Diference between IPTABLES RAW PREROUTING and MANGLE PREROUTING

Tekomo Nakama

7/4/24, 5:24 PM

I'm looking for configs to prevent DDoS attacks and UPnP Flood, since I've started to create rules, every advice was to add rules to filter table, but it takes too much CPU process, so started to create rules in MANGLE table, but last weeks raw table helped me a lot, but I didn't found too much difference between MANGLE, PREROUTING and raw PREROUTING, theologically.

My question is simple:
the difference of those and why not write rules in PREROUTING and leave INPUT table as it is?

0 + 2

iptables

security

firewall

networking

zwets

7/4/24, 6:57 PM

You will need to provide more information on what you are trying to achieve. Are you setting up a router or a server? Also, this question has answers in various other (non-Ubuntu-specific) sites. For instance [here](https://wiki.archlinux.org/title/iptables) is an excellent exposition that answers your questions.

Tekomo Nakama

7/7/24, 9:35 PM

thats not what i was seeking, but i've found some hints, rules added to raw table still is not translated from nat, so its not identified some kind of packets, adding rules to INPUT TABLE may be more effective, but it load more CPU, there are some rules to raw table and mangle table that could lower some malicious incoming packs.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Diference between IPTABLES RAW PREROUTING and MANGLE PREROUTING

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.