How to change netfilter parameters?

As of version 4.9.0, VMmanager automatically changes the settings of the netfilter built-in firewall when a new cluster node is connected. In particular, VMmanager increases the values of net.nf_conntrack_max and net.netfilter.nf_conntrack_max parameters controlling the maximum number of network connections to 1048576. This helps to avoid errors similar to nf_conntrack: table full, dropping packet causing the loss of network packets.

To change these parameters on the connected cluster nodes manually:

Connect to the server with VMmanager via SSH.
Enable ip_conntrack module:
```
modprobe ip_conntrack
```
Set the new value of the parameter net.netfilter.nf_conntrack_max. We recommend to increase that value to 1048576:
```
echo "net.netfilter.nf_conntrack_max=1048576" >> /etc/sysctl.conf
```
To apply the settings, execute the command:
```
sysctl -p
```

Check that the parameters have been changed:

sysctl -a | grep conntrack_max

The response to the command should look as follows:

net.netfilter.nf_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

The article was last updated on 10.27.2022. The article was prepared by technical writers of ISPsystem.