Report on packet filter statistics and filter list
ipfstat [-6aAfghIinosv] [-d device]
- Display filter lists for IPv6, if available.
- Display the accounting filter list and show bytes counted against each rule.
- Display packet authentication statistics.
- -d device
- Use a device other than /dev/ipl for interfacing
with the TCP/IP stack.
- Show fragment state information (statistics) and
held state information (in the TCP/IP stack), if any.
- Show groups currently configured (both active and
- Show the number of times each one scores a
"hit". Use in combination with -i.
- Display the filter list used for the input side of
the TCP/IP stack IP processing.
- Swap between retrieving "inactive" or "active" filter
list details. Use in combination with -i.
- Show the "number" for each rule as it is
- Display the filter list used for the output side of the kernel IP
- Show packet/flow state information (statistics only).
- Show held state information (in the TCP/IP stack) if any (no statistics).
The ipfstat utility displays current TCP/IP stack statistics gathered
as a result of applying the filters in place
(if any) to packets going in and out of the TCP/IP stack. This
is the default operation when no command-line parameters
When used with either -i or -o option, it retrieves and
displays the appropriate list of filter rules currently
installed and in use by the TCP/IP stack.
"Setting up a firewall"
in the Securing Your System chapter of the Neutrino User's Guide