summaryrefslogtreecommitdiff
path: root/daemon/examples/stats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-04-16 17:55:00 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-04-16 17:55:00 +0000
commitad31f852c3454136bdbfeb7f222cb9c175f13c1c (patch)
tree67bbd2dbec77205ccfd2c950b8cbeefe65f2c67e /daemon/examples/stats
parent13e6cab49dc2716c3e58eda12eed2fbab24be59b (diff)
downloadconntrack-tools-ad31f852c3454136bdbfeb7f222cb9c175f13c1c.tar.gz
conntrack-tools-ad31f852c3454136bdbfeb7f222cb9c175f13c1c.zip
initial import of the conntrack daemon to Netfilter SVN
Diffstat (limited to 'daemon/examples/stats')
-rw-r--r--daemon/examples/stats/Makefile.am1
-rw-r--r--daemon/examples/stats/conntrackd.conf69
2 files changed, 70 insertions, 0 deletions
diff --git a/daemon/examples/stats/Makefile.am b/daemon/examples/stats/Makefile.am
new file mode 100644
index 0000000..b43c3b8
--- /dev/null
+++ b/daemon/examples/stats/Makefile.am
@@ -0,0 +1 @@
+EXTRA_DIST = conntrackd.conf
diff --git a/daemon/examples/stats/conntrackd.conf b/daemon/examples/stats/conntrackd.conf
new file mode 100644
index 0000000..e514ac0
--- /dev/null
+++ b/daemon/examples/stats/conntrackd.conf
@@ -0,0 +1,69 @@
+#
+# General settings
+#
+General {
+ #
+ # Number of buckets in the caches: hash table
+ #
+ HashSize 8192
+
+ #
+ # Maximum number of conntracks:
+ # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+ #
+ HashLimit 65535
+
+ #
+ # Logfile
+ #
+ LogFile /var/log/conntrackd.log
+
+ #
+ # Lockfile
+ #
+ LockFile /var/lock/conntrack.lock
+
+ #
+ # Unix socket configuration
+ #
+ UNIX {
+ Path /tmp/sync.sock
+ Backlog 20
+ }
+
+ #
+ # Netlink socket buffer size
+ #
+ SocketBufferSize 262142
+
+ #
+ # Increase the socket buffer up to maximun if required
+ #
+ SocketBufferSizeMaxGrown 655355
+}
+
+#
+# Ignore traffic for a certain set of IP's: Usually
+# all the IP assigned to the firewall since local
+# traffic must be ignored, just forwarded connections
+# are worth to replicate
+#
+IgnoreTrafficFor {
+ IPv4_address 127.0.0.1 # loopback
+}
+
+#
+# Do not replicate certain protocol traffic
+#
+IgnoreProtocol {
+ UDP
+# ICMP
+# IGMP
+# VRRP
+ # numeric numbers also valid
+}
+
+#
+# Strip NAT traffic
+#
+StripNAT