[pve-devel] PVE Firewall and nf_conntrack
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Dec 2 09:27:48 CET 2014
Hi,
Am 02.12.2014 um 09:13 schrieb Stefan Priebe - Profihost AG:
> Hi,
>
> since starting to use pve firewall i had today the first time where VMs
> and Host starts heavily in dropping packets.
>
> I'm only using IP and MAC filters. Nothing else.
>
> The kernel host log is full of:
>
> [1620408.606201] net_ratelimit: 462 callbacks suppressed
> [1620408.606204] nf_conntrack: table full, dropping packet
>
> 1.) Where do we use nf_conntrack?
>
> 2.) Should PVE ship with a sysctl file raising the nf conntrack limits?
>
> On the host are only 19 VMs running.
>
> Greets,
> Stefan
additionally i'm seeing a VM (don#t have access to that one using a lot
of CPU via kernel process [vhost-13946])
Stefan
More information about the pve-devel
mailing list