Hi all, i used to use iptables conntrack module. as our servers are really busy and get a lot of connections, we got a lot of errors like conntrack: table full, dropping packet. due to resource limits we dont want to increase the conntrack_max limit, its currently set to something about 32000. how can we configure iptables so that some ports are excluded from being tracked? as most connections are incomming on only around 5 different ports all problems should be solved with such an option :) is there anything like iptables --notrack -dport 80 ..? would be great!! thanks for any help, corin
