#
# Helper settings
#

Helper {
	# Before this, you have to make sure you have registered the `ftp'
	# user-space helper stub via:
	#
	# nfct add helper ftp inet tcp
	#
	Type ftp inet tcp {
		#
		# Set NFQUEUE number you want to use to receive traffic from
		# the kernel.
		#
		QueueNum 0

		#
		# Maximum number of packets waiting in the queue to receive
		# a verdict from user-space. Default is 1024.
		#
		# Rise value if you hit the following error message:
		# "nf_queue: full at X entries, dropping packets(s)"
		#
		QueueLen 10240

		#
		# Set the Expectation policy for this helper.  This section
		# is optional; if left unspecified, the defaults from the
		# ctd_helper struct will be used.
		#
		Policy ftp {
			#
			# Maximum number of simultaneous expectations
			#
			ExpectMax 1
			#
			# Maximum living time for one expectation (in seconds).
			#
			ExpectTimeout 300
		}
	}
	Type rpc inet tcp {
		QueueNum 1
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type rpc inet udp {
		QueueNum 2
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type tns inet tcp {
		QueueNum 3
		QueueLen 10240
		Policy tns {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type dhcpv6 inet6 udp {
		QueueNum 4
		QueueLen 10240
		Policy dhcpv6 {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type mdns inet udp {
		QueueNum 6
		QueueLen 10240
		Policy mdns {
			ExpectMax 8
			ExpectTimeout 30
		}
	}
	Type ssdp inet udp {
		QueueNum 5
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
	Type ssdp inet tcp {
		QueueNum 5
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
}

#
# General settings
#
General {
	#
	# Logfile: on (/var/log/conntrackd.log), off, or a filename
	# Default: off
	#
	LogFile on

	#
	# Syslog: on, off or a facility name (daemon (default) or local0..7)
	# Default: off
	#
	#Syslog on

	#
	# Lockfile
	#
	LockFile /var/lock/conntrack.lock

	#
	# Unix socket configuration
	#
	UNIX {
		Path /var/run/conntrackd.ctl
	}
}