Debian 11 - sysctl parameter 'net.netfilter.nf_conntrack_tcp_be_liberal' cannot be changed

Question

I want to set to 1 the value of the sysctl parameter net.netfilter.nf_conntrack_tcp_be_liberal on some Debian 11-based systems I have, but I'm finding it impossible to do so. I've tried the following:

Setting the value in the /etc/sysctl.conf file, then executing sudo sysctl -p. For some reason, only when I set the value in that file sysctl seems to be aware of the change and truly applies it. After a reboot the value returns to its original 0 value.
The command sudo sysctl -w net.netfilter.nf_conntrack_tcp_be_liberal=1 works but, as expected, the change is lost after a reboot.
The command echo '1' | sudo tee /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal works too but also the change is lost after rebooting.
I've used sudo grep -rwn nf_conntrack_tcp_be_liberal /folder-name to try finding any other file that may have the nf_conntrack_tcp_be_liberal value set as 0, but it seems there's none.
I've also checked with sudo modprobe -c if the parameter happened to be also a module one, but it doesn't seem to be the case. I was inspired to check this by the answer to this other question.

After all of the above, I ran out of ideas. I hope anyone here can help me with this issue.

Do you have a symlink `/etc/sysctl.d/99-sysctl.conf` pointing to `/etc/sysctl.conf` (or `../sysctl.conf`)? — Stephen Kitt, Oct 29 '21 at 11:12
Yes, there's such symlink @StephenKitt, which points to `../sysctl.conf`. — 3d0, Oct 29 '21 at 11:22

Debian 11 - sysctl parameter 'net.netfilter.nf_conntrack_tcp_be_liberal' cannot be changed

0 Answers0