[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: ipfstat not clearing the state table
From:       Wes Zuber <wes () uia ! net>
Date:       2006-08-15 19:14:54
Message-ID: 587BECCA-CFE3-4879-9B7E-DFF858EA996C () uia ! net
[Download RAW message or body]

Hi there,

Not sure if I understand this right but I see this:

ipfstat -sl | grep ttl | wc
      672    2773   10561


When ipfstat -s is:

IP states added:
         29109 TCP
         11949 UDP
         13077 ICMP
         5496883 hits
         14496654 misses
         0 maximum
         0 no memory
         955 bkts in use
         1002 active
         25011 expired
         28122 closed

Shouldn't ipfstat -sl show about 1002 states?

Thanks,

--Wes

On Aug 14, 2006, at 12:03 PM, Darren Reed wrote:

>> Hi there,
>>
>> running FreeBSD 6.1 stable with:
>>
>> ipf: IP Filter: v4.1.13 (416)
>> Kernel: IP Filter: v4.1.13
>> Running: yes
>> Log Flags: 0x20000000 = block
>> Default: block all, Logging: available
>> Active list: 1
>> Feature mask: 0xa
>>
> ..
>> If we run ipfstat -FS it only clears a few states.. If I run  
>> ipfstat -
>> sl we only see a fraction of the states.
>>
>>
>> On previous versions ipfstat -FS always knocked the state table to
>> zero then it started building again.
>
> I think you mean "ipf -FS".  Try "ipf -FS -Fs".
>
> Darren
>
>

[prev in list] [next in list] [prev in thread] [next in thread]