This whole discussion seems off-topic to me, but I'll try to clear this up.
Daniel, I believe you are seeing a syslog tag called '[INVALID in] ' or '[INVALID out] ', nothing more. See the LOG target in the iptables man page (eg, -j LOG --log-prefix '[INVALID in] '). On 2013-04-09, at 3:51 PM, Rolf Kutz <r...@vzsze.de> wrote: > Hi Daniel, > > On 09/04/13 21:05 +0200, Daniel Curtis wrote: >> Hi andika. >> >> Another INVALID packet description. I read a lot of >> information and I don't know what is the truth. Frankly, >> the first time I see a description, which concerns RAM memory. >> >> So, I have a 1 GB of RAM memory. Just for example; free -m >> command result; >> used: 640, free: 230 >> >> and top command; >> 891896k total, 677284k used, 214612k free >> >> As we can see, system detected 870 MB instead 1 GB (1024 MB). >> So what is the relationship between INVALID packets and RAM >> memory? Honestly, I don't understand it. > > The infomation about connections is stored in > /proc/net/ip_conntrack. The maximum connections > being tracked are configured in > /proc/sys/net/ipv4/netfilter/ip_conntrack_max. > > If you have a lot of connections, you might want > to increase the values (f.e. if you use bittorrent > or similar protocols). Every connections beeing > tracked needs some RAM. > You could also check, if the connections timed > out and then increase the timeout values. > > HTH Rolf > > -- > Tres tristes tigres comen trigo en un trigal: un tigre, dos tigres, tres > tigres. > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20130409195137.gu26...@vzsze.de > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2214718b-f125-46f1-96ea-9d81c8f74...@vianet.ca
