summaryrefslogtreecommitdiffstats
path: root/doc/stats/conntrackd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'doc/stats/conntrackd.conf')
-rw-r--r--doc/stats/conntrackd.conf54
1 files changed, 33 insertions, 21 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 4bc5642..b63c2c3 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -47,6 +47,39 @@ General {
# Increase the socket buffer up to maximun if required
#
SocketBufferSizeMaxGrown 655355
+
+ #
+ # Event filtering: This clause allows you to filter certain traffic,
+ # There are currently three filter-sets: Protocol, Address and
+ # State. The filter is attached to an action that can be: Accept or
+ # Ignore. Thus, you can define the event filtering policy of the
+ # filter-sets in positive or negative logic depending on your needs.
+ #
+ Filter {
+ #
+ # Accept only certain protocols: You may want to log the
+ # state of flows depending on their layer 4 protocol.
+ #
+ Protocol Accept {
+ TCP
+ }
+
+ #
+ # Ignore traffic for a certain set of IP's.
+ #
+ Address Ignore {
+ IPv4_address 127.0.0.1 # loopback
+ }
+
+ #
+ # Uncomment this line below if you want to filter by flow state.
+ # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED,
+ # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN.
+ #
+ # State Accept {
+ # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
+ # }
+ }
}
Stats {
@@ -66,24 +99,3 @@ Stats {
#
#Syslog on
}
-
-#
-# Ignore traffic for a certain set of IP's: Usually
-# all the IP assigned to the firewall since local
-# traffic must be ignored, just forwarded connections
-# are worth to replicate
-#
-IgnoreTrafficFor {
- IPv4_address 127.0.0.1 # loopback
-}
-
-#
-# Do not replicate certain protocol traffic
-#
-IgnoreProtocol {
- UDP
-# ICMP
-# IGMP
-# VRRP
- # numeric numbers also valid
-}