i run 2 irc servers for a small hosting company. ip contrack gets full all the time no matter what limits i set echo 40192 > /proc/sys/net/ipv4/ip_conntrack_max My question is: can i safely remove ip conntrack all together? rmmod ip_conntrack rmmod ip_conntrack_ftp rmmod ip_conntrack_irc rmmod ip_conntrack rmmod ipt_state I dont really understand what it does but the table keep filling up im sure its some kinda attact on my servers. does it do anything at all i use a simple firewall (apf) and only these rules. in /etc/sysctl.conf net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_echo_ignore_all = 1 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.tcp_syncookies = 1 -- www.piratehosting.net
