[Bug 690433] Re: procps starts too early to correctly set net.netfilter.nf_conntrack_acct

Jeroen Vijfhuizen 690433 at bugs.launchpad.net
Wed Oct 9 12:44:28 UTC 2013 

Could not find a way to edit comments but I'd like to retract comment
#14. In my case it was first touching any iptables related stuff in
rc.local which seems to be executed later then procps. I am now force
loading the related module 'nf_conntrack_ipv4' in /etc/modules which
makes the sysctl.d settings being properly applied on next boot.

This was one of the most confusing system configuration related bugs I
have ever had to chase. Hopefully there is some way (I know this is not
easy) to make this whole process better in the future :)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/690433

Title:
  procps starts too early to correctly set
  net.netfilter.nf_conntrack_acct

Status in “procps” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: procps

  I followed the documentation in /etc/sysctl.d/README that tells to put
  custom sysctl settings in /etc/sysctl.d/60-*.conf.

  /etc/sysctl.d/60-bridge-firewalling.conf :
  net.bridge.bridge-nf-call-iptables=0
  net.bridge.bridge-nf-call-ip6tables=0
  net.bridge.bridge-nf-call-arptables=0

  /etc/sysctl.d/60-nf-conntrack.conf :
  net.netfilter.nf_conntrack_acct=0

  but those setting are not applied on reboot. They are correctly
  applied when running this though :

  sudo service procps start

  I think that this is because the procps Upstart script starts too soon
  in the boot process :

  /etc/init/procps.conf:
  ...
  start on virtual-filesystems

  task
  script
      cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -p -
  end script

  I don't know Upstart enough to change the "start on" line to have my
  settings correctly applied. Any help is greatly appreciated.

  simon at xeon:~$ lsb_release -rd
  Description:	Ubuntu 10.04.1 LTS
  Release:	10.04

  simon at xeon:~$ apt-cache policy procps
  procps:
    Installed: 1:3.2.8-1ubuntu4
    Candidate: 1:3.2.8-1ubuntu4
    Version table:
   *** 1:3.2.8-1ubuntu4 0
          500 http://ca.archive.ubuntu.com/ubuntu/ lucid/main Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/690433/+subscriptions

More information about the foundations-bugs mailing list