summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 17:53:14 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-01-25 17:53:14 +0100
commitcced587d766b9194b698a156d241766d5bad8a9d (patch)
treec9084ff763d29dd238a45e10db886f966ec5d7e4 /doc
parent50c09dec9ad0261d8fcc18d69b2c9ec74052955c (diff)
src: increase default PurgeTimeout value
This patch increases the default PurgeTimeout value to 60 seconds. The former 15 seconds provides good real-time reaction in terms of user-side expected behaviour, but it is too small if you trigger random failure in a firewall cluster. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/sync/alarm/conntrackd.conf11
-rw-r--r--doc/sync/ftfw/conntrackd.conf11
-rw-r--r--doc/sync/notrack/conntrackd.conf11
3 files changed, 15 insertions, 18 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 3479a83..db7d99e 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -27,13 +27,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds
#
- PurgeTimeout 15
+ # PurgeTimeout 60
}
#
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 4fd86d7..69572cf 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -24,13 +24,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds.
#
- PurgeTimeout 15
+ # PurgeTimeout 60
# Set the acknowledgement window size. If you decrease this
# value, the number of acknowlegdments increases. More
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 5abf589..1df79a1 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -13,13 +13,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds.
#
- PurgeTimeout 15
+ # PurgeTimeout 60
}
#