->tables = acl;
-    ExecCmd(LG_IFACE2, b->name, "%s table %d add %s", PATH_IPFW, acls->real_number, acls->rule);
+    buf = IFaceParseACL(acls->rule,iface->ifname, b);
+    ExecCmd(LG_IFACE2, b->name, "%s table %d add %s", PATH_IPFW, acls->real_number, buf);
     acls = acls->next;
+    Freee(buf);
   };
   acls = b->params.acl_rule;
   while (acls != NULL) {
-    buf = IFaceParseACL(acls->rule, iface->ifname);
+    buf = IFaceParseACL(acls->rule, iface->ifname, b);
     ExecCmd(LG_IFACE2, b->name, "%s add %d %s via %s", PATH_IPFW, acls->real_number, buf, iface->ifname);
     Freee(buf);
     acls = acls->next;
@@ -630,6 +632,7 @@ IfaceDown(Bund b)
   struct acl_pool	**rp, *rp1;
   char		cb[32768];
   struct acl    *acl, *aclnext;
+  char			*buf;
 #endif
 
   Log(LG_IFACE, ("[%s] IFACE: Down event", b->name));
@@ -671,10 +674,12 @@ IfaceDown(Bund b)
   };
   acl = iface->tables;
   while (acl != NULL) {
+    buf = IFaceParseACL(acl->rule,iface->ifname, b);
     ExecCmd(LG_IFACE2, b->name, "%s table %d delete %s",
-	PATH_IPFW, acl->real_number, acl->rule);
+	PATH_IPFW, acl->real_number, buf);
     aclnext = acl->next;
     Freee(acl);
+    Freee(buf);
     acl = aclnext;
   };
   iface->tables = NULL;
@@ -847,13 +852,14 @@ IfaceFindACL (struct acl_pool *ap, char 
  */
 
 static char *
-IFaceParseACL (char * src, char * ifname)
+IFaceParseACL (char * src, char * ifname, Bund b)
 {
     char *buf,*buf1;
     char *begin,*param,*end;
     char t;
     int num,real_number;
     struct acl_pool *ap;
+    int IP_found = 0;
     
     buf = Malloc(MB_IPFW, ACL_LEN);
     buf1 = Malloc(MB_IPFW, ACL_LEN);
@@ -878,15 +884,29 @@ IFaceParseACL (char * src, char * ifname
 		    case 't':
 			ap = table_pool;
 			break;
+		    case 'I':
+			IP_found = 1;
+			break;
 		    default:
+			IP_found = 0;
 			ap = NULL;
 		};
-		real_number = IfaceFindACL(ap,ifname,num);
-		if (end != NULL) {
-		    snprintf(buf1, ACL_LEN, "%s%d %s", begin, real_number, end);
-		} else {
-		    snprintf(buf1, ACL_LEN, "%s%d", begin, real_number);
-		};
+		
+		if (IP_found) {
+		    if (end != NULL) {
+			snprintf(buf1, ACL_LEN, "%s%s %s", begin, inet_ntoa(b->iface.peer_addr.u.ip4), end);
+		    } else {
+			snprintf(buf1, ACL_LEN, "%s%s", begin, inet_ntoa(b->iface.peer_addr.u.ip4));
+		    };
+		}
+		else {
+		    real_number = IfaceFindACL(ap,ifname,num);
+		    if (end != NULL) {
+			snprintf(buf1, ACL_LEN, "%s%d %s", begin, real_number, end);
+		    } else {
+			snprintf(buf1, ACL_LEN, "%s%d", begin, real_number);
+		    };
+		}
 		strlcpy(buf, buf1, ACL_LEN);
 	    };
 	};