You are not logged in.
I've read https://wiki.archlinux.org/index.php/sysctl and my
/etc/sysctl.d/99-sysctl.conf
has one line:
net.netfilter.nf_conntrack_max = 524288
However the entry is ignored by systemd at boot and reverts to the default 32000-something figure.
Running
sysctl --system
manually does load it, what am I missing here preventing loading this on boot?
Offline
If systemd-sysctl.service is run before the the nf_conntrack module is loaded net.netfilter.nf_conntrack_max = 524288 can not be applied as the key does not exist yet.
Offline
Thanks, how do I figure out if this is the case or work around it?
Offline
How is the nf_conntrack module loaded on the system?
Offline
It's likely loaded by the OS due to me using it in iptables, I have not 'enabled' its loading.
[root@sin ~]# iptables-save | grep conntrack
-A INPUT -p udp -m multiport --dports 22,123,500,4500 -m conntrack --ctstate NEW -j ACCEPT
[root@sin ~]# ls /etc/modprobe.d/
total 0
[root@sin ~]# ls /etc/modules-load.d/
total 0
[root@sin ~]# lsmod|grep conntrack
xt_conntrack 16384 9
nf_conntrack_ipv4 16384 7
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_conntrack_ipv6 16384 5
nf_defrag_ipv6 36864 1 nf_conntrack_ipv6
nf_conntrack 155648 8 nf_conntrack_ipv6,nf_conntrack_ipv4,ipt_MASQUERADE,nf_nat_ipv6,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
libcrc32c 16384 2 nf_conntrack,nf_nat
x_tables 45056 14 xt_multiport,iptable_mangle,ip_tables,iptable_filter,xt_tcpudp,xt_tcpmss,ipt_MASQUERADE,xt_limit,ip6table_mangle,ip6table_filter,xt_policy,xt_conntrack,ip6_tables,xt_TCPMSS
Offline
You'll have to explicitly load it via /etc/modules-load.d/
Online