Am 31.10.24 um 13:15 schrieb Francisco Agostinho:
Ok so the ipset suggestion worked! The current setup that worked is putting the DROP rules on the *raw table PREROUTING and the SET rules on the *nat table PREROUTING. Also created 1 ipset for each use case
you want it *before* NAT in "mangle" in case of a NAT-router you rate limit the source as it is with minimzed overhead https://natnat1.medium.com/iptables-b9ce0602253f
