You are not logged in.

#1 2018-02-17 22:59:45

Strykar
Member
Registered: 2018-02-17
Posts: 50

Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

I've read https://wiki.archlinux.org/index.php/sysctl and my

/etc/sysctl.d/99-sysctl.conf

has one line:

net.netfilter.nf_conntrack_max = 524288

However the entry is ignored by systemd at boot and reverts to the default 32000-something figure.
Running

sysctl --system

manually does load it, what am I missing here preventing loading this on boot?

Offline

#2 2018-02-17 23:18:35

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

If systemd-sysctl.service is run before the the nf_conntrack module is loaded net.netfilter.nf_conntrack_max = 524288 can  not be applied as the key does not exist yet.

Offline

#3 2018-02-18 00:04:09

Strykar
Member
Registered: 2018-02-17
Posts: 50

Re: Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

Thanks, how do I figure out if this is the case or work around it?

Offline

#4 2018-02-18 00:09:37

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

How is the nf_conntrack module loaded on the system?

Offline

#5 2018-02-18 02:04:43

Strykar
Member
Registered: 2018-02-17
Posts: 50

Re: Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

It's likely loaded by the OS due to me using it in iptables, I have not 'enabled' its loading.

[root@sin ~]# iptables-save | grep conntrack
-A INPUT -p udp -m multiport --dports 22,123,500,4500 -m conntrack --ctstate NEW -j ACCEPT

[root@sin ~]# ls /etc/modprobe.d/
total 0
[root@sin ~]# ls /etc/modules-load.d/
total 0

[root@sin ~]# lsmod|grep conntrack
xt_conntrack           16384  9
nf_conntrack_ipv4      16384  7
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_conntrack_ipv6      16384  5
nf_defrag_ipv6         36864  1 nf_conntrack_ipv6
nf_conntrack          155648  8 nf_conntrack_ipv6,nf_conntrack_ipv4,ipt_MASQUERADE,nf_nat_ipv6,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
libcrc32c              16384  2 nf_conntrack,nf_nat
x_tables               45056  14 xt_multiport,iptable_mangle,ip_tables,iptable_filter,xt_tcpudp,xt_tcpmss,ipt_MASQUERADE,xt_limit,ip6table_mangle,ip6table_filter,xt_policy,xt_conntrack,ip6_tables,xt_TCPMSS

Offline

#6 2018-02-18 07:59:15

seth
Member
Registered: 2012-09-03
Posts: 49,968

Re: Systemd appears to ignore /etc/sysctl.d/99-sysctl.conf

You'll have to explicitly load it via /etc/modules-load.d/

Online

Board footer

Powered by FluxBB