[pve-devel] [PATCH pve-firewall] add nf_conntrack_tcp_be_liberal option
Alexandre DERUMIER
aderumier at odiso.com
Thu Feb 21 18:01:54 CET 2019
>>What if you add nf_conntrack to /etc/modules-load.d?
I had tried but it didn't work,
but after some new tests, it seem to work with this 3 modules:
nf_conntrack
nf_conntrack_ipv4
nf_conntrack_ipv6
:)
----- Mail original -----
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 21 Février 2019 09:13:36
Objet: Re: [pve-devel] [PATCH pve-firewall] add nf_conntrack_tcp_be_liberal option
On Wed, Feb 20, 2019 at 11:05:50AM +0100, Alexandre Derumier wrote:
> Allow to not flag as invalid, out of windows packets.
>
> Can't persist in sysctl at boot, because if need to be set
> after conntrack loading.
What if you add nf_conntrack to /etc/modules-load.d?
systemd-sysctl.service contains `After=systemd-modules-load.service`
More information about the pve-devel
mailing list