The final kernel 5.5 is available for our AmigaOnes. Many thanks to all for helping me with testing, reporting, and fixing problems during the kernel 5.5 test time.
X5000 and X1000: "conntrack" connection tracking match support (CONFIG_NETFILTER_XT_MATCH_CONNTRACK) and Connection state matching (CONFIG_NETFILTER_XT_MATCH_STATE). Allows you to match packets based on their relationship to a tracked connection (ie. previous packets). These are great solutions for a desktop firewall. Examples:
X5000 and X1000: CONFIG_NETFILTER_XT_MATCH_LIMIT (Limit matching allows you to control the rate at which a rule can be matched: mainly useful in combination with the LOG target and to avoid some Denial of Service attacks).
X5000 and X1000: NETFILTER_XT_MATCH_MULTIPORT (Multiport matching allows you to match TCP or UDP packets based on a series of source or destination ports: normally a rule can only match a single range of ports.)
For example for fail2ban (IPS, Intrusion Prevention System):
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-ssh -s 87.193.135.42/32 -j DROP
-A fail2ban-ssh -s 79.193.45.193/32 -j DROP
-A fail2ban-ssh -j RETURN