added nf_conntrack_max to sysctl

common.yml

@@ -157,7 +157,7 @@
         group: root
         mode: '0644'
 
-    # Set vm.swappiness to 5 in /etc/sysctl.conf
+    # Set vm.swappiness to 0 in /etc/sysctl.conf
     - name: "Set swappiness to zero in sysctl.conf"
       sysctl:
         name: vm.swappiness
@@ -165,6 +165,14 @@
         state: present
         reload: yes
         sysctl_file: /etc/sysctl.conf
+        
+    - name: "Set nf_conntrack_max to 131072 in sysctl.conf, suitable for max 4gb of ram, conntrack_max = RAMSIZE (in bytes)/16384/2 = 4*1024*1024*1024/16384/2 = 4*32768 = 131072"
+      sysctl:
+        name: net.netfilter.nf_conntrack_max
+        value: '131072'
+        state: present
+        reload: yes
+        sysctl_file: /etc/sysctl.conf
 
     - name: Disable IPv6 with sysctl
       sysctl: name={{ item }} value=1 state=present reload=yes