|
|
new ipfilter option is really cool!
13 March 2001
|
|
I was reading the ipfilter
mailing list today, when I read this
message which talked about an option on ipfstat which I had not seen before.
So I rushed off to man
ipfstat where I found this:
-t Show the state table in a way similar to they way
top(1) shows the process table. States can be
sorted using a number of different ways. This
options requires ncurses(3) and needs to be com-
piled in. It may not be available on all operating
systems. See below, for more information on the
I don't know about you, but my first thought was: way cool! I tried it out, but
failed. It wasn't compiled into ipfilter. That's when I did another
build world. Which meant I upgraded the build work script. Have a read of Build world on your fast box, install on your slow box.
I've added a few options and hopefully made it more useful. |
|
|
What's it look like?
|
When you type ipfstat -t, you should see something like this
(I've shrunk this slightly):
IP Filter: v3.4.16 - state top 22:38:03
Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes
Source IP Destination IP ST PR #pkts #bytes ttl
10.0.0.3,4378 154.11.89.164,6668 4/4 tcp 35310 3207948 119:59:57
10.0.0.3,4381 192.168.0.20,23 4/4 tcp 12610 1266318 119:59:59
10.0.5.5,1024 203.96.152.4,53 0/0 udp 14 1701 0:48
10.0.5.5,123 203.167.224.60,123 0/0 udp 4 304 0:44
194.25.0.125,53 10.0.5.5,53 0/0 udp 2 272 1:14
10.0.5.5,123 130.217.76.30,123 0/0 udp 2 152 0:57
This screen updates once per second. This can be interesting as you can see new
connections arise and drop. It's quite fascinating to watch. On the realistic
side, this can be a valuable tool in debugging your filtering rules. |
|
|
Compiling in ncurses support
14 March 2001
|
BSDaemon wrote in with this very useful information:
So long as you're running 3.4.x (ipf, some x version +) you most likely don't need to
make world, it's already there, just not compiled in, nor in the man pages. Check the
Makefile to be sure...
cd /usr/src/contrib/ipfilter
vi Makefile (uncomment three lines) :
STATETOP_CFLAGS=-DSTATETOP
STATETOP_INC=
STATETOP_LIB=-lncurses
mkdir netinet (if doesn't exist) otherwise won't compile and will just give
errors.
make freebsd4
make install-bsd
No reboot, no kernel recompile, and no make world - I myself alteast�didn't have to on
any of my FreeBSD boxes, seeing as I was already running 3.4.x.
If running 3.3.x on the other hand, I think that would probly require either to simply
download the latest ipf source, install, compile, etc.. But for anyone running stock 3.3.x
ipf in FreeBSD, then that's a sign that their FreeBSD box is probly running an older
-RELEASE or -STABLE version. So I'd recommend they follow more on CERT advistories not to
mention, following up on the freebsd-security mailing list and upgrade to latest -STABLE
if possible IMHO.
This worked for me on all my FreeBSD boxes, but may not for some.. OpenBSD on the other
hand was a whole different ball game, but working great on that too with some slight
modifications.
|
|
|
Compiling in ncurses support - even faster
28 March 2001
|
David Hill writes:
An easier way to add the "top" feature into ipfstat -t is to do this:
cd /usr/src/sbin/ipfstat
edit Makefile ; put in the 3 STATETOP_ lines
make clean
make depend
make
make install
|
|
|
Yet faster still
30 March 2001
|
Will Andrews writes:
Try this:
cd /usr/src/sbin/ipfstat
make clean
make depend
make -DSTATETOP -DSTATETOP_INC="" -DSTATETOP_LIB="-lncurses"
-DSTATETOP_CFLAGS="-DSTATETOP"
make install
|
|
