Hello folks.
I have some questions regarding the maximum connection allowed. Why is it set to such a low value of 30,720 by default? What happens when I exceed that number? And how do I increase it (need to surive a reboot)?
I am using the latest 25.12.2 version, and I am getting close to the limit.
You can increase the conntrack limit and make it persistent by creating a custom sysctl file.
For example, create this file:
/etc/sysctl.d/12-conntrack.conf
with the following content:
net.netfilter.nf_conntrack_max=65536
Then apply it without rebooting:
sysctl -p /etc/sysctl.d/12-conntrack.conf
This will raise the maximum number of tracked connections and keep the setting after reboot.
The default value is not arbitrary — according to the Linux kernel documentation, nf_conntrack_max is derived from the conntrack hash table size (nf_conntrack_buckets), which itself depends on available RAM.
If you set nf_conntrack_max too high for your router, the main risk is excessive memory usage.
Each conntrack entry consumes memory (roughly a few hundred bytes), so increasing the limit significantly can use tens of megabytes of RAM under load.
This can lead to:
out-of-memory (OOM) conditions
system instability or slowdowns
processes being killed by the kernel
in worst cases, reboots
Also, the issue may not appear immediately — memory is only used as connections increase, so the router might seem fine until it is under heavy load.
That’s why it’s recommended to increase the value gradually and monitor memory usage and conntrack count after the change.
cat /proc/sys/net/netfilter/nf_conntrack_count
free -h
Which router model are you using?
You might also want to take a look at this related case on the forum, it describes a very similar situation with nf_conntrack table exhaustion and how it was eventually caused by an unintended traffic flood from a misbehaving script/device:
https://forum.openwrt.org/t/wan-router-repeatedly-crashing-nf-conntrack-table-full/226770
It could be useful as a reference for troubleshooting, especially if you're seeing your conntrack table filling up faster than expected.
Afaik/iirc if the connection pool is full then the oldest connection which is kind of inactive gets deleted.
It does not need to result in instability.
Yes the general advice is: if you hit hw limits, spend some money on better hw.
I am using a 21 year old Asus 945GZ motherboard with a 65nm Core 2 Duo CPU @ 2.20GHz and 512MiB of RAM, which is plenty.
I will try your suggestion to increase the connection cap and let you know the result. My network is expanding…
Nah. I spent a lot of time searching my warehouse for this rig. It is not easy to get 256+256MiB DDR2 running in dual-channel mode these days.
I wonder what you do to hit the limit? How many clients do you have?
Currently I have ~300 users. Luckily most of them are restricted from accessing the Internet. That keeps the number of connections as low as 20-25k.
Fun fact: this device is being used as the main router/firewall at a branch of a billion dollar, multi-national corporation. 
Yeah, my ISP too has sh...ty equipment on premises but at least it is hardware offloaded and can handle connections at line speed.
And it runs OpenWrt? Where is that place?