First of all, let us see what IP_CONNTRACK is. It is nothing but the number of sessions that can be handled simultaneously by netfilter in kernel memory.
A) Temporarily, you can increase this by echoing a high value to ip_conntrack_max file.
echo >> /proc/sys/net/ipv4/ip_conntrack_max
But since /proc is a virtual space, if you restart iptables or if you reboot
your server the value set will be lost.
B) The permanent solution is to append it directly to the kernel parameters:
# open /etc/sysctl.conf
# Append this line >> net.ipv4.ip_conntrack_max = CONNTRACK_MAX
where ,CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (x / 32)
where x is the number of bits in a pointer (for example, 32 or 64 bits).
To save the changes quit the editor and execute the command:
# sysctl -p
C) If you love shell commands, use the following command:
# sysctl -w net.ipv4.ip_conntrack_max=CONNTRACK_MAX and then run
# sysctl -p
To see the new value you can ‘cat’ ” /proc/sys/net/ipv4/ip_conntrack_max ” file.
or sysctl -a | grep conntrack
D) For servers having APF firewall, you need to adopt a different method since most of the sysctl parameters are loaded by APF.
# Open APF configuration file “/etc/apf/conf.apf”.
# Locate the parameter “SYSCTL_CONNTRACK”, replace the value and then restart APF.
