€•§      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ2/translations/zh_CN/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ2/translations/zh_TW/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ2/translations/it_IT/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ2/translations/ja_JP/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ2/translations/ko_KR/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ2/translations/sp_SP/networking/nf_conntrack-sysctl”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒL/var/lib/git/docbuild/linux/Documentation/networking/nf_conntrack-sysctl.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ#Netfilter Conntrack Sysfs variables”h]”hŒ#Netfilter Conntrack Sysfs variables”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒ1/proc/sys/net/netfilter/nf_conntrack_* Variables:”h]”hŒ1/proc/sys/net/netfilter/nf_conntrack_* Variables:”…””}”(hhÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÉhžhhŸh³h KubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hŒ¨nf_conntrack_acct - BOOLEAN
- 0 - disabled (default)
- not 0 - enabled

Enable connection tracking flow accounting. 64-bit byte and packet
counters per flow are added.
”h]”(hŒterm”“”)”}”(hŒnf_conntrack_acct - BOOLEAN”h]”hŒnf_conntrack_acct - BOOLEAN”…””}”(hhçhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KhháubhŒ
definition”“”)”}”(hhh]”(hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ0 - disabled (default)”h]”hŒ	paragraph”“”)”}”(hj  h]”hŒ0 - disabled (default)”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhhüubj   )”}”(hŒnot 0 - enabled
”h]”j  )”}”(hŒnot 0 - enabled”h]”hŒnot 0 - enabled”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhhüubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1húhŸh³h Khh÷ubj  )”}”(hŒ_Enable connection tracking flow accounting. 64-bit byte and packet
counters per flow are added.”h]”hŒ_Enable connection tracking flow accounting. 64-bit byte and packet
counters per flow are added.”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khh÷ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhháubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KhhÜubhà)”}”(hX\  nf_conntrack_buckets - INTEGER
Size of hash table. If not specified as parameter during module
loading, the default size is calculated by dividing total memory
by 16384 to determine the number of buckets. The hash table will
never have fewer than 1024 and never more than 262144 buckets.
This sysctl is only writeable in the initial net namespace.
”h]”(hæ)”}”(hŒnf_conntrack_buckets - INTEGER”h]”hŒnf_conntrack_buckets - INTEGER”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KhjT  ubhö)”}”(hhh]”j  )”}”(hX<  Size of hash table. If not specified as parameter during module
loading, the default size is calculated by dividing total memory
by 16384 to determine the number of buckets. The hash table will
never have fewer than 1024 and never more than 262144 buckets.
This sysctl is only writeable in the initial net namespace.”h]”hX<  Size of hash table. If not specified as parameter during module
loading, the default size is calculated by dividing total memory
by 16384 to determine the number of buckets. The hash table will
never have fewer than 1024 and never more than 262144 buckets.
This sysctl is only writeable in the initial net namespace.”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khjf  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjT  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KhhÜhžhubhà)”}”(hŒónf_conntrack_checksum - BOOLEAN
- 0 - disabled
- not 0 - enabled (default)

Verify checksum of incoming packets. Packets with bad checksums are
in INVALID state. If this is enabled, such packets will not be
considered for connection tracking.
”h]”(hæ)”}”(hŒnf_conntrack_checksum - BOOLEAN”h]”hŒnf_conntrack_checksum - BOOLEAN”…””}”(hj‡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Khjƒ  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled”h]”j  )”}”(hj  h]”hŒ0 - disabled”…””}”(hjŸ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khj›  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj˜  ubj   )”}”(hŒnot 0 - enabled (default)
”h]”j  )”}”(hŒnot 0 - enabled (default)”h]”hŒnot 0 - enabled (default)”…””}”(hj¶  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj˜  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h Khj•  ubj  )”}”(hŒ¦Verify checksum of incoming packets. Packets with bad checksums are
in INVALID state. If this is enabled, such packets will not be
considered for connection tracking.”h]”hŒ¦Verify checksum of incoming packets. Packets with bad checksums are
in INVALID state. If this is enabled, such packets will not be
considered for connection tracking.”…””}”(hjÐ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khj•  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjƒ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KhhÜhžhubhà)”}”(hŒUnf_conntrack_count - INTEGER (read-only)
Number of currently allocated flow entries.
”h]”(hæ)”}”(hŒ(nf_conntrack_count - INTEGER (read-only)”h]”hŒ(nf_conntrack_count - INTEGER (read-only)”…””}”(hjî  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K!hjê  ubhö)”}”(hhh]”j  )”}”(hŒ+Number of currently allocated flow entries.”h]”hŒ+Number of currently allocated flow entries.”…””}”(hjÿ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K!hjü  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjê  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K!hhÜhžhubhà)”}”(hX,  nf_conntrack_events - BOOLEAN
- 0 - disabled
- 1 - enabled
- 2 - auto (default)

If this option is enabled, the connection tracking code will
provide userspace with connection tracking events via ctnetlink.
The default allocates the extension if a userspace program is
listening to ctnetlink events.
”h]”(hæ)”}”(hŒnf_conntrack_events - BOOLEAN”h]”hŒnf_conntrack_events - BOOLEAN”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K+hj  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled”h]”j  )”}”(hj3  h]”hŒ0 - disabled”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K$hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj.  ubj   )”}”(hŒ1 - enabled”h]”j  )”}”(hjJ  h]”hŒ1 - enabled”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K%hjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj.  ubj   )”}”(hŒ2 - auto (default)
”h]”j  )”}”(hŒ2 - auto (default)”h]”hŒ2 - auto (default)”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K&hj_  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj.  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h K$hj+  ubj  )”}”(hŒÚIf this option is enabled, the connection tracking code will
provide userspace with connection tracking events via ctnetlink.
The default allocates the extension if a userspace program is
listening to ctnetlink events.”h]”hŒÚIf this option is enabled, the connection tracking code will
provide userspace with connection tracking events via ctnetlink.
The default allocates the extension if a userspace program is
listening to ctnetlink events.”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K(hj+  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K+hhÜhžhubhà)”}”(hŒnf_conntrack_expect_max - INTEGER
Maximum size of expectation table.  Default value is
nf_conntrack_buckets / 256. Minimum is 1.
”h]”(hæ)”}”(hŒ!nf_conntrack_expect_max - INTEGER”h]”hŒ!nf_conntrack_expect_max - INTEGER”…””}”(hj›  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K/hj—  ubhö)”}”(hhh]”j  )”}”(hŒ^Maximum size of expectation table.  Default value is
nf_conntrack_buckets / 256. Minimum is 1.”h]”hŒ^Maximum size of expectation table.  Default value is
nf_conntrack_buckets / 256. Minimum is 1.”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K.hj©  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj—  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K/hhÜhžhubhà)”}”(hX  nf_conntrack_frag6_high_thresh - INTEGER
default 262144

Maximum memory used to reassemble IPv6 fragments.  When
nf_conntrack_frag6_high_thresh bytes of memory is allocated for this
purpose, the fragment handler will toss packets until
nf_conntrack_frag6_low_thresh is reached.
”h]”(hæ)”}”(hŒ(nf_conntrack_frag6_high_thresh - INTEGER”h]”hŒ(nf_conntrack_frag6_high_thresh - INTEGER”…””}”(hjÊ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K7hjÆ  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 262144”h]”hŒdefault 262144”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K2hjØ  ubj  )”}”(hŒÜMaximum memory used to reassemble IPv6 fragments.  When
nf_conntrack_frag6_high_thresh bytes of memory is allocated for this
purpose, the fragment handler will toss packets until
nf_conntrack_frag6_low_thresh is reached.”h]”hŒÜMaximum memory used to reassemble IPv6 fragments.  When
nf_conntrack_frag6_high_thresh bytes of memory is allocated for this
purpose, the fragment handler will toss packets until
nf_conntrack_frag6_low_thresh is reached.”…””}”(hjé  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K4hjØ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjÆ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K7hhÜhžhubhà)”}”(hŒZnf_conntrack_frag6_low_thresh - INTEGER
default 196608

See nf_conntrack_frag6_low_thresh
”h]”(hæ)”}”(hŒ'nf_conntrack_frag6_low_thresh - INTEGER”h]”hŒ'nf_conntrack_frag6_low_thresh - INTEGER”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K<hj  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 196608”h]”hŒdefault 196608”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K:hj  ubj  )”}”(hŒ!See nf_conntrack_frag6_low_thresh”h]”hŒ!See nf_conntrack_frag6_low_thresh”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K<hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K<hhÜhžhubhà)”}”(hŒdnf_conntrack_frag6_timeout - INTEGER (seconds)
default 60

Time to keep an IPv6 fragment in memory.
”h]”(hæ)”}”(hŒ.nf_conntrack_frag6_timeout - INTEGER (seconds)”h]”hŒ.nf_conntrack_frag6_timeout - INTEGER (seconds)”…””}”(hjD  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KAhj@  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 60”h]”hŒ
default 60”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K?hjR  ubj  )”}”(hŒ(Time to keep an IPv6 fragment in memory.”h]”hŒ(Time to keep an IPv6 fragment in memory.”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KAhjR  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj@  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KAhhÜhžhubhà)”}”(hŒ’nf_conntrack_generic_timeout - INTEGER (seconds)
default 600

Default for generic timeout.  This refers to layer 4 unknown/unsupported
protocols.
”h]”(hæ)”}”(hŒ0nf_conntrack_generic_timeout - INTEGER (seconds)”h]”hŒ0nf_conntrack_generic_timeout - INTEGER (seconds)”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KGhj}  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 600”h]”hŒdefault 600”…””}”(hj’  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KDhj  ubj  )”}”(hŒSDefault for generic timeout.  This refers to layer 4 unknown/unsupported
protocols.”h]”hŒSDefault for generic timeout.  This refers to layer 4 unknown/unsupported
protocols.”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KFhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj}  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KGhhÜhžhubhà)”}”(hŒTnf_conntrack_icmp_timeout - INTEGER (seconds)
default 30

Default for ICMP timeout.
”h]”(hæ)”}”(hŒ-nf_conntrack_icmp_timeout - INTEGER (seconds)”h]”hŒ-nf_conntrack_icmp_timeout - INTEGER (seconds)”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KLhjº  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KJhjÌ  ubj  )”}”(hŒDefault for ICMP timeout.”h]”hŒDefault for ICMP timeout.”…””}”(hjÝ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KLhjÌ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjº  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KLhhÜhžhubhà)”}”(hŒWnf_conntrack_icmpv6_timeout - INTEGER (seconds)
default 30

Default for ICMP6 timeout.
”h]”(hæ)”}”(hŒ/nf_conntrack_icmpv6_timeout - INTEGER (seconds)”h]”hŒ/nf_conntrack_icmpv6_timeout - INTEGER (seconds)”…””}”(hjû  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KQhj÷  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KOhj	  ubj  )”}”(hŒDefault for ICMP6 timeout.”h]”hŒDefault for ICMP6 timeout.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KQhj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj÷  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KQhhÜhžhubhà)”}”(hX  nf_conntrack_log_invalid - INTEGER
- 0   - disable (default)
- 1   - log ICMP packets
- 6   - log TCP packets
- 17  - log UDP packets
- 41  - log ICMPv6 packets
- 136 - log UDPLITE packets
- 255 - log packets of any protocol

Log invalid packets of a type specified by value.
”h]”(hæ)”}”(hŒ"nf_conntrack_log_invalid - INTEGER”h]”hŒ"nf_conntrack_log_invalid - INTEGER”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K\hj4  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0   - disable (default)”h]”j  )”}”(hjN  h]”hŒ0   - disable (default)”…””}”(hjP  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KThjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ1   - log ICMP packets”h]”j  )”}”(hje  h]”hŒ1   - log ICMP packets”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KUhjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ6   - log TCP packets”h]”j  )”}”(hj|  h]”hŒ6   - log TCP packets”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KVhjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ17  - log UDP packets”h]”j  )”}”(hj“  h]”hŒ17  - log UDP packets”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KWhj‘  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ41  - log ICMPv6 packets”h]”j  )”}”(hjª  h]”hŒ41  - log ICMPv6 packets”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KXhj¨  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ136 - log UDPLITE packets”h]”j  )”}”(hjÁ  h]”hŒ136 - log UDPLITE packets”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KYhj¿  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubj   )”}”(hŒ"255 - log packets of any protocol
”h]”j  )”}”(hŒ!255 - log packets of any protocol”h]”hŒ!255 - log packets of any protocol”…””}”(hjÚ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KZhjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h KThjF  ubj  )”}”(hŒ1Log invalid packets of a type specified by value.”h]”hŒ1Log invalid packets of a type specified by value.”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K\hjF  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj4  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K\hhÜhžhubhà)”}”(hX  nf_conntrack_max - INTEGER
Maximum number of allowed connection tracking entries. This value is set
to nf_conntrack_buckets by default.
Note that connection tracking entries are added to the table twice -- once
for the original direction and once for the reply direction (i.e., with
the reversed address). This means that with default settings a maxed-out
table will have a average hash chain length of 2, not 1.
”h]”(hæ)”}”(hŒnf_conntrack_max - INTEGER”h]”hŒnf_conntrack_max - INTEGER”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kdhj  ubhö)”}”(hhh]”j  )”}”(hX  Maximum number of allowed connection tracking entries. This value is set
to nf_conntrack_buckets by default.
Note that connection tracking entries are added to the table twice -- once
for the original direction and once for the reply direction (i.e., with
the reversed address). This means that with default settings a maxed-out
table will have a average hash chain length of 2, not 1.”h]”hX  Maximum number of allowed connection tracking entries. This value is set
to nf_conntrack_buckets by default.
Note that connection tracking entries are added to the table twice -- once
for the original direction and once for the reply direction (i.e., with
the reversed address). This means that with default settings a maxed-out
table will have a average hash chain length of 2, not 1.”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K_hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KdhhÜhžhubhà)”}”(hŒãnf_conntrack_tcp_be_liberal - BOOLEAN
- 0 - disabled (default)
- not 0 - enabled

Be conservative in what you do, be liberal in what you accept from others.
If it's non-zero, we mark only out of window RST segments as INVALID.
”h]”(hæ)”}”(hŒ%nf_conntrack_tcp_be_liberal - BOOLEAN”h]”hŒ%nf_conntrack_tcp_be_liberal - BOOLEAN”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kkhj=  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled (default)”h]”j  )”}”(hjW  h]”hŒ0 - disabled (default)”…””}”(hjY  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KghjU  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjR  ubj   )”}”(hŒnot 0 - enabled
”h]”j  )”}”(hŒnot 0 - enabled”h]”hŒnot 0 - enabled”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khhjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjR  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h KghjO  ubj  )”}”(hŒBe conservative in what you do, be liberal in what you accept from others.
If it's non-zero, we mark only out of window RST segments as INVALID.”h]”hŒ’Be conservative in what you do, be liberal in what you accept from others.
If itâ€™s non-zero, we mark only out of window RST segments as INVALID.”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KjhjO  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj=  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KkhhÜhžhubhà)”}”(hŒ–nf_conntrack_tcp_ignore_invalid_rst - BOOLEAN
- 0 - disabled (default)
- 1 - enabled

If it's 1, we don't mark out of window RST segments as INVALID.
”h]”(hæ)”}”(hŒ-nf_conntrack_tcp_ignore_invalid_rst - BOOLEAN”h]”hŒ-nf_conntrack_tcp_ignore_invalid_rst - BOOLEAN”…””}”(hj¨  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kqhj¤  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled (default)”h]”j  )”}”(hj¾  h]”hŒ0 - disabled (default)”…””}”(hjÀ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Knhj¼  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj¹  ubj   )”}”(hŒ1 - enabled
”h]”j  )”}”(hŒ1 - enabled”h]”hŒ1 - enabled”…””}”(hj×  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KohjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj¹  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h Knhj¶  ubj  )”}”(hŒ?If it's 1, we don't mark out of window RST segments as INVALID.”h]”hŒCIf itâ€™s 1, we donâ€™t mark out of window RST segments as INVALID.”…””}”(hjñ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kqhj¶  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj¤  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KqhhÜhžhubhà)”}”(hŒšnf_conntrack_tcp_loose - BOOLEAN
- 0 - disabled
- not 0 - enabled (default)

If it is set to zero, we disable picking up already established
connections.
”h]”(hæ)”}”(hŒ nf_conntrack_tcp_loose - BOOLEAN”h]”hŒ nf_conntrack_tcp_loose - BOOLEAN”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kxhj  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled”h]”j  )”}”(hj%  h]”hŒ0 - disabled”…””}”(hj'  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kthj#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj   ubj   )”}”(hŒnot 0 - enabled (default)
”h]”j  )”}”(hŒnot 0 - enabled (default)”h]”hŒnot 0 - enabled (default)”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kuhj:  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj   ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h Kthj  ubj  )”}”(hŒLIf it is set to zero, we disable picking up already established
connections.”h]”hŒLIf it is set to zero, we disable picking up already established
connections.”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kwhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KxhhÜhžhubhà)”}”(hŒÝnf_conntrack_tcp_max_retrans - INTEGER
default 3

Maximum number of packets that can be retransmitted without
received an (acceptable) ACK from the destination. If this number
is reached, a shorter timer will be started.
”h]”(hæ)”}”(hŒ&nf_conntrack_tcp_max_retrans - INTEGER”h]”hŒ&nf_conntrack_tcp_max_retrans - INTEGER”…””}”(hjv  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Khjr  ubhö)”}”(hhh]”(j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hj‡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K{hj„  ubj  )”}”(hŒªMaximum number of packets that can be retransmitted without
received an (acceptable) ACK from the destination. If this number
is reached, a shorter timer will be started.”h]”hŒªMaximum number of packets that can be retransmitted without
received an (acceptable) ACK from the destination. If this number
is reached, a shorter timer will be started.”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K}hj„  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjr  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KhhÜhžhubhà)”}”(hŒ>nf_conntrack_tcp_timeout_close - INTEGER (seconds)
default 10
”h]”(hæ)”}”(hŒ2nf_conntrack_tcp_timeout_close - INTEGER (seconds)”h]”hŒ2nf_conntrack_tcp_timeout_close - INTEGER (seconds)”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K‚hj¯  ubhö)”}”(hhh]”j  )”}”(hŒ
default 10”h]”hŒ
default 10”…””}”(hjÄ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K‚hjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj¯  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K‚hhÜhžhubhà)”}”(hŒCnf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)
default 60
”h]”(hæ)”}”(hŒ7nf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)”h]”hŒ7nf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K…hjÞ  ubhö)”}”(hhh]”j  )”}”(hŒ
default 60”h]”hŒ
default 60”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K…hjð  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjÞ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K…hhÜhžhubhà)”}”(hŒQnf_conntrack_tcp_timeout_established - INTEGER (seconds)
default 432000 (5 days)
”h]”(hæ)”}”(hŒ8nf_conntrack_tcp_timeout_established - INTEGER (seconds)”h]”hŒ8nf_conntrack_tcp_timeout_established - INTEGER (seconds)”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kˆhj  ubhö)”}”(hhh]”j  )”}”(hŒdefault 432000 (5 days)”h]”hŒdefault 432000 (5 days)”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kˆhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KˆhhÜhžhubhà)”}”(hŒBnf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)
default 120
”h]”(hæ)”}”(hŒ5nf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)”h]”hŒ5nf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K‹hj<  ubhö)”}”(hhh]”j  )”}”(hŒdefault 120”h]”hŒdefault 120”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K‹hjN  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj<  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K‹hhÜhžhubhà)”}”(hŒAnf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)
default 30
”h]”(hæ)”}”(hŒ5nf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)”h]”hŒ5nf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KŽhjk  ubhö)”}”(hhh]”j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hj€  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KŽhj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjk  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KŽhhÜhžhubhà)”}”(hŒEnf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)
default 300
”h]”(hæ)”}”(hŒ8nf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)”h]”hŒ8nf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K‘hjš  ubhö)”}”(hhh]”j  )”}”(hŒdefault 300”h]”hŒdefault 300”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K‘hj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjš  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K‘hhÜhžhubhà)”}”(hŒAnf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)
default 60
”h]”(hæ)”}”(hŒ5nf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)”h]”hŒ5nf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)”…””}”(hjÍ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K”hjÉ  ubhö)”}”(hhh]”j  )”}”(hŒ
default 60”h]”hŒ
default 60”…””}”(hjÞ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K”hjÛ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjÉ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K”hhÜhžhubhà)”}”(hŒBnf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)
default 120
”h]”(hæ)”}”(hŒ5nf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)”h]”hŒ5nf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)”…””}”(hjü  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K—hjø  ubhö)”}”(hhh]”j  )”}”(hŒdefault 120”h]”hŒdefault 120”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K—hj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjø  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K—hhÜhžhubhà)”}”(hŒCnf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)
default 120
”h]”(hæ)”}”(hŒ6nf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)”h]”hŒ6nf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kšhj'  ubhö)”}”(hhh]”j  )”}”(hŒdefault 120”h]”hŒdefault 120”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kšhj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj'  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KšhhÜhžhubhà)”}”(hŒHnf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)
default 300
”h]”(hæ)”}”(hŒ;nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)”h]”hŒ;nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)”…””}”(hjZ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KhjV  ubhö)”}”(hhh]”j  )”}”(hŒdefault 300”h]”hŒdefault 300”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Khjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjV  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KhhÜhžhubhà)”}”(hŒ{nf_conntrack_timestamp - BOOLEAN
- 0 - disabled (default)
- not 0 - enabled

Enable connection tracking flow timestamping.
”h]”(hæ)”}”(hŒ nf_conntrack_timestamp - BOOLEAN”h]”hŒ nf_conntrack_timestamp - BOOLEAN”…””}”(hj‰  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K£hj…  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled (default)”h]”j  )”}”(hjŸ  h]”hŒ0 - disabled (default)”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjš  ubj   )”}”(hŒnot 0 - enabled
”h]”j  )”}”(hŒnot 0 - enabled”h]”hŒnot 0 - enabled”…””}”(hj¸  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K¡hj´  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjš  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h K hj—  ubj  )”}”(hŒ-Enable connection tracking flow timestamping.”h]”hŒ-Enable connection tracking flow timestamping.”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K£hj—  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj…  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K£hhÜhžhubhà)”}”(hŒ@nf_conntrack_sctp_timeout_closed - INTEGER (seconds)
default 10
”h]”(hæ)”}”(hŒ4nf_conntrack_sctp_timeout_closed - INTEGER (seconds)”h]”hŒ4nf_conntrack_sctp_timeout_closed - INTEGER (seconds)”…””}”(hjð  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K¦hjì  ubhö)”}”(hhh]”j  )”}”(hŒ
default 10”h]”hŒ
default 10”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K¦hjþ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjì  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K¦hhÜhžhubhà)”}”(hŒDnf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)
default 3
”h]”(hæ)”}”(hŒ9nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)”h]”hŒ9nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K©hj	  ubhö)”}”(hhh]”j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hj0	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K©hj-	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K©hhÜhžhubhà)”}”(hŒFnf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)
default 3
”h]”(hæ)”}”(hŒ;nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)”h]”hŒ;nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)”…””}”(hjN	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K¬hjJ	  ubhö)”}”(hhh]”j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hj_	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K¬hj\	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjJ	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K¬hhÜhžhubhà)”}”(hŒ„nf_conntrack_sctp_timeout_established - INTEGER (seconds)
default 210

Default is set to (hb_interval * path_max_retrans + rto_max)
”h]”(hæ)”}”(hŒ9nf_conntrack_sctp_timeout_established - INTEGER (seconds)”h]”hŒ9nf_conntrack_sctp_timeout_established - INTEGER (seconds)”…””}”(hj}	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K±hjy	  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 210”h]”hŒdefault 210”…””}”(hjŽ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K¯hj‹	  ubj  )”}”(hŒ<Default is set to (hb_interval * path_max_retrans + rto_max)”h]”hŒ<Default is set to (hb_interval * path_max_retrans + rto_max)”…””}”(hjœ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K±hj‹	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjy	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K±hhÜhžhubhà)”}”(hŒFnf_conntrack_sctp_timeout_shutdown_sent - INTEGER (seconds)
default 3
”h]”(hæ)”}”(hŒ;nf_conntrack_sctp_timeout_shutdown_sent - INTEGER (seconds)”h]”hŒ;nf_conntrack_sctp_timeout_shutdown_sent - INTEGER (seconds)”…””}”(hjº	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K´hj¶	  ubhö)”}”(hhh]”j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hjË	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K´hjÈ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj¶	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K´hhÜhžhubhà)”}”(hŒFnf_conntrack_sctp_timeout_shutdown_recd - INTEGER (seconds)
default 3
”h]”(hæ)”}”(hŒ;nf_conntrack_sctp_timeout_shutdown_recd - INTEGER (seconds)”h]”hŒ;nf_conntrack_sctp_timeout_shutdown_recd - INTEGER (seconds)”…””}”(hjé	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h K·hjå	  ubhö)”}”(hhh]”j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hjú	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K·hj÷	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjå	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h K·hhÜhžhubhà)”}”(hŒJnf_conntrack_sctp_timeout_shutdown_ack_sent - INTEGER (seconds)
default 3
”h]”(hæ)”}”(hŒ?nf_conntrack_sctp_timeout_shutdown_ack_sent - INTEGER (seconds)”h]”hŒ?nf_conntrack_sctp_timeout_shutdown_ack_sent - INTEGER (seconds)”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kºhj
  ubhö)”}”(hhh]”j  )”}”(hŒ	default 3”h]”hŒ	default 3”…””}”(hj)
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kºhj&
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KºhhÜhžhubhà)”}”(hŒªnf_conntrack_sctp_timeout_heartbeat_sent - INTEGER (seconds)
default 30

This timeout is used to setup conntrack entry on secondary paths.
Default is set to hb_interval.
”h]”(hæ)”}”(hŒ<nf_conntrack_sctp_timeout_heartbeat_sent - INTEGER (seconds)”h]”hŒ<nf_conntrack_sctp_timeout_heartbeat_sent - INTEGER (seconds)”…””}”(hjG
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÀhjC
  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hjX
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K½hjU
  ubj  )”}”(hŒ`This timeout is used to setup conntrack entry on secondary paths.
Default is set to hb_interval.”h]”hŒ`This timeout is used to setup conntrack entry on secondary paths.
Default is set to hb_interval.”…””}”(hjf
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K¿hjU
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjC
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÀhhÜhžhubhà)”}”(hŒ8nf_conntrack_udp_timeout - INTEGER (seconds)
default 30
”h]”(hæ)”}”(hŒ,nf_conntrack_udp_timeout - INTEGER (seconds)”h]”hŒ,nf_conntrack_udp_timeout - INTEGER (seconds)”…””}”(hj„
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÃhj€
  ubhö)”}”(hhh]”j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hj•
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÃhj’
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj€
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÃhhÜhžhubhà)”}”(hŒnf_conntrack_udp_timeout_stream - INTEGER (seconds)
default 120

This extended timeout will be used in case there is an UDP stream
detected.
”h]”(hæ)”}”(hŒ3nf_conntrack_udp_timeout_stream - INTEGER (seconds)”h]”hŒ3nf_conntrack_udp_timeout_stream - INTEGER (seconds)”…””}”(hj³
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÉhj¯
  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 120”h]”hŒdefault 120”…””}”(hjÄ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÆhjÁ
  ubj  )”}”(hŒKThis extended timeout will be used in case there is an UDP stream
detected.”h]”hŒKThis extended timeout will be used in case there is an UDP stream
detected.”…””}”(hjÒ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÈhjÁ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj¯
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÉhhÜhžhubhà)”}”(hŒ8nf_conntrack_gre_timeout - INTEGER (seconds)
default 30
”h]”(hæ)”}”(hŒ,nf_conntrack_gre_timeout - INTEGER (seconds)”h]”hŒ,nf_conntrack_gre_timeout - INTEGER (seconds)”…””}”(hjð
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÌhjì
  ubhö)”}”(hhh]”j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÌhjþ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhjì
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÌhhÜhžhubhà)”}”(hŒnf_conntrack_gre_timeout_stream - INTEGER (seconds)
default 180

This extended timeout will be used in case there is an GRE stream
detected.
”h]”(hæ)”}”(hŒ3nf_conntrack_gre_timeout_stream - INTEGER (seconds)”h]”hŒ3nf_conntrack_gre_timeout_stream - INTEGER (seconds)”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÒhj  ubhö)”}”(hhh]”(j  )”}”(hŒdefault 180”h]”hŒdefault 180”…””}”(hj0  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÏhj-  ubj  )”}”(hŒKThis extended timeout will be used in case there is an GRE stream
detected.”h]”hŒKThis extended timeout will be used in case there is an GRE stream
detected.”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÑhj-  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÒhhÜhžhubhà)”}”(hŒÊnf_hooks_lwtunnel - BOOLEAN
- 0 - disabled (default)
- not 0 - enabled

If this option is enabled, the lightweight tunnel netfilter hooks are
enabled. This option cannot be disabled once it is enabled.
”h]”(hæ)”}”(hŒnf_hooks_lwtunnel - BOOLEAN”h]”hŒnf_hooks_lwtunnel - BOOLEAN”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h KÙhjX  ubhö)”}”(hhh]”(hû)”}”(hhh]”(j   )”}”(hŒ0 - disabled (default)”h]”j  )”}”(hjr  h]”hŒ0 - disabled (default)”…””}”(hjt  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÕhjp  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjm  ubj   )”}”(hŒnot 0 - enabled
”h]”j  )”}”(hŒnot 0 - enabled”h]”hŒnot 0 - enabled”…””}”(hj‹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÖhj‡  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjm  ubeh}”(h]”h ]”h"]”h$]”h&]”j8  j9  uh1húhŸh³h KÕhjj  ubj  )”}”(hŒIf this option is enabled, the lightweight tunnel netfilter hooks are
enabled. This option cannot be disabled once it is enabled.”h]”hŒIf this option is enabled, the lightweight tunnel netfilter hooks are
enabled. This option cannot be disabled once it is enabled.”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KØhjj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjX  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KÙhhÜhžhubhà)”}”(hŒânf_flowtable_tcp_timeout - INTEGER (seconds)
default 30

Control offload timeout for tcp connections.
TCP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.
”h]”(hæ)”}”(hŒ,nf_flowtable_tcp_timeout - INTEGER (seconds)”h]”hŒ,nf_flowtable_tcp_timeout - INTEGER (seconds)”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kàhj¿  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hjÔ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÜhjÑ  ubj  )”}”(hŒ¨Control offload timeout for tcp connections.
TCP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.”h]”hŒ¨Control offload timeout for tcp connections.
TCP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KÞhjÑ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhj¿  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KàhhÜhžhubhà)”}”(hŒánf_flowtable_udp_timeout - INTEGER (seconds)
default 30

Control offload timeout for udp connections.
UDP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.”h]”(hæ)”}”(hŒ,nf_flowtable_udp_timeout - INTEGER (seconds)”h]”hŒ,nf_flowtable_udp_timeout - INTEGER (seconds)”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1håhŸh³h Kæhjü  ubhö)”}”(hhh]”(j  )”}”(hŒ
default 30”h]”hŒ
default 30”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kãhj  ubj  )”}”(hŒ¨Control offload timeout for udp connections.
UDP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.”h]”hŒ¨Control offload timeout for udp connections.
UDP connections may be offloaded from nf conntrack to nf flow table.
Once aged, the connection is returned to nf conntrack.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kåhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hõhjü  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hßhŸh³h KæhhÜhžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhhÉhžhhŸh³h Nubeh}”(h]”Œ-proc-sys-net-netfilter-nf-conntrack-variables”ah ]”h"]”Œ1/proc/sys/net/netfilter/nf_conntrack_* variables:”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubeh}”(h]”Œ#netfilter-conntrack-sysfs-variables”ah ]”h"]”Œ#netfilter conntrack sysfs variables”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jr  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jL  jI  jD  jA  uŒ	nametypes”}”(jL  ‰jD  ‰uh}”(jI  h¶jA  hÉuŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.