| Skip Navigation Links | |
| Exit Print View | |
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Using Link Protection in Virtualized Environments
2. Tuning Your Network (Tasks)
3. Web Servers and the Secure Sockets Layer Protocol
4. IP Filter in Oracle Solaris (Overview)
How to Display IP Filter Service Defaults
How to Create IP Filter Configuration Files
How to Enable and Refresh IP Filter
How to Disable Packet Reassembly
How to Enable Loopback Filtering
How to Disable Packet Filtering
Working With IP Filter Rule Sets
Managing Packet Filtering Rule Sets for IP Filter
How to View the Active Packet Filtering Rule Set
How to View the Inactive Packet Filtering Rule Set
How to Activate a Different or Updated Packet Filtering Rule Set
How to Remove a Packet Filtering Rule Set
How to Append Rules to the Active Packet Filtering Rule Set
How to Append Rules to the Inactive Packet Filtering Rule Set
How to Switch Between Active and Inactive Packet Filtering Rule Sets
How to Remove an Inactive Packet Filtering Rule Set From the Kernel
Managing NAT Rules for IP Filter
How to View Active NAT Rules in IP Filter
How to Deactivate NAT Rules in IP Filter
How to Append Rules to the NAT Packet Filtering Rules
Managing Address Pools for IP Filter
How to View Active Address Pools
How to Append Rules to an Address Pool
Displaying Statistics and Information for IP Filter
How to View State Tables for IP Filter
How to View State Statistics for IP Filter
How to View IP Filter Tunable Parameters
Working With Log Files for IP Filter
How to Set Up a Log File for IP Filter
How to View IP Filter Log Files
How to Flush the Packet Log Buffer
How to Save Logged Packets to a File
IP Filter Configuration File Examples
6. IP Security Architecture (Overview)
8. IP Security Architecture (Reference)
9. Internet Key Exchange (Overview)
Table 5-3 Displaying IP Filter Statistics and Information (Task Map)
|
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
$ ipfstat
Note - You can use the -t option to view the state table in the UNIX top utility format.
Example 5-12 Viewing State Tables for IP Filter
The following example shows state table output.
$ ipfstat
bad packets: in 0 out 0
IPv6 packets: in 56286 out 63298
input packets: blocked 160 passed 11 nomatch 1 counted 0 short 0
output packets: blocked 0 passed 13681 nomatch 6844 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in):bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 152 (out): 6837
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 14341469
Packet log flags set: (0)
none
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
$ ipfstat -s
Example 5-13 Viewing State Statistics for IP Filter
The following example shows state statistics output.
$ ipfstat -s
IP states added:
0 TCP
0 UDP
0 ICMP
0 hits
0 misses
0 maximum
0 no memory
0 max bucket
0 active
0 expired
0 closed
State logging enabled
State table bucket statistics:
0 in use
0.00% bucket usage
0 minimal length
0 maximal length
0.000 average length
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
The following output is truncated.
$ ipf -T list fr_flags min 0 max 0xffffffff current 0 fr_active min 0 max 0 current 0 ... ipstate_logging min 0 max 0x1 current 1 ... fr_authq_ttl min 0x1 max 0x7fffffff current sz = 0 fr_enable_rcache min 0 max 0x1 current 0
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
$ ipnat -s
Example 5-14 Viewing NAT Statistics for IP Filter
The following example shows NAT statistics.
$ ipnat -s mapped in 0 out 0 added 0 expired 0 no memory 0 bad nat 0 inuse 0 rules 1 wilds 0
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
$ ippool -s
Example 5-15 Viewing Address Pool Statistics for IP Filter
The following example shows address pool statistics.
$ ippool -s Pools: 3 Hash Tables: 0 Nodes: 0
|