Prevent Conntrack Abuse

Are you aware that Conntrack session exhaustion is usually due to a DDoS? Unless you normally have 58,662 active sessions (TCP Connections, UDP dstip,dstport,srcip,scrport turples)

to limit sessions

/sbin/sysctl -w net.netfilter.nf_conntrack_max=xxxx

xxxx = number

/sbin/sysctl -w net.netfilter.nf_conntrack_count

to check how many sessions

Use this command to see all of the sessions: cat /proc/net/nf_conntrack

We recommend that you limit your conntrack sessions to less than 30000 to be safe


/sbin/sysctl -w net.netfilter.nf_conntrack_max=28000

  • 1 Users Found This Useful
Was this answer helpful?

Powered by WHMCompleteSolution