From b1ab690a8e1fc16160577968aea604a9aeac1a63 Mon Sep 17 00:00:00 2001
From: Mohijeet <mohijeet09@gmail.com>
Date: Tue, 14 Apr 2026 22:59:14 +0530
Subject: [PATCH] release: reduce nf_conntrack_tcp_timeout_syn_sent to 20s

---
 packages/release/release-sysctl.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/release/release-sysctl.conf b/packages/release/release-sysctl.conf
index 31229531a..b67b76101 100644
--- a/packages/release/release-sysctl.conf
+++ b/packages/release/release-sysctl.conf
@@ -34,6 +34,8 @@ net.ipv4.ip_local_port_range = 32768 60999
 # Connection tracking to prevent dropped connections
 net.netfilter.nf_conntrack_max = 1048576
 net.netfilter.nf_conntrack_generic_timeout = 120
+# Expire SYN_SENT entries before the VPC CNI IP reuse window (30s default)
+net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
 
 # Enable loose mode for reverse path filter
 net.ipv4.conf.lo.rp_filter = 2