Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx> wrote: > My question is where do I create a rule for invalid packets? in NAT > POSTROUTING? or MANGLE POSTROUTING or other place leaving the server? I am > waiting for your opinion. INVALID packets do not traverse NAT table, so NAT POSTROUTING won't work. I would suggest mangle postrouting or filter forward, depending on wheter you want to include locally generated packets or not.
