conntrack
-
S
IPv6 Neighbor solicitations are dropped with kernel 6.8.12-2-pve
Hello everyone, this is my first post on this forum so be nice and point out to me if I'm doing something wrong. I think there is a bug in the kernel 6.8.12-2-pve where icmpv6 Neighbor solicitations packets are dropped if there is the following rule in iptables: ip6tables -I INPUT -m conntrack...- samuelemusiani
- Thread
- conntrack iptables ipv6 ndp
- Replies: 0
- Forum: Proxmox VE: Networking and Firewall
-
G
persistent nf_conntrack sysctl
Hello. I am trying to modify nf_conntrack options in /etc/sysctl.conf i have : net.netfilter.nf_conntrack_generic_timeout=60 net.netfilter.nf_conntrack_icmp_timeout=10 #net.netfilter.nf_conntrack_tcp_timeout_close=10 net.netfilter.nf_conntrack_tcp_timeout_close_wait=20...- gernazdasch
- Thread
- conntrack firewall sysctl
- Replies: 2
- Forum: Proxmox VE: Networking and Firewall
-
A
preconfigured firewall rules and overrun conntrack table
I am encountering a problem on busy servers were the nodes "inexplicably" lost connectivity with cluster partners and fence themselves off. Some investigation shows that when this happens, pve-firewall is enabled and conntrack table is full. a quick look at "virgin" iptables rules has entries...- alexskysilk
- Thread
- conntrack firewall
- Replies: 1
- Forum: Proxmox VE: Installation and configuration