From 28106192b19e9dd22cbeaa5693b3dc0c511aef4e Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 31 Aug 2025 12:48:30 -0400 Subject: [PATCH] reduce conntrack TCP established timeout to 1 hour We have nothing depending on having even anywhere close to 1 hour of idle time so we could reduce this significantly more. --- etc/sysctl.d/60-local.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/sysctl.d/60-local.conf b/etc/sysctl.d/60-local.conf index ae2d529..66fe0a0 100644 --- a/etc/sysctl.d/60-local.conf +++ b/etc/sysctl.d/60-local.conf @@ -40,7 +40,7 @@ net.ipv4.tcp_orphan_retries = 6 net.mptcp.enabled = 0 net.netfilter.nf_conntrack_tcp_loose = 0 -net.netfilter.nf_conntrack_tcp_timeout_established = 14400 +net.netfilter.nf_conntrack_tcp_timeout_established = 1800 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60 net.netfilter.nf_conntrack_udp_timeout = 15 net.netfilter.nf_conntrack_expect_max = 1