Bug 199908
Summary: | ip_conntrack_max is set always default value | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | masanari iida <masanari_iida> |
Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | bruno, kzak |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 13:23:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
masanari iida
2006-07-24 09:07:43 UTC
Assigning this to procps. I'd need an option in sysctl, where I can restrict to a subtree of /sys. Here: /net/ipv4/netfilter for IPv4 and /net/ipv6/netfilter for IPv6. Please ressign to iptables if this is fixed in procps. Well, the solution is extract from sysctl.conf relevant options and use it for sysctl, for example: gawk '/netfilter/ { gsub(" ", ""); print $0; }' /etc/sysctl.conf | xargs sysctl -w I'd like to expand on this problem as well. When doing a service restart iptables all of the conntrack values are reset to the defaults even if other values are specified in /etc/sysctl.conf. I noticed this because I needed to reduce some timeouts due to spammers filling up my connection table (5 day timeouts seem excessive), but when I restarted iptables, the default values were restored. So it would be nice as part of the start (or restart) process that applicable values from /etc/sysctl.conf get applied after the various conntrack modules have been loaded. Note I am seeing this using iptables-1.4.0-4.fc9.i386. Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue. |