# Reduce nf_conntrack TCP timeouts so stale SMB sessions from rebooted WinPE
# clients age out in minutes instead of days. Real active sessions stay
# alive via keepalive traffic refreshing the conntrack timer. Defaults
# (432000s = 5 days for ESTABLISHED) are designed for long-lived enterprise
# TCP flows, not the short bursty connections PXE imaging creates.
#
# Paired with Samba's keepalive=30 + SO_KEEPALIVE (see smb.conf) the
# combination is: dead sessions cleaned up in ~1 hour max, active sessions
# never ageing out because every keepalive packet refreshes the timer.
net.netfilter.nf_conntrack_tcp_timeout_established = 3600
net.netfilter.nf_conntrack_tcp_timeout_fin_wait    = 30
net.netfilter.nf_conntrack_tcp_timeout_last_ack    = 30
net.netfilter.nf_conntrack_tcp_timeout_close_wait  = 30