I'm running a Linux server that – from time to time – faces heavy load and the conntrack table overflows. Since it's iptables firewall ruleset is very simple I'd like to turn it to stateless mode. I know that iptables can operate in stateful connection tracking mode and in a stateless mode.
My firewall rules are all in place I'm pretty sure that they are stateless but my question is how can I verify that the firewall is really operating in stateless mode?
Best Answer
You need to specify some iptables rules to prevent packets to be conntracked :