Remove conntrack-related templates from firewall

8 files changed, 0 insertions, 182 deletions

diff --git a/templates/firewall/conntrack-hash-size/node.def b/templates/firewall/conntrack-hash-size/node.def
deleted file mode 100644
index 16b7c6c..0000000
--- a/templates/firewall/conntrack-hash-size/node.def
+++ /dev/null
@@ -1,18 +0,0 @@
-help: Hash size for connection tracking table
-type: u32
-
-default: 4096
-
-val_help: u32:1-50000000; Size of hash to use for connection tracking table
-
-syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be between 1 and 50,000,000"
-
-update:
-        if ! grep -q "nf_conntrack hashsize=$VAR(@)$" /etc/modprobe.d/vyatta_nf_conntrack.conf
-        then
-          sudo sh -c "sed -i -e '/options nf_conntrack hashsize/d' \
-                /etc/modprobe.d/vyatta_nf_conntrack.conf"
-          sudo sh -c "echo options nf_conntrack hashsize=$VAR(@) >> \
-                /etc/modprobe.d/vyatta_nf_conntrack.conf"
-          echo "Updated conntrack hash size. This change will take affect when the system is rebooted."
-        fi
diff --git a/templates/firewall/conntrack-options/node.def b/templates/firewall/conntrack-options/node.def
deleted file mode 100644
index e596a1b..0000000
--- a/templates/firewall/conntrack-options/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Connection tracking options
diff --git a/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def b/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def
deleted file mode 100644
index c29389e..0000000
--- a/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Option to support for indirect media streams 
diff --git a/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def b/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def
deleted file mode 100644
index 82782ff..0000000
--- a/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Option to support for indirect signalling streams
diff --git a/templates/firewall/conntrack-options/sip/node.def b/templates/firewall/conntrack-options/sip/node.def
deleted file mode 100644
index afc15d6..0000000
--- a/templates/firewall/conntrack-options/sip/node.def
+++ /dev/null
@@ -1,60 +0,0 @@
-help: SIP conntrack options
-
-end: reload=0
-  sdm=2
-  if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_media ]; then
-    sdm=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_media)
-  fi
-  if [ -n "$VAR(./enable-indirect-media)" ]; then
-    indirectmedia='sip_direct_media=0'
-    if [ $sdm -ge 1 ]; then reload=1; fi
-  else
-    if [ $sdm -eq 0 ]; then reload=1; fi
-  fi
-
-  sds=2
-  if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling ]; then
-    sds=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling)
-  fi
-  if [ -n "$VAR(./enable-indirect-signalling)" ]; then
-    indirectsignalling='sip_direct_signalling=0'
-    if [ $sds -ge 1 ]; then reload=1; fi
-  else
-    if [ $sds -eq 0 ]; then reload=1; fi
-  fi
-
-  if [ -n "$VAR(./port/@@)" ]; then
-     numports=0
-     for port in $VAR(./port/@@); do
-     	 if [ -z "$portval" ]; then
-     	     portval=$port
-	 else
-	     portval="${portval},$port"
-	 fi
-	 (( numports++ ))
-     done
-     portopt="ports=$portval"
-     if [ $numports -gt 8 ]; then
-     	echo "Error: Can not specify more than 8 ports."
-	exit 1
-     fi
-     reload=1
-  fi
-
-  if [ -f /etc/modprobe.d/options ]; then
-    sudo sed -i '/nf_conntrack_sip/d' /etc/modprobe.d/options
-  fi
-
-  if [ -n "$indirectmedia" ] || [ -n "$indirectsignalling" ] || \
-      [ -n "$portopt" ]; then
-      sudo sh -c "echo \# Auto-generated by `whoami` at `date` > /etc/modprobe.d/vyatta_sip_options.conf"
-      sudo sh -c "echo options nf_conntrack_sip $indirectmedia $indirectsignalling $portopt >> /etc/modprobe.d/vyatta_sip_options.conf "
-  else
-      sudo rm -f /etc/modprobe.d/vyatta_sip_options.conf
-  fi
-
-  if [ $reload -eq 1 ]; then
-    sudo modprobe -r nf_nat_sip nf_conntrack_sip
-    sudo modprobe nf_conntrack_sip
-    sudo modprobe nf_nat_sip
-  fi
diff --git a/templates/firewall/conntrack-options/sip/port/node.def b/templates/firewall/conntrack-options/sip/port/node.def
deleted file mode 100644
index b72f1ca..0000000
--- a/templates/firewall/conntrack-options/sip/port/node.def
+++ /dev/null
@@ -1,8 +0,0 @@
-multi:
-type: u32
-
-help: Port number that SIP traffic is carried on
-
-val_help: u32:1-65535; SIP port number
-
-syntax:expression: ($VAR(@) >= 1 && $VAR(@) <=65535) ; "Port number must be in range 1 to 65535"
diff --git a/templates/firewall/conntrack-table-size/node.def b/templates/firewall/conntrack-table-size/node.def
deleted file mode 100644
index 310b995..0000000
--- a/templates/firewall/conntrack-table-size/node.def
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# Config template for: firewall conntrack-table-size
-# 
-# Sets the size of the TCP connection tracking table in the netfilter
-# nf_conntrack module, which is used by firewall and NAT.  The size of
-# this table determines how many TCP connections can be simultaneously
-# tracked.  If new connections arrive and the table is full, older
-# connections will be dropped out of the table.  System administrators
-# must set the connection tracking table size based on the number of
-# connections they expect their system to track.  The connection
-# tracking table consumes kernel memory, so the size selected should
-# be no larger than necessary.
-#
-# default value when firewall is not set - 16384
-# default value when firewall is set - 32768
-#
-
-type: u32
-
-help: Size of connection tracking table
-
-default: 32768
-
-val_help: u32:1-50000000; Number of entries allowed in connection tracking table
-
-syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be between 1 and 50,000,000"
-
-update:
-	sudo sh -c "echo $VAR(@) > \
-    	 		/proc/sys/net/nf_conntrack_max"
-  # need to restart conntrackd with updated conntrack table size
-  if cli-shell-api existsActive service conntrack-sync; then
-    sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable
-  fi
-
-
-
-
-
-
diff --git a/templates/firewall/conntrack-tcp-loose/node.def b/templates/firewall/conntrack-tcp-loose/node.def
deleted file mode 100644
index 86489b7..0000000
--- a/templates/firewall/conntrack-tcp-loose/node.def
+++ /dev/null
@@ -1,53 +0,0 @@
-# 
-# This parameter directs the netfilter TCP connection tracking modules
-# (nf_conntrack, and others) to either allow or disallow the tracking
-# of TCP connections which are "previously established".  This
-# includes all cases where the three-way connection opening handshake
-# was not seen by this machine.  That includes the case the connection
-# was opened before this machine booted.  It also includes cases where
-# the packets comprising the three-way handshake were routed via some
-# other router.
-#
-# If this parameter is set to "enable", tracking such connections is
-# allowed.  If disabled, such tracking is disabled.
-# default value - 1
-
-type: txt
-
-help: Policy to track previously established connections
-
-val_help: enable; Allow tracking of previously established connections
-val_help: disable; Do not allow tracking of previously established connections
-
-default: "enable"
-
-syntax:expression: $VAR(@) in "enable", "disable"; "must be either enable or disable"
-
-update:
-	if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose ]; then
-	    sudo modprobe nf_conntrack_ipv4
-	fi
-	if [ "$VAR(@)" = "enable" ]; then
-	    sudo sh -c "echo 1 > \
-    	 		/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose"
-	elif [ "$VAR(@)" = "disable" ]; then
-	    sudo sh -c "echo 0 > \
-			/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose"
-	else
-	    echo "Invalid parameter: $VAR(@)"
-	    exit 1
-	fi
-
-delete:
-	if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose ]; then
-	    sudo modprobe nf_conntrack_ipv4
-	fi
-	sudo sh -c "echo 1 > \
-			/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose"
-
-
-
-
-
-
-