I'm trying to use a socket (on port 1727) to decode some proprietary UDP packets. When I've decoded them I want to apply a DNAT rule (and then a SNAT too) to this port using a filter on @IP:port source for all following packets…
So do you have Machine F which is the firewall, and machines A, B and C which are the ultimate destinations, and you want to have UDP packets from machine X (elsewhere) being sent to A, B or C by F based on some information in the first packet F receives from a new host X? You could write your "monitor" to set up new rules based on the first packets that arrive, with the remainder being "deflected" by the firewall rules.
