diff options
| author | Alexander Wirt <formorer@debian.org> | 2013-05-18 21:48:14 +0200 |
|---|---|---|
| committer | Alexander Wirt <formorer@debian.org> | 2013-05-18 21:48:14 +0200 |
| commit | 484ed0908b6415ea847a4ba42dcb7dbebe81831d (patch) | |
| tree | 671e8b11fae025390feb87a678689ba8f4f4acee /doc/helper | |
| parent | 095df096593fa957706bff1a552b072ae079d7fb (diff) | |
| parent | 6b61aefbf3de71852386f5f26d60c10ef62407d3 (diff) | |
| download | conntrack-tools-484ed0908b6415ea847a4ba42dcb7dbebe81831d.tar.gz conntrack-tools-484ed0908b6415ea847a4ba42dcb7dbebe81831d.zip | |
Merge tag 'upstream/1.4.1'
Upstream version 1.4.1
Diffstat (limited to 'doc/helper')
| -rw-r--r-- | doc/helper/conntrackd.conf | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/doc/helper/conntrackd.conf b/doc/helper/conntrackd.conf new file mode 100644 index 0000000..56f5162 --- /dev/null +++ b/doc/helper/conntrackd.conf @@ -0,0 +1,116 @@ +# +# Helper settings +# + +Helper { + # Before this, you have to make sure you have registered the `ftp' + # user-space helper stub via: + # + # nfct helper add ftp inet tcp + # + Type ftp inet tcp { + # + # Set NFQUEUE number you want to use to receive traffic from + # the kernel. + # + QueueNum 0 + + # + # Maximum number of packets waiting in the queue to receive + # a verdict from user-space. Default is 1024. + # + # Rise value if you hit the following error message: + # "nf_queue: full at X entries, dropping packets(s)" + # + QueueLen 10240 + + # + # Set the Expectation policy for this helper. + # + Policy ftp { + # + # Maximum number of simultaneous expectations + # + ExpectMax 1 + # + # Maximum living time for one expectation (in seconds). + # + ExpectTimeout 300 + } + } + Type rpc inet tcp { + QueueNum 1 + QueueLen 10240 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type rpc inet udp { + QueueNum 2 + QueueLen 10240 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type tns inet tcp { + QueueNum 3 + QueueLen 10240 + Policy tns { + ExpectMax 1 + ExpectTimeout 300 + } + } +} + +# +# General settings +# +General { + # + # Set the nice value of the daemon, this value goes from -20 + # (most favorable scheduling) to 19 (least favorable). Using a + # very low value reduces the chances to lose state-change events. + # Default is 0 but this example file sets it to most favourable + # scheduling as this is generally a good idea. See man nice(1) for + # more information. + # + Nice -20 + + # + # Select a different scheduler for the daemon, you can select between + # RR and FIFO and the process priority (minimum is 0, maximum is 99). + # See man sched_setscheduler(2) for more information. Using a RT + # scheduler reduces the chances to overrun the Netlink buffer. + # + # Scheduler { + # Type FIFO + # Priority 99 + # } + + # + # Logfile: on (/var/log/conntrackd.log), off, or a filename + # Default: off + # + LogFile on + + # + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # Default: off + # + #Syslog on + + # + # Lockfile + # + LockFile /var/lock/conntrack.lock + + # + # Unix socket configuration + # + UNIX { + Path /var/run/conntrackd.ctl + Backlog 20 + } +} |