Report on packet filter statistics and filter list
ipfstat [-6aAfghIinosv] [-d device]
Neutrino
- -6
- Display filter lists for IPv6, if available.
- -a
- Display the accounting filter list and show bytes counted against each rule.
- -A
- Display packet authentication statistics.
- -d device
- Use a device other than /dev/ipl for interfacing
with the TCP/IP stack.
- -f
- Show fragment state information (statistics) and
held state information (in the TCP/IP stack), if any.
- -g
- Show groups currently configured (both active and
inactive).
- -h
- Show the number of times each one scores a
"hit". Use in combination with -i.
- -i
- Display the filter list used for the input side of
the TCP/IP stack IP processing.
- -I
- Swap between retrieving "inactive" or "active" filter
list details. Use in combination with -i.
- -n
- Show the "number" for each rule as it is
printed.
- -o
- Display the filter list used for the output side of the kernel IP
processing.
- -s
- Show packet/flow state information (statistics only).
- -sl
- Show held state information (in the TCP/IP stack) if any (no statistics).
The ipfstat utility displays current TCP/IP stack statistics gathered
as a result of applying the filters in place
(if any) to packets going in and out of the TCP/IP stack. This
is the default operation when no command-line parameters
are present.
When used with either -i or -o option, it retrieves and
displays the appropriate list of filter rules currently
installed and in use by the TCP/IP stack.
/dev/ipl
/dev/ipstate
ipf,
ipfs,
ipmon,
ipnat,
lsm-ipfilter-*.so
"Setting up a firewall"
in the Securing Your System chapter of the Neutrino User's Guide