[pve-devel] PVE Firewall and nf_conntrack

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Tue Dec 2 09:13:42 CET 2014


Hi,

since starting to use pve firewall i had today the first time where VMs
and Host starts heavily in dropping packets.

I'm only using IP and MAC filters. Nothing else.

The kernel host log is full of:

[1620408.606201] net_ratelimit: 462 callbacks suppressed
[1620408.606204] nf_conntrack: table full, dropping packet

1.) Where do we use nf_conntrack?

2.) Should PVE ship with a sysctl file raising the nf conntrack limits?

On the host are only 19 VMs running.

Greets,
Stefan



More information about the pve-devel mailing list