summaryrefslogtreecommitdiffstats
path: root/doc/sync/ftfw/conntrackd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'doc/sync/ftfw/conntrackd.conf')
-rw-r--r--doc/sync/ftfw/conntrackd.conf11
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 6fec9a1..8f4d952 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -16,6 +16,17 @@ Sync {
#
CommitTimeout 180
+ #
+ # If the firewall replica goes from primary to backup,
+ # the conntrackd -t command is invoked in the script.
+ # This command resets the timers of the conntracks that
+ # live in the kernel to this new value. This is useful
+ # to purge the connection tracking table of zombie entries
+ # and avoid clashes with old entries if you trigger
+ # several consecutive hand-overs.
+ #
+ PurgeTimeout 15
+
# Set Acknowledgement window size
ACKWindowSize 20
}