Howdy list! I'm working on a research project where I'd like to be able to create/update iptables entries from within kernel-space instead of the usual route through user-space (with the client iptables). The idea is to have a separate rule set that can only be altered by the kernel, and not by the normal iptables client in user-space. I've looked around the documentation, but the majority of it seems focused on adding extensions that would operate in userland. My question is, where should I look for this functionality in netfilter/the kernel? I was originally planning on tracing the calls up into the kernel through the client iptables to see what kernel functions end up being called, but things got pretty muddy for me as it passed through libiptc/tipc. Any suggestions on where to look to achieve iptables-like functionality entirely within the kernel would be much appreciated. Thanks! Yacin -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
