Move templates t templates-cfg to let op mode templates also exist.

1 files changed, 50 insertions, 0 deletions

diff --git a/templates-cfg/system/conntrack/tcp/loose/node.def b/templates-cfg/system/conntrack/tcp/loose/node.def
new file mode 100644
index 0000000..06706a2
--- /dev/null
+++ b/templates-cfg/system/conntrack/tcp/loose/node.def
@@ -0,0 +1,50 @@
+# 
+# This parameter directs the netfilter TCP connection tracking modules
+# (nf_conntrack, and others) to either allow or disallow the tracking
+# of TCP connections which are "previously established".  This
+# includes all cases where the three-way connection opening handshake
+# was not seen by this machine.  That includes the case the connection
+# was opened before this machine booted.  It also includes cases where
+# the packets comprising the three-way handshake were routed via some
+# other router.
+#
+# If this parameter is set to "enable", tracking such connections is
+# allowed.  If disabled, such tracking is disabled.
+# default value - 1
+
+type: txt
+
+help: Policy to track previously established connections
+
+val_help: enable; Allow tracking of previously established connections
+val_help: disable; Do not allow tracking of previously established connections
+
+default: "enable"
+
+syntax:expression: $VAR(@) in "enable", "disable"; "must be either enable or disable"
+
+update:
+	if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose ]; then
+	    sudo modprobe nf_conntrack_ipv4
+	fi
+	if [ "$VAR(@)" = "enable" ]; then
+	    sudo sysctl -q -w net/ipv4/netfilter/ip_conntrack_tcp_loose=1
+	elif [ "$VAR(@)" = "disable" ]; then
+	    sudo sysctl -q -w net/ipv4/netfilter/ip_conntrack_tcp_loose=0
+	else
+	    echo "Invalid parameter: $VAR(@)"
+	    exit 1
+	fi
+
+delete:
+	if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose ]; then
+	    sudo modprobe nf_conntrack_ipv4
+	fi
+	sudo sysctl -q -w net/ipv4/netfilter/ip_conntrack_tcp_loose=1
+
+
+
+
+
+
+