You could split it into a tree if you really really cared... --- But, if you put the 48 rules in a chain which only deals with incoming new connections then it only triggers on the initial syn and connection tracking deals with the rest (at least if you use the mangle table to mark, and nat table to REDIRECT -- don't know about TPROXY). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
