> Originally you couldn't change the hash bucket number after the > ipt_conntrack module had been loaded, you needed to do that at load > time (for instance through /etc/sysctl.cnf), but I gather that current > netfilter versions allow changing the number of hash buckets at runtime > through: So this *should* work: net.netfilter.nf_conntrack_max=1048576 net.netfilter.nf_conntrack_buckets=1048576 But it only does for nf_conntrack_max. I did overwrite it by going to /sys/modules/nf_conntrack/parameters/hashsize and it did take it on the second try. The first time it complained about file descriptors. The second time it seemed to set it, which I verified by looking at /proc/sys/net/netfilter/nf_conntrack_buckets. Is there a way to set this on startup?
