How to turn iptables stateless?

linux firewall iptables

I'm running a Linux server that - from time to time - faces heavy load and the conntrack table overflows. Since it's iptables firewall ruleset is very simple I'd like to turn it to stateless mode. I know that iptables can operate in stateful connection tracking mode and in a stateless mode.

My firewall rules are all in place I'm pretty sure that they are stateless but my question is how can I verify that the firewall is really operating in stateless mode?


Solution 1:

You need to specify some iptables rules to prevent packets to be conntracked :

iptables -t raw -I PREROUTING -j NOTRACK
iptables -t raw -I OUTPUT -j NOTRACK

Solution 2:

cat /proc/net/ip_conntrack shows all connection tracking.

So, if it's stateless, the output of the above command should be empty.

(Alternatively, use cat /proc/net/nf_conntrack)

Solution 3:

Install conntrack, and look at the output. I am pretty sure if you are stateless no connections will be displayed.

Related

Issues with EC2 Elastic Load Balancer DNS and routing
Configuring SSL With Virtual Hosts under Apache and CentOS
What does a permanent ZFS error indicate?
Why does traceroute take much longer than ping?
Unable to restore from Shadow Copy due to long filename
Shutdown Event Tracker showing on every login on Server 2019
Is it possible to mount/unmount a physical hard drive in Windows XP?
vsftpd: allow access only for certain users
ec2 rebooted my instance?
What does "tlsv1 alert unknown ca" mean?
What are some good resources for learning PowerShell scripting? [closed]
How do you kill a process tree in linux? [closed]