The only way to disable connection tracking in Linux is to either unload the ip_conntrack module, or, if running a monolithic kernel, rebuild the kernel without CONFIG_NF_CONNTRACK.

This seems retarded to me. There's a sysctl for setting the maximum number of conntrack entries - why isn't there a sysctl for turning the damn thing off?

-jp