Is this a good idea? Are we trading in security for a convenience here?
Love the fasttrack idea, but is this recommended on public facing router? I will always use it downstream.
Thoughts?
Does your border router do any NAT / firewall behaviors, or is it simply there to be as fast of a router as possible?
In general, I’d say that if you were to specify fasttrack-connection in the forward chain, that will give the performance you like, but you can still put all of the rules you like in the input/output chains without affecting the performance of forwarded traffic.
If you’re looking to inspect and police the actual traffic through the router, then I would imagine that fasttrack-connection should be okay for established,related connections - just to save on re-inspecting anything. But depending on how large your network is, stateful tracking can become a pretty heavy load.