iptables - conntrack and ip_conntrack_max

To: debian-user@lists.debian.org
Subject: iptables - conntrack and ip_conntrack_max
From: Sladjan Ri <sladjanri@gmail.com>
Date: Thu, 16 Aug 2012 00:09:49 +0200
Message-id: <[🔎] CAH_S8NhJx4xC_pe4rmcYBZ2p-6YSFpB0d_D_0z-cPcM2WdDr7g@mail.gmail.com>

Hi,

I am successfully loading the conntrack module with an option:
nf_conntrack hashsize=2097152

My problem is that I can't seem to define
'/proc/sys/net/ipv4/netfilter/ip_conntrack_max' or
'/proc/sys/net/netfilter/nf_conntrack_max'.

I tried adding a line to /etc/sysctl.d/local.conf:
net.ipv4.netfilter.ip_conntrack_max = 2097152 (or the other path)

I also tried adding a line to /etc/rc.local echo:
2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

Both won't work, instead ip_conntrack_max or nf_conntrack_max seem to
be determined by some formula using hashsize. In my case it is set to
16777216.

I still can set the value using either 'sysctl -p /etc/sysctl.d/local.conf' or
'echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' after I
login as root.

I would like to set this value automatically after a reboot though.
Any hints please? Thanks.


Regards,
Sladi

Reply to:

Follow-Ups:
- Re: iptables - conntrack and ip_conntrack_max
  - From: Tom H <tomh0665@gmail.com>

Prev by Date: Re: Logging ISP Download Speed.
Next by Date: Re: PowerPC install stuck at dmesg
Previous by thread: Re: Moving packets from one port to another
Next by thread: Re: iptables - conntrack and ip_conntrack_max
Index(es):
- Date
- Thread