On Thu, Mar 09, 2017 at 09:32:47PM +0100, Pablo Neira Ayuso wrote: > On Mon, Mar 06, 2017 at 11:15:04AM -0600, gerald wrote: > > https://bugzilla.netfilter.org/show_bug.cgi?id=1123 [...] > > conntrackd.conf: > > Sync { > > Mode FTFW { > > DisableExternalCache On > > You cannot use FTFW with DisableExternalCache On. I'll make a patch to > warn on this to users. But this shouldn't be the cause of the problem. Forget this, FTFW and DisableExternalCache is OK. > > CommitTimeout 1800 > > Could you comment out this option and retest? I managed to reproduce this here. You cannot combine CommitTimeout with DisableExternalCache. If you set CommitTimeout, then conntrack starts spitting EINVAL error messages. Fixed here: http://git.netfilter.org/conntrack-tools/commit/?id=39398cd3c1e488e099ea186ad1e5b725c2f09d1d Thanks for reporting. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
