| 123456789101112 |
- #
- # /etc/sysctl.d/NAT.conf (Salt managed)
- #
- # "Be conservative in what you do,
- # be liberal in what you accept from others."
- # If it's non-zero, we mark only out of window RST segments as INVALID.
- # -- net/netfilter/nf_conntrack_proto_tcp.c
- #
- net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 1
- # Increase conntrack table size (default 32k)
- net.ipv4.netfilter.ip_conntrack_max = 16777216
|
