How to fix the error “nf_conntrack: table full, dropping package”

I noticed once in Ubuntu Server 14.04 LTS configured as a router, in the file /var/log/kern.log the following error:

Aug 14 17:32:51 router kernel: [1933791.144013] nf_conntrack: table full, dropping packet

Let’s see the current maximum value of records of the number of connection statuses:

cat /proc/sys/net/netfilter/nf_conntrack_max
sysctl -a | grep conntrack_max

Let’s see how much is used:

cat /proc/sys/net/netfilter/nf_conntrack_count

Let’s increase the command:

echo 4194304 > /proc/sys/net/netfilter/nf_conntrack_max

To prevent the value from being reset after the system is restarted, you can add the above command to the file:

sudo nano /etc/rc.local

Or open the kernel configuration file:

sudo nano /etc/sysctl.conf

Add or change the line:

net.netfilter.nf_conntrack_max = 4194304

And apply the settings:

sysctl -p

See also:
Monitoring nf_conntrack in Zabbix

Leave a Reply