diff options
| author | rebortg <github@ghlr.de> | 2024-07-18 21:53:35 +0200 |
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2024-07-18 21:53:35 +0200 |
| commit | d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba (patch) | |
| tree | 9faadb3a3958c24aca4302d3783173f61131425b /docs/configuration/system/conntrack.rst | |
| parent | 579c5cc953c8f5ac2a17218fd8d58b4a53bab7ca (diff) | |
| parent | 873a461bdf972ebd815baf50893700b0a2518213 (diff) | |
| download | vyos-documentation-d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba.tar.gz vyos-documentation-d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba.zip | |
Merge branch 'current' of github.com:vyos/vyos-documentation into current
Diffstat (limited to 'docs/configuration/system/conntrack.rst')
| -rw-r--r-- | docs/configuration/system/conntrack.rst | 39 |
1 files changed, 6 insertions, 33 deletions
diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 1401e02e..6d551575 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -64,39 +64,7 @@ Configure Contrack Timeouts ================= -VyOS supports setting timeouts for connections according to the -connection type. You can set timeout values for generic connections, for ICMP -connections, UDP connections, or for TCP connections in a number of different -states. - -.. cfgcmd:: set system conntrack timeout icmp <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout other <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp close <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp close-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp established <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp fin-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp last-ack <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp syn-recv <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp syn-sent <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp time-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout udp other <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout udp stream <1-21474836> - :defaultvalue: - - Set the timeout in seconds for a protocol or state. - -You can also define custom timeout values to apply to a specific subset of +You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector. @@ -177,6 +145,11 @@ create a rule defining the packet and flow selector. Conntrack ignore rules ====================== +.. note:: **Important note about conntrack ignore rules:** + Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in + ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in + the future the conntrack ignore rules will be removed. + Customized ignore rules, based on a packet and flow selector. .. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> |