On 01/12/2022 12:31, Brskt wrote:
Hi,Using mangle table means that in any case, even if the packet is in the NEW or any other state, it's in the conntrack.The raw table is before mangle which does not have conntrack, it will gain CPU usage and drop packets more efficiently.
Probably not relevant for the netfilter list, but I use a list (many) similar to this and found (if you're lookng for a L3) the "cheapest" IRO of latency/CPU is just to ip route add /xxxxx/ lo
Rgrds, Dave
