Subject: Re: IPFilter practical limits?
To: Darren Reed <>
From: Peter Eisch <>
List: tech-kern
Date: 03/27/2006 12:14:28
Short of reading source, is there a practical guide for how to tune ipfilter
or how to use each of the configurable parameters?

Also, for higher utilization systems (ones with lots of state entries) would
pf be a better solution?  Or, put another way, if I have an infinite amount
of RAM and the kernel can have it, is there a practical point where using pf
would be better?


On 3/23/06 11:42 PM, "Darren Reed" <> wrote:

> Peter,
> If you want to tune the table sizes and used by IPFilter,
> you can use the "-T" command line option for IPFilter.
> If you do "ipf -T list", you'll be presented with a list
> of tunables, their current, minimum and maximum values.
> Some of the values can only be changed with IPFilter is
> disabled (ipf -D).  If you want to make a setting permanent,
> you need to make it part of /etc/rc.d/ipfilter.
> "Misses" are the packets that are received or sent by the system
> that do not match any state.
> The important number in "ipfstat -s" output is "Maximum", you
> ideally want that to be 0, along with "max bucket".
> Darren