On Fri, May 10, 2013 at 06:07:23PM -0600, Alex Flex wrote: > Hello netfilter, > > Iam still wondering if the lack of error for the conntrack table > full may be a bug in the module? Any help is much appreciated. The early_drop code is evicting one of the entries from the table to make room for some new flow: http://lxr.linux.no/#linux+v3.9.1/net/netfilter/nf_conntrack_core.c#L606 Packets are dropped if the table is full *and* if no unassured flows to evict are found. Regards. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
