On Sat, 26 Oct 2024, at 11:23 AM, Reindl Harald wrote: > Am 25.10.24 um 23:37 schrieb Kerin Millar: >> On Fri, 25 Oct 2024, at 9:13 PM, Slavko wrote: >>> Dňa 25. októbra 2024 18:12:56 UTC používateľ Kerin Millar >>> <kfm@xxxxxxxxxxxxx> napísal: >>> >>>> To that end, consider taking advantage of ipsets. Below is a sample ruleset in iptables-save format. >>>> >>>> *raw >>>> :PREROUTING ACCEPT [0:0] >>>> :OUTPUT ACCEPT [0:0] >>>> :limitban - [0:0] >>>> -A PREROUTING ! -i lo -p tcp -m conntrack --ctstate NEW -j limitban >>> >>> Please will conntrack really works in raw table? I live in that raw table >>> happens before conntrack... >> >> Probably not > > for sure not > > The poster did not say which table they are using > > he did! >>> *raw He (Francisco) certainly did not. It was I that wrote "*raw" and to whom Slavko was replying. -- Kerin Millar