Hi Philippe, Philippe Vogel wrote:
Possibilities for this:
external portscanns too much rulessets pc with 2 much connections (e.g. p2p) * infected redmond (tm) pc with worm
(*) decrease numer of connections and disable master-node functionality. This is the #1 reason for full tables!
first of all thanks for you answer. There is a Web-Server behind the box, that has many connections and also quite a lot of traffic. I also do have many rules - SuSEfirewall2 seems to create a lot of rules from the rules I've entered in it's syntax. But how can I check how close to the message "ip_conntrack: table full, dropping packet" I am, when counting the lines in ip_conntrack does not do it? And what's the solution for a firewall with Webservers behind it then - to write my own firewall-rules? Greetings, Ralf