Hello - my first post
Basically Getting ip_conntrack full messages on my squid servers during peak, heavy usage hours. This phenomenon started since a few months and I believe we are targeted by malware/adware stuff coming from our internal networks (which consists of 4-5 hundred thousand users)
each squid is configured for 131072 conntrack entries (double than standard) and some squids are configured for 458475 (7 times) conntrack entries.
We have disabled connection tracking for the squid and dns ports. however, our squids make an outgoing connection to a webfilter array on a port (say 3456).
I have managed to configure iptables on the squids for NOTRACK'ing incoming connections, but I am not sure on how to do it for outgoing connections on port 3456 to the webfilter array.
i beleive it will be in the OUTPOUT chain in the raw table, but i am not sure if it has to be sport or dport.
If someone could write me the iptable rule, i would be very grateful.