If you’re trying to tune up your:
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 30
net.ipv4.netfilter.ip_conntrack_max = 1048576
in /etc/sysctl.conf and you come across the error messages;
"net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv" is an unknown key
"net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait" is an unknown key
"net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait" is an unknown key
"net.ipv4.netfilter.ip_conntrack_max" is an unknown key
whether you’re executing:
debian:~# sysctl -p
in order to make the net.ipv4.netfilter.* values to be set as a kernel values to iptables, you need to modify your /etc/modules file and add the nf_conntrack_ftp in it, here is how:
echo 'nf_conntrack_ftp' >> /etc/modules
Now to make the new settings be reloaded issue the command:
debian:~# sysctl -p
Now the values will be properly set and you will see no longer the is an unknown key error messages like so:
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 30
net.ipv4.netfilter.ip_conntrack_max = 1048576
