From 880a7fe854fd4ba436b44c439a99700202cf151d Mon Sep 17 00:00:00 2001 From: rebortg Date: Thu, 23 Jun 2022 22:03:06 +0200 Subject: conntrack-sync: add missing commands --- docs/configuration/service/conntrack-sync.rst | 65 ++++++++++++++++----------- 1 file changed, 39 insertions(+), 26 deletions(-) (limited to 'docs/configuration') diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index 935743e6..e2ca8599 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -37,53 +37,66 @@ Most examples below show Multicast, but unicast can be specified by using the Configuration ************* - .. cfgcmd:: set service conntrack-sync accept-protocol +.. cfgcmd:: set service conntrack-sync accept-protocol - Accept only certain protocols: You may want to replicate the state of flows - depending on their layer 4 protocol. + Accept only certain protocols: You may want to replicate the state of flows + depending on their layer 4 protocol. - Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. + Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. - .. cfgcmd:: set service conntrack-sync event-listen-queue-size +.. cfgcmd:: set service conntrack-sync event-listen-queue-size - The daemon doubles the size of the netlink event socket buffer size if it - detects netlink event message dropping. This clause sets the maximum buffer - size growth that can be reached. + The daemon doubles the size of the netlink event socket buffer size if it + detects netlink event message dropping. This clause sets the maximum buffer + size growth that can be reached. - Queue size for listening to local conntrack events in MB. + Queue size for listening to local conntrack events in MB. - .. cfgcmd:: set service conntrack-sync expect-sync +.. cfgcmd:: set service conntrack-sync expect-sync - Protocol for which expect entries need to be synchronized. + Protocol for which expect entries need to be synchronized. - .. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group +.. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group - Failover mechanism to use for conntrack-sync. + Failover mechanism to use for conntrack-sync. - Only VRRP is supported. Required option. + Only VRRP is supported. Required option. - .. cfgcmd:: set service conntrack-sync ignore-address +.. cfgcmd:: set service conntrack-sync ignore-address - IP addresses or networks for which local conntrack entries will not be synced + IP addresses or networks for which local conntrack entries will not be synced - .. cfgcmd:: set service conntrack-sync interface +.. cfgcmd:: set service conntrack-sync interface - Interface to use for syncing conntrack entries. + Interface to use for syncing conntrack entries. - .. cfgcmd:: set service conntrack-sync mcast-group +.. cfgcmd:: set service conntrack-sync interface port - Multicast group to use for syncing conntrack entries. + Port number used by connection. - Defaults to 225.0.0.50. +.. cfgcmd:: set service conntrack-sync listen-address - .. cfgcmd:: set service conntrack-sync interface peer
+ Local IPv4 addresses for service to listen on. - Peer to send unicast UDP conntrack sync entires to, if not using Multicast - configuration from above above. +.. cfgcmd:: set service conntrack-sync mcast-group - .. cfgcmd:: set service conntrack-sync sync-queue-size + Multicast group to use for syncing conntrack entries. - Queue size for syncing conntrack entries in MB. + Defaults to 225.0.0.50. + +.. cfgcmd:: set service conntrack-sync interface peer
+ + Peer to send unicast UDP conntrack sync entires to, if not using Multicast + configuration from above above. + +.. cfgcmd:: set service conntrack-sync sync-queue-size + + Queue size for syncing conntrack entries in MB. + +.. cfgcmd:: set service conntrack-sync disable-external-cache + + This diable the external cache and directly injects the flow-states into the + in-kernel Connection Tracking System of the backup firewall. ********* Operation -- cgit v1.2.3