Hi everyone, I found messages like this on my SuSE 9.0 box that runs SuSEfirewall2: Sep 2 10:16:06 mylinux kernel: NET: 38 messages suppressed. Sep 2 10:16:06 mylinux kernel: ip_conntrack: table full, dropping packet. Sep 2 10:16:12 mylinux kernel: NET: 31 messages suppressed. Sep 2 10:16:12 mylinux kernel: ip_conntrack: table full, dropping packet. As I read that one can raise the maximum of connections to be tracked I did the following: # echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max Now the logfile-entries have disappeard. I checked /proc/net/ip_conntrack and there are about 800 lines in it. So I wounder why packets got droped just 5 minutes ago when the limit was set to about 16.000? And why did some packages get through and others not (I could log into the machine with ssh with no problems)? Is there maybe a limit for each iptables-rule that calculates from ip_conntrack_max divided by the number of rules? And one last question - is 65535 the maximum for ip_conntrack_max or could it be set higher? Thanks and greetings, Ralf