git.proxmox.com Git - pve-firewall.git/commit

]> git.proxmox.com Git - pve-firewall.git/commit

author	Alexandre Derumier <aderumier@odiso.com>
	Tue, 22 Apr 2014 06:17:00 +0000 (08:17 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 22 Apr 2014 06:34:55 +0000 (08:34 +0200)
commit	46a2ac1f32537b92e309965580494d05d2a54fe5
tree	4a0de722db8a8363c16488db46e5f95b3543e6ad	tree
parent	44be8ceb181b163eb4d418b27b5ae92d8ca35293	commit \| diff

update update_nf_conntrack_max && nf_conntrack_tcp_timeout_established after modules load

/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
and
/proc/sys/net/nf_conntrack_max

are empty by default, because conntrack module is not loaded, until we have apply iptables rules

So, we just need to update them after iptables commit (which load the conntrack modules)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

src/PVE/Firewall.pm

diff | blob | blame | history

Firewall test scripts

RSS Atom