path: root/doc/sync/notrack
diff options
authorPablo Neira Ayuso <>2008-10-21 19:53:23 +0200
committerPablo Neira Ayuso <>2008-10-21 19:53:23 +0200
commit05c78bc9b5c198a3bd9211aabe467acbbb672b8b (patch)
treed8fdeef01a33a1347f3a0a06e26cdfa2277476ac /doc/sync/notrack
parent50162d3c19e38a491d95ec26767438ec25bab0dc (diff)
doc: remove example about CacheWriteTrough
This patch removes the documentation about the CacheWriteTrhough clause. This feature is scheduled for removal since the asynchronous nature of conntrackd does not allow multi-path routing support. I'm lying, actually there's a chance to support it, but we have to guarantee that the RTT in the message synchronization between the firewall is smaller than the RTT between the peer and the firewalls. Moreover, this option has made more bad than good since people enable it when things don't work. Making the whole troubleshooting more complicated. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'doc/sync/notrack')
1 files changed, 0 insertions, 9 deletions
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index b135814..446e981 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -89,15 +89,6 @@ Sync {
# achieve fault-tolerance. In case of doubt, do not modify this value.
Checksum on
- # If you have a multiprimary setup (active-active) without connection
- # persistency, ie. you can't know which firewall handles a packet
- # that is part of a connection, then you need direct commit of
- # conntrack entries to the kernel conntrack table. OSPF setups must
- # set on this option. If you have a simple primary-backup scenario.
- # Do not set it on. Default is off.
- #
- # CacheWriteThrough On