Thank you, Kerin! Could you please also tell me: What is the way to actually test this rule? I.e. how do I send "improper" packets to see it do its work? I have been successfully testing my other rules using nmap from another host and watching the 'journal -kf' and 'nft monitor trace' but this one is difficult for me.