Where is the correct place to set net.netfilter.nf_conntrack_buckets?

centos6 sysctl conntrack nf-conntrack
13,537

Solution 1

I think that sysctl parameter is for viewing only. You'll want to use the /sys/module/nf_conntrack/parameters/hashsize interface for runtime changes, and the hashsize module option to set it during initial module load.

You'd want an entry in a /etc/modprobe.d/ file that looks something like this:

options nf_conntrack hashsize=XXXXX

Solution 2

Further to Andrew B's answer:

For some reason, the RHEL documentation recommends putting an executable shell script with a name like nf_conntrack_hashsize.modules extension into /etc/sysconfig/modules instead. I have no idea why. Contents would look like:

#!/bin/sh
exec /sbin/modprobe nf_conntrack hashsize=262144

Solution 3

You need to put a file called, for example, localhost inside /etc/modprobe.d/ directory.

Inside this file, add these lines (value is an example):

options nf_conntrack hashsize=333333

And now, the more quick solution is a restart, the other option is to try a reload the nf_conntrack kernel module, wich is a bit difficult because it's linked with others running modules.

Check the result with:

cat /sys/module/nf_conntrack/parameters/hashsize
Share:
13,537

Related videos on Youtube

KelchM
Author by

KelchM

Updated on September 18, 2022

Comments

  • KelchM
    KelchM almost 2 years

    I'm currently trying to set net.netfilter.nf_conntrack_buckets on boot. I initially assumed that this could be done through sysctl.conf, but net.netfilter.nf_conntrack_buckets (and other net.netfilter configurations) were not applied at all. Adding sysctl -p to rc.local allowed all the net.netfilter configurations to be applied with the exception of net.netfilter.nf_conntrack_buckets. I'll also note that trying to set this from the terminal using sysctl -w results in 'error: permission denied on key 'net.netfilter.nf_conntrack_buckets''

    # This should be applied at boot
net.netfilter.nf_conntrack_max=1966080
net.netfilter.nf_conntrack_buckets=245760

    Where is the correct place to do this?

  • hbogert
    hbogert over 7 years
    Seems like this is needed if you want to load additional modules which wouldn't have been loaded otherwise. [quote] You can specify additional modules to be loaded by creating a new <file_name>.modules[/quote]
  • andresp
    andresp about 5 years
    I have noticed that if you set the hashsize via /sys/module/nf_conntrack/parameters/hashsize the net.netfilter.nf_conntrack_buckets sysctl is not updated, while if you do it via modprobe and then reboot it is changed. Does that mean that changing the value via the first method doesn't completely apply the new value?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use conntrack to allow SIP traffic
ip_conntrack_max not found
error: "net.ipv4.netfilter.ip_conntrack_max" is an unknown key
nf_conntrack: table full, dropping packet
sysctl -p /etc/sysctl.conf returns error
What is the difference between nf_conntrack_max and nf_conntrack_expect_max?
How to enable core files on CentOS 6
How to mitigate error "kernel: nf_conntrack: table full, dropping packet"
install MySQL Server 5.0 on CentOS 6.3
Change owner of a currently running process