nf_conntrack: table full, dropping packet

On a CentOS server, i get following error in /var/log/messages

Jan 17 03:40:02 ss1 kernel: nf_conntrack: table full, dropping packet
Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet

This is because the server is getting too much connections. This can be due to a busy server or DDoS attack.

if you traffic is legit, you can increase maximum connection tracking.

To see current value, run

To set value, run

Change 64000 with your desired value.

You can also use sysctl, for example

To set value, run

To make it permanent, edit

Add

Now run

See sysctl