So far, i've been only using the FTP and IRC protocol helpers (ip_nat_irc, ip_nat_ftp) with iptables. The results were very good. Now i want to build a more complex firewall and perhaps use other protocol helpers. I know that commercial firewalls offer protocol helpers for things like H.323, SIP, various SQL flavors, PPTP, IPSec, RPC, RSH, etc. Of the current set of protocol helpers available on a recent 2.6 kernel, which ones are deemed "safe" for using in production, on a system that must run unattended for long periods of time? "Safe" meaning not only "does not crash the system" but also "works as expected". Thanks, -- Florin Andrei http://florin.myip.org/
