diff --git a/cmd/hepto/defaults.go b/cmd/hepto/defaults.go
index 39f02b057cc2b8736ac131aad53275b0e951db15..9e2935f2cdcc1959413b06194e651d49f3e0db25 100644
--- a/cmd/hepto/defaults.go
+++ b/cmd/hepto/defaults.go
@@ -2,6 +2,7 @@ package hepto
 
 import (
 	"net/netip"
+	"runtime"
 
 	"k8s.io/component-helpers/node/util/sysctl"
 )
@@ -57,14 +58,17 @@ var requiredDevices = []string{
 }
 
 // General sysctl configs
-// Copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go
 var systemSettings = map[string]int{
+	// Copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go
 	sysctl.VMOvercommitMemory: sysctl.VMOvercommitMemoryAlways,
 	sysctl.VMPanicOnOOM:       sysctl.VMPanicOnOOMInvokeOOMKiller,
 	sysctl.KernelPanic:        sysctl.KernelPanicRebootTimeout,
 	sysctl.KernelPanicOnOops:  sysctl.KernelPanicOnOopsAlways,
 	sysctl.RootMaxKeys:        sysctl.RootMaxKeysSetting,
 	sysctl.RootMaxBytes:       sysctl.RootMaxBytesSetting,
+	// Useful for any CNI to handle connections (required by kube-proxy)
+	// See: https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_others.go#L426
+	"net/netfilter/nf_conntrack_max": 32 * 1024 * runtime.NumCPU(),
 }
 
 // Desired system modules