summaryrefslogtreecommitdiff
path: root/data/templates/conntrackd/conntrackd.conf.j2
blob: 808a7775965320ce186bad0221e7fb7e2a60aaa9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# autogenerated by conntrack_sync.py

# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
    }
{% for iface, iface_config in interface.items() %}
{%     if iface_config.peer is vyos_defined %}
    UDP {
{%         if listen_address is vyos_defined %}
{%             for address in listen_address %}
        IPv4_address {{ address }}
{%             endfor %}
{%         endif %}
        IPv4_Destination_Address {{ iface_config.peer }}
        Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%     else %}
    Multicast {
{%         set ip_address = iface | get_ipv4 %}
        IPv4_address {{ mcast_group }}
        Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
        IPv4_interface {{ ip_address[0] | ip_from_cidr }}
        Interface {{ iface }}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{%     endif %}
{% endfor %}
{% if expect_sync is vyos_defined %}
    Options {
{%     if 'all' in expect_sync %}
        ExpectationSync on
{%     else %}
        ExpectationSync {
{%         for protocol in expect_sync %}
            {{ protocol }}
{%         endfor %}
        }
{%     endif %}
    }
{% endif %}
}
Helper {
    Type rpc inet tcp {
        QueueNum 3
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type rpc inet udp {
        QueueNum 4
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type tns inet tcp {
        QueueNum 5
        Policy tns {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
}

# General settings
General {
    HashSize {{ hash_size }}
    HashLimit {{ table_size | int *2 }}
    LogFile off
    Syslog on
    LockFile /var/lock/conntrack.lock
    UNIX {
        Path /var/run/conntrackd.ctl
    }
    NetlinkBufferSize {{ 2 *1024 *1024 }}
    NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
    NetlinkOverrunResync off
    NetlinkEventsReliable on
{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
    Filter From Userspace {
{%     if ignore_address is vyos_defined %}
        Address Ignore {
{%         for address in ignore_address if address | is_ipv4 %}
            IPv4_address {{ address }}
{%         endfor %}
{%         for address in ignore_address if address | is_ipv6 %}
            IPv6_address {{ address }}
{%         endfor %}
        }
{%     endif %}
{%     if accept_protocol is vyos_defined %}
        Protocol Accept {
{%         for protocol in accept_protocol %}
{%             if protocol == 'icmp6' %}
            IPv6-ICMP
{%             else %}
            {{ protocol | upper }}
{%             endif %}
{%         endfor %}
        }
{%     endif %}
    }
{% endif %}
}