starchy, 10 months ago @jerry Just getting back to this now. Mind you this was on a less recent Debian version, so ymmv, but I had the line net.netfilter.nf_conntrack_max = 4000000 in /etc/sysctl.d/netfilter.conf. You can also echo the value to /proc/net/netfilter/nf_conntrack_max if you want to set it without a reboot. If the values of /proc/net/netfilter/nf_conntrack_count and /proc/net/netfilter/nf_conntrack_max are ever equal, you're in trouble for sure. Also note this will be under /proc/net/ipv4 or /proc/net/ipv6 on some distros.
@jerry Just getting back to this now. Mind you this was on a less recent Debian version, so ymmv, but I had the line
net.netfilter.nf_conntrack_max = 4000000
in /etc/sysctl.d/netfilter.conf. You can also echo the value to /proc/net/netfilter/nf_conntrack_max if you want to set it without a reboot.
If the values of /proc/net/netfilter/nf_conntrack_count and /proc/net/netfilter/nf_conntrack_max are ever equal, you're in trouble for sure.
Also note this will be under /proc/net/ipv4 or /proc/net/ipv6 on some distros.