I am subscribed to Cloudflare blog as they are in general really good. And definitely, you always learn something new (and want to cry because you have so much to learn from these guys).
This time was a dissection of conntrack in iptables to improve their firewall performance.
https://blog.cloudflare.com/conntrack-tales-one-thousand-and-one-flows
I never thought about the limits of the conntrack table and how important is to have in mind (or make a tattoo of) the iptables diagram:
