On 29/09/2007, Jonathan Underwood <jonathan.underwood@xxxxxxxxx> wrote: > Hi, > > On a fully updated F7 box I have added this line to /etc/sysctl.conf: > > net.netfilter.nf_conntrack_tcp_be_liberal = 1 > > However, on reboot, this seems to have no effect. Eg. On a freshly > rebooted system: > > # cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal > 0 > > And so that setting doesn't seem to have been applied. Without editing > that file, if I do: > > # /sbin/sysctl -p > net.ipv4.ip_forward = 0 > net.ipv4.conf.default.rp_filter = 1 > net.ipv4.conf.default.accept_source_route = 0 > kernel.sysrq = 0 > kernel.core_uses_pid = 1 > net.ipv4.tcp_syncookies = 1 > net.netfilter.nf_conntrack_tcp_be_liberal = 1 > > then, the setting sticks: > > # cat /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal > 1 For the benefit of the archives, and anyone in the future searching for this issue - the reason is that, during boot, sysctl is called by the /etc/init.d/network service. Any values in /etc/sysctl.conf set for kernel modules not loaded at that point will be ignored.
