1. Remove the following line, if it exists, in /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_netbios_ns"
2. Stop iptables
iptables -F
3. Remove the related modules
modprobe -r xt_NOTRACK nf_conntrack_netbios_ns nf_conntrack_ipv4 xt_state
modprobe -r iptable_nat ipt_MASQUERADE nf_nat nf_defrag_ipv4
modprobe -r nf_conntrack
Showing posts with label DDoS. Show all posts
Showing posts with label DDoS. Show all posts
Wednesday, April 22, 2015
Saturday, October 25, 2014
nf_conntrack: table full, dropping packet.
Could be DoS/DDoS attack
echo 102400 > /proc/sys/net/netfilter/nf_conntrack_max
echo 120 > /proc/sys/net/netfilter/nf_conntrack_generic_timeout
echo 54000 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
echo 30 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait
sysctl -p
echo 102400 > /proc/sys/net/netfilter/nf_conntrack_max
echo 120 > /proc/sys/net/netfilter/nf_conntrack_generic_timeout
echo 54000 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
echo 30 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait
sysctl -p
Subscribe to:
Posts (Atom)