Patrick I would like to propose that we do something similar to how we handle all the non-trivial routing and TCP congestion control settings. And that is to have an "ADVANCED" guard that simply doesn't present the myriad of netfilter modules and options we have. Basically, if the user doesn't set CONFIG_NETFILTER_ADVANCED he gets basic NAT and connection tracking support, that's it. Or at least something along those lines. Let me know what you think about this. Linus has asked me for something like this several times :) - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html