[pve-devel] applied: [PATCH firewall] increase default nf_conntrack_max to kernel default

alexandre derumier aderumier at odiso.com
Thu Jul 8 22:01:40 CEST 2021


Hi,
you can change it in the proxmox node firewall options.


Le jeudi 08 juillet 2021 à 09:36 +0200, wb a écrit :
> Hello Thomas,
> 
> Currently with Proxmox, I have a Kubernetes node running on LXC.
> However, I have encountered an issue on the Container Network
> Interface (CNI) side and in order for it to work, the parameter
> /proc/sys/net/netfilter/nf_conntrack_max must be raised.
> 
> You know that the container settings are managed by the hypervisor.
> However, something prevents to go above 262144. By searching a bit in
> your code, I found the limitation in Firewall.pm. I raised this value
> and the CNI works again.
> 
> The last change was in this commit that you made.
> https://lists.proxmox.com/pipermail/pve-devel/2019-October/039748.html
> 
> Is it possible to take into consideration the increase of this
> parameter in your code?
> 
> Waiting for your feedback.
> 
> Sincerely.
> 
> Julien BLAIS
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 




More information about the pve-devel mailing list