From 47c2f7784adf52a880c1eb575eb2d1e1e4a044ef Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Sat, 26 Sep 2020 16:53:26 +0900
Subject: [PATCH] Modify the kernel parameter to adjust the timeout for
 nf_conntrack.

---
 .../files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf | 1 +
 cookbooks/base/kernel.rb                                       | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf

diff --git a/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf b/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf
new file mode 100644
index 0000000..21767ce
--- /dev/null
+++ b/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf
@@ -0,0 +1 @@
+net.netfilter.nf_conntrack_tcp_timeout_time_wait=60
diff --git a/cookbooks/base/kernel.rb b/cookbooks/base/kernel.rb
index 2ce9e8e..14b6d45 100644
--- a/cookbooks/base/kernel.rb
+++ b/cookbooks/base/kernel.rb
@@ -2,7 +2,8 @@ STORAGE = '/etc/sysctl.d'
 
 [
   "#{STORAGE}/90-vm-swappiness.conf",
-  "#{STORAGE}/90-vfs-cache-pressure.conf"
+  "#{STORAGE}/90-vfs-cache-pressure.conf",
+  "#{STORAGE}/90-conntrack-tcp-timeout-time-wait.conf"
 ].each do |conf|
   remote_file conf do
     owner 'root'