I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conn... http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E suggested My iptables rules are ------------------------------------------------------------------------ #that's what the mentioned article suggested..I'm not sure it's working! *raw -A PREROUTING -p tcp -m tcp --dport 80 -j NOTRACK COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT #no tracking needed for this -A INPUT -p tcp --dport 80 -j ACCEPT #that would be another question but I can't get rid of this while using ssh tunneling -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #ssh port -A INPUT -p tcp --dport 12345 -j ACCEPT #my ip -A INPUT -s 123.123.123.123 -j ACCEPT -A INPUT -j DROP -A FORWARD -j DROP COMMIT ------------------------------------------------------------------------ I keep getting these messages on my kernel log ------------------------------------------------------------------------ Apr 13 20:00:41 server kernel: ip_conntrack: table full, dropping packet. Apr 15 14:23:29 server kernel: ip_conntrack: table full, dropping packet. Apr 15 20:19:04 server last message repeated 2 times Apr 16 13:53:58 server kernel: ip_conntrack: table full, dropping packet. Apr 17 19:05:32 server last message repeated 3 times Apr 17 21:20:43 server kernel: ip_conntrack: table full, dropping packet. ------------------------------------------------------------------------ is there a way to completely disable ip_conntrack ?