| # |
| # Helper settings |
| # |
| |
| Helper { |
| # Before this, you have to make sure you have registered the `ftp' |
| # user-space helper stub via: |
| # |
| # nfct add helper ftp inet tcp |
| # |
| Type ftp inet tcp { |
| # |
| # Set NFQUEUE number you want to use to receive traffic from |
| # the kernel. |
| # |
| QueueNum 0 |
| |
| # |
| # Maximum number of packets waiting in the queue to receive |
| # a verdict from user-space. Default is 1024. |
| # |
| # Rise value if you hit the following error message: |
| # "nf_queue: full at X entries, dropping packets(s)" |
| # |
| QueueLen 10240 |
| |
| # |
| # Set the Expectation policy for this helper. This section |
| # is optional; if left unspecified, the defaults from the |
| # ctd_helper struct will be used. |
| # |
| Policy ftp { |
| # |
| # Maximum number of simultaneous expectations |
| # |
| ExpectMax 1 |
| # |
| # Maximum living time for one expectation (in seconds). |
| # |
| ExpectTimeout 300 |
| } |
| } |
| Type rpc inet tcp { |
| QueueNum 1 |
| QueueLen 10240 |
| Policy rpc { |
| ExpectMax 1 |
| ExpectTimeout 300 |
| } |
| } |
| Type rpc inet udp { |
| QueueNum 2 |
| QueueLen 10240 |
| Policy rpc { |
| ExpectMax 1 |
| ExpectTimeout 300 |
| } |
| } |
| Type tns inet tcp { |
| QueueNum 3 |
| QueueLen 10240 |
| Policy tns { |
| ExpectMax 1 |
| ExpectTimeout 300 |
| } |
| } |
| Type dhcpv6 inet6 udp { |
| QueueNum 4 |
| QueueLen 10240 |
| Policy dhcpv6 { |
| ExpectMax 1 |
| ExpectTimeout 300 |
| } |
| } |
| Type mdns inet udp { |
| QueueNum 6 |
| QueueLen 10240 |
| Policy mdns { |
| ExpectMax 8 |
| ExpectTimeout 30 |
| } |
| } |
| Type ssdp inet udp { |
| QueueNum 5 |
| QueueLen 10240 |
| Policy ssdp { |
| ExpectMax 8 |
| ExpectTimeout 300 |
| } |
| } |
| Type ssdp inet tcp { |
| QueueNum 5 |
| QueueLen 10240 |
| Policy ssdp { |
| ExpectMax 8 |
| ExpectTimeout 300 |
| } |
| } |
| } |
| |
| # |
| # General settings |
| # |
| General { |
| # |
| # Set the nice value of the daemon, this value goes from -20 |
| # (most favorable scheduling) to 19 (least favorable). Using a |
| # very low value reduces the chances to lose state-change events. |
| # Default is 0 but this example file sets it to most favourable |
| # scheduling as this is generally a good idea. See man nice(1) for |
| # more information. |
| # |
| Nice -20 |
| |
| # |
| # Select a different scheduler for the daemon, you can select between |
| # RR and FIFO and the process priority (minimum is 0, maximum is 99). |
| # See man sched_setscheduler(2) for more information. Using a RT |
| # scheduler reduces the chances to overrun the Netlink buffer. |
| # |
| # Scheduler { |
| # Type FIFO |
| # Priority 99 |
| # } |
| |
| # |
| # Logfile: on (/var/log/conntrackd.log), off, or a filename |
| # Default: off |
| # |
| LogFile on |
| |
| # |
| # Syslog: on, off or a facility name (daemon (default) or local0..7) |
| # Default: off |
| # |
| #Syslog on |
| |
| # |
| # Lockfile |
| # |
| LockFile /var/lock/conntrack.lock |
| |
| # |
| # Unix socket configuration |
| # |
| UNIX { |
| Path /var/run/conntrackd.ctl |
| Backlog 20 |
| } |
| } |