Thanks Darren, I am trying to make this Firewall live.. How do I
clean up the orphans? ipf -FS -Fs does not clear them. I don't
understand why this on particular Firewall is so prone to this issue.
Do they eventually time out? if so then where is this timeout
controlled?
Thanks Darren for answering my silly questions..
we are making an IPFilter handy tips page and this stuff would all go
on there.
Thanks again,
--Wes
On Aug 20, 2006, at 6:40 AM, Darren Reed wrote:
..
IP states added:
268221 TCP
61708 UDP
46932 ICMP
25624447 hits
38323511 misses
0 maximum
0 no memory
874 bkts in use
1424 active
108617 expired
266820 closed
State logging enabled
268221+61708+46932
376861
108617+266820
375437
376861-375437
1424
Why is there a disparity in the number of states I can retrieve with
ipfstat and the statistics listed.
Because state table entries can become orphaned from the table.
Can someone explain what the 9/11 means? I see 0/7 on other packets
as well
Observed TCP state of the connection, 9/11 = closing.
Darren
