Le vendredi 10 février 2012 à 08:44 +0100, Jean-Philippe Menil a écrit : > No, the NetlinkEventsReliable is commented in the configuration file. > > However, on the same hosts, i see strange things: > ths host boot with the following parameter: > net.netfilter.nf_conntrack_max=262144 > net.netfilter.nf_conntrack_tcp_timeout_established=10800 > > nf_conntrack is loaded with the following parameter: > options nf_conntrack hashsize=262144 > > But it seems that the nf_conntrack_max reset to his default value > (65536) periodically. > Three days ago, i manually increase the nf_conntrack_max to 262144, > yesterday i see plenty of "nf_conntrack: table full, dropping packet". > checking the value, is fall down to 65536. > > It's maybe not related, but i can't understand how the value can change? > 65536 is the default value when module is loaded. Something unloads it and loads it again, and sysctl is not run after this module load. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
