Jan Engelhardt
5a17ae02a9
- Fix 1.4.5 parser issues (bsc#1141480) - Add SLP conntrack helper (FATE#324143 bsc#1127886) - Add commented out example helper configuration - Drop deprecated and ignored conntrackd.conf options OBS-URL: https://build.opensuse.org/request/show/717787 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/conntrack-tools?expand=0&rev=69
139 lines
2.5 KiB
Plaintext
139 lines
2.5 KiB
Plaintext
# This is a set of SUSE-provided recommendations. To use it or make
|
|
# modifications to it, copy it to /etc/conntrackd/conntrackd.conf and adjust
|
|
# /etc/sysconfig/conntrackd.
|
|
|
|
General {
|
|
HashSize 32768
|
|
HashLimit 131072
|
|
# LogFile on
|
|
Syslog on
|
|
LockFile /var/run/lock/conntrackd.lock
|
|
|
|
UNIX {
|
|
Path /var/run/conntrackd.sock
|
|
}
|
|
|
|
# NetlinkBufferSize 2097152
|
|
# NetlinkBufferSizeMaxGrowth 8388608
|
|
SocketBufferSize 262142
|
|
SocketBufferSizeMaxGrown 655355
|
|
|
|
# Filter From Userspace {
|
|
# Address Ignore {
|
|
# IPv4_address 127.0.0.1 # loopback
|
|
# IPv6_address ::1 # loopback
|
|
# }
|
|
# }
|
|
|
|
# default SUSE systemd service unit file is of Type=notify
|
|
Systemd on
|
|
}
|
|
|
|
Stats {
|
|
LogFile on
|
|
}
|
|
|
|
#Helper {
|
|
# # Before this, you have to make sure you have registered the `ftp'
|
|
# # user-space helper stub via:
|
|
# #
|
|
# # nfct add helper ftp inet tcp
|
|
# #
|
|
# Type ftp inet tcp {
|
|
# #
|
|
# # Set NFQUEUE number you want to use to receive traffic from
|
|
# # the kernel.
|
|
# #
|
|
# QueueNum 0
|
|
#
|
|
# #
|
|
# # Maximum number of packets waiting in the queue to receive
|
|
# # a verdict from user-space. Default is 1024.
|
|
# #
|
|
# # Rise value if you hit the following error message:
|
|
# # "nf_queue: full at X entries, dropping packets(s)"
|
|
# #
|
|
# QueueLen 10240
|
|
#
|
|
# #
|
|
# # Set the Expectation policy for this helper. This section
|
|
# # is optional; if left unspecified, the defaults from the
|
|
# # ctd_helper struct will be used.
|
|
# #
|
|
# Policy ftp {
|
|
# #
|
|
# # Maximum number of simultaneous expectations
|
|
# #
|
|
# ExpectMax 1
|
|
# #
|
|
# # Maximum living time for one expectation (in seconds).
|
|
# #
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type rpc inet tcp {
|
|
# QueueNum 1
|
|
# QueueLen 10240
|
|
# Policy rpc {
|
|
# ExpectMax 1
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type rpc inet udp {
|
|
# QueueNum 2
|
|
# QueueLen 10240
|
|
# Policy rpc {
|
|
# ExpectMax 1
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type tns inet tcp {
|
|
# QueueNum 3
|
|
# QueueLen 10240
|
|
# Policy tns {
|
|
# ExpectMax 1
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type dhcpv6 inet6 udp {
|
|
# QueueNum 4
|
|
# QueueLen 10240
|
|
# Policy dhcpv6 {
|
|
# ExpectMax 1
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type ssdp inet udp {
|
|
# QueueNum 5
|
|
# QueueLen 10240
|
|
# Policy ssdp {
|
|
# ExpectMax 8
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type ssdp inet tcp {
|
|
# QueueNum 5
|
|
# QueueLen 10240
|
|
# Policy ssdp {
|
|
# ExpectMax 8
|
|
# ExpectTimeout 300
|
|
# }
|
|
# }
|
|
# Type mdns inet udp {
|
|
# QueueNum 6
|
|
# QueueLen 10240
|
|
# Policy mdns {
|
|
# ExpectMax 8
|
|
# ExpectTimeout 30
|
|
# }
|
|
# }
|
|
# Type slp inet udp {
|
|
# QueueNum 7
|
|
# QueueLen 10240
|
|
# Policy slp {
|
|
# ExpectMax 8
|
|
# ExpectTimeout 16
|
|
# }
|
|
# }
|
|
#}
|