Re: ipfstat not clearing the state table - a similar problem?

This is a discussion on Re: ipfstat not clearing the state table - a similar problem? within the IPFilter forums, part of the System Security and Security Related category; ------=_Part_24848_1194878.1166502229682 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline You ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: ipfstat not clearing the state table - a similar problem?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-19-2006
Corey Johnston
 
Posts: n/a
Default Re: ipfstat not clearing the state table - a similar problem?
------=_Part_24848_1194878.1166502229682
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You little ripper..! It seems to work like a charm (so far).
Very good stuff - thank you.

States are being created, acknowledged as active, and then promptly
disappearing from the active count.
No mention of any orphan states in ipfstat -dsl

Plus, ipf -FS -Fs works and actually clears the states, as in version 3.

Only other problem I'm trying to sort - which probably isn't related - is
why internet-bound traffic is slow out this firewall..
But I suspect that might be more to do with Solaris TCP tuning than
IPFilter.

I'll let you know if I notice anything else odd.
It's pretty easy to compare because I've got the same ruleset (excluding
interface names) on NetBSD/IPF3.4 and Solaris10/IPF4.1.15.

Possibly when the dust settles this could be released as an official bugfix
for the vanilla IPFilter (4.0.2) on Solaris 10?

thanks for your hard work Darren

Corey.

------=_Part_24848_1194878.1166502229682
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div>You little ripper..! &nbsp;It seems to work like a charm (so far).<br>
<div>Very good stuff - thank you.</div></div>
<div><br>States are being created, acknowledged as active, and then promptly disappearing from the active count.</div>
<div>No mention of any orphan states in ipfstat -dsl</div>
<div>&nbsp;</div>
<div>Plus, ipf -FS -Fs works and actually clears the states, as in version 3.</div>
<div>&nbsp;</div>
<div>Only other problem I'm trying to sort - which probably isn't related - is why internet-bound traffic is slow out this firewall..</div>
<div>But I suspect that might be more to do with Solaris TCP tuning than IPFilter.</div>
<div>&nbsp;</div>
<div>I'll let you know if I notice anything else odd.</div>
<div>It's pretty easy to compare because I've got the same ruleset (excluding interface names) on NetBSD/IPF3.4 and Solaris10/IPF4.1.15.</div>
<div>&nbsp;</div>
<div>Possibly when the dust settles this could be released as an official bugfix for the vanilla IPFilter (4.0.2) on Solaris 10?</div>
<div>&nbsp;</div>
<div>thanks for your hard work Darren</div>
<div>&nbsp;</div>
<div>Corey.</div>

------=_Part_24848_1194878.1166502229682--
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:50 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0