The default conntrack limit in Linux is 65536 which is too low if you're at risk of being hit with DDoS attacks, Linux is able to cope with much higher limits. The commands below will increase the limit to 1 million and apply the change instantly as well as on reboots:
echo "net.netfilter.nf_conntrack_max=1000000" >> /etc/sysctl.conf
echo "options nf_conntrack hashsize=250000" > /etc/modprobe.d/nf_conntrack.conf
echo 250000 > /sys/module/nf_conntrack/parameters/hashsize
sysctl -p
Facebook
Twitter