Fix Bug 3951 default values for kernel tunable security parameters under firewall

author: Mohit Mehta <mohit.mehta@vyatta.com> 2009-02-19 19:08:03 -0800
committer: Mohit Mehta <mohit.mehta@vyatta.com> 2009-02-19 19:08:03 -0800
commit: 55863b16fdaa0337c4f1df00ef045f3b646b24b6 (patch)
tree: 9dc6da7b055c2f073cec0d61c29565caffe25a00 /templates/firewall/conntrack-table-size
parent: 3c18b9bf9a01575dd6cab370670382a1dd3a1fcf (diff)
download: vyatta-cfg-firewall-55863b16fdaa0337c4f1df00ef045f3b646b24b6.tar.gz
vyatta-cfg-firewall-55863b16fdaa0337c4f1df00ef045f3b646b24b6.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/templates/firewall/conntrack-table-size/node.def b/templates/firewall/conntrack-table-size/node.def
index bead82f..19d2b68 100644
--- a/templates/firewall/conntrack-table-size/node.def
+++ b/templates/firewall/conntrack-table-size/node.def
@@ -11,11 +11,16 @@
 # tracking table consumes kernel memory, so the size selected should
 # be no larger than necessary.
 #
+# default value when firewall is not set - 16384
+# default value when firewall is set - 32768
+#
 
 type: u32
 
 help: Set size of netfilter connection tracking table
 
+default: 32768
+
 comp_help:Possible completions:
   <1 - 50000000>\tNumber of entries allowed in connection tracking table
 
@@ -24,9 +29,6 @@ syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be betwee
 update:
 	sudo sh -c "echo $VAR(@) > \
     	 		/proc/sys/net/nf_conntrack_max"
-delete:
-	sudo sh -c "echo 32768 > \
-    	 		/proc/sys/net/nf_conntrack_max"
author	Mohit Mehta <mohit.mehta@vyatta.com>	2009-02-19 19:08:03 -0800
committer	Mohit Mehta <mohit.mehta@vyatta.com>	2009-02-19 19:08:03 -0800
commit	55863b16fdaa0337c4f1df00ef045f3b646b24b6 (patch)
tree	9dc6da7b055c2f073cec0d61c29565caffe25a00 /templates/firewall/conntrack-table-size
parent	3c18b9bf9a01575dd6cab370670382a1dd3a1fcf (diff)
download	vyatta-cfg-firewall-55863b16fdaa0337c4f1df00ef045f3b646b24b6.tar.gz vyatta-cfg-firewall-55863b16fdaa0337c4f1df00ef045f3b646b24b6.zip