summaryrefslogtreecommitdiff
path: root/data/templates/conntrackd/conntrackd.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/conntrackd/conntrackd.conf.j2')
-rw-r--r--data/templates/conntrackd/conntrackd.conf.j2112
1 files changed, 112 insertions, 0 deletions
diff --git a/data/templates/conntrackd/conntrackd.conf.j2 b/data/templates/conntrackd/conntrackd.conf.j2
new file mode 100644
index 000000000..66024869d
--- /dev/null
+++ b/data/templates/conntrackd/conntrackd.conf.j2
@@ -0,0 +1,112 @@
+# autogenerated by conntrack_sync.py
+
+# Synchronizer settings
+Sync {
+ Mode FTFW {
+ DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
+ }
+{% for iface, iface_config in interface.items() %}
+{% if iface_config.peer is vyos_defined %}
+ UDP {
+{% if listen_address is vyos_defined %}
+ IPv4_address {{ listen_address }}
+{% endif %}
+ IPv4_Destination_Address {{ iface_config.peer }}
+ Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
+ Interface {{ iface }}
+ SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
+ RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
+ Checksum on
+ }
+{% else %}
+ Multicast {
+{% set ip_address = iface | get_ipv4 %}
+ IPv4_address {{ mcast_group }}
+ Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
+ IPv4_interface {{ ip_address[0] | ip_from_cidr }}
+ Interface {{ iface }}
+ SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
+ RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
+ Checksum on
+ }
+{% endif %}
+{% endfor %}
+{% if expect_sync is vyos_defined %}
+ Options {
+{% if 'all' in expect_sync %}
+ ExpectationSync on
+{% else %}
+ ExpectationSync {
+{% for protocol in expect_sync %}
+ {{ protocol }}
+{% endfor %}
+ }
+{% endif %}
+ }
+{% endif %}
+}
+Helper {
+ Type rpc inet tcp {
+ QueueNum 3
+ Policy rpc {
+ ExpectMax 1
+ ExpectTimeout 300
+ }
+ }
+ Type rpc inet udp {
+ QueueNum 4
+ Policy rpc {
+ ExpectMax 1
+ ExpectTimeout 300
+ }
+ }
+ Type tns inet tcp {
+ QueueNum 5
+ Policy tns {
+ ExpectMax 1
+ ExpectTimeout 300
+ }
+ }
+}
+
+# General settings
+General {
+ HashSize {{ hash_size }}
+ HashLimit {{ table_size | int *2 }}
+ LogFile off
+ Syslog on
+ LockFile /var/lock/conntrack.lock
+ UNIX {
+ Path /var/run/conntrackd.ctl
+ }
+ NetlinkBufferSize {{ 2 *1024 *1024 }}
+ NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
+ NetlinkOverrunResync off
+ NetlinkEventsReliable on
+{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
+ Filter From Userspace {
+{% if ignore_address is vyos_defined %}
+ Address Ignore {
+{% for address in ignore_address if address | is_ipv4 %}
+ IPv4_address {{ address }}
+{% endfor %}
+{% for address in ignore_address if address | is_ipv6 %}
+ IPv6_address {{ address }}
+{% endfor %}
+ }
+{% endif %}
+{% if accept_protocol is vyos_defined %}
+ Protocol Accept {
+{% for protocol in accept_protocol %}
+{% if protocol == 'icmp6' %}
+ IPv6-ICMP
+{% else %}
+ {{ protocol | upper }}
+{% endif %}
+{% endfor %}
+ }
+{% endif %}
+ }
+{% endif %}
+}
+