* Stopping ip_conntrack_max from resetting @ 2008-03-24 14:09 Richard Andrews 2008-03-25 1:59 ` Jan Engelhardt 0 siblings, 1 reply; 3+ messages in thread From: Richard Andrews @ 2008-03-24 14:09 UTC (permalink / raw) To: netfilter@vger.kernel.org Hello, We have a system running iptables, of which due to the incoming traffic we've had to increase ip_conntrack_max via sysctl. However, when restarting the service during any maintenance the value we pass during sysctl.conf is reset to the default 65536. Which then we are forced to run "sysctl -p" to reload our custom value. Is there a way to stop the iptables service from rewriting ip_conntrack_max when issued a restart/reload? Richard Andrews ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Stopping ip_conntrack_max from resetting 2008-03-24 14:09 Stopping ip_conntrack_max from resetting Richard Andrews @ 2008-03-25 1:59 ` Jan Engelhardt 2008-03-25 19:33 ` Franck JONCOURT 0 siblings, 1 reply; 3+ messages in thread From: Jan Engelhardt @ 2008-03-25 1:59 UTC (permalink / raw) To: Richard Andrews; +Cc: netfilter@vger.kernel.org On Monday 2008-03-24 15:09, Richard Andrews wrote: > Hello, > > We have a system running iptables, of which due to the incoming > traffic we've had to increase ip_conntrack_max via sysctl. > However, when restarting the service during any maintenance the > value we pass during sysctl.conf is reset to the default 65536. > Which then we are forced to run "sysctl -p" to reload our custom > value. Is there a way to stop the iptables service from rewriting > ip_conntrack_max when issued a restart/reload? That seems to be a bug of your distribution, because on mine, sysctl.conf is read and applied on boot. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Stopping ip_conntrack_max from resetting 2008-03-25 1:59 ` Jan Engelhardt @ 2008-03-25 19:33 ` Franck JONCOURT 0 siblings, 0 replies; 3+ messages in thread From: Franck JONCOURT @ 2008-03-25 19:33 UTC (permalink / raw) To: netfilter On Tue, 25 Mar 2008 02:59:12 +0100 (CET), Jan Engelhardt <jengelh@computergmbh.de> wrote: > > On Monday 2008-03-24 15:09, Richard Andrews wrote: >> Hello, Hi, >> We have a system running iptables, of which due to the incoming >> traffic we've had to increase ip_conntrack_max via sysctl. >> However, when restarting the service during any maintenance the >> value we pass during sysctl.conf is reset to the default 65536. >> Which then we are forced to run "sysctl -p" to reload our custom >> value. Is there a way to stop the iptables service from rewriting >> ip_conntrack_max when issued a restart/reload? > > That seems to be a bug of your distribution, because on mine, > sysctl.conf is read and applied on boot. Running Debian Sid, I can get the same behaviour. This is not a bug, just a matter of boot sequence. If you load sysctl configuration before your module is loaded (should be nf_conntrack_ipv4, not quite sure), the entry net.ipv4.netfilter.ip_conntrack_max does not exist yet, so it is not possible to set it to its value. To get it work, I just added it to my module list, in order to load it at boot time before my sysctl configuration. --- Franck Joncourt http://www.debian.org/ - http://smhteam.info/wiki/ ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-03-25 19:33 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-03-24 14:09 Stopping ip_conntrack_max from resetting Richard Andrews 2008-03-25 1:59 ` Jan Engelhardt 2008-03-25 19:33 ` Franck JONCOURT
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox