RHEL6 で iptables を再起動すると、sysctl 設定 net.netfilter.nf_conntrack_max がデフォルトに戻される
Issue
- iptables を再起動すると、sysctl 設定
net.netfilter.nf_conntrack_maxがデフォルトの 65536 に戻されます。
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.overcommit_memory = 2
vm.overcommit_ratio = 80
net.netfilter.nf_conntrack_max = 524288
# cat /proc/sys/net/netfilter/nf_conntrack_max
524288
[root@rhel6-5 ~]# service iptables restart
iptables:Setting chains to policy ACCEPT: filter [ OK ]
iptables:Flushing firewall rules:[ OK ]
iptables:Unloading modules:[ OK ]
iptables:Applying firewall rules:[ OK ]
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
Environment
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.