Currently, I am using csf-td to block IPs by adding them to the LOGDROPIN chain. However, the LOGDROPIN comes in after the accept rules that I have set, which effectively blocks my block policy (down the rabbit hole we go). Which does not make sense since LOGDROPIN rules are supposed to come before the accept rules. Is this a bug? If not, is there a way to go around this problem?