Here's a fragment of what I use on my AFS servers.
You really don't want to state-track your AFS stuff. You really
don't want ipfilter to have to keep track of all of that -- if your
cell is reasonably busy, those internal tables will get rather big.
I just pass in/out the frags -- you c
Is anyone using AFS (either client or server) on a solaris 10 system with
ipfilter running that can share their rule sets?
I am seeing large numbers of blocked fragmented packets, which is killing
the performance.
My ruleset looks something like this:
pass out all keep state keep frags
blo
