On Fri, May 09, 2014 at 01:31:29PM +0200, Pablo Neira Ayuso wrote: > > There's thousands of these entries and in a few days they'll fill up the > > internal cache and break internal routing. > > Could you retry with lastest conntrackd version? 1.4.2. will try 1.4.2. we just need to package it. > You didn't specify your Linux kernel version either. Thanks. current kernel is 3.13.7. we already hit a bug in the official 3.2 kernel packaged with wheezy where our scan for heartbleed vulnerability would cause conntrackd to kernel panic the router. mk -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html