ip_conntrack or nf_conntrack : table full, dropping packet

Solution Verified - Updated -

Issue

  • What do the following messages in the system log mean?
ip_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
  • Packet drops on this system for connections using ip_conntrack or nf_conntrack iptables modules.
  • Messages seen in /var/log/messages on the compute nodes when one of the instances drops packets
  • How do I increase the nf_conntrack_max?
  • How to Increase the number of simultaneous/concurrent TCP connections through the nftables firewall?

Environment

  • Red Hat Enterprise Linux 4 and later
  • Linux kernel netfilter-based firewall with connection tracking (iptables, firewalld, nftables, etc)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content