# autogenerated by conntrack_sync.py

# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }}
    }
{% for iface, iface_config in interface.items() %}
{%   if iface_config.peer is defined and iface_config.peer is not none %}
    UDP {
{%     if listen_address is defined and listen_address is not none %}
        IPv4_address {{ listen_address }}
{%     endif %}
        IPv4_Destination_Address {{ iface_config.peer }}
        Port {{ iface_config.port if iface_config.port is defined else '3780' }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%   else %}
    Multicast {
{%     set ip_address = iface | get_ipv4 %}
        IPv4_address {{ mcast_group }}
        Group {{ iface_config.port if iface_config.port is defined else '3780' }}
        IPv4_interface {{ ip_address[0] | ip_from_cidr }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%   endif %}
{% endfor %}
{% if expect_sync is defined and expect_sync is not none %}
    Options {
{%   if 'all' in expect_sync %}
        ExpectationSync on
{%   else %}
        ExpectationSync {
{%     for protocol in expect_sync %}
            {{ protocol }}
{%     endfor %}
        }
{%   endif %}
    }
{% endif %}
}
Helper {
    Type rpc inet tcp {
        QueueNum 3
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type rpc inet udp {
        QueueNum 4
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type tns inet tcp {
        QueueNum 5
        Policy tns {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
}

# General settings
General {
    HashSize {{ hash_size }}
    HashLimit {{ table_size | int *2 }}
    LogFile off
    Syslog on
    LockFile /var/lock/conntrack.lock
    UNIX {
        Path /var/run/conntrackd.ctl
    }
    NetlinkBufferSize {{ 2 *1024 *1024 }}
    NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
    NetlinkOverrunResync off
    NetlinkEventsReliable on
{% if ignore_address is defined or accept_protocol is defined %}
    Filter From Userspace {
{%   if ignore_address is defined and ignore_address is not none %}
        Address Ignore {
{%     for address in ignore_address if address | is_ipv4 %}
            IPv4_address {{ address }}
{%     endfor %}
{%     for address in ignore_address if address | is_ipv6 %}
            IPv6_address {{ address }}
{%     endfor %}
        }
{%   endif %}
{%   if accept_protocol is defined and accept_protocol is not none %}
        Protocol Accept {
{%     for protocol in accept_protocol %}
{%       if protocol == 'icmp6' %}
            IPv6-ICMP
{%       else %}
            {{ protocol | upper }}
{%       endif %}
{%     endfor %}
        }
{%   endif %}
    }
{% endif %}
}