<?xml version="1.0"?> <interfaceDefinition> <node name="system"> <children> <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> <properties> <help>Connection Tracking Engine Options</help> <!-- Before NAT and conntrack-sync are configured --> <priority>218</priority> </properties> <children> <leafNode name="expect-table-size"> <properties> <help>Size of connection tracking expect table</help> <valueHelp> <format>u32:1-50000000</format> <description>Number of entries allowed in connection tracking expect table</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-50000000"/> </constraint> </properties> <defaultValue>2048</defaultValue> </leafNode> <leafNode name="hash-size"> <properties> <help>Hash size for connection tracking table</help> <valueHelp> <format>u32:1-50000000</format> <description>Size of hash to use for connection tracking table</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-50000000"/> </constraint> </properties> <defaultValue>32768</defaultValue> </leafNode> <node name="modules"> <properties> <help>Connection tracking modules</help> </properties> <children> <leafNode name="ftp"> <properties> <help>FTP connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="h323"> <properties> <help>H.323 connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="nfs"> <properties> <help>NFS connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="pptp"> <properties> <help>PPTP connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="sip"> <properties> <help>SIP connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="sqlnet"> <properties> <help>SQLnet connection tracking</help> <valueless/> </properties> </leafNode> <leafNode name="tftp"> <properties> <help>TFTP connection tracking</help> <valueless/> </properties> </leafNode> </children> </node> <leafNode name="table-size"> <properties> <help>Size of connection tracking table</help> <valueHelp> <format>u32:1-50000000</format> <description>Number of entries allowed in connection tracking table</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-50000000"/> </constraint> </properties> <defaultValue>262144</defaultValue> </leafNode> <node name="tcp"> <properties> <help>TCP options</help> </properties> <children> <leafNode name="half-open-connections"> <properties> <help>Maximum number of TCP half-open connections</help> <valueHelp> <format>u32:1-2147483647</format> <description>Generic connection timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-2147483647"/> </constraint> </properties> <defaultValue>512</defaultValue> </leafNode> <leafNode name="loose"> <properties> <help>Policy to track previously established connections</help> <completionHelp> <list>enable disable</list> </completionHelp> <valueHelp> <format>enable</format> <description>Allow tracking of previously established connections</description> </valueHelp> <valueHelp> <format>disable</format> <description>Do not allow tracking of previously established connections</description> </valueHelp> <constraint> <regex>^(enable|disable)$</regex> </constraint> </properties> <defaultValue>enable</defaultValue> </leafNode> <leafNode name="max-retrans"> <properties> <help>TCP maximum retransmit attempts</help> <valueHelp> <format>u32:1-2147483647</format> <description>Generic connection timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-2147483647"/> </constraint> </properties> <defaultValue>3</defaultValue> </leafNode> </children> </node> <node name="timeout"> <properties> <help>Connection timeout options</help> </properties> <children> <leafNode name="icmp"> <properties> <help>ICMP timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>ICMP timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>30</defaultValue> </leafNode> <leafNode name="other"> <properties> <help>Generic connection timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>Generic connection timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>600</defaultValue> </leafNode> <node name="tcp"> <properties> <help>TCP connection timeout options</help> </properties> <children> <leafNode name="close-wait"> <properties> <help>TCP CLOSE-WAIT timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP CLOSE-WAIT timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>60</defaultValue> </leafNode> <leafNode name="close"> <properties> <help>TCP CLOSE timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP CLOSE timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>10</defaultValue> </leafNode> <leafNode name="established"> <properties> <help>TCP ESTABLISHED timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP ESTABLISHED timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>432000</defaultValue> </leafNode> <leafNode name="fin-wait"> <properties> <help>TCP FIN-WAIT timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP FIN-WAIT timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>120</defaultValue> </leafNode> <leafNode name="last-ack"> <properties> <help>TCP LAST-ACK timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP LAST-ACK timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>30</defaultValue> </leafNode> <leafNode name="syn-recv"> <properties> <help>TCP SYN-RECEIVED timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP SYN-RECEIVED timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>60</defaultValue> </leafNode> <leafNode name="syn-sent"> <properties> <help>TCP SYN-SENT timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP SYN-SENT timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>120</defaultValue> </leafNode> <leafNode name="time-wait"> <properties> <help>TCP TIME-WAIT timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>TCP TIME-WAIT timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>120</defaultValue> </leafNode> </children> </node> <node name="udp"> <properties> <help>UDP timeout options</help> </properties> <children> <leafNode name="other"> <properties> <help>UDP generic timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>UDP generic timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>30</defaultValue> </leafNode> <leafNode name="stream"> <properties> <help>UDP stream timeout in seconds</help> <valueHelp> <format>u32:1-21474836</format> <description>UDP stream timeout in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-21474836"/> </constraint> </properties> <defaultValue>180</defaultValue> </leafNode> </children> </node> </children> </node> </children> </node> </children> </node> </interfaceDefinition>