> Oh yes sorry, you can't set it in sysctl.conf then, since the module > must probably already be loaded if you can use that. Try the module > load parameters instead (options ip_conntrack hashsize=XXXX in > /etc/modprobe.d/somefile worked in older kernels). > > I am actually just patching the numbers in to the kernel version > myself, since I don't want to have a module-based kernel on my firewall > box. I've also found the same setting in a couple of list groups. Here's what I have, but it doesn't seem to work: [root@localhost etc]# cat /etc/modprobe.conf options ip_conntrack hashsize=1048576 alias eth0 eepro100 ... I'm going to play around with it for a while. If I can't get it to work through modprobe I'll just tweak /etc/init.d/iptables to populate /sys/... since that seemed to work. I was just looking for a more elegant solution. Thanks for all of the help. This solve my problem of hitting the limits in any event. Gary
