Hi ! There's already a lot of modules, and it seems like there will be more and more in future.
- some netfilter modules belong to the upstream kernel or iptables distribution - some netfilter modules can be installed through patch-o-matic - netfilter modules can be kernel modules or compiled in the kernel - everyone is not using the same iptables or kernel versions, which provide different modules - netfilter module options can change with time All those reasons make it difficult to know what matches or targets are available on the current system, which confuses users and oblige "generic" scripts to use only a minimal subset of existing netfilter functionnalities. What's why I suggest a mechanism which would provide the list of currently available matches and targets, with their API (regarding options) versions. /proc seems to be a good candidate. What do you think about this idea? RV -- _ (°= Hervé Eychenne //) v_/_ WallFire project: http://www.wallfire.org/
