ipfstat examines /dev/kmem using the symbols _fr_flags, _frstats, _filterin, and _filterout. To run and work, it needs to be able to read both /dev/kmem and the kernel itself. The kernel name defaults to /kernel.
The default behaviour of ipfstat is to retrieve and display the accumulated statistics which have been accumulated over time as the kernel has put packets through the filter.
-a Display the accounting filter list and show bytes counted against each rule.
-A Display packet authentication statistics.
-d \0<device> Use a device other than /dev/ipl for interfacing with the kernel.
-f Show fragment state information (statistics) and held state information (in the kernel) if any is present.
-h Show per-rule the number of times each one scores a "hit". For use in combination with -i.
-i Display the filter list used for the input side of the kernel IP processing.
-I Swap between retrieving "inactive"/"active" filter list details. For use in combination with -i.
-n Show the "rule number" for each rule as it is printed.
-o Display the filter list used for the output side of the kernel IP processing.
-s Show packet/flow state information (statistics) and held state information (in the kernel) if any is present.
-v Turn verbose mode on. Displays more debugging information.
When supplied with either -i or -o, it will retrieve and display the appropriate list of filter rules currently installed and in use by the kernel.
/kernel