Почетна Преглед Помоћ
Пријавите се
phreedom2600net
/
linux-libre
Прати 2
Волим 0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Дрво: 0d5005ec5c
Гране Ознаке
linux-libre
/
Documentation
/
networking
/
nf_conntrack-sysctl.txt

nf_conntrack-sysctl.txt 4.4 KB
Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. /proc/sys/net/netfilter/nf_conntrack_* Variables:
    2. 

  2. 

  3. nf_conntrack_acct - BOOLEAN
    4. 

  4. 	0 - disabled (default)
    5. 

  5. 	not 0 - enabled
    6. 

  6. 

  7. 	Enable connection tracking flow accounting. 64-bit byte and packet
    8. 

  8. 	counters per flow are added.
    9. 

  9. 

  10. nf_conntrack_buckets - INTEGER
    11. 

  11. 	Size of hash table. If not specified as parameter during module
    12. 

  12. 	loading, the default size is calculated by dividing total memory
    13. 

  13. 	by 16384 to determine the number of buckets but the hash table will
    14. 

  14. 	never have fewer than 32 and limited to 16384 buckets. For systems
    15. 

  15. 	with more than 4GB of memory it will be 65536 buckets.
    16. 

  16. 	This sysctl is only writeable in the initial net namespace.
    17. 

  17. 

  18. nf_conntrack_checksum - BOOLEAN
    19. 

  19. 	0 - disabled
    20. 

  20. 	not 0 - enabled (default)
    21. 

  21. 

  22. 	Verify checksum of incoming packets. Packets with bad checksums are
    23. 

  23. 	in INVALID state. If this is enabled, such packets will not be
    24. 

  24. 	considered for connection tracking.
    25. 

  25. 

  26. nf_conntrack_count - INTEGER (read-only)
    27. 

  27. 	Number of currently allocated flow entries.
    28. 

  28. 

  29. nf_conntrack_events - BOOLEAN
    30. 

  30. 	0 - disabled
    31. 

  31. 	not 0 - enabled (default)
    32. 

  32. 

  33. 	If this option is enabled, the connection tracking code will
    34. 

  34. 	provide userspace with connection tracking events via ctnetlink.
    35. 

  35. 

  36. nf_conntrack_expect_max - INTEGER
    37. 

  37. 	Maximum size of expectation table.  Default value is
    38. 

  38. 	nf_conntrack_buckets / 256. Minimum is 1.
    39. 

  39. 

  40. nf_conntrack_frag6_high_thresh - INTEGER
    41. 

  41. 	default 262144
    42. 

  42. 

  43. 	Maximum memory used to reassemble IPv6 fragments.  When
    44. 

  44. 	nf_conntrack_frag6_high_thresh bytes of memory is allocated for this
    45. 

  45. 	purpose, the fragment handler will toss packets until
    46. 

  46. 	nf_conntrack_frag6_low_thresh is reached.
    47. 

  47. 

  48. nf_conntrack_frag6_low_thresh - INTEGER
    49. 

  49. 	default 196608
    50. 

  50. 

  51. 	See nf_conntrack_frag6_low_thresh
    52. 

  52. 

  53. nf_conntrack_frag6_timeout - INTEGER (seconds)
    54. 

  54. 	default 60
    55. 

  55. 

  56. 	Time to keep an IPv6 fragment in memory.
    57. 

  57. 

  58. nf_conntrack_generic_timeout - INTEGER (seconds)
    59. 

  59. 	default 600
    60. 

  60. 

  61. 	Default for generic timeout.  This refers to layer 4 unknown/unsupported
    62. 

  62. 	protocols.
    63. 

  63. 

  64. nf_conntrack_helper - BOOLEAN
    65. 

  65. 	0 - disabled (default)
    66. 

  66. 	not 0 - enabled
    67. 

  67. 

  68. 	Enable automatic conntrack helper assignment.
    69. 

  69. 	If disabled it is required to set up iptables rules to assign
    70. 

  70. 	helpers to connections.  See the CT target description in the
    71. 

  71. 	iptables-extensions(8) man page for further information.
    72. 

  72. 

  73. nf_conntrack_icmp_timeout - INTEGER (seconds)
    74. 

  74. 	default 30
    75. 

  75. 

  76. 	Default for ICMP timeout.
    77. 

  77. 

  78. nf_conntrack_icmpv6_timeout - INTEGER (seconds)
    79. 

  79. 	default 30
    80. 

  80. 

  81. 	Default for ICMP6 timeout.
    82. 

  82. 

  83. nf_conntrack_log_invalid - INTEGER
    84. 

  84. 	0   - disable (default)
    85. 

  85. 	1   - log ICMP packets
    86. 

  86. 	6   - log TCP packets
    87. 

  87. 	17  - log UDP packets
    88. 

  88. 	33  - log DCCP packets
    89. 

  89. 	41  - log ICMPv6 packets
    90. 

  90. 	136 - log UDPLITE packets
    91. 

  91. 	255 - log packets of any protocol
    92. 

  92. 

  93. 	Log invalid packets of a type specified by value.
    94. 

  94. 

  95. nf_conntrack_max - INTEGER
    96. 

  96. 	Size of connection tracking table.  Default value is
    97. 

  97. 	nf_conntrack_buckets value * 4.
    98. 

  98. 

  99. nf_conntrack_tcp_be_liberal - BOOLEAN
    100. 

  100. 	0 - disabled (default)
    101. 

  101. 	not 0 - enabled
    102. 

  102. 

  103. 	Be conservative in what you do, be liberal in what you accept from others.
    104. 

  104. 	If it's non-zero, we mark only out of window RST segments as INVALID.
    105. 

  105. 

  106. nf_conntrack_tcp_loose - BOOLEAN
    107. 

  107. 	0 - disabled
    108. 

  108. 	not 0 - enabled (default)
    109. 

  109. 

  110. 	If it is set to zero, we disable picking up already established
    111. 

  111. 	connections.
    112. 

  112. 

  113. nf_conntrack_tcp_max_retrans - INTEGER
    114. 

  114. 	default 3
    115. 

  115. 

  116. 	Maximum number of packets that can be retransmitted without
    117. 

  117. 	received an (acceptable) ACK from the destination. If this number
    118. 

  118. 	is reached, a shorter timer will be started.
    119. 

  119. 

  120. nf_conntrack_tcp_timeout_close - INTEGER (seconds)
    121. 

  121. 	default 10
    122. 

  122. 

  123. nf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)
    124. 

  124. 	default 60
    125. 

  125. 

  126. nf_conntrack_tcp_timeout_established - INTEGER (seconds)
    127. 

  127. 	default 432000 (5 days)
    128. 

  128. 

  129. nf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)
    130. 

  130. 	default 120
    131. 

  131. 

  132. nf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)
    133. 

  133. 	default 30
    134. 

  134. 

  135. nf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)
    136. 

  136. 	default 300
    137. 

  137. 

  138. nf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)
    139. 

  139. 	default 60
    140. 

  140. 

  141. nf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)
    142. 

  142. 	default 120
    143. 

  143. 

  144. nf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)
    145. 

  145. 	default 120
    146. 

  146. 

  147. nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)
    148. 

  148. 	default 300
    149. 

  149. 

  150. nf_conntrack_timestamp - BOOLEAN
    151. 

  151. 	0 - disabled (default)
    152. 

  152. 	not 0 - enabled
    153. 

  153. 

  154. 	Enable connection tracking flow timestamping.
    155. 

  155. 

  156. nf_conntrack_udp_timeout - INTEGER (seconds)
    157. 

  157. 	default 30
    158. 

  158. 

  159. nf_conntrack_udp_timeout_stream2 - INTEGER (seconds)
    160. 

  160. 	default 180
    161. 

  161. 

  162. 	This extended timeout will be used in case there is an UDP stream
    163. 

  163. 	detected.
    164. 

  164.