On Sun, Apr 07, 2002 at 12:55:37AM +0200, Henrik Nordstrom wrote: > On Sunday 07 April 2002 00:09, Eric Wirt wrote: > > > 1) I'm not terribly familiar with the netfilter architecture. > > Maybe one of the netfilter developers can chime in and tell me what > > the proper way to hook into netfilter would be? > > Not being a core developer, but clearly the correct approach to UPnP > is a userspace daemon responding to UPnP messages, and reconfiguring > the iptables kernel as needed.
To be more precise: A userspace daemon using the upcoming ctnetlink interface to add connection tracking entries / nat mappings and ip_conntrack_expect's to the firewall. Dynamically inserting/removing rules seems like a big hack, but not like a solution. > Regards > Henrik Nordström > MARA Systems AB, Sweden -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)