[pve-devel] PVE Firewall and nf_conntrack
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Dec 2 09:51:07 CET 2014
Am 02.12.2014 um 09:31 schrieb Dietmar Maurer:
>> The kernel host log is full of:
>>
>> [1620408.606201] net_ratelimit: 462 callbacks suppressed [1620408.606204]
>> nf_conntrack: table full, dropping packet
>>
>> 1.) Where do we use nf_conntrack?
>
> everywhere
>
>> 2.) Should PVE ship with a sysctl file raising the nf conntrack limits?
>
> You can adjust the value the the GUI (Host firewall option nf_conntrack_max)
Thanks, where does PVE set that value?
I've a custom /etc/sysctl.d/ conf file which sets the value to 6.5
Million but pve seems to reset the value on boot to 65536.
Stefan
More information about the pve-devel
mailing list