ip_conntrack or nf_conntrack : table full, dropping packet
2024-08-26 02:06:15
nf_conntrack: table full, dropping packet
ip_conntrack or nf_conntrack : table full, dropping packet
SOLUTION VERIFIED - Updated August 4 2020 at 1:57 AM -
Issue
- What do the following messages in the system log mean?
ip_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
- Packet drops on this system for connections using
ip_conntrack
ornf_conntrack
iptables modules. - Messages seen in
/var/log/messages
on the compute nodes when one of the instances drops packets
Environment
22
11
I see a lot of these messages in /var/log/messages of my Linux server
kernel: nf_conntrack: table full, dropping packet.
kernel: __ratelimit: 15812 callbacks suppresse
while my server is under DoS attack but the memory is not still saturated. I am wondering what is the significance of the message and how to counter possible security implications.
21
The message means your connection tracking table is full. There are no security implications other than DoS. You can partially mitigate this by increasing the maximum number of connections being tracked, reducing the tracking timeouts or by disabling connection tracking altogether, which is doable on server, but not on a NAT router, because the latter will cease to function.
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000
sysctl -w net.netfilter.nf_conntrack_generic_timeout=120
sysctl -w net.ipv4.netfilter.ip_conntrack_max=<more than currently set>
share improve this answer follow
- 3These names may be different depending on your distro and kernel. You can discover their names by running
sysctl --names --all | grep -i conntrack
. Remember to edit/etc/sysctl.conf
最新文章
- HttpSession与Hibernate中Session的区别
- 小菜学习Winform(七)系统托盘
- 无法识别特性“configProtectionProvider”的解决方案
- struts2 拦截器
- ZipFile解压文件不改变压缩包内文件修改日期的方法
- Windows 8操作技巧之快捷键大全
- 多校赛3- Painter 分类: 比赛 2015-07-29 19:58 3人阅读 评论(0) 收藏
- Ubuntu根目录下各文件的功能介绍
- (转)基于PHP的cURL快速入门
- vector的含义
- 『战略游戏 最大利润 树形DP』
- DWR第五篇之文件上传
- v-text v-html等指令的使用
- 虹软2.0 免费人脸识别C#类库分享
- js实现页面与页面之间传值的几种方法优劣
- 【代码审计】711cms_V1.0.5 目录遍历漏洞分析
- 控件无法安装的问题-Unable to execute file
- java设计模式--七大原则
- SQL事务的四种隔离级别
- jsp页面遍历输出