On 11/03/10 00:40, Bret S. Lambert wrote:
Have you ever read the H.323 spec? If so, how have you not blotted out any idea of H.323 + firewall with copious amounts of sex, drugs, and rock and roll?
:) Well I did but I found out that linux has 2 modules about that nf_conntrack_h323 and nf_nat_h323. Apparently it does not work well since it does not handle h.245 and I had many other problems with that. I've also found about an internet draft http://old.iptel.org/ietf/firewall/draft-shore-h323-firewalls-00.txt so I hoped about a pf helper. Anyway I want to be sure that there is no other way of doing session tracking on h.323 and forget all about it Giannis