Report on packet filter statistics and filter list
ipfstat [-6aAfghIinosv] [-d device]
- -6
- Display filter lists for IPv6, if available.
- -a
- Display the accounting filter list and show bytes counted against each rule.
- -A
- Display packet authentication statistics.
- -d device
- Use a device other than /dev/ipl for interfacing
with the kernel.
- -f
- Show fragment state information (statistics) and
held state information (in the kernel), if any.
- -g
- Show groups currently configured (both active and
inactive).
- -h
- Show the number of times each one scores a
"hit". Use in combination with -i.
- -i
- Display the filter list used for the input side of
the kernel IP processing.
- -I
- Swap between retrieving "inactive" or "active" filter
list details. Use in combination with -i.
- -n
- Show the "number" for each rule as it is
printed.
- -o
- Show packet/flow state information (statistics
only).
- -s
- Show packet/flow state information (statistics only).
- -sl
- Show held state information (in the kernel) if any (no statistics).
The ipfstat utility displays current kernel statistics gathered
as a result of applying the filters in place
(if any) to packets going in and out of the kernel. This
is the default operation when no command line parameters
are present.
When used with either -i or -o option, it retrieves and
displays the appropriate list of filter rules currently
installed and in use by the kernel.
/dev/ipl
/dev/ipstate
ipf,
ipfs,
ipmon,
ipnat,
lsm-ipfilter.so
![[Previous]](../prev.gif)
![[Contents]](../contents.gif)
![[Index]](../keyword_index.gif)
![[Next]](../next.gif)