Presumably NFT rule * filter prerouting fib saddr . iif oif missing drop and kernel parameter net.ipv4.conf.<interface>.rp_filter = 2 achieving the same goal.Which one comes into effect first, if there is difference assuming that both are being processed through netfilter? Is one or the other more economic with regard to CPU cycles and/or responsiveness?
