9 files changed, 105 insertions, 0 deletions

diff --git a/templates-cfg/system/conntrack/timeout/tcp/close-wait/node.def b/templates-cfg/system/conntrack/timeout/tcp/close-wait/node.def
new file mode 100644
index 0000000..0491b68
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/close-wait/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP CLOSE-WAIT timeout in seconds
+
+default: 60
+
+val_help: u32:1-21474836; TCP CLOSE-WAIT timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_close_wait=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_close_wait=60
diff --git a/templates-cfg/system/conntrack/timeout/tcp/close/node.def b/templates-cfg/system/conntrack/timeout/tcp/close/node.def
new file mode 100644
index 0000000..38317d5
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/close/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP CLOSE timeout in seconds
+
+default: 10
+
+val_help: u32:1-21474836; TCP CLOSE timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_close=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_close=10
diff --git a/templates-cfg/system/conntrack/timeout/tcp/established/node.def b/templates-cfg/system/conntrack/timeout/tcp/established/node.def
new file mode 100644
index 0000000..9e47f1e
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/established/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP ESTABLISHED timeout in seconds
+
+default: 432000
+
+val_help: u32:1-21474836; TCP ESTABLISHED timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_established=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_established=432000
diff --git a/templates-cfg/system/conntrack/timeout/tcp/fin-wait/node.def b/templates-cfg/system/conntrack/timeout/tcp/fin-wait/node.def
new file mode 100644
index 0000000..985a6a4
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/fin-wait/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP FIN-WAIT timeout in seconds
+
+default: 120
+
+val_help: u32:1-21474836; TCP FIN-WAIT timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_fin_wait=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_fin_wait=120
diff --git a/templates-cfg/system/conntrack/timeout/tcp/last-ack/node.def b/templates-cfg/system/conntrack/timeout/tcp/last-ack/node.def
new file mode 100644
index 0000000..3e07fe4
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/last-ack/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP LAST-ACK timeout in seconds
+
+default: 30
+
+val_help: u32:1-21474836; TCP LAST-ACK timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_last_ack=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_last_ack=30
diff --git a/templates-cfg/system/conntrack/timeout/tcp/node.def b/templates-cfg/system/conntrack/timeout/tcp/node.def
new file mode 100644
index 0000000..2b67c51
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/node.def
@@ -0,0 +1 @@
+help: TCP connection timeout options
\ No newline at end of file
diff --git a/templates-cfg/system/conntrack/timeout/tcp/syn-recv/node.def b/templates-cfg/system/conntrack/timeout/tcp/syn-recv/node.def
new file mode 100644
index 0000000..50c5512
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/syn-recv/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP SYN-RECEIVED timeout in seconds
+
+default: 60
+
+val_help: u32:1-21474836; TCP SYN-RECEIVED timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_syn_recv=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_syn_recv=60
diff --git a/templates-cfg/system/conntrack/timeout/tcp/syn-sent/node.def b/templates-cfg/system/conntrack/timeout/tcp/syn-sent/node.def
new file mode 100644
index 0000000..5856ba7
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/syn-sent/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP SYN-SENT timeout in seconds
+
+default: 120
+
+val_help: u32:1-21474836; TCP SYN-SENT timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_syn_sent=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_syn_sent=120
diff --git a/templates-cfg/system/conntrack/timeout/tcp/time-wait/node.def b/templates-cfg/system/conntrack/timeout/tcp/time-wait/node.def
new file mode 100644
index 0000000..f6bd1c8
--- /dev/null
+++ b/templates-cfg/system/conntrack/timeout/tcp/time-wait/node.def
@@ -0,0 +1,13 @@
+type: u32
+
+help: TCP TIME-WAIT timeout in seconds
+
+default: 120
+
+val_help: u32:1-21474836; TCP TIME-WAIT timeout in seconds
+
+syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836"
+
+update: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_time_wait=$VAR(@)
+
+delete: sudo sysctl -q -w net/netfilter/nf_conntrack_tcp_timeout_time_wait=120