### autogenerated by service_conntrack-sync.py ###

# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
    }
{% for iface, iface_config in interface.items() %}
{%     if iface_config.peer is vyos_defined %}
    UDP {
{%         if listen_address is vyos_defined %}
{%             for address in listen_address %}
        IPv4_address {{ address }}
{%             endfor %}
{%         endif %}
        IPv4_Destination_Address {{ iface_config.peer }}
        Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%     else %}
    Multicast {
{%         set ip_address = iface | get_ipv4 %}
        IPv4_address {{ mcast_group }}
        Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
        IPv4_interface {{ ip_address[0] | ip_from_cidr }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%     endif %}
{% endfor %}
{% if expect_sync is vyos_defined %}
    Options {
{%     if 'all' in expect_sync %}
        ExpectationSync on
{%     else %}
        ExpectationSync {
{%         for protocol in expect_sync %}
            {{ protocol }}
{%         endfor %}
        }
{%     endif %}
    }
{% endif %}
}
Helper {
    Type rpc inet tcp {
        QueueNum 3
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type rpc inet udp {
        QueueNum 4
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type tns inet tcp {
        QueueNum 5
        Policy tns {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
}

# General settings
General {
    HashSize {{ hash_size }}
    HashLimit {{ table_size | int *2 }}
    LogFile off
    Syslog {{ 'off' if disable_syslog is vyos_defined else 'on' }}
    LockFile /var/lock/conntrack.lock
    UNIX {
        Path /var/run/conntrackd.ctl
    }
    NetlinkBufferSize {{ 2 *1024 *1024 }}
    NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
    NetlinkOverrunResync off
    NetlinkEventsReliable on
{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
    Filter From Userspace {
{%     if ignore_address is vyos_defined %}
        Address Ignore {
{%         for address in ignore_address if address | is_ipv4 %}
            IPv4_address {{ address }}
{%         endfor %}
{%         for address in ignore_address if address | is_ipv6 %}
            IPv6_address {{ address }}
{%         endfor %}
        }
{%     endif %}
{%     if accept_protocol is vyos_defined %}
        Protocol Accept {
{%         for protocol in accept_protocol %}
{%             if protocol == 'icmp6' %}
            IPv6-ICMP
{%             else %}
            {{ protocol | upper }}
{%             endif %}
{%         endfor %}
        }
{%     endif %}
    }
{% endif %}
}