blob: a827b93461a62d86e8e933100eb5e18bd78d8fa6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#
# Helper settings
#
Helper {
# Before this, you have to make sure you have registered the `ftp'
# user-space helper stub via:
#
# nfct add helper ftp inet tcp
#
Type ftp inet tcp {
#
# Set NFQUEUE number you want to use to receive traffic from
# the kernel.
#
QueueNum 0
#
# Maximum number of packets waiting in the queue to receive
# a verdict from user-space. Default is 1024.
#
# Rise value if you hit the following error message:
# "nf_queue: full at X entries, dropping packets(s)"
#
QueueLen 10240
#
# Set the Expectation policy for this helper. This section
# is optional; if left unspecified, the defaults from the
# ctd_helper struct will be used.
#
Policy ftp {
#
# Maximum number of simultaneous expectations
#
ExpectMax 1
#
# Maximum living time for one expectation (in seconds).
#
ExpectTimeout 300
}
}
Type rpc inet tcp {
QueueNum 1
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type rpc inet udp {
QueueNum 2
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type tns inet tcp {
QueueNum 3
QueueLen 10240
Policy tns {
ExpectMax 1
ExpectTimeout 300
}
}
Type dhcpv6 inet6 udp {
QueueNum 4
QueueLen 10240
Policy dhcpv6 {
ExpectMax 1
ExpectTimeout 300
}
}
Type mdns inet udp {
QueueNum 6
QueueLen 10240
Policy mdns {
ExpectMax 8
ExpectTimeout 30
}
}
Type ssdp inet udp {
QueueNum 5
QueueLen 10240
Policy ssdp {
ExpectMax 1
ExpectTimeout 300
}
}
}
#
# General settings
#
General {
#
# Set the nice value of the daemon, this value goes from -20
# (most favorable scheduling) to 19 (least favorable). Using a
# very low value reduces the chances to lose state-change events.
# Default is 0 but this example file sets it to most favourable
# scheduling as this is generally a good idea. See man nice(1) for
# more information.
#
Nice -20
#
# Select a different scheduler for the daemon, you can select between
# RR and FIFO and the process priority (minimum is 0, maximum is 99).
# See man sched_setscheduler(2) for more information. Using a RT
# scheduler reduces the chances to overrun the Netlink buffer.
#
# Scheduler {
# Type FIFO
# Priority 99
# }
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
# Default: off
#
LogFile on
#
# Syslog: on, off or a facility name (daemon (default) or local0..7)
# Default: off
#
#Syslog on
#
# Lockfile
#
LockFile /var/lock/conntrack.lock
#
# Unix socket configuration
#
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
}
|
