diff options
Diffstat (limited to 'interface-definitions/service-conntrack-sync.xml.in')
-rw-r--r-- | interface-definitions/service-conntrack-sync.xml.in | 173 |
1 files changed, 0 insertions, 173 deletions
diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service-conntrack-sync.xml.in deleted file mode 100644 index 50a4bf62f..000000000 --- a/interface-definitions/service-conntrack-sync.xml.in +++ /dev/null @@ -1,173 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> - <properties> - <help>Connection tracking synchronization</help> - <!-- before VRRP / HA --> - <priority>799</priority> - </properties> - <children> - <leafNode name="accept-protocol"> - <properties> - <help>Protocols for which local conntrack entries will be synced</help> - <completionHelp> - <list>tcp udp icmp icmp6 sctp dccp</list> - </completionHelp> - <valueHelp> - <format>tcp</format> - <description>Sync Transmission Control Protocol entries</description> - </valueHelp> - <valueHelp> - <format>udp</format> - <description>Sync User Datagram Protocol entries</description> - </valueHelp> - <valueHelp> - <format>icmp</format> - <description>Sync Internet Control Message Protocol entries</description> - </valueHelp> - <valueHelp> - <format>icmp6</format> - <description>Sync IPv6 Internet Control Message Protocol entries</description> - </valueHelp> - <valueHelp> - <format>sctp</format> - <description>Sync Stream Control Transmission Protocol entries</description> - </valueHelp> - <valueHelp> - <format>dccp</format> - <description>Sync Datagram Congestion Control Protocol entries</description> - </valueHelp> - <constraint> - <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex> - </constraint> - <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <leafNode name="disable-external-cache"> - <properties> - <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="event-listen-queue-size"> - <properties> - <help>Queue size for local conntrack events</help> - <valueHelp> - <format>u32</format> - <description>Queue size in MB</description> - </valueHelp> - </properties> - <defaultValue>8</defaultValue> - </leafNode> - <leafNode name="expect-sync"> - <properties> - <help>Protocol for which expect entries need to be synchronized</help> - <completionHelp> - <list>all ftp sip h323 nfs sqlnet</list> - </completionHelp> - <constraint> - <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex> - </constraint> - <constraintErrorMessage>Invalid protocol</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <node name="failover-mechanism"> - <properties> - <help>Failover mechanism to use for conntrack-sync</help> - </properties> - <children> - <node name="vrrp"> - <properties> - <help>VRRP as failover-mechanism to use for conntrack-sync</help> - </properties> - <children> - <leafNode name="sync-group"> - <properties> - <help>VRRP sync group</help> - <completionHelp> - <path>high-availability vrrp sync-group</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - <leafNode name="ignore-address"> - <properties> - <help>IP addresses for which local conntrack entries will not be synced</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to ignore</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 prefix to ignore</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address to ignore</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 prefix to ignore</description> - </valueHelp> - <constraint> - <validator name="ipv4"/> - <validator name="ipv6"/> - </constraint> - <multi/> - </properties> - </leafNode> - <tagNode name="interface"> - <properties> - <help>Interface to use for syncing conntrack entries</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces --bridgeable</script> - </completionHelp> - </properties> - <children> - <leafNode name="peer"> - <properties> - <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help> - <valueHelp> - <format>ipv4</format> - <description>IP address to listen for incoming connections</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - #include <include/port-number.xml.i> - </children> - </tagNode> - #include <include/listen-address-ipv4.xml.i> - <leafNode name="mcast-group"> - <properties> - <help>Multicast group to use for syncing conntrack entries</help> - <constraint> - <validator name="ipv4-multicast"/> - </constraint> - </properties> - <defaultValue>225.0.0.50</defaultValue> - </leafNode> - <leafNode name="sync-queue-size"> - <properties> - <help>Queue size for syncing conntrack entries</help> - <valueHelp> - <format>u32</format> - <description>Queue size in MB</description> - </valueHelp> - </properties> - <defaultValue>1</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> |