Survival-Guides/Snowflake-Bridge-Installation-Guide.md

@@ -77,6 +77,19 @@ Set up a firewall. You need to expose ports 22, 80, and 443.
 # etckeeper commit "firewall"
 ```
 
+TODO: Document how to [disable connection tracking](tpo/anti-censorship/pluggable-transports/snowflake#40189).
+In nftables.conf (not ferm) it is:
+
+```
+table inet filter {
+	chain prerouting {
+		type filter hook prerouting priority -300;
+		iifname lo counter notrack
+		tcp dport 443 counter notrack
+	}
+}
+```
+
 Set the time zone to UTC.
 
 ```