'sysctl variable definitions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    sysctl variable definitions
From:       Steve Clark <sclark () netwolves ! com>
Date:       2012-01-26 15:49:48
Message-ID: 11208_1327593642_4F2178A9_11208_3232_1_4F21761C.9030503 () netwolves ! com
[Download RAW message or body]

Hi Darren,

Glad your back.

Is there any documentation that describes what the various sysctl setting do in
terms of effecting ipfilter. I have searched but have not been able to turn up
anything definitive.

fr_flags        min 0   max 0xffffffff  current 0
fr_active       min 0   max 0   current 0
fr_control_forwarding   min 0   max 0x1 current 0
fr_update_ipid  min 0   max 0x1 current 0
fr_chksrc       min 0   max 0x1 current 0
fr_minttl       min 0   max 0x1 current 4
fr_icmpminfragmtu       min 0   max 0x1 current 68
fr_pass min 0   max 0xffffffff  current 134217730
fr_tcpidletimeout       min 0x1 max 0x7fffffff  current 86400
fr_tcpclosewait min 0x1 max 0x7fffffff  current 480
fr_tcplastack   min 0x1 max 0x7fffffff  current 60
fr_tcptimeout   min 0x1 max 0x7fffffff  current 480
fr_tcpclosed    min 0x1 max 0x7fffffff  current 60
fr_tcphalfclosed        min 0x1 max 0x7fffffff  current 7200
fr_udptimeout   min 0x1 max 0x7fffffff  current 240
fr_udpacktimeout        min 0x1 max 0x7fffffff  current 24
fr_icmptimeout  min 0x1 max 0x7fffffff  current 120
fr_icmpacktimeout       min 0x1 max 0x7fffffff  current 12
fr_iptimeout    min 0x1 max 0x7fffffff  current 120
fr_statemax     min 0x1 max 0x7fffffff  current 10163
fr_statesize    min 0x1 max 0x7fffffff  current 14983
fr_state_lock   min 0   max 0x1 current 0
fr_state_maxbucket      min 0x1 max 0x7fffffff  current 28
fr_state_maxbucket_reset        min 0   max 0x1 current 1
ipstate_logging min 0   max 0x1 current 1
fr_nat_lock     min 0   max 0x1 current 0
ipf_nattable_sz min 0x1 max 0x7fffffff  current 16889
ipf_nattable_max        min 0x1 max 0x7fffffff  current 50000
ipf_natrules_sz min 0x1 max 0x7fffffff  current 509
ipf_rdrrules_sz min 0x1 max 0x7fffffff  current 509
ipf_hostmap_sz  min 0x1 max 0x7fffffff  current 8087
fr_nat_maxbucket        min 0x1 max 0x7fffffff  current 30
fr_nat_maxbucket_reset  min 0   max 0x1 current 1
nat_logging     min 0   max 0x1 current 1
fr_defnatage    min 0x1 max 0x7fffffff  current 1200
fr_defnatipage  min 0x1 max 0x7fffffff  current 120
fr_defnaticmpage        min 0x1 max 0x7fffffff  current 6
fr_nat_doflush  min 0   max 0x1 current 0
ipf_proxy_debug min 0   max 0xa current 0
ipfr_size       min 0x1 max 0x7fffffff  current 257
fr_ipfrttl      min 0x1 max 0x7fffffff  current 120
ipl_suppress    min 0   max 0x1 current 1
ipl_logmax      min 0   max 0x7fffffff  current 7
ipl_logall      min 0   max 0x1 current 0
ipl_logsize     min 0   max 0x80000     current 8192
ippr_ftp_debug  min 0   max 0xa current 0



-- 
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@netwolves.com
http://www.netwolves.com

[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    Hi Darren,<br>
    <br>
    Glad your back.<br>
    <br>
    Is there any documentation that describes what the various sysctl
    setting do in<br>
    terms of effecting ipfilter. I have searched but have not been able
    to turn up<br>
    anything definitive.<br>
    <br>
    fr_flags&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; max \
0xffffffff&nbsp; current 0<br>  fr_active&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min \
0&nbsp;&nbsp; max 0&nbsp;&nbsp; current 0<br>  fr_control_forwarding&nbsp;&nbsp; min \
0&nbsp;&nbsp; max 0x1 current 0<br>  fr_update_ipid&nbsp; min 0&nbsp;&nbsp; max 0x1 \
current 0<br>  fr_chksrc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; max \
0x1 current 0<br>  fr_minttl&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; \
max 0x1 current 4<br>  fr_icmpminfragmtu&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min \
0&nbsp;&nbsp; max 0x1 current 68<br>  fr_pass min 0&nbsp;&nbsp; max 0xffffffff&nbsp; \
current 134217730<br>  fr_tcpidletimeout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 \
max 0x7fffffff&nbsp; current 86400<br>  fr_tcpclosewait min 0x1 max 0x7fffffff&nbsp; \
current 480<br>  fr_tcplastack&nbsp;&nbsp; min 0x1 max 0x7fffffff&nbsp; current \
60<br>  fr_tcptimeout&nbsp;&nbsp; min 0x1 max 0x7fffffff&nbsp; current 480<br>
    fr_tcpclosed&nbsp;&nbsp;&nbsp; min 0x1 max 0x7fffffff&nbsp; current 60<br>
    fr_tcphalfclosed&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 7200<br>  fr_udptimeout&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 240<br>  \
fr_udpacktimeout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 24<br>  fr_icmptimeout&nbsp; min 0x1 max 0x7fffffff&nbsp; \
current 120<br>  fr_icmpacktimeout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 12<br>  fr_iptimeout&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 120<br>  fr_statemax&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 10163<br>  fr_statesize&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 14983<br>  fr_state_lock&nbsp;&nbsp; min 0&nbsp;&nbsp; max \
0x1 current 0<br>  fr_state_maxbucket&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 28<br>  \
fr_state_maxbucket_reset&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; \
max 0x1 current 1<br>  ipstate_logging min 0&nbsp;&nbsp; max 0x1 current 1<br>
    fr_nat_lock&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; max 0x1 current 0<br>
    ipf_nattable_sz min 0x1 max 0x7fffffff&nbsp; current 16889<br>
    ipf_nattable_max&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 50000<br>  ipf_natrules_sz min 0x1 max 0x7fffffff&nbsp; \
current 509<br>  ipf_rdrrules_sz min 0x1 max 0x7fffffff&nbsp; current 509<br>
    ipf_hostmap_sz&nbsp; min 0x1 max 0x7fffffff&nbsp; current 8087<br>
    fr_nat_maxbucket&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 30<br>  fr_nat_maxbucket_reset&nbsp; min 0&nbsp;&nbsp; max \
0x1 current 1<br>  nat_logging&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; max 0x1 \
current 1<br>  fr_defnatage&nbsp;&nbsp;&nbsp; min 0x1 max 0x7fffffff&nbsp; current \
1200<br>  fr_defnatipage&nbsp; min 0x1 max 0x7fffffff&nbsp; current 120<br>
    fr_defnaticmpage&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 6<br>  fr_nat_doflush&nbsp; min 0&nbsp;&nbsp; max 0x1 \
current 0<br>  ipf_proxy_debug min 0&nbsp;&nbsp; max 0xa current 0<br>
    ipfr_size&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max 0x7fffffff&nbsp; \
current 257<br>  fr_ipfrttl&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0x1 max \
0x7fffffff&nbsp; current 120<br>  ipl_suppress&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; \
max 0x1 current 1<br>  ipl_logmax&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min 0&nbsp;&nbsp; max \
0x7fffffff&nbsp; current 7<br>  ipl_logall&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; min \
0&nbsp;&nbsp; max 0x1 current 0<br>  ipl_logsize&nbsp;&nbsp;&nbsp;&nbsp; min \
0&nbsp;&nbsp; max 0x80000&nbsp;&nbsp;&nbsp;&nbsp; current 8192<br>  \
ippr_ftp_debug&nbsp; min 0&nbsp;&nbsp; max 0xa current 0<br>  <br>
    <br>
    <br>
    <div class="moz-signature">-- <br>
      Stephen&nbsp;Clark<br>
      <b>NetWolves</b><br>
      Director&nbsp;of&nbsp;Technology<br>
      Phone:&nbsp;813-579-3200<br>
      Fax:&nbsp;813-882-0209<br>
      Email:&nbsp;<a class="moz-txt-link-abbreviated" \
                href="mailto:steve.clark@netwolves.com">steve.clark@netwolves.com</a><br>
                
      <a class="moz-txt-link-freetext" \
href="http://www.netwolves.com">http://www.netwolves.com</a><br>  </div>
  </body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic