From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4E8207446B for ; Thu, 8 Jul 2021 22:02:23 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 371491C8DA for ; Thu, 8 Jul 2021 22:01:53 +0200 (CEST) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 3808F1C8C2 for ; Thu, 8 Jul 2021 22:01:48 +0200 (CEST) Received: by mail-ed1-x536.google.com with SMTP id t3so10224490edt.12 for ; Thu, 08 Jul 2021 13:01:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=odiso-com.20150623.gappssmtp.com; s=20150623; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version; bh=TuBY9oakX67FuvMcgScNCLluhVLgUPv/0KSqeIC1BbA=; b=xu7OQk+jEtkBw/WFEaity3OICuaSL4jgka5PoU/dqV9lXuR0smRwrYr3+dOvRLhfSv hPfHZP1Xa71EvJkSkZHiuvaQbjMC8A+rCw3jNDwlnYmia5Nu12kbDwUtEn1rlswsuv9+ Dab00MCfXXXsJrmbjU6B7vQKIlR4iVcoTMzvJnJw+78agG4D9OL6+dmvFtpQzfM+We+v mjKf+v7d8DHNpgFgYLsn+LcwdeCBfKjr25wajDp9w14N3HGQZY+RA8r/bFVWqpHKFKzG 3TA+EaO8eNBEnJT3CRUnynT+S6/5sEArKTCPr9hwgbU+NLnyJ6B8wQoZ7v1hPLJabzMv Eg8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version; bh=TuBY9oakX67FuvMcgScNCLluhVLgUPv/0KSqeIC1BbA=; b=deDoGlw/S3m9El+I/4HBUefxmwJWm+xb9w+wSMtw2FtJpu0ZUhfHGUvibY3tTJuYik 6BH+cqHMQcfNw/oABLVh3XVq6vb57urcmZZISXceVafxdVp6BSwjPl3Vs/jBKSqWfvsO Jn/I5O638mOzUD7SAI+GqX55vMlxXyENHiwPAK280/sy5r7u8PHKyUh4gWFPLJgQqddq Wt+XpGckZ9eD+aeoPEmoN45HmPS4DUzfow3S4EEDqdTQcUdchOuvqC3LfNsbtuoHivCG fBd84aHeoDy8LESFfHeCCsCPx8zptFdBexfZJd5y1TH68lRAvX2UyaV98/YqtdkUrwxI Yosw== X-Gm-Message-State: AOAM533fozscxrAdH+eLP5LxDSf8O+YyWvK0TZEE5C4BUWG7bddfdglw i+Tfq5cOSNX+HpxHNDmYkzsdXXaiZ4v4/AuGDjU= X-Google-Smtp-Source: ABdhPJx2u2i4AnVMs0j9qQOBwTUMgJbTYdhSSOgqOaDVcS6SkDNat7HCixWUpEv9ga7IlQSybDXj/Q== X-Received: by 2002:aa7:c14e:: with SMTP id r14mr9392463edp.251.1625774501608; Thu, 08 Jul 2021 13:01:41 -0700 (PDT) Received: from [192.168.178.50] ([79.132.252.54]) by smtp.gmail.com with ESMTPSA id q23sm1776261edt.22.2021.07.08.13.01.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jul 2021 13:01:41 -0700 (PDT) Message-ID: <6fc2fa6ee90a025f240293c520eaf4219ce031f1.camel@odiso.com> From: alexandre derumier To: Proxmox VE development discussion , Thomas Lamprecht Date: Thu, 08 Jul 2021 22:01:40 +0200 In-Reply-To: <7c586e5ce8e90aa54f06b138fb4f4c02@mwinf5d29.me-wanadoo.net> References: <7c586e5ce8e90aa54f06b138fb4f4c02@mwinf5d29.me-wanadoo.net> User-Agent: Evolution 3.40.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.948 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [firewall.pm, proxmox.com] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [pve-devel] applied: [PATCH firewall] increase default nf_conntrack_max to kernel default X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2021 20:02:23 -0000 Hi, you can change it in the proxmox node firewall options. Le jeudi 08 juillet 2021 à 09:36 +0200, wb a écrit : > Hello Thomas, > > Currently with Proxmox, I have a Kubernetes node running on LXC. > However, I have encountered an issue on the Container Network > Interface (CNI) side and in order for it to work, the parameter > /proc/sys/net/netfilter/nf_conntrack_max must be raised. > > You know that the container settings are managed by the hypervisor. > However, something prevents to go above 262144. By searching a bit in > your code, I found the limitation in Firewall.pm. I raised this value > and the CNI works again. > > The last change was in this commit that you made. > https://lists.proxmox.com/pipermail/pve-devel/2019-October/039748.html > > Is it possible to take into consideration the increase of this > parameter in your code? > > Waiting for your feedback. > > Sincerely. > > Julien BLAIS > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >