- pkttables
	- linked lists instead of blob
		- explain current situation
		- dynamic rulesets are slow with iptables
	- independent of layer 3 protocol
		- current code duplication between [ip|ip6|arp]tables
		- some matches (mac, interface, ...) are independent anyway
- nfnetlink
	- idea
	- ctnetlink
	- iptnetlink / pkttnetlink
	- ulog/queue port to it
	- libnfnetlink, libctnetlink, libpkttnetlink
- libiptables / libpkttnetlink
	- high-level API for rule-manipulation
	- covering all the plugins which are currently part of iptables

- failover / load balancing for stateful firewalls
	- slides from OLS