On Fri, Nov 16, 2007 at 01:49:45PM +0100, Patrick McHardy wrote: > What I have in mind is roughly: > > IPv4/IPv6 conntrack > NAT > ip_tables/ip6_tables > tables: filter, nat > matches: tcpudp, state, limit, hashlimit, policy > targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE > > That should be enough for a simple firewall script. I'm not sure > whether we should also select helpers though. Maybe the common > ones, like ftp, irc and sip? I'd vote for at least FTP here...most users will use it at some point (or if they don't, wonder why FTP is broken). Phil - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html