connection
ip/firewall/connection
Type: Directory
| Flag | Name | Description |
|---|---|---|
| E | expected | expected |
| S | seen-reply | seen-reply |
| A | assured | assured |
| C | confirmed | confirmed |
| D | dying | dying |
| F | fasttrack | fasttrack |
| H | hw-offload | hw-offload |
| s | srcnat | srcnat |
| d | dstnat | dstnat |
| h | uses-helper | uses-helper |
| Read-only Argument | Type | Description |
|---|---|---|
| protocol | enum () | Connection protocol. |
| src-address | ipAddr | Source IP address of the connection. |
| src-port | num | Source port of the connection. |
| dst-address | ipAddr | Destination IP address of the connection. |
| dst-port | num | Destination port of the connection. |
| reply-src-address | ipAddr | Reply source IP address. |
| reply-src-port | num | Reply source port. |
| reply-dst-address | ipAddr | Reply destination IP address. |
| reply-dst-port | num | Reply destination port. |
| tcp-state | enum (none | syn-sent | syn-recv | established | fin-wait | close-wait | last-ack | time-wait | close | listen) | TCP connection state. |
| icmp-type | num | ICMP type. |
| icmp-code | num | ICMP code. |
| icmp-id | num | ICMP ID. |
| gre-protocol | num | GRE protocol. |
| gre-version | num | GRE version. |
| gre-key | num | GRE key. |
| connection-type | string | Connection type. |
| timeout | time | Connection timeout. |
| connection-mark | string | Connection mark. |
| orig-packets | num | Number of original direction packets. |
| orig-bytes | num | Number of original direction bytes. |
| orig-fasttrack-packets | num | Number of original direction fasttrack packets. |
| orig-fasttrack-bytes | num | Number of original direction fasttrack bytes. |
| repl-packets | num | Number of reply direction packets. |
| repl-bytes | num | Number of reply direction bytes. |
| repl-fasttrack-packets | num | Number of reply direction fasttrack packets. |
| repl-fasttrack-bytes | num | Number of reply direction fasttrack bytes. |
| orig-rate | num | Original direction rate. |
| repl-rate | num | Reply direction rate. |
ip/firewall/connection/tracking
Type: Settings Directory
| Argument | Type | Description |
|---|---|---|
| enabled | enum (auto | yes | no) | Whether connection tracking is enabled.
|
| tcp-syn-sent-timeout | time | TCP SYN sent timeout. |
| tcp-syn-received-timeout | time | TCP SYN received timeout. |
| tcp-established-timeout | time | TCP established timeout. |
| tcp-fin-wait-timeout | time | TCP FIN wait timeout. |
| tcp-close-wait-timeout | time | TCP close wait timeout. |
| tcp-last-ack-timeout | time | TCP last ACK timeout. |
| tcp-time-wait-timeout | time | TCP time wait timeout. |
| tcp-close-timeout | time | TCP close timeout. |
| tcp-max-retrans-timeout | time | TCP maximum retransmit timeout. |
| tcp-unacked-timeout | time | TCP unacknowledged timeout. |
| loose-tcp-tracking | bool | Whether loose TCP tracking is enabled. |
| liberal-tcp-tracking | bool | Whether liberal TCP tracking is enabled. |
| udp-timeout | time | UDP timeout. |
| udp-stream-timeout | time | UDP stream timeout. |
| icmp-timeout | time | ICMP timeout. |
| generic-timeout | time | Generic timeout. |
| Read-only Argument | Type | Description |
|---|---|---|
| active-ipv4 | bool | Whether IPv4 connection tracking is active. |
| active-ipv6 | bool | Whether IPv6 connection tracking is active. |
| max-entries | num | Maximum number of connection tracking entries. |
| total-entries | num | Total number of connection tracking entries. |
| total-ip4-entries | num | Total number of IPv4 connection tracking entries. |
| total-ip6-entries | num | Total number of IPv6 connection tracking entries. |