Dňa 25. októbra 2024 18:12:56 UTC používateľ Kerin Millar <kfm@xxxxxxxxxxxxx> napísal: >To that end, consider taking advantage of ipsets. Below is a sample ruleset in iptables-save format. > >*raw >:PREROUTING ACCEPT [0:0] >:OUTPUT ACCEPT [0:0] >:limitban - [0:0] >-A PREROUTING ! -i lo -p tcp -m conntrack --ctstate NEW -j limitban Please will conntrack really works in raw table? I live in that raw table happens before conntrack... regards -- Slavko https://www.slavino.sk/