6 # Set the nice value of the daemon. This value goes from -20
7 # (most favorable scheduling) to 19 (least favorable). Using a
8 # negative value reduces the chances to lose state-change events.
9 # Default is 0. See man nice(1) for more information.
14 # Select a different scheduler for the daemon, you can select between
15 # RR and FIFO and the process priority (minimum is 0, maximum is 99).
16 # See man sched_setscheduler(2) for more information. Using a RT
17 # scheduler reduces the chances to overrun the Netlink buffer.
25 # Number of buckets in the caches: hash table
30 # Maximum number of conntracks:
31 # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
36 # Logfile: on (/var/log/conntrackd.log), off, or a filename
39 LogFile /var/log/conntrackd.log
42 # Syslog: on, off or a facility name (daemon (default) or local0..7)
50 LockFile /var/lock/conntrack.lock
53 # Unix socket configuration
61 # Netlink socket buffer size
63 NetlinkBufferSize 262142
66 # Increase the socket buffer up to maximun if required
68 NetlinkBufferSizeMaxGrowth 655355
71 # By default, the daemon receives state updates following an
72 # event-driven model. You can modify this behaviour by switching to
73 # polling mode with the PollSecs clause. This clause tells conntrackd
74 # to dump the states in the kernel every N seconds. With regards to
75 # synchronization mode, the polling mode can only guarantee that
76 # long-lifetime states are recovered. The main advantage of this method
77 # is the reduction in the state replication at the cost of reducing the
78 # chances of recovering connections.
83 # Event filtering: This clause allows you to filter certain traffic,
84 # There are currently three filter-sets: Protocol, Address and
85 # State. The filter is attached to an action that can be: Accept or
86 # Ignore. Thus, you can define the event filtering policy of the
87 # filter-sets in positive or negative logic depending on your needs.
91 # Accept only certain protocols: You may want to log the
92 # state of flows depending on their layer 4 protocol.
103 # Ignore traffic for a certain set of IP's.
106 IPv4_address 127.0.0.1 # loopback
111 # Uncomment this line below if you want to filter by flow state.
112 # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED,
113 # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN.
116 # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP