summaryrefslogtreecommitdiffstats
path: root/doc/helper/conntrackd.conf
blob: efa318a36b2dc3a753f15c882dad34e81cd370a9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

#
# Helper settings
#

Helper {
	#
	# Set up the userspace helpers when the daemon is started. If unset,
	# you have manually set up the user-space helper stub, e.g.
	#
	# nfct add helper ftp inet tcp
	#
	# This new setting simplifies new deployment, so it is recommended to
	# turn it on. On existing deployments, make sure to remove the nfct
	# command invocation since it is not required anymore.
	#
	# Default: no (for backward compatibility reasons)
	# Recommended: yes
	#
	Setup yes

	Type ftp inet tcp {
		#
		# Set NFQUEUE number you want to use to receive traffic from
		# the kernel.
		#
		QueueNum 0

		#
		# Maximum number of packets waiting in the queue to receive
		# a verdict from user-space. Default is 1024.
		#
		# Rise value if you hit the following error message:
		# "nf_queue: full at X entries, dropping packets(s)"
		#
		QueueLen 10240

		#
		# Set the Expectation policy for this helper.  This section
		# is optional; if left unspecified, the defaults from the
		# ctd_helper struct will be used.
		#
		Policy ftp {
			#
			# Maximum number of simultaneous expectations
			#
			ExpectMax 1
			#
			# Maximum living time for one expectation (in seconds).
			#
			ExpectTimeout 300
		}
	}
	Type rpc inet tcp {
		QueueNum 1
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type rpc inet udp {
		QueueNum 2
		QueueLen 10240
		Policy rpc {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type tns inet tcp {
		QueueNum 3
		QueueLen 10240
		Policy tns {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type dhcpv6 inet6 udp {
		QueueNum 4
		QueueLen 10240
		Policy dhcpv6 {
			ExpectMax 1
			ExpectTimeout 300
		}
	}
	Type mdns inet udp {
		QueueNum 5
		QueueLen 10240
		Policy mdns {
			ExpectMax 8
			ExpectTimeout 30
		}
	}
	Type ssdp inet udp {
		QueueNum 6
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
	Type ssdp inet tcp {
		QueueNum 7
		QueueLen 10240
		Policy ssdp {
			ExpectMax 8
			ExpectTimeout 300
		}
	}
	Type slp inet udp {
		QueueNum 8
		QueueLen 10240
		Policy slp {
			ExpectMax 8
			ExpectTimeout 16
		}
	}
}

#
# General settings
#
General {
	#
	# Logfile: on (/var/log/conntrackd.log), off, or a filename
	# Default: off
	#
	LogFile on

	#
	# Syslog: on, off or a facility name (daemon (default) or local0..7)
	# Default: off
	#
	#Syslog on

	#
	# Lockfile
	#
	LockFile /var/lock/conntrack.lock

	#
	# Unix socket configuration
	#
	UNIX {
		Path /var/run/conntrackd.ctl
	}
}