> Ehm, you're original question was about > setting conntrack values :-) > > Originally you couldn't change the hash bucket number after the > ipt_conntrack module had been loaded, you needed to do that at load > time (for instance through /etc/sysctl.cnf), but I gather that current > netfilter versions allow changing the number of hash buckets at runtime > through: > > /sys/module/ip_conntrack/parameters/hashsize > > Setting #hash buckets=conntrack max should be fine that's what we do as > well. > > Maybe you want to carefully reduce some of the > /proc/sys/net/ipv4/netfilter/ip_conntrack_*timeout* parameters to > reduce the number of entries in the connection tracking hash. > This is what I was looking for. I'll play around with it. I just 1) needed to know where to start and 2) wanted to know what people who handle this type of traffic currently do. Thanks, Gary
