From 2aeebebf6d6a48d57023e3c7953ddd9088284f99 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 25 Jan 2009 18:21:26 +0100
Subject: doc: unset CommitTimeout by default

This patch disables CommitTimeout by default. The daemon now uses
the approximate timeout calculation by default.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/sync/notrack/conntrackd.conf | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'doc/sync/notrack/conntrackd.conf')

diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 1df79a1..39a5faa 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -4,11 +4,17 @@
 Sync {
 	Mode NOTRACK {
 		#
-		# Entries committed to the connection tracking table 
-		# starts with a limited timeout of N seconds until the
-		# takeover process is completed.
+		# This parameter allows you to set an initial fixed timeout
+		# for the committed entries when this node goes from backup
+		# to primary. This mechanism provides a way to purge entries
+		# that were not recovered appropriately after the specified
+		# fixed timeout. If you set a low value, TCP entries in
+		# Established states with no traffic may hang. For example,
+		# an SSH connection without KeepAlive enabled. If not set,
+		# the daemon uses an approximate timeout value calculation
+		# mechanism. By default, this option is not set.
 		#
-		CommitTimeout 180
+		# CommitTimeout 180
 
 		#
 		# If the firewall replica goes from primary to backup,
-- 
cgit v1.2.3