ip_conntrack limit && stateless firewalls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm having a problem with my firewall where packets are being dropped due to the ip_conntrack limit. I could up the limit, but my users need 30k+ connections simultaneously and with the minimum overhead. And I only have 1 firewall box. So I'd like to disable or by-pass ip_conntrack some how to avoid dropped packets and reduce over head. How can I do this, and more importantly, would it be helpful.

Kevin

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux