From e73c82b6f80858113bcfe50facb701d2409f0d09 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Mon, 27 Oct 2008 13:29:03 +0000 Subject: updated sample configuration file --- debian/changelog | 1 + debian/conntrackd.conf | 60 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 37 insertions(+), 24 deletions(-) diff --git a/debian/changelog b/debian/changelog index 21cfaf0..7e84c04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ conntrack (1:0.9.8-1) UNRELEASED; urgency=low * new upstream release * moved conntrackd.conf to /etc/conntrackd/conntrackd.conf (Closes: #477679) + * updated sample configuration file * updated home page to http://people.netfilter.org/pablo/conntrack-tools/ -- Max Kellermann Mon, 27 Oct 2008 13:58:14 +0100 diff --git a/debian/conntrackd.conf b/debian/conntrackd.conf index 78b0494..6d76261 100644 --- a/debian/conntrackd.conf +++ b/debian/conntrackd.conf @@ -14,10 +14,10 @@ General { HashLimit 65535 # - # Logfile: on, off, or a filename - # Default: on (/var/log/conntrackd.log) + # Logfile: on (/var/log/conntrackd.log), off, or a filename + # Default: off # - LogFile off + #LogFile on # # Syslog: on, off or a facility name (daemon (default) or local0..7) @@ -47,6 +47,39 @@ General { # Increase the socket buffer up to maximun if required # SocketBufferSizeMaxGrown 655355 + + # + # Event filtering: This clause allows you to filter certain traffic, + # There are currently three filter-sets: Protocol, Address and + # State. The filter is attached to an action that can be: Accept or + # Ignore. Thus, you can define the event filtering policy of the + # filter-sets in positive or negative logic depending on your needs. + # + Filter { + # + # Accept only certain protocols: You may want to log the + # state of flows depending on their layer 4 protocol. + # + Protocol Accept { + TCP + } + + # + # Ignore traffic for a certain set of IP's. + # + Address Ignore { + IPv4_address 127.0.0.1 # loopback + } + + # + # Uncomment this line below if you want to filter by flow state. + # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, + # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. + # + # State Accept { + # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP + # } + } } Stats { @@ -66,24 +99,3 @@ Stats { # #Syslog on } - -# -# Ignore traffic for a certain set of IP's: Usually -# all the IP assigned to the firewall since local -# traffic must be ignored, just forwarded connections -# are worth to replicate -# -IgnoreTrafficFor { - IPv4_address 127.0.0.1 # loopback -} - -# -# Do not replicate certain protocol traffic -# -IgnoreProtocol { - UDP -# ICMP -# IGMP -# VRRP - # numeric numbers also valid -} -- cgit v1.2.3