This section covers general netfilter (and non-netfilter) related questions we've encountered frequently on the mailing list.
Netfilter and IPtables are integrated in the Linux 2.4.x kernel series. Please obtain a recent kernel from http://www.kernel.org or one of its mirrors.
The userspace tool 'iptables' is available at the netfilter homepage on one of the mirrors at http://netfilter.samba.org, http://netfilter.kernelnotes.org or http://netfilter.filewatcher.org.
No, there currently is none. But if anybody wants to start, it shouldn't be too difficult because of the clean interface to the network stack
Please inform us about any work in this area.
If you are used to masquerading on a Linux 2.2 box, you always used the ip_masq_icq module in order to get direct client-to-client ICQ working.
Nobody re-implemented this module for netfilter, because the ICQ protocol is too ugly :) But I guess it's just a matter of time until one is available.
Rusty once pointed out that only modules for protocols with at least one free client and one free server are going to get integrated into the main netfilter distribution. As for ICQ, there are only free clients, so it doesn't match this criteria. (free as in freedom, not in free beer, i.e. RMS' definition)
Some of them are not required, and some haven't been ported to netfilter yet. Netfilter does full connection tracking even for UDP, and has a policy of trying to disturb the packets at little as possible, so sometimes things `just work'.
The 2.4.0-testX kernels are in a feature freeze. We are unable to get anything other than bugfixes into the main kernel tree. But we didn't stop developing new netfilter/iptables features, of course. If you want to use any of the bleeding-edge netfilter functions, you may have to apply one or more of the patches from patch-o-matic.
patch-o-matic has a neat user interface. Just enter
make patch-o-matic
or, if your kernel tree is not in /usr/src/linux then use
make KERNEL_DIR={your-kernel-dir} patch-o-matic
in the top directory of the iptables-package. patch-o-matic checks for each of the patches if it would apply against the kernel source you have installed. If a patch would apply, you will see a little prompt, where you can ask for more information about this patch, apply the patch, skip to the next one, ...