summaryrefslogtreecommitdiffstats
path: root/doc/sync/notrack
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 18:21:26 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 18:21:26 +0100
commit2aeebebf6d6a48d57023e3c7953ddd9088284f99 (patch)
tree366be6e05a7aae7dfd0cce4db17967313ee0aa93 /doc/sync/notrack
parent30ab4eae6a196102285fd649119fa2d9afe35a32 (diff)
doc: unset CommitTimeout by default
This patch disables CommitTimeout by default. The daemon now uses the approximate timeout calculation by default. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/sync/notrack')
-rw-r--r--doc/sync/notrack/conntrackd.conf14
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 1df79a1..39a5faa 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -4,11 +4,17 @@
Sync {
Mode NOTRACK {
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,