[pve-devel] applied: [PATCH firewall] increase default nf_conntrack_max to kernel default
wb
webmaster at jbsky.fr
Thu Jul 8 09:36:19 CEST 2021
Hello Thomas,
Currently with Proxmox, I have a Kubernetes node running on LXC. However, I have encountered an issue on the Container Network Interface (CNI) side and in order for it to work, the parameter /proc/sys/net/netfilter/nf_conntrack_max must be raised.
You know that the container settings are managed by the hypervisor. However, something prevents to go above 262144. By searching a bit in your code, I found the limitation in Firewall.pm. I raised this value and the CNI works again.
The last change was in this commit that you made.
https://lists.proxmox.com/pipermail/pve-devel/2019-October/039748.html
Is it possible to take into consideration the increase of this parameter in your code?
Waiting for your feedback.
Sincerely.
Julien BLAIS
More information about the pve-devel
mailing list