service iptables stop should take care of it in Centos.
Although your lsmod doesn't make sense. It should be showing ip_conntrack and ip_tables and iptable_filter with a standard Centos and iptables. Even dm_multipath and others that you are not interested in would be expected... > -----Original Message----- > From: Hank A. Paulson [mailto:[email protected]] > Sent: Thursday, September 03, 2009 1:02 PM > To: HAproxy Mailing Lists > Subject: nf_conntrack: table full, dropping packet. > > Does anyone know how to get rid of/turn off/kill/remove/exorcise > netfilter > and/or conntrack? > I don't use iptables and it seems to cause a lot of overhead. > > Does it require a custom compiled kernel? > I am using CentOS and Fedora standard precompiled kernels right now. > > Thank you for any help in this frustrating matter. > > # lsmod | grep -i ip > ipv6 290320 20 > > sysctl -a | grep -i netfilter > net.netfilter.nf_conntrack_generic_timeout = 12 > net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 12 > net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 12 > net.netfilter.nf_conntrack_tcp_timeout_established = 2000 > net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 12 > net.netfilter.nf_conntrack_tcp_timeout_close_wait = 12 > net.netfilter.nf_conntrack_tcp_timeout_last_ack = 12 > net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10 > net.netfilter.nf_conntrack_tcp_timeout_close = 8 > net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 30 > net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 30 > net.netfilter.nf_conntrack_tcp_loose = 1 > net.netfilter.nf_conntrack_tcp_be_liberal = 0 > net.netfilter.nf_conntrack_tcp_max_retrans = 3 > net.netfilter.nf_conntrack_udp_timeout = 12 > net.netfilter.nf_conntrack_udp_timeout_stream = 18 > net.netfilter.nf_conntrack_icmp_timeout = 8 > net.netfilter.nf_conntrack_acct = 1 > net.netfilter.nf_conntrack_max = 1048576 > net.netfilter.nf_conntrack_count = 7645 > net.netfilter.nf_conntrack_buckets = 16384 > net.netfilter.nf_conntrack_checksum = 1 > net.netfilter.nf_conntrack_log_invalid = 0 > net.netfilter.nf_conntrack_expect_max = 256 > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.409 / Virus Database: 270.13.73/2338 - Release Date: > 09/03/09 05:50:00
