HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter Utilities
The ipfstat Utility
Chapter 592
S—IP subnet
C—Cumulative
U—Unknown IP
These limit entries are created through the default rule. See “DCA
Keywords” on page 47 for detailed information on the different types
of limit entries.
• The Rule column displays the rule number that caused the creation
of this limit entry. This information can in turn be used to get
per-rule statistics using the ipfstat -r command.
• The third through sixth columns display IP-port pairs of the TCP
connection.
• The Limit column displays the configured limit specified in the keep
limit rule.
• The Current column displays the number of fully established
connections under that limit entry. The figure in the parenthesis
indicates the number of times the configured limit was exceeded. For
example, the first entry shows that, even though the IP address
15.10.40.10 currently has two active connections, it had exceeded the
configured limit of 10 connections twice. These numbers can serve as
guide for adjusting and tuning the limit value for an IP address or IP
subnet.
The following is an example of the output information of the ipfstat
-r
<group:rule>
option.
Limit Type Individual
Group:Rule Number @0:6
Configured Limit 7
Current connections 3
Limit Exceeded (#times) 33
TCP RSTs sent (#times) 33
In this example, rule number 6 created a limit entry of type Individual.
The rule specifies a connection limit of 7. There are three current
connections using this rule. The limit has been exceeded 33 times.
return-rst was set, so a TCP reset was sent each time an attempt was
made to exceed the configured limit.
If the rule is deleted or switched to the inactive set, @(del) is displayed
in the Group:Rule Number field.