On 12 Jul 2022, at 11:31, mick crane <mick.crane@gmail.com> wrote: Oh yes (!), thanks. A few other points (from a quick web search) here including potential for REJECT to facilitate DDoS on asymmetric links - so it surprises me again (perhaps this time sensibly?) as the firewalld default. Incidentally (I mainly have Gene in mind) it might be worth pointing out that nftables has individual and mass conversion commands for iptables rules/rulesets - perhaps useful if you're in a rush or just to see equivalence Best wishes Gareth |