Log: iptables-nf-conntrack-table-full
Jul 18 16:05:27 myserver kernel: [736737.006413] nf_conntrack: nf_conntrack: table full, dropping packet
Jul 18 16:05:27 myserver kernel: [736737.006413] ip_conntrack: ip_conntrack: table full, dropping packet
For: Linux kernel
Meaning: This log means that your server's connection tracking are full. It can happen because of a DDoS attack or just too many requests to your server. You can see the current tracking limits with this command:
# sysctl net.ipv4.netfilter.ip_conntrack_max and increase as necessary.
What to do: If the requests to your server are legitimate, you can increase the syctl ip_conntrack_max value to handle the load. If not, and you are under DDoS, we recommend looking for some DDoS mitigation.
Get
Started