Hi all, Dispite this silly object, I'm interesting in porting some iptables conn_track listed here : http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.html. I'm mostly interested in the pptp conntrack, which I need for my nat-box. I'd like an advise : what's the most appropriate place to run such extensions ? If using pf kernel space, the kernel will grow with many suported protocols. If using userland proxy and some pf rdr, it's sometimes "ugly" : I'm thinking to PPTP, where you need to configure a target PPTP server per proxy, so you need n proxy for n target server, which is.... ugly. On the other hand, ftp-proxy works great in userland. Or PPPoE which can run in both... Is there a rule of thumb to determine the good place for some connection tracking/proxy for a given protocol ?
Best regards, Bruno.
