Hi,
On a fully updated F7 box I have added this line to /etc/sysctl.conf:
net.netfilter.nf_conntrack_tcp_be_liberal = 1
However, on reboot, this seems to have no effect. Eg. On a freshly rebooted system:
# cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal 0
And so that setting doesn't seem to have been applied. Without editing that file, if I do:
# /sbin/sysctl -p net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 net.netfilter.nf_conntrack_tcp_be_liberal = 1
then, the setting sticks:
# cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal 1
Anyone able to shed some light on why this is so? (Reported as BZ #312481)
Jonathan.
On 29/09/2007, Jonathan Underwood jonathan.underwood@gmail.com wrote:
Hi,
On a fully updated F7 box I have added this line to /etc/sysctl.conf:
net.netfilter.nf_conntrack_tcp_be_liberal = 1
However, on reboot, this seems to have no effect. Eg. On a freshly rebooted system:
# cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal 0
And so that setting doesn't seem to have been applied. Without editing that file, if I do:
# /sbin/sysctl -p net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 net.netfilter.nf_conntrack_tcp_be_liberal = 1
then, the setting sticks:
# cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal 1
For the benefit of the archives, and anyone in the future searching for this issue - the reason is that, during boot, sysctl is called by the /etc/init.d/network service. Any values in /etc/sysctl.conf set for kernel modules not loaded at that point will be ignored.
-
Jonathan Underwood