data/templates/conntrackd/conntrackd.conf.tmpl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

# autogenerated by conntrack_sync.py

# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }}
    }
{% for iface, iface_config in interface.items() %}
{%   if loop.first %}
{%     if iface_config.peer is defined and iface_config.peer is not none %}
    UDP {
{%       if listen_address is defined and listen_address is not none %}
        IPv4_address {{ listen_address }}
{%       endif %}
        IPv4_Destination_Address {{ iface_config.peer }}
        Port 3780
{%     else %}
{%       set ip_address = iface | get_ipv4 %}
    Multicast {
        IPv4_address {{ mcast_group }}
        Group 3780
        IPv4_interface {{ ip_address[0] | ip_from_cidr }}
{%     endif %}
        Interface {{ iface }}
{%   endif %}
{% endfor %}
        SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
        Checksum on
    }
{% if expect_sync is defined and expect_sync is not none %}
    Options {
{%   if 'all' in expect_sync %}
        ExpectationSync on
{%   else %}
        ExpectationSync {
{%     for protocol in expect_sync %}
            {{ protocol }}
{%     endfor %}
{%   endif %}
        }
    }
{% endif %}
}
Helper {
    Type rpc inet tcp {
        QueueNum 3
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type rpc inet udp {
        QueueNum 4
        Policy rpc {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
    Type tns inet tcp {
        QueueNum 5
        Policy tns {
            ExpectMax 1
            ExpectTimeout 300
        }
    }
}

# General settings
General {
    HashSize {{ hash_size }}
    HashLimit {{ table_size | int *2 }}
    LogFile off
    Syslog on
    LockFile /var/lock/conntrack.lock
    UNIX {
        Path /run/conntrackd/conntrackd.ctl
    }
    NetlinkBufferSize {{ 2 *1024 *1024 }}
    NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
    NetlinkOverrunResync off
    NetlinkEventsReliable on
{% if ignore_address is defined or accept_protocol is defined %}
    Filter From Userspace {
{%   if ignore_address is defined and ignore_address is not none %}
        Address Ignore {
{%     for address in ignore_address if address | is_ipv4 %}
            IPv4_address {{ address }}
{%     endfor %}
{%     for address in ignore_address if address | is_ipv6 %}
            IPv6_address {{ address }}
{%     endfor %}
        }
{%   endif %}
{%   if accept_protocol is defined and accept_protocol is not none %}
        Protocol Accept {
{%     for protocol in accept_protocol %}
{%       if protocol == 'icmp6' %}
            IPv6-ICMP
{%       else %}
            {{ protocol | upper }}
{%       endif %}
{%     endfor %}
        }
{%   endif %}
    }
{% endif %}
}