merged upstream conntrackd.conf changes

1 files changed, 89 insertions, 0 deletions

diff --git a/debian/conntrackd.conf b/debian/conntrackd.conf
new file mode 100644
index 0000000..d059249
--- /dev/null
+++ b/debian/conntrackd.conf
@@ -0,0 +1,89 @@
+#
+# General settings
+#
+General {
+	#
+	# Number of buckets in the caches: hash table
+	#
+	HashSize 8192
+
+	#
+	# Maximum number of conntracks: 
+	# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+	#
+	HashLimit 65535
+
+	#
+	# Logfile: on, off, or a filename
+	# Default: on (/var/log/conntrackd.log)
+	#
+	LogFile /var/log/conntrackd.log
+
+	#
+	# Syslog: on, off or a facility name (daemon (default) or local0..7)
+	# Default: off
+	#
+	#Syslog off
+
+	#
+	# Lockfile
+	# 
+	LockFile /var/lock/conntrackd.lock
+
+	#
+	# Unix socket configuration
+	#
+	UNIX {
+		Path /tmp/sync.sock
+		Backlog 20
+	}
+
+	#
+	# Netlink socket buffer size
+	#
+	SocketBufferSize 262142
+
+	#
+	# Increase the socket buffer up to maximun if required
+	#
+	SocketBufferSizeMaxGrown 655355
+}
+
+Stats {
+	#
+	# If you enable this option, the daemon writes the information about
+	# destroyed connections to a logfile. Default is off.
+	# Logfile: on, off, or a filename
+	# Default file: (/var/log/conntrackd-stats.log)
+	#
+	LogFile on
+
+	#
+	# Enable connection logging via Syslog. Default is off.
+	# Syslog: on, off or a facility name (daemon (default) or local0..7)
+	# If you set the facility, use the same as in the General clause, 
+	# otherwise you'll get a warning message.
+	#
+	#Syslog on
+}
+
+#
+# Ignore traffic for a certain set of IP's: Usually
+# all the IP assigned to the firewall since local
+# traffic must be ignored, just forwarded connections
+# are worth to replicate
+#
+IgnoreTrafficFor {
+	IPv4_address 127.0.0.1 # loopback
+}
+
+#
+# Do not replicate certain protocol traffic 
+#
+IgnoreProtocol {
+	UDP
+#	ICMP
+#	IGMP
+#	VRRP
+	# numeric numbers also valid
+}