Considering that Mangle also allows accept connections and packets, and that Mangle rules are processed before Filter ones, it’d be more efficient to accept established and related connections earlier on a mangle rule, don’t you think?
fast-track already does that. Only packets not fast-tracked enter usual firewall chain … and depending on fast-track rule those packets are mostly belonging to new connections … which are not that numerous. Or packets belonging to connections which require special treatment (e.g. are being mangled or subject to queuing) …
After all you’ll have to admit that factory default firewall rules are handling firewalled traffic pretty efficiently and generally there’s no much room for improvement. Sure there is, mostly in some special use cases (such as efficient dealing with DDoS attack).
The point is that when a packet matches an action=accept rule (in any firewall table), it just means that the processing of that packet in that table ends by this rule and any following rules are skipped, but handling of the packet by the subsequent tables is not affected. In mangle, there is no action=drop, so you either have to drop packets already in chain=prerouting of raw (and even chain=prerouting of mangle will never see it) or as late as in filter. And also bear in mind that the default behaviour, even in filter, is accept. So even in filter, if a packet doesn’t reach and match any action=drop rule, it is let through.
Using an action=accept in mangle only ends the walking through the mangle rules, it does not accept the packet for input or forward.
That can only happen in the filter or raw table.
So yes, an accept in mangle can sometimes improve performance, e.g. when you have a long list of mangle rules which you can shortcut with an accept for a special case.
But an accept for established/related usually makes no sense in a mangle table… you usually want to apply the mangling to each packet.
When you want to improve the performance of a long mangle table, it is usually better to use connection marking.
Useful info. Thanks.