blob: 8f56c8171dc93ea9907aaeebda0429bea11b66b7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
### autogenerated by service_conntrack-sync.py ###
# Synchronizer settings
Sync {
Mode FTFW {
DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
}
{% for iface, iface_config in interface.items() %}
{% if iface_config.peer is vyos_defined %}
UDP {
{% if listen_address is vyos_defined %}
{% for address in listen_address %}
IPv4_address {{ address }}
{% endfor %}
{% endif %}
IPv4_Destination_Address {{ iface_config.peer }}
Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
Interface {{ iface }}
SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
Checksum on
}
{% else %}
Multicast {
{% set ip_address = iface | get_ipv4 %}
IPv4_address {{ mcast_group }}
Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
IPv4_interface {{ ip_address[0] | ip_from_cidr }}
Interface {{ iface }}
SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
Checksum on
}
{% endif %}
{% endfor %}
{% if expect_sync is vyos_defined %}
Options {
{% if 'all' in expect_sync %}
ExpectationSync on
{% else %}
ExpectationSync {
{% for protocol in expect_sync %}
{{ protocol }}
{% endfor %}
}
{% endif %}
}
{% endif %}
}
Helper {
Type rpc inet tcp {
QueueNum 3
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type rpc inet udp {
QueueNum 4
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type tns inet tcp {
QueueNum 5
Policy tns {
ExpectMax 1
ExpectTimeout 300
}
}
}
# General settings
General {
HashSize {{ hash_size }}
HashLimit {{ table_size | int *2 }}
LogFile off
Syslog on
LockFile /var/lock/conntrack.lock
UNIX {
Path /var/run/conntrackd.ctl
}
NetlinkBufferSize {{ 2 *1024 *1024 }}
NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
NetlinkOverrunResync off
NetlinkEventsReliable on
{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
Filter From Userspace {
{% if ignore_address is vyos_defined %}
Address Ignore {
{% for address in ignore_address if address | is_ipv4 %}
IPv4_address {{ address }}
{% endfor %}
{% for address in ignore_address if address | is_ipv6 %}
IPv6_address {{ address }}
{% endfor %}
}
{% endif %}
{% if accept_protocol is vyos_defined %}
Protocol Accept {
{% for protocol in accept_protocol %}
{% if protocol == 'icmp6' %}
IPv6-ICMP
{% else %}
{{ protocol | upper }}
{% endif %}
{% endfor %}
}
{% endif %}
}
{% endif %}
}
|