Short of reading source, is there a practical guide for how to tune ipfilter
or how to use each of the configurable parameters?

Also, for higher utilization systems (ones with lots of state entries) would
pf be a better solution?  Or, put another way, if I have an infinite amount
of RAM and the kernel can have it, is there a practical point where using pf
would be better?

Thanks,

On 3/23/06 11:42 PM, "Darren Reed" <darrenr@NetBSD.org> wrote:

> Peter,
> 
> If you want to tune the table sizes and used by IPFilter,
> you can use the "-T" command line option for IPFilter.
> 
> If you do "ipf -T list", you'll be presented with a list
> of tunables, their current, minimum and maximum values.
> 
> Some of the values can only be changed with IPFilter is
> disabled (ipf -D).  If you want to make a setting permanent,
> you need to make it part of /etc/rc.d/ipfilter.
> 
> "Misses" are the packets that are received or sent by the system
> that do not match any state.
> 
> The important number in "ipfstat -s" output is "Maximum", you
> ideally want that to be 0, along with "max bucket".
> 
> Darren
>