Restarting iptables restores sysctl setting net.netfilter.nf_conntrack_max to default in RHEL6
Issue
- Restarting iptables restores the sysctl setting
net.netfilter.nf_conntrack_maxto default 65536
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.overcommit_memory = 2
vm.overcommit_ratio = 80
net.netfilter.nf_conntrack_max = 524288
# cat /proc/sys/net/netfilter/nf_conntrack_max
524288
[root@rhel6-5 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
Environment
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.