Hi Grzegorz, >As a result conntrack table grows until overflow (if I don't delete qdisc) You can try and expand the conntrack table but it is a temporary decision. Its growth may be caused by some unwanted user activity aka port scanning and botnet operations. What measures can I recommend to handle this ( as an ISP administrator/programmer with more users online :) ) 1. Try to adjust tcp/udp timeouts which directly influence to lifetime of conntrack entries. 2. Drop all INVALID traffic as early as possible. 3. Try to place limits by pps on unusual user activity, but it is a complex problem and has no simple solution. 4. A simple one is to limit connections per user IP 5. Use perf top to find the most loaded spots in your system in a problem period. 6. May be a variant to separate Shaping & Nating on different computers. For tc deleting questions. First of all, you should delete filters, then classes. And when you create a filter you should use a unique handle which then be specified in deleting the filter. Here is an example from our system: tc filter del dev eth0 parent 4:1 protocol all prio 7 handle 0x24:0xe1:0x896 u32 tc class del dev eth0 parent 4:1 classid 4:0x1064 -- Best regards Anatoly Muliarski
