Hi Philippe, Philippe Vogel wrote:
Possibilities for this: external portscanns too much rulessets pc with 2 much connections (e.g. p2p) * infected redmond (tm) pc with worm (*) decrease numer of connections and disable master-node functionality. This is the #1 reason for full tables!
first of all thanks for you answer.There is a Web-Server behind the box, that has many connections and also quite a lot of traffic. I also do have many rules - SuSEfirewall2 seems to create a lot of rules from the rules I've entered in it's syntax. But how can I check how close to the message "ip_conntrack: table full, dropping packet" I am, when counting the lines in ip_conntrack does not do it? And what's the solution for a firewall with Webservers behind it then - to write my own firewall-rules?
Description: OpenPGP digital signature