Translated message

A translation of this page exists in English.

RHEL6 で iptables を再起動すると、sysctl 設定 net.netfilter.nf_conntrack_max がデフォルトに戻される

Solution Verified - Updated -

Issue

  • iptables を再起動すると、sysctl 設定 net.netfilter.nf_conntrack_max がデフォルトの 65536 に戻されます。
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.overcommit_memory = 2
vm.overcommit_ratio = 80
net.netfilter.nf_conntrack_max = 524288
# cat /proc/sys/net/netfilter/nf_conntrack_max
524288
[root@rhel6-5 ~]# service iptables restart
iptables:Setting chains to policy ACCEPT: filter [  OK  ]
iptables:Flushing firewall rules:[  OK  ]
iptables:Unloading modules:[  OK  ]
iptables:Applying firewall rules:[  OK  ]
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content