> Standard nat rules can do that: > iptables -t nat -A PREROUTING -p udp --dport start:end -j DNAT --to- > destination newdest:newdestport > iptables -t nat -A POSTROUTING -p udp -d newdest --dport newdestport -j > SNAT --to-source newsrc:newsrcport Well, maybe I could use that, or more likely base my kernel module off that code. The reason that I probably can't use the DNAT target as is, is because I also have to inspect the packets, and for some (very small) number of them, send the packet up to userspace for further processing. Also, my userspace process needs to frequently (hundreds of times per second) change the forwarding rules, so for performance reasons I want to specify those changes via commands over a netlink socket rather than adding and removing iptables rules. Does that make sense? Should I be looking at creating a target similar to DNAT, and using that code as reference? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
