On Sun, Apr 07, 2002 at 12:55:37AM +0200, Henrik Nordstrom wrote:
> On Sunday 07 April 2002 00:09, Eric Wirt wrote:
> 
> > 1) I'm not terribly familiar with the netfilter architecture. 
> > Maybe one of the netfilter developers can chime in and tell me what
> > the proper way to hook into netfilter would be?
> 
> Not being a core developer, but clearly the correct approach to UPnP 
> is a userspace daemon responding to UPnP messages, and reconfiguring 
> the iptables kernel as needed.

To be more precise:  A userspace daemon using the upcoming ctnetlink
interface to add connection tracking entries / nat mappings and
ip_conntrack_expect's to the firewall.

Dynamically inserting/removing rules seems like a big hack, but not like
a solution.

> Regards
> Henrik Nordström
> MARA Systems AB, Sweden

-- 
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

Reply via email to