SUMMARY
On booting the router, systemd-sysctl emits an error message, as it tries to write a sysctl to a location held by a module not yet loaded.
STEPS TO REPRODUCE
- Boot the router
- Run the following command:
show log all | match systemd-sysctl
OBSERVED RESULT
vyos@vyos:~$ show log all | match systemd-sysctl Feb 18 06:03:39 localhost systemd-sysctl[341]: Couldn't write '1' to 'net/netfilter/nf_conntrack_helper', ignoring: No such file or directory
EXPECTED RESULT
No output.
SOFTWARE/OS VERSIONS
VyOS 1.4-rolling-202102180218
ADDITIONAL INFORMATION
This is due to the nf_conntrack module not being loaded by the time systemd-sysctl runs:
vyos@vyos:~$ sudo grep -r nf_conntrack /etc/modules-load.d/ vyos@vyos:~$ sudo grep -r nf_conntrack_helper /etc/sysctl.d/ /etc/sysctl.d/30-vyos-router.conf:net.netfilter.nf_conntrack_helper=1
The obvious solution is to add a file in /etc/modules-load.d to load that module. Or maybe to remove the sysctl entirely, as when the router is booted, the value is correct anyway:
vyos@vyos:~$ sudo sysctl net.netfilter.nf_conntrack_helper net.netfilter.nf_conntrack_helper = 1