#
# /etc/sysctl.d/NAT.conf (Salt managed)
#
# "Be conservative in what you do,
#  be liberal in what you accept from others."
#  If it's non-zero, we mark only out of window RST segments as INVALID.
#  -- net/netfilter/nf_conntrack_proto_tcp.c
#
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 1

# Increase conntrack table size (default 32k)
net.ipv4.netfilter.ip_conntrack_max = 16777216