Hi. Out there in the net one can find two different 'best practice' suggestions on how to filter bad packets, bogons, DDoS atack and so on. One claims, that filtering rules must go into filter section (input, forward), other claims that best is to add rules to mangle table and prerouting chain. The only benefit explained for the latter was that it increase performance of iptables rules. Haven't found more benefits. I use nftables. Does the same apply? Is it still the best way to put blocking rules to mangle table? I currently use filter table. Are there any huge disadvantages in that? -- /Darius
Attachment:
signature.asc
Description: OpenPGP digital signature
