On Ubuntu/Debian systems, sysctl.conf is typically processed by the procps init script during the boot sequence, specifically in the /etc/init.d/procps script. The loading occurs during runlevel 2 (multi-user mode) after most basic system services are initialized but before networking is fully up.
# Typical sysctl initialization in /etc/init.d/procps
if [ -f /etc/sysctl.conf ]; then
sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1 || true
fiThe bridge-related parameters (net.bridge.*) require the bridge kernel module to be loaded first. On Ubuntu 10.04, this often happens too late in the boot process. The module gets loaded when bridge utilities (brctl) are first used, typically by network initialization scripts.
Two solutions:
# Option 1: Force early module load (add to /etc/modules)
bridge
# Option 2: Apply settings later via rc.local
echo "sysctl -p /etc/sysctl.conf" >> /etc/rc.localThe NFS lock manager (rpc.statd) reads its ports only during startup. Even if sysctl loads correctly, you must restart the service:
# For Ubuntu 10.04:
sudo service portmap restart
sudo service nfs-common restart
# Modern systems:
sudo systemctl restart rpc-statdCheck the boot logs for loading errors:
grep sysctl /var/log/boot.log
grep procps /var/log/syslogVerify the init script execution order:
ls -l /etc/rc2.d/S*procps*For critical parameters, consider kernel command line options or sysctl.d drop-in files:
# Create persistent config (modern systems)
echo "fs.nfs.nlm_udpport = 32768" > /etc/sysctl.d/90-nfs-ports.confFor the bridge parameters, a network script might be more reliable:
# In /etc/network/if-up.d/bridge-sysctl (must be executable)
#!/bin/sh
[ "$IFACE" = "br0" ] && sysctl -p /etc/sysctl.confThe sysctl.conf file is typically processed during the early stages of the Linux boot process, specifically by the systemd-sysctl.service (or equivalent init script in older systems). On Ubuntu 10.04, this would be handled by the /etc/init.d/procps init script.
Several factors could prevent your settings from applying at boot:
1. Missing kernel module dependencies (especially for bridge-related settings)
2. Incorrect file permissions (though 644 root:root is correct)
3. Race conditions with network initialization
4. The bridge module loading after sysctl processingTo verify if the sysctl service ran:
# Check boot logs
grep procps /var/log/boot.log
grep sysctl /var/log/syslog
# Alternative for systemd systems
journalctl -u systemd-sysctlFor bridge-related settings, we need to ensure proper module loading order:
# Create /etc/modules-load.d/bridge.conf with:
bridge
# Then create /etc/sysctl.d/99-bridge.conf with your settings:
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0For the NFS port settings, try creating a separate init script:
# /etc/init.d/nfs-ports
#!/bin/sh
### BEGIN INIT INFO
# Provides: nfs-ports
# Required-Start: $network $remote_fs $syslog
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Set NFS lock manager ports
### END INIT INFO
case "$1" in
start)
sysctl -w fs.nfs.nlm_udpport=32768
sysctl -w fs.nfs.nlm_tcpport=32768
;;
*)
echo "Usage: $0 start"
exit 1
;;
esac
exit 0Then make it executable and enable it:
chmod +x /etc/init.d/nfs-ports
update-rc.d nfs-ports defaultsFor modern systems using systemd:
# /etc/systemd/system/sysctl-custom.service
[Unit]
Description=Custom sysctl settings
After=network.target
Before=nfs-server.service
[Service]
Type=oneshot
ExecStart=/sbin/sysctl -p /etc/sysctl.d/custom.conf
[Install]
WantedBy=multi-user.targetAfter implementing any solution, verify with:
sysctl -a | grep -E 'bridge|nfs'
service nfs-ports restart # For the init script approach