kernel: nf_conntrack: table full, dropping packet
If rules are dropping exit traffic based on other than traffic content, it's very hard to say other users are not adversly affected with the same, likely quite unsophisticated, hammer. And doing it based on content usually comes with major legal hurdles, besides being arbitrary. And both ways can get you dropped with badexit flag. Further, kernel dropping of packets is not signaled back into tor daemons for exitpolicy management therein, much less back to clients to avoid the censorship. And dropped packets hurts performance. Exitpolicy reject is the preferred method. Don't like the exit traffic, don't advertise to clients that you will carry it outbound in the first place.
Please move this talk about tor exit traffic to a new thread or put it back to the first one where it came from.