summaryrefslogtreecommitdiffstats
path: root/doc/helper/conntrackd.conf
blob: 6ffe00863c88090f90395187b3bdbd0f9ecf691d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

#
# Helper settings
#

Helper {
	# Before this, you have to make sure you have registered the `ftp'
	# user-space helper stub via:
	#
	# nfct add helper ftp inet tcp
	#
	Type ftp inet tcp {
		#
		# Set NFQUEUE number you want to use to receive traffic from
		# the kernel.
		#
		QueueNum 0

		#
		# Maximum number of packets waiting in the queue to receive
		# a verdict from user-space. Default is 1024.
		#
		# Rise value if you hit the following error message:
		# "nf_queue: full at X entries, dropping packets(s)"
		#
		QueueLen 10240

		#
		# Set the Expectation policy for this helper.  This section
		# is optional; if left unspecified, the defaults from the
		# ctd_helper struct will be used.
		#
		Policy ftp {
			#
			# Maximum number of simultaneous expectations
			#
			ExpectMax 1
			#
			# Maximum living time for one expectation (in seconds).
			#
			ExpectTimeout 300
		}
	}
	Type rpc inet tcp {
		QueueNum 1
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type rpc inet udp {
		QueueNum 2
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type tns inet tcp {
		QueueNum 3
		QueueLen 10240
		Policy tns {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type dhcpv6 inet6 udp {
		QueueNum 4
		QueueLen 10240
		Policy dhcpv6 {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type mdns inet udp {
		QueueNum 6
		QueueLen 10240
		Policy mdns {
			ExpectMax 8
			ExpectTimeout 30
		}
	}
	Type ssdp inet udp {
		QueueNum 5
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
	Type ssdp inet tcp {
		QueueNum 5
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
	Type slp inet udp {
		QueueNum 7
		QueueLen 10240
		Policy slp {
			ExpectMax 8
			ExpectTimeout 16
		}
	}
}

#
# General settings
#
General {
	#
	# Logfile: on (/var/log/conntrackd.log), off, or a filename
	# Default: off
	#
	LogFile on

	#
	# Syslog: on, off or a facility name (daemon (default) or local0..7)
	# Default: off
	#
	#Syslog on

	#
	# Lockfile
	#
	LockFile /var/lock/conntrack.lock

	#
	# Unix socket configuration
	#
	UNIX {
		Path /var/run/conntrackd.ctl
	}
}