I'm currently trying to set net.netfilter.nf_conntrack_buckets on boot. I initially assumed that this could be done through sysctl.conf, but net.netfilter.nf_conntrack_buckets (and other net.netfilter configurations) were not applied at all. Adding sysctl -p to rc.local allowed all the net.netfilter configurations to be applied with the exception of net.netfilter.nf_conntrack_buckets. I'll also note that trying to set this from the terminal using sysctl -w results in 'error: permission denied on key 'net.netfilter.nf_conntrack_buckets''
# This should be applied at boot
net.netfilter.nf_conntrack_max=1966080
net.netfilter.nf_conntrack_buckets=245760
Where is the correct place to do this?
Best Answer
I think that sysctl parameter is for viewing only. You'll want to use the
/sys/module/nf_conntrack/parameters/hashsizeinterface for runtime changes, and thehashsizemodule option to set it during initial module load.You'd want an entry in a
/etc/modprobe.d/file that looks something like this:options nf_conntrack hashsize=XXXXX