From 55863b16fdaa0337c4f1df00ef045f3b646b24b6 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Thu, 19 Feb 2009 19:08:03 -0800
Subject: Fix Bug 3951 default values for kernel tunable security parameters
 under firewall

---
 templates/firewall/conntrack-table-size/node.def | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'templates/firewall/conntrack-table-size')

diff --git a/templates/firewall/conntrack-table-size/node.def b/templates/firewall/conntrack-table-size/node.def
index bead82f..19d2b68 100644
--- a/templates/firewall/conntrack-table-size/node.def
+++ b/templates/firewall/conntrack-table-size/node.def
@@ -11,11 +11,16 @@
 # tracking table consumes kernel memory, so the size selected should
 # be no larger than necessary.
 #
+# default value when firewall is not set - 16384
+# default value when firewall is set - 32768
+#
 
 type: u32
 
 help: Set size of netfilter connection tracking table
 
+default: 32768
+
 comp_help:Possible completions:
   <1 - 50000000>\tNumber of entries allowed in connection tracking table
 
@@ -24,9 +29,6 @@ syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be betwee
 update:
 	sudo sh -c "echo $VAR(@) > \
     	 		/proc/sys/net/nf_conntrack_max"
-delete:
-	sudo sh -c "echo 32768 > \
-    	 		/proc/sys/net/nf_conntrack_max"
 
 
 
-- 
cgit v1.2.3