Connection Tracking Engine Options 218 Size of connection tracking expect table u32:1-50000000 Number of entries allowed in connection tracking expect table 2048 Hash size for connection tracking table u32:1-50000000 Size of hash to use for connection tracking table 32768 Customized rules to ignore selective connection tracking Rule number u32:1-999999 Number of conntrack ignore rule Ignore rule number must be between 1 and 999999 #include Destination parameters #include #include Interface to ignore connections tracking on any #include Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Source parameters #include #include Log connection tracking events per protocol Log connection tracking events for ICMP #include Log connection tracking events for all protocols other than TCP, UDP and ICMP #include Log connection tracking events for TCP #include Log connection tracking events for UDP #include Connection tracking modules FTP connection tracking H.323 connection tracking NFS connection tracking PPTP connection tracking SIP connection tracking SQLnet connection tracking TFTP connection tracking Size of connection tracking table u32:1-50000000 Number of entries allowed in connection tracking table 262144 TCP options Maximum number of TCP half-open connections u32:1-2147483647 Generic connection timeout in seconds 512 Policy to track previously established connections enable disable enable Allow tracking of previously established connections disable Do not allow tracking of previously established connections ^(enable|disable)$ enable TCP maximum retransmit attempts u32:1-2147483647 Generic connection timeout in seconds 3 Connection timeout options Define custom timeouts per connection Rule number u32:1-999999 Number of conntrack rule Ignore rule number must be between 1 and 999999 #include Destination parameters #include #include Interface to ignore connections tracking on any #include Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Source parameters #include #include ICMP timeout in seconds u32:1-21474836 ICMP timeout in seconds 30 Generic connection timeout in seconds u32:1-21474836 Generic connection timeout in seconds 600 TCP connection timeout options TCP CLOSE-WAIT timeout in seconds u32:1-21474836 TCP CLOSE-WAIT timeout in seconds 60 TCP CLOSE timeout in seconds u32:1-21474836 TCP CLOSE timeout in seconds 10 TCP ESTABLISHED timeout in seconds u32:1-21474836 TCP ESTABLISHED timeout in seconds 432000 TCP FIN-WAIT timeout in seconds u32:1-21474836 TCP FIN-WAIT timeout in seconds 120 TCP LAST-ACK timeout in seconds u32:1-21474836 TCP LAST-ACK timeout in seconds 30 TCP SYN-RECEIVED timeout in seconds u32:1-21474836 TCP SYN-RECEIVED timeout in seconds 60 TCP SYN-SENT timeout in seconds u32:1-21474836 TCP SYN-SENT timeout in seconds 120 TCP TIME-WAIT timeout in seconds u32:1-21474836 TCP TIME-WAIT timeout in seconds 120 UDP timeout options UDP generic timeout in seconds u32:1-21474836 UDP generic timeout in seconds 30 UDP stream timeout in seconds u32:1-21474836 UDP stream timeout in seconds 180