Hi Florian, thank you for your hint with the policy setting. If we use policy accept and a drop rule at the bottom, we have no more hiccups. On 1/8/19 12:27 AM, Florian Westphal wrote: > Out of curiosity, how long does time 'nft -f your_ruleset' take? It's currently about 70s - I assume, most of it are the counters. However, we are currently using lots of "add element" statements to build all of our maps, usually with only one element (since it was the easiest to generate the file like this). I guess, we could improve the time by using fewer "add element"s while putting more than one element in each?! Best Regards, Jann
