The following log message is a result of a full Netfilter tracking table - this is causing the kernel to drop packets.
nf_conntrack: nf_conntrack: table full, dropping packetTo increase the capacity of this table, use the net.netfilter.nf_conntrack_max config parameter.
echo "net.netfilter.nf_conntrack_max = 400000" >> /etc/sysctl.d/nf_conntrack.confYou can see the current max and current table count in the /proc directory.
cat /proc/sys/net/netfilter/nf_conntrack_max
cat /proc/sys/net/netfilter/nf_conntrack_count