ip_conntrack: table full, dropping packet. How do I fix this error? A. If you notice the above message in syslog, it looks like the conntrack database doesn’t have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system’s maximum memory […]
Catégorie: Firewall
Iptables
Check the number of connections per IP netstat –tcp -n | awk ‘{print $5}’ | sed « s/::ffff:\(.*\):.*$/\1/ » | sort | uniq -c Block an ip for 1 hour iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP sleep 1h && iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP Block IP iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP Unlock IP iptables -D INPUT -s xxx.xxx.xxx.xxx -j […]