Hi Jason, On Fri, 20 May 2005, Jason Opperisano wrote: > especially considering that we all have the wondrous mangle table > available to us, which *is* traversed by every packet, and gives us an > opportunity to do some pre-filter table scrubbing. That was a very nice summary. I have to mention the 'raw' table only as an excellent place to pre-filter the traffic, with the bonus that traffic filtered out in 'raw' won't burden conntrack at all. (With the restriction that only stateless rules can be used in 'raw'.) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
