How effective will the conntrack block rule be?
-Most broadcasts (at least netbios stuff) are sent to the subnet broadcast address, like 192.168.0.255
-Without block rule,broadcasts might make it to conntrack table, but they will time-out pretty quick.
I still don't understand why a table sized for 1 million has problems allocating only 5000
