Skip to main content

Where is the correct place to set net.netfilter.nf_conntrack_buckets? [Resolved]

I'm currently trying to set net.netfilter.nf_conntrack_buckets on boot. I initially assumed that this could be done through sysctl.conf, but net.netfilter.nf_conntrack_buckets (and other net.netfilter configurations) were not applied at all. Adding sysctl -p to rc.local allowed all the net.netfilter configurations to be applied with the exception of net.netfilter.nf_conntrack_buckets. I'll also note that trying to set this from the terminal using sysctl -w results in 'error: permission denied on key 'net.netfilter.nf_conntrack_buckets''

# This should be applied at boot
net.netfilter.nf_conntrack_max=1966080
net.netfilter.nf_conntrack_buckets=245760

Where is the correct place to do this?


Question Credit: KelchM
Question Reference
Asked August 18, 2019
Posted Under: Network
35 views
4 Answers

Further to Andrew B's answer:

For some reason, the RHEL documentation recommends putting an executable shell script with a name like nf_conntrack_hashsize.modules extension into /etc/sysconfig/modules instead. I have no idea why. Contents would look like:

#!/bin/sh
exec /sbin/modprobe nf_conntrack hashsize=262144

credit: Andrew B
Answered August 18, 2019

You need to put a file called, for example, localhost inside /etc/modprobe.d/ directory.

Inside this file, add these lines (value is an example):

options nf_conntrack hashsize=333333

And now, the more quick solution is a restart, the other option is to try a reload the nf_conntrack kernel module, wich is a bit difficult because it's linked with others running modules.

Check the result with:

cat /sys/module/nf_conntrack/parameters/hashsize

credit: Ricardo Fraile
Answered August 18, 2019

This works for me in centos 6

# echo 1440000 > /sys/module/nf_conntrack/parameters/hashsize

# cat /sys/module/nf_conntrack/parameters/hashsize
1440000

credit: Seandex
Answered August 18, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA