292 Bytes: Is that for just ''IP'' CONNTRACKS, or is that for ''IP/TCP'' and ''IP/UDP'' tracking? I see them storing a lot more information for any tracking of Layer 7 protocols, etc.. Example: FTP uses a structure called ip_ct_ftp_expect which is created for every FTP session created. It stores 10 bytes. This might not be that large compared to the rest of the conntrack, but I can see that more complex protocols could add quite a bit more. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/