HP-UX IPFilter Version 16 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

131

132

133

134

135

136

137

138

139

140

C HP-UX IPFilter Kernel Tunable Parameters

HP-UX IPFilter supports kernel tunable parameters that affect IPFilter behavior. This chapter

describes the parameters and how to configure them. This chapter contains the following sections:

• “Overview” (page 133)

• “fr_tcpidletimeout” (page 133)

• “fr_statemax” (page 134)

• “ipl_buffer_sz” (page 134)

• “ipl_suppress” (page 135)

• “ipl_logall” (page 135)

• “Configuring and Viewing Kernel Tunable Parameters” (page 135)

Overview

HP-UX IPFilter supports the following kernel tunable parameters:

Default ValueDescriptionName

86,400 secondsThe timeout period for TCP entries in the state table.

fr_tcpidletimeout

800,000 entriesSpecifies the maximum number of state table entries that

can be created.

fr_statemax

0If set to 0, IPFilter allows ICMPv6 Router Discovery and

Neighbor Discovery messages to bypass normal IPFilter

rule processing and always pass through the system.

ipf_icmp6_passthru

8192 bytes

Size of the IPFilter logging buffer for /dev/ipl.ipl_buffer_sz

1 (enabled)If enabled (set to 1), IPFilter does not write identical log

records separately, but counts them as Nx, where N is the

number of times the log record occurs.

ipl_suppress

0 (disabled)If enabled (set to 1), IPFilter includes the entire packet when

the log body keywords are specified in a rule. Otherwise,

it includes only the first 128 bytes.

ipl_logall

The following sections provide information about the remaining kernel tunable parameters and

how to use the kctune, kmtune, and ndd commands to configure these parameters.

fr_tcpidletimeout

The fr_tcpidletimeout is the timeout period for state table entries for TCP connections that

are established and idle. If the state table has an entry for an established TCP connection and no

packets match the state entry for that period, IPFilter deletes the entry.

Configuration UtilityDefault ValueRangeName

HP-UX 11i v1: kmtune

HP-UX 11i v2 and HP-UX 11i

v3: kctune

86,400 seconds (24

hours)

HP-UX 11i v1: 300 - 86,400

seconds

HP-UX 11i v2 and HP-UX 11i v3:

240 - 86,400 seconds

fr_tcpidletimeout

Overview 133