HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

141

142

143

144

145

146

147

148

149

150

C.8.2 Configuring Kernel Tunable Parameters on HP-UX 11i v1 and HP-UX 11i v2

On HP-UX 11i v1 and HP-UX 11i v2, use the ndd command to configure all HP-UX IPFilter

kernel tunable parameters, with the following exceptions:

• fr_statemax and fr_tcpidletimeout: Use the kmtune command to modify these

parameters.

• ipf_icmp6_passthru: On HP-UX 11i v2, use the kctune command to modify this

parameter, as described in “Controlling ICMPv6 Router Discovery and Neighbor Discovery

Messages” (page 107)

C.8.2.1 Configuring Kernel Tunable Parameters Using ndd

On HP-UX 11i v1 and HP-UX 11i v2 systems, use the ndd utility to configure and view the

following IPFilter kernel tunable parameters:

ipl_buffer_sz

ipl_suppress

ipl_logall

cur_iplbuf_sz (read only)

On HP-UX 11i v1, you can also use the ndd utility to configure and view the

ipf_icmp6_passthru parameter, as described in “Controlling ICMPv6 Router Discovery and

Neighbor Discovery Messages” (page 107).

NOTE: You cannot add the IPFilter ndd variables to the ndd configuration file read at system

startup time (/etc/rc.config.d/nddconf). When the system starts up, the IPFilter ndd

variables are reset to their default values.

The network device for the IPFilter parameters is /dev/pfil. Use the following syntax to

configure the value of an IPFilter ndd kernel tunable parameter:

ndd -set /dev/pfil parameter_name value

For example:

ndd -set /dev/pfil ipl_logall 1

Use the following syntax to query the value of a kernel tunable:

ndd -get /dev/pfil parameter_name

For example:

ndd -get /dev/pfil ipl_logall

C.8.2.2 Configuring fr_statemax and fr_tcpidletimeout Using kmtune or kctune

On HP-UX 11i v1 systems, use the kmtune utility to query and configure fr_statemax and

fr_tcpidletimeout values. On HP-UX 11i v2 systems, use the kctune utility to query and

query these values. For new values to take effect, you must unload, reconfigure, and reload the

ipf module as follows:

1. Unload the ipf module:

/sbin/init.d/ipfboot stop

2. On HP-UX 11i v1 systems, use the following kmtune syntax to set the value of the tunable

parameter:

kmtune -s parameter_name=value

For example:

kmtune -s fr_tcpidletimeout=10800 (3 hours)

On HP-UX 11i v2 systems, use the following kctune syntax to set the value of the tunable

parameter:

kctune -s parameter_name=value

For example:

146 HP-UX IPFilter Kernel Tunable Parameters