[pve-devel] nf_conntrack_tcp_timeout_established tuning option

Alexandre DERUMIER aderumier at odiso.com
Tue Apr 1 09:32:55 CEST 2014


hi,

by default the nf_conntrack_tcp_timeout_established is quite huge (5days),

cisco firewall have 2hour by default

it could be great to have a tuning option,

I found a doc here:
https://dev.openwrt.org/ticket/12976

with recommandation of minimum : 7875

tcp_keepalive_time + tcp_keepalive_probes * tcp_keepalive_intvl = 7200 + 9 * 75 by default) 





More information about the pve-devel mailing list