diff --git a/host_vars/redirect.archlinux.org/misc b/host_vars/redirect.archlinux.org/misc
index 8056762cbf470ff48441683eb0716ecacb89483e..f33e80c0044710b658fa2a314931c72948050ab1 100644
--- a/host_vars/redirect.archlinux.org/misc
+++ b/host_vars/redirect.archlinux.org/misc
@@ -4,3 +4,6 @@ wireguard_public_key: n11Ps2sc0Cxsi1sLaYFq7dkhlDtTnOZCGovRYbzDGR8=
 
 ipv4_address: "95.216.195.133"
 ipv6_address: "2a01:4f9:c010:2636::1"
+
+# The default limit of 65536 is too small to handle ping.archlinux.org traffic
+nf_conntrack_max: 262144
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index da928cfbe37edcd1942fab32ee5088842bd9d04f..79ab632e71ae098733f6d436fb56e405573c9885 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -76,6 +76,14 @@
     sysctl_file: /etc/sysctl.d/net.conf
   when: tcp_wmem is defined
 
+- name: Configure size of connection tracking table
+  sysctl:
+    name: net.netfilter.nf_conntrack_max
+    value: "{{ nf_conntrack_max }}"
+    sysctl_set: true
+    sysctl_file: /etc/sysctl.d/net.conf
+  when: nf_conntrack_max is defined
+
 - name: Create drop-in directories for systemd configuration
   file: path=/etc/systemd/{{ item }}.d state=directory owner=root group=root mode=0755
   loop: