Enable nf_conntrack_tcp_be_liberal with Ignition?

Does anyone know how to set “nf_conntrack_tcp_be_liberal” persistent in FCOS >=36 ?

I tried:

    - path: /etc/sysctl.d/99_network.conf
      contents: 
        inline: |
          net.netfilter.nf_conntrack_tcp_be_liberal = 1

But it was not set after boot:

> sysctl net.netfilter.nf_conntrack_tcp_be_liberal
net.netfilter.nf_conntrack_tcp_be_liberal = 0

nf_conntrack is a module (not built in) so maybe whatever is triggering the module to get loaded isn’t happening at the right time?

What happens if you add a file to make the module load earlier during startup:

$ cat /etc/modules-load.d/nf_conntrack.conf
nf_conntrack
1 Like

This works. Thanks!

1 Like