I'm looking for some firewall tweaking advice. We have a dedicated firewall which hit ran out of conntrack slots recently. We had already tweaked the number max_conntracks to 131072. That box was an RHEL 4 box. We are building a new firewall, based on 2.6.22. Reading some older docs, they mention that if you can, set conntrack_buckets to the same as conntack_max, if memory permits. This box has plenty 512mb. In the sample reference doc, it says that you can do about 1048576 at a cost of about 300mb of ram. This is fine. Since this is a dedicated firewall box, with only ssh, cron, smartd and sysstat running on it, what would you recommend the settings to be? And what is the best way to set these (/etc/sysctl.conf)? Playing around I found that I can set nf_conntrack_max to the value, but when I set nf_conntrack_buckets to the same I get permission denied. nf_conntrack_buckets is set to 4096, which if I read the documentation correctly, would slow down the link list parsing as it would have to refer to the conntrack list more often.
