ipfstat

Report on packet filter statistics and filter list

Syntax:

ipfstat [-6aAfghIinosv] [-d device]

Runs on:

Neutrino

Options:

-6
Display filter lists for IPv6, if available.
-a
Display the accounting filter list and show bytes counted against each rule.
-A
Display packet authentication statistics.
-d device
Use a device other than /dev/ipl for interfacing with the TCP/IP stack.
-f
Show fragment state information (statistics) and held state information (in the TCP/IP stack), if any.
-g
Show groups currently configured (both active and inactive).
-h
Show the number of times each one scores a "hit". Use in combination with -i.
-i
Display the filter list used for the input side of the TCP/IP stack IP processing.
-I
Swap between retrieving "inactive" or "active" filter list details. Use in combination with -i.
-n
Show the "number" for each rule as it is printed.
-o
Display the filter list used for the output side of the kernel IP processing.
-s
Show packet/flow state information (statistics only).
-sl
Show held state information (in the TCP/IP stack) if any (no statistics).

Description:

The ipfstat utility displays current TCP/IP stack statistics gathered as a result of applying the filters in place (if any) to packets going in and out of the TCP/IP stack. This is the default operation when no command-line parameters are present.

When used with either -i or -o option, it retrieves and displays the appropriate list of filter rules currently installed and in use by the TCP/IP stack.

Files

/dev/ipl
/dev/ipstate

See also:

ipf, ipfs, ipmon, ipnat, lsm-ipfilter-*.so

"Setting up a firewall" in the Securing Your System chapter of the Neutrino User's Guide