I've seen a few places telling me that you shouldn't filter in the mangle table. However, it seems sensible to me to drop junk packets in PREROUTING rather than have to duplicate those rules in both INPUT and FORWARD. Having done this, I'm seeing packets dropped as invalid when I would expect them to be OK (but most traffic is behaving as expected). Before I start digging into this I want to check if filtering in the mangle table really is stupid. Can anyone explain this to me, or point me somewhere that will tell me please. I haven't found anything other than a simple statement anywhere. Thanks, George.
