Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
centos7_firewall_high_traffic_ntp

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
centos7_firewall_high_traffic_ntp [2015/08/25 13:35] – [Configure legacy iptables scripts] admincentos7_firewall_high_traffic_ntp [2015/09/15 12:04] – [Disable connection tracking in RouterOS (Mikrotik)] admin
Line 2: Line 2:
 ~~TOC~~ ~~TOC~~
  
-=====CentOS 7 high traffic NTP and netfilter===== +=====CentOS 7 high traffic NTP and netfilter===== 
-It was not so trivial (for me) to modify firewalld for a high traffic NTP sever. The default firewalld ntp service uses connection tracking. Something you don't want when managing high traffic. This page describes how to disable connection tracking.+The default firewalld ntp service uses connection tracking. Something you don't want when managing high traffic. This page describes how to disable connection tracking.
  
 {{::nf_conntrack.png?nolink|nf_contrack count percentage}}\\ {{::nf_conntrack.png?nolink|nf_contrack count percentage}}\\
Line 64: Line 64:
 net.netfilter.nf_conntrack_count = 2 net.netfilter.nf_conntrack_count = 2
 net.netfilter.nf_conntrack_max = 65536</code> net.netfilter.nf_conntrack_max = 65536</code>
 +====Disable connection tracking in RouterOS (Mikrotik)====
 +  * Add [[http://wiki.mikrotik.com/wiki/Manual:Fast_Path|fasttrack action]] before accepting connection.
 +
centos7_firewall_high_traffic_ntp.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1