[Firewall] nf_conntrack: table full, dropping packet.

Lonnie Abelbeck lists at lonnie.abelbeck.com
Wed Jun 11 15:08:29 CEST 2014


Michel,

In your firewall.conf, there is an AIF variable for that:
--
CONNTRACK=32768
--

That explains why your setting was being overwritten, as it defaults to 16384 .

Lonnie


On Jun 11, 2014, at 4:09 AM, Michel van Dop wrote:

> Hi,
> 
> I have problem on stream server, i get this in the system log:
> 
> Jun 10 20:07:25 localhost kernel: nf_conntrack: table full, dropping packet.
> 
> I change it to 32768  I do this:
> 
> sysctl -w net.netfilter.nf_conntrack_max=32768
> net.netfilter.nf_conntrack_max = 32768
> 
> But when i restart the firewall he is default to 16384
> 
> When i start the firewall i see the output this: 
> 
> Configuring general kernel parameters:
> Setting the max. amount of simultaneous connections to 16384
> net.nf_conntrack_max = 16384
> 
> How to change this to 32768 in the firewall.conf?
> 
> I already change it on /etc/sysctl.conf
> 
> net.netfilter.nf_conntrack_max=32768
> 
> 
> Thank you,
> 
> Michel
> 
> -- 
>  
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list