Just started writing a thought organizer for a conntrack expiration idea I've been kicking around for a while. After I finish the organizer, I'll write the patch.

Basically, conntrack expiration allows you to wipe connections from the connection table after a set period, thus preventing your table from being filled with old "stale" connections.

More on this later....