Hello,
I added some commands to the /etc/sysctl.d/dietpi.conf as given below:
# Reduce swap file usage to a minimum
vm.swappiness=10
# Allow all users to "ping" without further capabilities: https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange
net.ipv4.ping_group_range = 0 2147483647
#For netfilter
net.netfilter.nf_conntrack_generic_timeout=120
net.netfilter.nf_conntrack_sctp_timeout_established=54000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=60
net.netfilter.nf_conntrack_tcp_timeout_time_wait=60
net.netfilter.nf_conntrack_max=100000
Unfortunatly while reading through the journalctl boot logs, I see this:
Mar 21 14:35:44 Retracted systemd-sysctl[127]: Couldn't write '120' to 'net/netfilter/nf_conntrack_generic_timeout', ignoring: No such file or directory
Mar 21 14:35:44 Retracted systemd-sysctl[127]: Couldn't write '54000' to 'net/netfilter/nf_conntrack_sctp_timeout_established', ignoring: No such file or directory
Mar 21 14:35:44 Retracted systemd-sysctl[127]: Couldn't write '60' to 'net/netfilter/nf_conntrack_tcp_timeout_fin_wait', ignoring: No such file or directory
Mar 21 14:35:44 Retracted systemd-sysctl[127]: Couldn't write '60' to 'net/netfilter/nf_conntrack_tcp_timeout_time_wait', ignoring: No such file or directory
Mar 21 14:35:44 Retracted systemd-sysctl[127]: Couldn't write '100000' to 'net/netfilter/nf_conntrack_max', ignoring: No such file or directory
So what’s going wrong?
If I add sysctl -w before each statement and run them manually, it works just fine.
I’ve tried pasting the same in /etc/sysctl.conf, and that still produces the same error.
Also, what’s the difference between the sysctl.conf and the dietpi.conf files?
Hi,
did you activate nf_conntrack module? It can be checked as follow
lsmod | grep nf_conntrack
If it doesn’t give anything, you can activate it as follow
modprobe nf_conntrack
Afterwards you should see related files inside /proc/sys/net/netfilter/
The init systemd loads all *.conf files inside /etc/sysctl.d/ at boot.
/etc/sysctl.conf is actually not loaded, but only via a trick as there is a symlink /etc/sysctl.d/99-sysctl.conf pointing to /etc/sysctl.conf. So the latter one is a legacy file, kept effective for backwards-compatibility only, but you should not use it anymore.
/etc/sysctl.d/dietpi.conf is our default config. You should not change it either, as it will be overwritten on DietPi updates. With these kind of *.d directories you should create your own additional files to add or overwrite settings, so system defaults are not purged but only overridden and things can be reverted easily + your changes won’t be overwritten on any system update.
Sidenote: The files are loaded in alphabetic order, so you can override settings in a file by creating a new one with higher first letter/number.
The issue in your cases might indeed be that the required kernel module has not yet been loaded when those sysctl settings are. Adding a new file like echo nf_conntrack > /etc/modules-load.d/nf_conntrack.conf to have it loaded at boot should work.
Yep that worked.
The nf_conntrack was loaded when I was using it, but not at startup when the commands were executed.
As for switching the files, reading through the README and added a new file local.conf and wrote all my personal settings into it. I suppose that’s enough?
Yes the local.conf will do.
Kernel modules can be loaded on demand, but obviously sysctl doesn’t do it when attending to set settings that are part of a kernel module. Good that /etc/modules-load.d is loaded before /etc/sysctl.d is to solve this 
.