diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-25 18:21:26 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-25 18:21:26 +0100 |
commit | 2aeebebf6d6a48d57023e3c7953ddd9088284f99 (patch) | |
tree | 366be6e05a7aae7dfd0cce4db17967313ee0aa93 /doc/sync/notrack/conntrackd.conf | |
parent | 30ab4eae6a196102285fd649119fa2d9afe35a32 (diff) | |
download | conntrack-tools-2aeebebf6d6a48d57023e3c7953ddd9088284f99.tar.gz conntrack-tools-2aeebebf6d6a48d57023e3c7953ddd9088284f99.zip |
doc: unset CommitTimeout by default
This patch disables CommitTimeout by default. The daemon now uses
the approximate timeout calculation by default.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/sync/notrack/conntrackd.conf')
-rw-r--r-- | doc/sync/notrack/conntrackd.conf | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 1df79a1..39a5faa 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -4,11 +4,17 @@ Sync { Mode NOTRACK { # - # Entries committed to the connection tracking table - # starts with a limited timeout of N seconds until the - # takeover process is completed. + # This parameter allows you to set an initial fixed timeout + # for the committed entries when this node goes from backup + # to primary. This mechanism provides a way to purge entries + # that were not recovered appropriately after the specified + # fixed timeout. If you set a low value, TCP entries in + # Established states with no traffic may hang. For example, + # an SSH connection without KeepAlive enabled. If not set, + # the daemon uses an approximate timeout value calculation + # mechanism. By default, this option is not set. # - CommitTimeout 180 + # CommitTimeout 180 # # If the firewall replica goes from primary to backup, |