System Administration Guide: IP Services

Displaying Statistics and Information for Solaris IP Filter

Table 25–4 Displaying Solaris IP Filter Statistics and Information (Task Map)

Task 

Description 

For Instructions 

View state tables. 

View state tables to obtain information about packet filtering using the ipfstat command.

How to View State Tables for Solaris IP Filter

View state statistics. 

View statistics on packet state information using the ipfstat -s command.

How to View State Statistics for Solaris IP Filter

View NAT statistics. 

View NAT statistics using the ipnat -s command.

How to View NAT Statistics for Solaris IP Filter

View address pool statistics. 

View address pool statistics using the ippool -s command.

How to View Address Pool Statistics for Solaris IP Filter

ProcedureHow to View State Tables for Solaris IP Filter

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View the state table.


    # ipfstat
    

    Note –

    You can use the -t option to view the state table in the top utility format.



Example 25–16 Viewing State Tables for Solaris IP Filter

The following example shows how to view a state table.


# ipfstat
bad packets:            in 0    out 0
 input packets:         blocked 160 passed 11 nomatch 1 counted 0 short 0
output packets:         blocked 0 passed 13681 nomatch 6844 counted 0 short 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  152     (out):  6837
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      14341469
Packet log flags set: (0)
        none

ProcedureHow to View State Statistics for Solaris IP Filter

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View the state statistics.


    # ipfstat -s
    

Example 25–17 Viewing State Statistics for Solaris IP Filter

The following example shows how to view state statistics.


# ipfstat -s
IP states added:
        0 TCP
        0 UDP
        0 ICMP
        0 hits
        0 misses
        0 maximum
        0 no memory
        0 max bucket
        0 active
        0 expired
        0 closed
State logging enabled

State table bucket statistics:
        0 in use        
        0.00% bucket usage
        0 minimal length
        0 maximal length
        0.000 average length

ProcedureHow to View NAT Statistics for Solaris IP Filter

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View NAT statistics.


    # ipnat -s
    

Example 25–18 Viewing NAT Statistics for Solaris IP Filter

The following example shows how to view NAT statistics.


# ipnat -s
mapped  in      0       out     0
added   0       expired 0
no memory       0       bad nat 0
inuse   0
rules   1
wilds   0

ProcedureHow to View Address Pool Statistics for Solaris IP Filter

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View address pool statistics.


    # ippool -s
    

Example 25–19 Viewing Address Pool Statistics for Solaris IP Filter

The following example shows how to view address pool statistics.


# ippool -s
Pools:  3
Hash Tables:    0
Nodes:  0