> I tcpdumped to verify the behavior, but let me work on it and use a > different approach that is not so racy and random, I just wanted to > validate my assumption on the expected behavior There were also other bugs in this patch so please disregard it. I submitted a new one in https://lore.kernel.org/netfilter-devel/20250313231341.3040002-1-aojea@xxxxxxxxxx/T/#u I also realized that I need to use "reject with tcp reset" to close the established connection, rejecting ICMP messages does not seem to have any effect over established connections.
