nf_conntrack: table full, dropping packet

[608487.317284] nf_conntrack: table full, dropping packet
[608487.708916] nf_conntrack: table full, dropping packet
[608488.010236] nf_conntrack: table full, dropping packet

The fix is to adjust /proc/sys/net/netfilter/nf_conntrack_max instead:

echo 256000 > /proc/sys/net/netfilter/nf_conntrack_max

After a quick test, apachebench was back to normal. You can make the change permanent and test it with:

echo "net.netfilter.nf_conntrack_max = 256000" >> /etc/sysctl.conf
sysctl -p

There are some handy connection tracking tools available in the conntrack-tools package. Take a look at the man page for conntrack and you’ll find ways to review and flush the connection tracking table.