> I'l looking at nf-HiPAC right now - will probably try it some time soon. > Beyond that, I'm out of ideas for the moment. nf-HiPAC won't help there if you just have 25 rules ( => http://people.netfilter.org/kadlec/nftest.pdf ), the problem is very likely down to you using the default parameters for the conntrack hash table, just like the other reply indicated.
Attachment:
signature.asc
Description: Digital signature
