From cced587d766b9194b698a156d241766d5bad8a9d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 25 Jan 2009 17:53:14 +0100
Subject: src: increase default PurgeTimeout value

This patch increases the default PurgeTimeout value to 60 seconds.
The former 15 seconds provides good real-time reaction in terms of
user-side expected behaviour, but it is too small if you trigger
random failure in a firewall cluster.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/sync/ftfw/conntrackd.conf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'doc/sync/ftfw')

diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 4fd86d7..69572cf 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -24,13 +24,12 @@ Sync {
 		#
 		# If the firewall replica goes from primary to backup,
 		# the conntrackd -t command is invoked in the script. 
-		# This command resets the timers of the conntracks that
-		# live in the kernel to this new value. This is useful
-		# to purge the connection tracking table of zombie entries
-		# and avoid clashes with old entries if you trigger 
-		# several consecutive hand-overs.
+		# This command schedules a flush of the table in N seconds.
+		# This is useful to purge the connection tracking table of
+		# zombie entries and avoid clashes with old entries if you
+		# trigger several consecutive hand-overs. Default is 60 seconds.
 		#
-		PurgeTimeout 15
+		# PurgeTimeout 60
 
 		# Set the acknowledgement window size. If you decrease this
 		# value, the number of acknowlegdments increases. More
-- 
cgit v1.2.3