diff options
Diffstat (limited to 'docs/configuration/service/conntrack-sync.rst')
-rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index a7cd7060..468b39d9 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -37,14 +37,14 @@ Most examples below show Multicast, but unicast can be specified by using the Configuration ************* - .. cfgcmd:: set service conntrack-sync accept-protocol +.. cfgcmd:: set service conntrack-sync accept-protocol Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol. Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. - .. cfgcmd:: set service conntrack-sync event-listen-queue-size <size> +.. cfgcmd:: set service conntrack-sync event-listen-queue-size <size> The daemon doubles the size of the netlink event socket buffer size if it detects netlink event message dropping. This clause sets the maximum buffer @@ -52,39 +52,52 @@ Configuration Queue size for listening to local conntrack events in MB. - .. cfgcmd:: set service conntrack-sync expect-sync <all|ftp|h323|nfs|sip|sqlnet> +.. cfgcmd:: set service conntrack-sync expect-sync <all|ftp|h323|nfs|sip|sqlnet> Protocol for which expect entries need to be synchronized. - .. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group <group> +.. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group <group> Failover mechanism to use for conntrack-sync. Only VRRP is supported. Required option. - .. cfgcmd:: set service conntrack-sync ignore-address <x.x.x.x> +.. cfgcmd:: set service conntrack-sync ignore-address <x.x.x.x> IP addresses or networks for which local conntrack entries will not be synced - .. cfgcmd:: set service conntrack-sync interface <name> +.. cfgcmd:: set service conntrack-sync interface <name> Interface to use for syncing conntrack entries. - .. cfgcmd:: set service conntrack-sync mcast-group <x.x.x.x> +.. cfgcmd:: set service conntrack-sync interface <name> port <port> + + Port number used by connection. + +.. cfgcmd:: set service conntrack-sync listen-address <ipv4address> + + Local IPv4 addresses for service to listen on. + +.. cfgcmd:: set service conntrack-sync mcast-group <x.x.x.x> Multicast group to use for syncing conntrack entries. Defaults to 225.0.0.50. - .. cfgcmd:: set service conntrack-sync interface <name> peer <address> +.. cfgcmd:: set service conntrack-sync interface <name> peer <address> Peer to send unicast UDP conntrack sync entires to, if not using Multicast configuration from above above. - .. cfgcmd:: set service conntrack-sync sync-queue-size <size> +.. cfgcmd:: set service conntrack-sync sync-queue-size <size> Queue size for syncing conntrack entries in MB. +.. cfgcmd:: set service conntrack-sync disable-external-cache + + This diable the external cache and directly injects the flow-states into the + in-kernel Connection Tracking System of the backup firewall. + ********* Operation ********* @@ -114,11 +127,11 @@ Operation conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept` -.. opcmd:: show conntrack-sync external-cache +.. opcmd:: show conntrack-sync cache external Show connection syncing external cache entries -.. opcmd:: show conntrack-sync internal-cache +.. opcmd:: show conntrack-sync cache internal Show connection syncing internal cache entries |