]>
Commit | Line | Data |
---|---|---|
d0438e6a | 1 | # |
2 | # General settings | |
3 | # | |
4 | General { | |
5 | # | |
6 | # Number of buckets in the caches: hash table | |
7 | # | |
8 | HashSize 8192 | |
9 | ||
10 | # | |
11 | # Maximum number of conntracks: | |
12 | # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max | |
13 | # | |
14 | HashLimit 65535 | |
15 | ||
16 | # | |
17 | # Logfile | |
18 | # | |
19 | LogFile /var/log/conntrackd.log | |
20 | ||
21 | # | |
22 | # Lockfile | |
23 | # | |
24 | LockFile /var/lock/conntrack.lock | |
25 | ||
26 | # | |
27 | # Unix socket configuration | |
28 | # | |
29 | UNIX { | |
30 | Path /tmp/sync.sock | |
31 | Backlog 20 | |
32 | } | |
33 | ||
34 | # | |
35 | # Netlink socket buffer size | |
36 | # | |
37 | SocketBufferSize 262142 | |
38 | ||
39 | # | |
40 | # Increase the socket buffer up to maximun if required | |
41 | # | |
42 | SocketBufferSizeMaxGrown 655355 | |
43 | } | |
44 | ||
45 | # | |
46 | # Ignore traffic for a certain set of IP's: Usually | |
47 | # all the IP assigned to the firewall since local | |
48 | # traffic must be ignored, just forwarded connections | |
49 | # are worth to replicate | |
50 | # | |
51 | IgnoreTrafficFor { | |
52 | IPv4_address 127.0.0.1 # loopback | |
53 | } | |
54 | ||
55 | # | |
56 | # Do not replicate certain protocol traffic | |
57 | # | |
58 | IgnoreProtocol { | |
59 | UDP | |
60 | # ICMP | |
61 | # IGMP | |
62 | # VRRP | |
63 | # numeric numbers also valid | |
64 | } | |
65 | ||
66 | # | |
67 | # Strip NAT traffic | |
68 | # | |
69 | StripNAT |