# autogenerated by conntrack_sync.py # Synchronizer settings Sync { Mode FTFW { DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }} StartupResync {{ 'on' if startup_resync is defined else 'off' }} } {% for iface, iface_config in interface.items() %} {% if loop.first %} {% if iface_config.peer is defined and iface_config.peer is not none %} UDP { {% if listen_address is defined and listen_address is not none %} {% for address in listen_address %} IPv4_address {{ address }} {% endfor %} {% endif %} IPv4_Destination_Address {{ iface_config.peer }} Port {{ iface_config.port if iface_config.port is defined else '3780' }} {% else %} {% set ip_address = iface | get_ipv4 %} Multicast { IPv4_address {{ mcast_group }} Group {{ iface_config.port if iface_config.port is defined else '3780' }} IPv4_interface {{ ip_address[0] | ip_from_cidr }} {% endif %} Interface {{ iface }} {% endif %} {% endfor %} SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }} RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} Checksum on } {% if expect_sync is defined and expect_sync is not none %} Options { {% if 'all' in expect_sync %} ExpectationSync on {% else %} ExpectationSync { {% for protocol in expect_sync %} {{ protocol }} {% endfor %} } {% endif %} } {% endif %} } Helper { Type rpc inet tcp { QueueNum 3 Policy rpc { ExpectMax 1 ExpectTimeout 300 } } Type rpc inet udp { QueueNum 4 Policy rpc { ExpectMax 1 ExpectTimeout 300 } } Type tns inet tcp { QueueNum 5 Policy tns { ExpectMax 1 ExpectTimeout 300 } } } # General settings General { HashSize {{ hash_size }} HashLimit {{ table_size | int *2 }} LogFile off Syslog {{ 'off' if disable_syslog is defined else 'on' }} LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl } NetlinkBufferSize {{ 2 *1024 *1024 }} NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }} NetlinkOverrunResync off NetlinkEventsReliable on {% if ignore_address is defined or accept_protocol is defined %} Filter From Userspace { {% if ignore_address is defined and ignore_address is not none %} Address Ignore { {% for address in ignore_address if address | is_ipv4 %} IPv4_address {{ address }} {% endfor %} {% for address in ignore_address if address | is_ipv6 %} IPv6_address {{ address }} {% endfor %} } {% endif %} {% if accept_protocol is defined and accept_protocol is not none %} Protocol Accept { {% for protocol in accept_protocol %} {% if protocol == 'icmp6' %} IPv6-ICMP {% else %} {{ protocol | upper }} {% endif %} {% endfor %} } {% endif %} } {% endif %} }