How to remove records from active connections and ip_conntrack by IP

Someone can opens hundreds tabs with autoupdate pages in browser and make lot of persistent open connections to the server. If you want to drop his connections, you have to find him at first:

sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | wc -l
sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED'
netstat -tulpan | grep 'ESTABLISHED' | wc -l
netstat -tulpan | grep 'ESTABLISHED'

If you found a lot of connections from one IP, check it: (Replace to necessary IP)

sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | grep '' | wc -l
netstat -tulpan | grep '' | wc -l

Look to the web server logs whether the activity is suspicious:

cat /var/log/nginx/access.log | grep ''

Then drop user connections:

sudo cutter
sudo conntrack -D conntrack --orig-src
sudo cat /proc/net/ip_conntrack | grep '' | wc -l
sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | wc -l
 182   2019