[pve-devel] PVE Firewall and nf_conntrack
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Dec 2 09:13:42 CET 2014
Hi,
since starting to use pve firewall i had today the first time where VMs
and Host starts heavily in dropping packets.
I'm only using IP and MAC filters. Nothing else.
The kernel host log is full of:
[1620408.606201] net_ratelimit: 462 callbacks suppressed
[1620408.606204] nf_conntrack: table full, dropping packet
1.) Where do we use nf_conntrack?
2.) Should PVE ship with a sysctl file raising the nf conntrack limits?
On the host are only 19 VMs running.
Greets,
Stefan
More information about the pve-devel
mailing list