Hi list, I compiled iplimit into the kernel. After some time, wc -l /proc/net/ip_conntrack gets bigger and bigger, till ip_conntrack_max is reached and the kernel drops packages it shouldn't drop (kernel: ip_conntrack: table full, dropping packet.). If I increase ip_conntrack_max, this effect takes place later. The thing is, that I even don't use any NAT rules nor the -m iplimit nor other connection tracking modules!!! But ip_conntrack grows. Is this right? How can I stop it? How can I empty the ip_conntrack table from time to time? For an answer I thank you in advance... Regards Kurt Tragant __________________________________________________________________ Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen! Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
