Hi all,
I'm on a recently patched Solaris 10 U8 x86. Since a few weeks back (Dec
24th from the logs), every night, ipfilter starts dropping all packets.
Of course, perfectly valid rules that have been working for years allow
them, and there has been no change in them for months.
Unfortunately, the system is remote, so from my point of view, it just
drops off the network. However, I had someone locally check that it's
still running normally. The logs show the same.
I'm trying to check if there's not a shortage of state buckets, but I'm
a bit unsure here where to look.
I know those system tunables for S10:
set ipf:fr_statemax = 7000
set ipf:fr_statesize = 10009
set ipf:ipf_nattable_sz = 10009
However, where to check how much of those are actually used? ipfstat -s
and ipnat -s probably show them, but *which* value exactly matches those?
TIA,
Laurent
