The example configurations above, if started as root, will increase the file descriptor limits for the schedd and the collector.
 
+{section: Increase kernel firewall connection tracking table size}
+
+For collectors with a very large number of connections running on Linux machine
+with a kernel firewall, the size of the connection tracking table in the firewall may become a bottleneck.  On many systems, there is a limit of 64k connections.  This can be raised by setting a new limit in
+
+{code}
+/proc/sys/net/netfilter/nf_conntrack_max
+{endcode}
+
+
 {section: Turn Off Match Notification}
 
 In HTCondor's default configuration, the negotiator notifies a startd when a job matches it.  This can slow job dispatch for the entire pool if the startd has vanished but HTCondor hasn't noticed yet, because the notification has a blocking a time out.  For pools using spot instances (which may frequently vanish without warning), we recommend turning off match notification.