From 6dbc014f4bf55a65963f8056a7c92be64c0c07ad Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sat, 27 Apr 2024 12:48:21 -0400
Subject: [PATCH] set conntrack expectation table to minimum size

---
 sysctl.d/local.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sysctl.d/local.conf b/sysctl.d/local.conf
index b4a8059..fe19e54 100644
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@@ -37,6 +37,7 @@ net.mptcp.enabled = 0
 net.netfilter.nf_conntrack_tcp_loose = 0
 net.netfilter.nf_conntrack_tcp_timeout_established = 14400
 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
+net.netfilter.nf_conntrack_expect_max = 1
 
 kernel.yama.ptrace_scope = 2