diff --git a/defaults/main.yml b/defaults/main.yml
index aeb65aea..5b35d3a9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -63,13 +63,16 @@ openstack_host_environment_path:
   - /usr/games
   - /usr/local/games
 
+# Set the maximum size of the connection tracking table.
+openstack_host_nf_conntrack_max: 262144
+
 # System control kernel tuning
 openstack_kernel_options:
   - { key: 'fs.inotify.max_user_watches', value: 36864 }
   - { key: 'net.ipv4.conf.all.rp_filter', value: 0 }
   - { key: 'net.ipv4.conf.default.rp_filter', value: 0 }
   - { key: 'net.ipv4.ip_forward', value: 1 }
-  - { key: 'net.netfilter.nf_conntrack_max', value: 262144 }
+  - { key: 'net.netfilter.nf_conntrack_max', value: "{{ openstack_host_nf_conntrack_max }}" }
   - { key: 'vm.dirty_background_ratio', value: 5 }
   - { key: 'vm.dirty_ratio', value: 10 }
   - { key: 'vm.swappiness', value: 5 }
diff --git a/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml b/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml
new file mode 100644
index 00000000..b8c93a12
--- /dev/null
+++ b/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Deployers can set ``openstack_host_nf_conntrack_max`` to control the
+    maximum size of the netfilter connection tracking table. The default of
+    ``262144`` should be increased if virtual machines will be handling large
+    amounts of concurrent connections.