nftables mangling without NOTRACK: what can happen?

iptables linux-networking nftables

I'm experimenting with stateless NAT using nftables. On the page about statelessly mangling protocol fields, the author says:

Keep in mind the interactions with conntrack, flows with mangled traffic must be untracked

Out of curiosity, what are some of the bad things that can happen if I fail to do this? I can't seem to find any information on this point.


Solution 1:

Connection tracking starts before the mangle table is processed, so the tracked connection would not match the mangled packets, making it useless at best or blocking connectivity at worst.

Related

Why Spark writes Null in DeltaLake Table
How can I draw an array of objects inside another object in p5.js?
Take Average of an Array using Recursion
Firebase Upload missing required dSYMs Not Working
Tuples without dictionaries
R CMD check gives warning when using @includeRmd for examples using Roxygene
With FastAPI, How to add charset to content-type (media-type) on request header on OpenAPI (Swagger) doc?
Visual Studio 2022 can connect to localdb but SSMS 18.10 can't
why is my column index not sorted properly?
How do you write an Asterisk Dialpan to suspend 180-Ringing until after 183-progress in chan_sip?
Introducing the folowing to avoid undefined TypeError in react causes a weird bug
How does the methods function work in Julia?