diff options
| author | kumvijaya <kumvijaya@gmail.com> | 2024-05-21 16:41:14 +0530 |
|---|---|---|
| committer | kumvijaya <kumvijaya@gmail.com> | 2024-05-21 16:41:14 +0530 |
| commit | cc86483fdf7a6bd988f485c06402fd07368dd26e (patch) | |
| tree | 9d892a9715106cc67bf1e57b15b999aa7e564057 /data/templates/conntrackd/conntrackd.conf.j2 | |
| parent | 704ca2322d0bebcb923f5136f0f69fb23651a484 (diff) | |
| download | vyos-workflow-test-temp-cc86483fdf7a6bd988f485c06402fd07368dd26e.tar.gz vyos-workflow-test-temp-cc86483fdf7a6bd988f485c06402fd07368dd26e.zip | |
T6357: create test repository to validate setup
Diffstat (limited to 'data/templates/conntrackd/conntrackd.conf.j2')
| -rw-r--r-- | data/templates/conntrackd/conntrackd.conf.j2 | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/data/templates/conntrackd/conntrackd.conf.j2 b/data/templates/conntrackd/conntrackd.conf.j2 new file mode 100644 index 0000000..30e619d --- /dev/null +++ b/data/templates/conntrackd/conntrackd.conf.j2 @@ -0,0 +1,114 @@ +### autogenerated by service_conntrack-sync.py ### + +# Synchronizer settings +Sync { + Mode FTFW { + DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }} + StartupResync {{ 'on' if startup_resync is vyos_defined else 'off' }} + } +{% for iface, iface_config in interface.items() %} +{% if iface_config.peer is vyos_defined %} + UDP { +{% if listen_address is vyos_defined %} +{% for address in listen_address %} + IPv4_address {{ address }} +{% endfor %} +{% endif %} + IPv4_Destination_Address {{ iface_config.peer }} + Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }} + Interface {{ iface }} + SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + Checksum on + } +{% else %} + Multicast { +{% set ip_address = iface | get_ipv4 %} + IPv4_address {{ mcast_group }} + Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }} + IPv4_interface {{ ip_address[0] | ip_from_cidr }} + Interface {{ iface }} + SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + Checksum on + } +{% endif %} +{% endfor %} +{% if expect_sync is vyos_defined %} + Options { +{% if 'all' in expect_sync %} + ExpectationSync on +{% else %} + ExpectationSync { +{% for protocol in expect_sync %} + {{ protocol }} +{% endfor %} + } +{% endif %} + } +{% endif %} +} +Helper { + Type rpc inet tcp { + QueueNum 3 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type rpc inet udp { + QueueNum 4 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type tns inet tcp { + QueueNum 5 + Policy tns { + ExpectMax 1 + ExpectTimeout 300 + } + } +} + +# General settings +General { + HashSize {{ hash_size }} + HashLimit {{ table_size | int *2 }} + LogFile off + Syslog {{ 'off' if disable_syslog is vyos_defined else 'on' }} + LockFile /var/lock/conntrack.lock + UNIX { + Path /var/run/conntrackd.ctl + } + NetlinkBufferSize {{ 2 *1024 *1024 }} + NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }} + NetlinkOverrunResync off + NetlinkEventsReliable on +{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %} + Filter From Userspace { +{% if ignore_address is vyos_defined %} + Address Ignore { +{% for address in ignore_address if address | is_ipv4 %} + IPv4_address {{ address }} +{% endfor %} +{% for address in ignore_address if address | is_ipv6 %} + IPv6_address {{ address }} +{% endfor %} + } +{% endif %} +{% if accept_protocol is vyos_defined %} + Protocol Accept { +{% for protocol in accept_protocol %} +{% if protocol == 'icmp6' %} + IPv6-ICMP +{% else %} + {{ protocol | upper }} +{% endif %} +{% endfor %} + } +{% endif %} + } +{% endif %} +} |