Frank Myhr <fmyhr@xxxxxxxxxxx> wrote:
> Nitpick: just in my personal opinion, better not to use table name that is a
> nftables keyword ("filter"). I know the wiki does it lots of places. And
> it's not technically wrong. But:
"filter" is not a reserved keyword.
> > # TCP SYN (CT NEW)
> > tcp flags & (fin|syn|rst|ack) != syn ct state {new} drop
>
> You're filtering in a nat chain, generally not a good idea. My understanding
> is that, since nat is based on connection tracking, this chain will see only
> the FIRST packet of each connection.
Correct.
