diff --git a/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf b/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf
new file mode 100644
index 0000000..21767ce
--- /dev/null
+++ b/cookbooks/base/files/etc/sysctl.d/90-conntrack-tcp-timeout-time-wait.conf
@@ -0,0 +1 @@
+net.netfilter.nf_conntrack_tcp_timeout_time_wait=60
diff --git a/cookbooks/base/kernel.rb b/cookbooks/base/kernel.rb
index 2ce9e8e..14b6d45 100644
--- a/cookbooks/base/kernel.rb
+++ b/cookbooks/base/kernel.rb
@@ -2,7 +2,8 @@ STORAGE = '/etc/sysctl.d'
 
 [
   "#{STORAGE}/90-vm-swappiness.conf",
-  "#{STORAGE}/90-vfs-cache-pressure.conf"
+  "#{STORAGE}/90-vfs-cache-pressure.conf",
+  "#{STORAGE}/90-conntrack-tcp-timeout-time-wait.conf"
 ].each do |conf|
   remote_file conf do
     owner 'root'
diff --git a/cookbooks/promtail/templates/etc/promtail/base.yaml b/cookbooks/promtail/templates/etc/promtail/base.yaml
index 349b78c..147ebfe 100644
--- a/cookbooks/promtail/templates/etc/promtail/base.yaml
+++ b/cookbooks/promtail/templates/etc/promtail/base.yaml
@@ -282,11 +282,21 @@ scrape_configs:
 
     pipeline_stages:
     - match:
-        selector: '{job="systemd"} !~ "temperature"'
+        selector: '{job="systemd"} !~ "(temperature|nf_conntrack)"'
         stages:
         - drop:
             expression: (CMD|UFW|session|TTY)
 
+    - match:
+        selector: '{job="systemd"} |~ "nf_conntrack"'
+        stages:
+        - template:
+            source: level
+            template: 'error'
+
+        - labels:
+            level:
+
     - match:
         selector: '{job="systemd"} |~ "temperature"'