blob: c0a7e9c616660b31958a76674d4d0ddcaf5787cd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#
# Config template for: firewall conntrack-table-size
#
# Sets the size of the TCP connection tracking table in the netfilter
# nf_conntrack module, which is used by firewall and NAT. The size of
# this table determines how many TCP connections can be simultaneously
# tracked. If new connections arrive and the table is full, older
# connections will be dropped out of the table. System administrators
# must set the connection tracking table size based on the number of
# connections they expect their system to track. The connection
# tracking table consumes kernel memory, so the size selected should
# be no larger than necessary.
#
# default value when firewall is not set - 16384
# default value when firewall is set - 32768
#
type: u32
help: Set size of netfilter connection tracking table
default: 32768
comp_help:Possible completions:
<1 - 50000000>\tNumber of entries allowed in connection tracking table
syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be between 1 and 50,000,000"
update:
sudo sh -c "echo $VAR(@) > \
/proc/sys/net/nf_conntrack_max"
# need to restart conntrackd with updated conntrack table size
if [ -d $VYATTA_ACTIVE_CONFIGURATION_DIR/service/conntrack-sync ] ; then
sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable
fi
|
