diff --git a/nftables/nftables-attestation.conf b/nftables/nftables-attestation.conf
index 3e1d816..dcddf51 100644
--- a/nftables/nftables-attestation.conf
+++ b/nftables/nftables-attestation.conf
@@ -49,7 +49,7 @@ table inet filter {
         tcp dport { 22, 80, 443 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-discuss.conf b/nftables/nftables-discuss.conf
index 8dda89f..6e22714 100644
--- a/nftables/nftables-discuss.conf
+++ b/nftables/nftables-discuss.conf
@@ -49,7 +49,7 @@ table inet filter {
         tcp dport { 22, 80, 443 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-mail.conf b/nftables/nftables-mail.conf
index 2f0c8b4..391ff95 100644
--- a/nftables/nftables-mail.conf
+++ b/nftables/nftables-mail.conf
@@ -61,7 +61,7 @@ table inet filter {
         tcp dport { 22, 25, 80, 443, 465, 993 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-matrix.conf b/nftables/nftables-matrix.conf
index 002d244..dbd9872 100644
--- a/nftables/nftables-matrix.conf
+++ b/nftables/nftables-matrix.conf
@@ -49,7 +49,7 @@ table inet filter {
         tcp dport { 22, 80, 443 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-network.conf b/nftables/nftables-network.conf
index b184656..e394404 100644
--- a/nftables/nftables-network.conf
+++ b/nftables/nftables-network.conf
@@ -59,7 +59,7 @@ table inet filter {
         iif lo accept
         udp dport 123 accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-ns1.conf b/nftables/nftables-ns1.conf
index 34673cc..be32c62 100644
--- a/nftables/nftables-ns1.conf
+++ b/nftables/nftables-ns1.conf
@@ -52,7 +52,7 @@ table inet filter {
         iif lo accept
         udp dport 53 accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-ns2.conf b/nftables/nftables-ns2.conf
index 215afc8..10cb43f 100644
--- a/nftables/nftables-ns2.conf
+++ b/nftables/nftables-ns2.conf
@@ -48,7 +48,7 @@ table inet filter {
 
         udp dport 53 notrack accept
 
-        tcp dport 22 ip daddr $ip-anycast reject with tcp reset
+        tcp dport 22 ip daddr $ip-anycast drop
 
         # handle new TCP connections beyond rate limit via synproxy to avoid conntrack table exhaustion
         tcp dport { 22, 53, 80, 443, 853 } tcp flags syn limit rate over 1024/second burst 128 packets counter notrack accept
@@ -64,7 +64,7 @@ table inet filter {
         iif lo accept
         udp dport 53 accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-social.conf b/nftables/nftables-social.conf
index 7336f47..21b90fe 100644
--- a/nftables/nftables-social.conf
+++ b/nftables/nftables-social.conf
@@ -49,7 +49,7 @@ table inet filter {
         tcp dport { 22, 80, 443 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {
diff --git a/nftables/nftables-web.conf b/nftables/nftables-web.conf
index 9c36f9c..da9d5fe 100644
--- a/nftables/nftables-web.conf
+++ b/nftables/nftables-web.conf
@@ -59,7 +59,7 @@ table inet filter {
         tcp dport { 22, 80, 443 } goto input-tcp-service
         iif lo accept
         meta l4proto { icmp, ipv6-icmp } accept
-        ct state vmap { new : goto graceful-reject, established : accept, related : accept }
+        ct state vmap { new : drop, established : accept, related : accept }
     }
 
     chain input-tcp-service {