blob: b44b563a2e09b5f324f91e6779b0d13101de054e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#
# Config template for: system conntrack table-size
#
# Sets the size of the TCP connection tracking table in the netfilter
# nf_conntrack module, which is used by firewall and NAT. The size of
# this table determines how many TCP connections can be simultaneously
# tracked. If new connections arrive and the table is full, older
# connections will be dropped out of the table. System administrators
# must set the connection tracking table size based on the number of
# connections they expect their system to track. The connection
# tracking table consumes kernel memory, so the size selected should
# be no larger than necessary.
#
# default value: 16384
#
type: u32
help: Size of connection tracking table
default: 16384
val_help: u32:1-50000000; Number of entries allowed in connection tracking table
syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be between 1 and 50000000"
update:
sudo sysctl -q -w net/nf_conntrack_max=$VAR(@)
# need to restart conntrackd with updated conntrack table size
if cli-shell-api existsActive service conntrack-sync; then
sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable
fi
|
