design basics


NAT integrated
no seperate nat.conf like ipf

more integration where it makes sense
queueing, some ipsec, ...

well integrated into the network stack

entry points: ip_input, ip_output, bridge