HP-UX IPFilter Version 15.01 Administrator's Guide

These limit entries are created through the default rule. See “keep limit: Limiting

Connections” (page 49) for detailed information on the different types of limit entries.

• The Rule column displays the rule number that caused the creation of this limit entry. This

information can in turn be used to get per-rule statistics using the ipfstat -r command.

• The third through sixth columns display IP-port pairs of the TCP connection.

• The Limit column displays the configured limit specified in the keep limit rule.

• The Current column displays the number of fully established connections under that limit

entry. The figure in the parenthesis indicates the number of times the configured limit was

exceeded. For example, the first entry shows that, even though the IP address 15.10.40.10

currently has two active connections, it had exceeded the configured limit of 10 connections

twice. These numbers can serve as guide for adjusting and tuning the limit value for an IP

address or IP subnet.

The following is an example of the output information of the ipfstat -r group:rule option.

Limit Type Individual

Group:Rule Number @0:6

Configured Limit 7

Current connections 3

Limit Exceeded (#times) 33

TCP RSTs sent (#times) 33

In this example, rule number 6 created a limit entry of type Individual. The rule specifies a

connection limit of 7. There are three current connections using this rule. The limit has been

exceeded 33 times. The rule included the return-rst keyword, so IPFilter sent a TCP Reset

packet each time an attempt was made to exceed the configured limit.

If the rule is deleted or switched to the inactive set, @(del) is displayed in the Group:Rule

Number field.

78 Troubleshooting HP-UX IPFilter