[Bug 1210813] [NEW] procps does not set netfilter changes
Brian Burch
1210813 at bugs.launchpad.net
Sat Aug 10 15:43:28 UTC 2013
Public bug reported:
This might be considered a duplicate of
https://bugs.launchpad.net/bugs/771372 and
https://bugs.launchpad.net/bugs/690433, both of which are marked as
fixed (and have long histories).
I have /etc/sysctl.d/60-conntrack.conf as follows:
net.netfilter.nf_conntrack_max=131072
net.netfilter.nf_conntrack_tcp_timeout_established=600
net.netfilter.nf_conntrack_sctp_timeout_established=600
With both current distros of procps from quantal and precise
repositories, my overrides to netfilter conntrack defaults are NOT
applied at system boot time. My syntax is correct because I can
successfully apply the changes with explicit sysctl commands.
I found https://bugzilla.redhat.com/show_bug.cgi?id=869779 very helpful.
I have circumvented the problem on my systems by adding "service procps
restart" to my (empty by default) /etc/rc.local file.
It seems to me the upstart "static network up" event is still too early
in the boot process and the netfilter branch of the proc tree has not
yet been created. I fiddled around with the start clause of procps,
waiting for specific interfaces to come up, but that made no difference.
Perhaps a new event is required?
However, following the discussions in the 2 bugs above, and also
https://bugs.launchpad.net/bugs/50093, there seems to be something
inadequate in the architecture. Surely it isn't right to be running
procps later to modify some branches while it needs to be run early for
others? Maybe the upstart script for procps needs to use different (and
new?) upstart events to process subsets of the /etc/sysctl.d/ conf
files?
** Affects: procps (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1210813
Title:
procps does not set netfilter changes
Status in “procps” package in Ubuntu:
New
Bug description:
This might be considered a duplicate of
https://bugs.launchpad.net/bugs/771372 and
https://bugs.launchpad.net/bugs/690433, both of which are marked as
fixed (and have long histories).
I have /etc/sysctl.d/60-conntrack.conf as follows:
net.netfilter.nf_conntrack_max=131072
net.netfilter.nf_conntrack_tcp_timeout_established=600
net.netfilter.nf_conntrack_sctp_timeout_established=600
With both current distros of procps from quantal and precise
repositories, my overrides to netfilter conntrack defaults are NOT
applied at system boot time. My syntax is correct because I can
successfully apply the changes with explicit sysctl commands.
I found https://bugzilla.redhat.com/show_bug.cgi?id=869779 very
helpful. I have circumvented the problem on my systems by adding
"service procps restart" to my (empty by default) /etc/rc.local file.
It seems to me the upstart "static network up" event is still too
early in the boot process and the netfilter branch of the proc tree
has not yet been created. I fiddled around with the start clause of
procps, waiting for specific interfaces to come up, but that made no
difference. Perhaps a new event is required?
However, following the discussions in the 2 bugs above, and also
https://bugs.launchpad.net/bugs/50093, there seems to be something
inadequate in the architecture. Surely it isn't right to be running
procps later to modify some branches while it needs to be run early
for others? Maybe the upstart script for procps needs to use different
(and new?) upstart events to process subsets of the /etc/sysctl.d/
conf files?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1210813/+subscriptions
More information about the foundations-bugs
mailing list