--- /dev/null
+#
+# General settings
+#
+General {
+ #
+ # Number of buckets in the caches: hash table
+ #
+ HashSize 8192
+
+ #
+ # Maximum number of conntracks:
+ # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+ #
+ HashLimit 65535
+
+ #
+ # Logfile
+ #
+ LogFile /var/log/conntrackd.log
+
+ #
+ # Lockfile
+ #
+ LockFile /var/lock/conntrack.lock
+
+ #
+ # Unix socket configuration
+ #
+ UNIX {
+ Path /tmp/sync.sock
+ Backlog 20
+ }
+
+ #
+ # Netlink socket buffer size
+ #
+ SocketBufferSize 262142
+
+ #
+ # Increase the socket buffer up to maximun if required
+ #
+ SocketBufferSizeMaxGrown 655355
+}
+
+#
+# Ignore traffic for a certain set of IP's: Usually
+# all the IP assigned to the firewall since local
+# traffic must be ignored, just forwarded connections
+# are worth to replicate
+#
+IgnoreTrafficFor {
+ IPv4_address 127.0.0.1 # loopback
+}
+
+#
+# Do not replicate certain protocol traffic
+#
+IgnoreProtocol {
+ UDP
+# ICMP
+# IGMP
+# VRRP
+ # numeric numbers also valid
+}
+
+#
+# Strip NAT traffic
+#
+StripNAT
--- /dev/null
+#!/bin/sh
+#
+# conntrackd The userspace connection tracking table administration program
+#
+# chkconfig: 345 11 89
+#
+# description: The userspace connection tracking table administration program
+#
+# $Id$
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+[ -f /etc/sysconfig/conntrackd ] && . /etc/sysconfig/conntrackd
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+ if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+ msg_network_down conntrackd
+ exit 1
+ fi
+else
+ exit 0
+fi
+
+start() {
+ # Check if the service is already running?
+ if [ ! -f /var/lock/subsys/conntrackd ]; then
+ msg_starting conntrackd
+ daemon conntrackd $CONNTRACKD_OPTS
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/conntrackd
+ else
+ msg_already_running conntrackd
+ fi
+}
+
+stop() {
+ if [ -f /var/lock/subsys/conntrackd ]; then
+ # Stop daemons.
+ msg_stopping conntrackd
+ killproc conntrackd
+ rm -f /var/lock/subsys/conntrackd
+ else
+ msg_not_running conntrackd
+ fi
+}
+
+reload() {
+ if [ -f /var/lock/subsys/conntrackd ]; then
+ msg_reloading conntrackd
+ killproc conntrackd -HUP
+ RETVAL=$?
+ else
+ msg_not_running conntrackd
+ RETVAL=7
+ fi
+}
+
+RETVAL=0
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ reload
+ ;;
+ force-reload)
+ reload
+ ;;
+ status)
+ status conntrackd
+ RETVAL=$?
+ ;;
+ *)
+ msg_usage "$0 {start|stop|restart|reload|force-reload|status}"
+ exit 3
+esac
+
+exit $RETVAL
Group: Applications/Networking
Source0: http://www.netfilter.org/projects/conntrack-tools/files/%{name}-%{version}.tar.bz2
# Source0-md5: b8a0297c538bd1fb708b2c9ed3f31676
-#Source1: %{name}.init
-#Source2: %{name}.sysconfig
-#Source3: %{name}.conf
+Source1: %{name}.init
+Source2: %{name}.sysconfig
+Source3: %{name}.conf
URL: http://people.netfilter.org/pablo/conntrack-tools/
BuildRequires: autoconf
BuildRequires: automake
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-#install -D %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-#install -D %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
-#install -D %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/
+install -D %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/conntrackd
+install -D %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/conntrackd
+install -D %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/conntrackd/conntrackd.conf
%clean
rm -rf $RPM_BUILD_ROOT
%post
-#/sbin/chkconfig --add %{name}
-#%service %{name} restart
+/sbin/chkconfig --add conntrackd
+%service conntrackd restart
%preun
-#if [ "$1" = "0" ]; then
-# %service -q %{name} stop
-# /sbin/chkconfig --del %{name}
-#fi
+if [ "$1" = "0" ]; then
+ %service -q conntrackd stop
+ /sbin/chkconfig --del conntrackd
+fi
%files
%defattr(644,root,root,755)
%doc AUTHORS ChangeLog TODO examples
%attr(755,root,root) %{_sbindir}/*
+%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/ct_proto*.so
%{_mandir}/man8/*
-#%attr(754,root,root) /etc/rc.d/init.d/%{name}
-#%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/
-#%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
+%attr(754,root,root) /etc/rc.d/init.d/conntrackd
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conntrackd/conntrackd.conf
+%dir %{_sysconfdir}/conntrackd
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/conntrackd
--- /dev/null
+# Config file for conntrack-tools startup
+
+CONNTRACKD_OPTS="-S -d"
+
+# This must be last line !
+# vi:syntax=sh