Anton Danilov <littlesmilingcloud@xxxxxxxxx> wrote: > To avoid this issue you can tune the conntrack behaviour with sysctl: > sysctl -w net.netfilter.nf_conntrack_tcp_be_liberal=1 > sysctl -w net.netfilter.nf_conntrack_tcp_loose=1 Yes, a better alternative in this case though would be to NOTRACK packets from/to lo interface. Its kind of silly that conntrack tracks them be default IMO.
