for nf_conntrack_max the kernel uses by default the value:
(nf_conntrack_buckets value * 4) and nf_conntrack_buckets
is set to 2^16 for machines with more than 4GB memory, so the
resulting default would be 2^18 == 262144.
As PVE hoists are expected to have more than such a, nowadays rather
small, amount of memory, update the default to match the one which
would be normally used anyway.
[0]: https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
description => "Maximum number of tracked connections.",
type => 'integer',
optional => 1,
+ default => 262144,
minimum => 32768,
},
nf_conntrack_tcp_timeout_established => {
sub update_nf_conntrack_max {
my ($hostfw_conf) = @_;
- my $max = 65536; # reasonable default
+ my $max = 262144; # reasonable default (2^16 * 4), see nf_conntrack-sysctl docs
my $options = $hostfw_conf->{options} || {};