SOURCES: conntrack-tools.conf (NEW), conntrack-tools.init (NEW), c...

Sun Jun 17 20:48:42 CEST 2007

Author: areq                         Date: Sun Jun 17 18:48:42 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- init script + configuration

---- Files affected:
SOURCES:
   conntrack-tools.conf (NONE -> 1.1)  (NEW), conntrack-tools.init (NONE -> 1.1)  (NEW), conntrack-tools.sysconfig (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/conntrack-tools.conf
diff -u /dev/null SOURCES/conntrack-tools.conf:1.1

--- /dev/null	Sun Jun 17 20:48:42 2007
+++ SOURCES/conntrack-tools.conf	Sun Jun 17 20:48:37 2007
@@ -0,0 +1,69 @@
+#
+# General settings
+#
+General {
+	#
+	# Number of buckets in the caches: hash table
+	#
+	HashSize 8192
+
+	#
+	# Maximum number of conntracks: 
+	# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+	#
+	HashLimit 65535
+
+	#
+	# Logfile
+	#
+	LogFile /var/log/conntrackd.log
+
+	#
+	# Lockfile
+	# 
+	LockFile /var/lock/conntrack.lock
+
+	#
+	# Unix socket configuration
+	#
+	UNIX {
+		Path /tmp/sync.sock
+		Backlog 20
+	}
+
+	#
+	# Netlink socket buffer size
+	#
+	SocketBufferSize 262142
+
+	#
+	# Increase the socket buffer up to maximun if required
+	#
+	SocketBufferSizeMaxGrown 655355
+}
+
+#
+# Ignore traffic for a certain set of IP's: Usually
+# all the IP assigned to the firewall since local
+# traffic must be ignored, just forwarded connections
+# are worth to replicate
+#
+IgnoreTrafficFor {
+	IPv4_address 127.0.0.1 # loopback
+}
+
+#
+# Do not replicate certain protocol traffic 
+#
+IgnoreProtocol {
+	UDP
+#	ICMP
+#	IGMP
+#	VRRP
+	# numeric numbers also valid
+}
+
+#
+# Strip NAT traffic
+#
+StripNAT

================================================================
Index: SOURCES/conntrack-tools.init
diff -u /dev/null SOURCES/conntrack-tools.init:1.1
--- /dev/null	Sun Jun 17 20:48:42 2007
+++ SOURCES/conntrack-tools.init	Sun Jun 17 20:48:37 2007
@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# conntrackd	The userspace connection tracking table administration program
+#
+# chkconfig:	345 11 89
+#
+# description:	The userspace connection tracking table administration program
+#
+# $Id$
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+[ -f /etc/sysconfig/conntrackd ] && . /etc/sysconfig/conntrackd
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+		msg_network_down conntrackd
+		exit 1
+	fi
+else
+	exit 0
+fi
+
+start() {
+	# Check if the service is already running?
+	if [ ! -f /var/lock/subsys/conntrackd ]; then
+		msg_starting conntrackd
+		daemon conntrackd $CONNTRACKD_OPTS
+		RETVAL=$?
+		[ $RETVAL -eq 0 ] && touch /var/lock/subsys/conntrackd
+	else
+		msg_already_running conntrackd
+	fi
+}
+
+stop() {
+	if [ -f /var/lock/subsys/conntrackd ]; then
+		# Stop daemons.
+		msg_stopping conntrackd
+		killproc conntrackd
+		rm -f /var/lock/subsys/conntrackd
+	else
+		msg_not_running conntrackd
+	fi
+}
+
+reload() {
+	if [ -f /var/lock/subsys/conntrackd ]; then
+		msg_reloading conntrackd
+		killproc conntrackd -HUP
+		RETVAL=$?
+	else
+		msg_not_running conntrackd
+		RETVAL=7
+	fi
+}
+
+RETVAL=0
+case "$1" in
+  start)
+  	start
+	;;
+  stop)
+  	stop
+	;;
+  restart)
+	stop
+	start
+	;;
+  reload)
+  	reload
+	;;
+  force-reload)
+	reload
+	;;
+  status)
+	status conntrackd
+	RETVAL=$?
+	;;
+  *)
+	msg_usage "$0 {start|stop|restart|reload|force-reload|status}"
+	exit 3
+esac
+
+exit $RETVAL

================================================================
Index: SOURCES/conntrack-tools.sysconfig
diff -u /dev/null SOURCES/conntrack-tools.sysconfig:1.1
--- /dev/null	Sun Jun 17 20:48:42 2007
+++ SOURCES/conntrack-tools.sysconfig	Sun Jun 17 20:48:37 2007
@@ -0,0 +1,6 @@
+# Config file for conntrack-tools startup
+
+CONNTRACKD_OPTS="-S -d"
+
+# This must be last line !
+# vi:syntax=sh
================================================================
