diff options
| author | Max Kellermann <max@duempel.org> | 2008-10-27 13:29:03 +0000 |
|---|---|---|
| committer | Max Kellermann <max@duempel.org> | 2008-10-27 13:29:03 +0000 |
| commit | e73c82b6f80858113bcfe50facb701d2409f0d09 (patch) | |
| tree | 718ecd737bcffcc49b91fc95ab3e112272fc18d0 | |
| parent | 4f5921b90c8afd28bcdb9f905fb1b127090f689b (diff) | |
| download | conntrack-tools-e73c82b6f80858113bcfe50facb701d2409f0d09.tar.gz conntrack-tools-e73c82b6f80858113bcfe50facb701d2409f0d09.zip | |
updated sample configuration file
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/conntrackd.conf | 60 |
2 files changed, 37 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog index 21cfaf0..7e84c04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ conntrack (1:0.9.8-1) UNRELEASED; urgency=low * new upstream release * moved conntrackd.conf to /etc/conntrackd/conntrackd.conf (Closes: #477679) + * updated sample configuration file * updated home page to http://people.netfilter.org/pablo/conntrack-tools/ -- Max Kellermann <max@duempel.org> Mon, 27 Oct 2008 13:58:14 +0100 diff --git a/debian/conntrackd.conf b/debian/conntrackd.conf index 78b0494..6d76261 100644 --- a/debian/conntrackd.conf +++ b/debian/conntrackd.conf @@ -14,10 +14,10 @@ General { HashLimit 65535 # - # Logfile: on, off, or a filename - # Default: on (/var/log/conntrackd.log) + # Logfile: on (/var/log/conntrackd.log), off, or a filename + # Default: off # - LogFile off + #LogFile on # # Syslog: on, off or a facility name (daemon (default) or local0..7) @@ -47,6 +47,39 @@ General { # Increase the socket buffer up to maximun if required # SocketBufferSizeMaxGrown 655355 + + # + # Event filtering: This clause allows you to filter certain traffic, + # There are currently three filter-sets: Protocol, Address and + # State. The filter is attached to an action that can be: Accept or + # Ignore. Thus, you can define the event filtering policy of the + # filter-sets in positive or negative logic depending on your needs. + # + Filter { + # + # Accept only certain protocols: You may want to log the + # state of flows depending on their layer 4 protocol. + # + Protocol Accept { + TCP + } + + # + # Ignore traffic for a certain set of IP's. + # + Address Ignore { + IPv4_address 127.0.0.1 # loopback + } + + # + # Uncomment this line below if you want to filter by flow state. + # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, + # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. + # + # State Accept { + # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP + # } + } } Stats { @@ -66,24 +99,3 @@ Stats { # #Syslog on } - -# -# Ignore traffic for a certain set of IP's: Usually -# all the IP assigned to the firewall since local -# traffic must be ignored, just forwarded connections -# are worth to replicate -# -IgnoreTrafficFor { - IPv4_address 127.0.0.1 # loopback -} - -# -# Do not replicate certain protocol traffic -# -IgnoreProtocol { - UDP -# ICMP -# IGMP -# VRRP - # numeric numbers also valid -} |