[pve-devel] applied: [PATCH firewall] increase default nf_conntrack_max to kernel default

wb webmaster at jbsky.fr
Thu Jul 8 09:36:19 CEST 2021

Hello Thomas,

Currently with Proxmox, I have a Kubernetes node running on LXC. However, I have encountered an issue on the Container Network Interface (CNI) side and in order for it to work, the parameter /proc/sys/net/netfilter/nf_conntrack_max must be raised.

You know that the container settings are managed by the hypervisor. However, something prevents to go above 262144. By searching a bit in your code, I found the limitation in Firewall.pm. I raised this value and the CNI works again.

The last change was in this commit that you made.

Is it possible to take into consideration the increase of this parameter in your code?

Waiting for your feedback.


Julien BLAIS

More information about the pve-devel mailing list