numiptent: number of
NETFILTER (IP packet filtering) entries.
The barrier should be set equal to the limit. There is a restriction on the total number of IP packet filtering entries in the system. It depends on the amount of other allocations in so called the
vmalloc memory area and constitutes about 250,000 entries. Violation of this restriction may cause failures of operations with IP packet filter tables (execution of
iptables(8)) in any Container or the host system, or failures of Container starts. Also, high
numiptent settings cause considerable slowdown of processing of network packets. It is not recommended to set the
numiptent limit to more than 200-300.
Please send us your feedback on this help page