HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
Configuring kernel tunable parameters using ndd
On HP-UX 11i v1 and HP-UX 11i v2 systems, use the ndd utility to configure and view the following
IPFilter kernel tunable parameters:
ipl_buffer_sz
ipl_suppress
ipl_logall
cur_iplbuf_sz (read only)
On HP-UX 11i v1, you can also use the ndd utility to configure and view the
ipf_icmp6_passthru parameter, as described in Section (page 83).
NOTE: You cannot add the IPFilter ndd variables to the ndd configuration file read at system
startup time (/etc/rc.config.d/nddconf). When the system starts up, the IPFilter ndd variables
are reset to default values.
The network device for the IPFilter parameters is /dev/pfil. Use the following syntax to configure
the value of an IPFilter ndd kernel tunable parameter:
ndd -set /dev/pfil parameter_name value
For example:
ndd -set /dev/pfil ipl_logall 1
Use the following syntax to query the value of a kernel tunable:
ndd -get /dev/pfil parameter_name
For example:
ndd -get /dev/pfil ipl_logall
Configuring fr_statemax and fr_tcpidletimeout using kmtune or kctune
On HP-UX 11i v1 systems, use the kmtune utility to query and configure fr_statemax and
fr_tcpidletimeout values. On HP-UX 11i v2 systems, use the kctune utility to query and
query these values. For new values to take effect, you must unload, reconfigure, and reload the
ipf module as follows:
1. Unload the ipf module:
/sbin/init.d/ipfboot stop
2. On HP-UX 11i v1 systems, use the following kmtune syntax to set the value of the tunable
parameter:
kmtune -s parameter_name=value
For example:
kmtune -s fr_tcpidletimeout=10800 (3 hours)
On HP-UX 11i v2 systems, use the following kctune syntax to set the value of the tunable
parameter:
kctune -s parameter_name=value
For example:
kctune -s fr_statemax=6000
3. Configure the module for the new value using the following commands:
cd /stand/ipf
config -M ipf -u
4. Reload the ipf module:
/sbin/init.d/ipfboot start
120 HP-UX IPFilter kernel tunable parameters