On Tue, 25 Mar 2008 02:59:12 +0100 (CET), Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote: > > On Monday 2008-03-24 15:09, Richard Andrews wrote: >> Hello, Hi, >> We have a system running iptables, of which due to the incoming >> traffic we've had to increase ip_conntrack_max via sysctl. >> However, when restarting the service during any maintenance the >> value we pass during sysctl.conf is reset to the default 65536. >> Which then we are forced to run "sysctl -p" to reload our custom >> value. Is there a way to stop the iptables service from rewriting >> ip_conntrack_max when issued a restart/reload? > > That seems to be a bug of your distribution, because on mine, > sysctl.conf is read and applied on boot. Running Debian Sid, I can get the same behaviour. This is not a bug, just a matter of boot sequence. If you load sysctl configuration before your module is loaded (should be nf_conntrack_ipv4, not quite sure), the entry net.ipv4.netfilter.ip_conntrack_max does not exist yet, so it is not possible to set it to its value. To get it work, I just added it to my module list, in order to load it at boot time before my sysctl configuration. --- Franck Joncourt http://www.debian.org/ - http://smhteam.info/wiki/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
