HP-UX IPFilter Version 15.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

131

132

133

134

135

136

137

138

139

140

Configuring Kernel Tunable Parameters Using ndd

On HP-UX 11i v1 and HP-UX 11i v2 systems, use the ndd utility to configure and view the

following IPFilter kernel tunable parameters:

ipl_buffer_sz

ipl_suppress

ipl_logall

cur_iplbuf_sz (read only)

On HP-UX 11i v1, you can also use the ndd utility to configure and view the

ipf_icmp6_passthru parameter, as described in “Controlling ICMPv6 Router Discovery and

Neighbor Discovery Messages” (page 101).

NOTE: You cannot add the IPFilter ndd variables to the ndd configuration file read at system

startup time (/etc/rc.config.d/nddconf). When the system starts up, the IPFilter ndd

variables are reset to their default values.

The network device for the IPFilter parameters is /dev/pfil. Use the following syntax to

configure the value of an IPFilter ndd kernel tunable parameter:

ndd -set /dev/pfil parameter_name value

For example:

ndd -set /dev/pfil ipl_logall 1

Use the following syntax to query the value of a kernel tunable:

ndd -get /dev/pfil parameter_name

For example:

ndd -get /dev/pfil ipl_logall

Configuring fr_statemax and fr_tcpidletimeout Using kmtune or kctune

On HP-UX 11i v1 systems, use the kmtune utility to query and configure fr_statemax and

fr_tcpidletimeout values. On HP-UX 11i v2 systems, use the kctune utility to query and

query these values. For new values to take effect, you must unload, reconfigure, and reload the

ipf module as follows:

1. Unload the ipf module:

/sbin/init.d/ipfboot stop

2. On HP-UX 11i v1 systems, use the following kmtune syntax to set the value of the tunable

parameter:

kmtune -s parameter_name=value

For example:

kmtune -s fr_tcpidletimeout=10800 (3 hours)

On HP-UX 11i v2 systems, use the following kctune syntax to set the value of the tunable

parameter:

kctune -s parameter_name=value

For example:

kctune -s fr_statemax=6000

3. Configure the module for the new value using the following commands:

cd /stand/ipf

config -M ipf -u

4. Reload the ipf module:

/sbin/init.d/ipfboot start

140 HP-UX IPFilter Kernel Tunable Parameters