]>
Commit | Line | Data |
---|---|---|
ef953be2 | 1 | #!/bin/bash |
15a5f44d MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
ef953be2 | 5 | # Copyright (C) 2013 IPFire Network Development Team # |
15a5f44d MT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
ef953be2 MT |
22 | # Accounting |
23 | ||
24 | function conntrack_get_accounting() { | |
25 | sysctl_get "net.netfilter.nf_conntrack_acct" | |
26 | } | |
27 | ||
28 | function conntrack_set_accounting() { | |
29 | local value="${1}" | |
30 | assert isset value | |
31 | ||
32 | # Convert boolean values into 0 and 1. | |
33 | if enabled value; then | |
34 | log INFO "Enabling connection tracking accounting" | |
35 | value="1" | |
36 | else | |
37 | log INFO "Disabling connection tracking accounting" | |
38 | value="0" | |
39 | fi | |
40 | ||
41 | sysctl_set "net.netfilter.nf_conntrack_acct" "${value}" | |
42 | } | |
43 | ||
44 | # Max. connections | |
45 | ||
46 | function conntrack_get_max_connections() { | |
47 | sysctl_get "net.netfilter.nf_conntrack_max" | |
48 | } | |
49 | ||
50 | function conntrack_set_max_connections() { | |
51 | local value="${1}" | |
52 | assert isinteger value | |
53 | ||
54 | log INFO "Conntrack: Setting max. amount of concurrent connections to ${value}" | |
55 | sysctl_set "net.netfilter.nf_conntrack_max" "${value}" | |
56 | } | |
57 | ||
58 | # UDP timeout | |
59 | ||
60 | function conntrack_get_udp_timeout() { | |
61 | sysctl_get "net.netfilter.nf_conntrack_udp_timeout" | |
62 | } | |
63 | ||
64 | function conntrack_set_udp_timeout() { | |
65 | local value="${1}" | |
66 | assert isinteger value | |
67 | ||
68 | log INFO "Conntrack: Setting UDP timeout to ${value}s" | |
69 | sysctl_set "net.netfilter.nf_conntrack_udp_timeout" "${value}" | |
70 | } |