Nf_conntrack_count script?

Installing and Using OpenWrt
1

I need to write a script to auto reboot my router when cat /proc/sys/net/netfilter/nf_conntrack_count
16384

Anyone else have this setup?

2 
cat << "EOF" > /etc/firewall.ct_reset
CT_CNT="$(cat /proc/sys/net/netfilter/nf_conntrack_count)"
CT_MAX="$(cat /proc/sys/net/netfilter/nf_conntrack_max)"
if [ "${CT_CNT}" -gt "$((CT_MAX*19/20))" ]
then /etc/init.d/firewall restart
fi
EOF
cat << "EOF" >> /etc/crontabs/root
* * * * * . /etc/firewall.ct_reset
EOF
uci set system.@system[0].cronloglevel="9"
uci commit system
/etc/init.d/cron restart

But you should consider tuning timers and/or nf_conntrack_max.

2 Likes
3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.