Ever seen the error “ip_conntrack Table full. Dropping packet” in the log file /var/log/messages? You are likely to see it busy servers, or if your server is under some kind of a DDoS attack.
But then how and why do these connection tracking happen. As the KB explains, ip_conntrack is an iptables module that maintains a list of connections through router. Each connection tracking entry contains defined characteristics of the packet, including the source and destination IP address and port numbers. Entries are stored in a hash table with a fixed size. (more…)