Comment 3 for bug 1506076

Just an update: I think it would be wise to disable connection tracking (e.g. adding iptables -t raw -j NOTRACK ....) when port security is disabled for a port. It can make a huge difference on the used conntrack entries in the kernel.