Why is filtering in -t mangle not also poor form?
I believe that you are really suppose to do the filtering in the filter table. But seeing as how the kernel will respond to the traceroute packet that comes in before the rules in the filter table could DROP the packet we have to do this filtering elsewhere to beat the kernel to the punch. Jason, do you have any additional comments / corrections?
Grant. . . .
