diff --git a/firewall b/firewall
index b4a457a..951d074 100755
--- a/firewall
+++ b/firewall
@@ -59,21 +59,28 @@ critical_return()
 
 forward_port()
 {
-    traffic=$1
-    source=$(echo $traffic | cut -d "-" -f1)
-    port=$(echo $traffic | cut -d "-" -f2)
-    destination=$(echo $traffic | cut -d "-" -f3)
-    proto=$(echo $traffic | cut -d "-" -f4)
-    dest_ip=$(echo $destination | cut -d ":" -f1)
-    dest_port=$(echo $destination | cut -d ":" -f2)
-
-    if [ ! "$port" -o ! "$proto" -o ! "$destination" -o ! "$dest_ip" -o ! "$dest_port" -o ! "$LAN_INT" ]; then
-        echo "! Bad syntax for traffic : $1"
-    else
-        echo "+ Forward $port to $destination for protocol $proto"
-        $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
-        $IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
+    if [ $# != 4 ]; then
+        echo "! Bad syntax for port forward : $*"
+        return
     fi
+
+    source=$1
+    port=$2
+    destination=$3
+    proto=$4
+
+    if echo "$destination" | grep -q ":"; then
+        dest_ip=$(echo $destination | cut -d ":" -f1)
+        dest_port=$(echo $destination | cut -d ":" -f2)
+        if [ ! "$LAN_INT" ]; then
+            echo "!! WARNING you must add a LAN interface (LAN_INT) for a port forward"
+        else
+            echo "+ Forward $port to $destination for protocol $proto"
+            $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
+            $IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
+        fi
+    fi
+
 }
 
 open_port()
@@ -100,14 +107,18 @@ open_port()
 
 port_redirection()
 {
-    redirection=$1
-    int=$(echo $traffic | cut -d "-" -f1)
-    srcport=$(echo $traffic | cut -d "-" -f2)
-    destport=$(echo $traffic | cut -d "-" -f3)
-    proto=$(echo $traffic | cut -d "-" -f4)
+    if [ $# != 4 ]; then
+        echo "! Bad syntax for port redirection : $*"
+        return
+    fi
+    
+    if=$1
+    proto=$2
+    srcport=$3
+    destport=$4
 
-    echo "+ Redirect $int port $srcport to $destport for portocol $proto"
-    iptables -t nat -A PREROUTING -i $int -p $proto --dport $srcport -j REDIRECT --to-port $destport
+    echo "+ Redirect $if port $srcport to $destport for portocol $proto"
+    iptables -t nat -A PREROUTING -i $if -p $proto --dport $srcport -j REDIRECT --to-port $destport
 }
 
 start()
@@ -188,16 +199,9 @@ start()
 
     if [ $PING == 1 ]; then
         echo "+ PING allowed"
-        ## stop ping flood attack
-        echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
-        echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
-        # Don't accept ICMP redirect messages
-        echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
-        # Don't send ICMP redirect messages
-        echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
-        $IPTABLES -A INPUT -p icmp -m limit --limit  1/s --limit-burst 1 -j ACCEPT
-        $IPTABLES -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix "iptables: PING-FLOOD: " --log-ip-options --log-level 4
-        $IPTABLES -A INPUT -p icmp -j DROP
+        iptables -A INPUT -p icmp --icmp-type ping -j ACCEPT
+        iptables -A OUTPUT -p icmp --icmp-type ping -j ACCEPT
+        iptables -A FORWARD -p icmp --icmp-type ping -j ACCEPT
     fi
 
     if [ $FTP == 1 ]; then
@@ -214,26 +218,25 @@ start()
     fi
 
     ## Open Ports
-    for traffic in "${OPEN_PORTS[@]}"; do
-        open_port $traffic
+    for args in "${OPEN_PORTS[@]}"; do
+        open_port $args
     done
 
     ## Port forwading
-    for traffic in $TRAFFICS; do
-        forward_port $traffic
+    for args in "${TRAFFICS[@]}"; do
+        forward_port $args
     done
 
     ## Port redirection
-    for redirection in $REDIRECTIONS; do
-        port_redirection $redirection
+    for args in "${REDIRECTIONS[@]}"; do
+        port_redirection $args
     done
 
     ## NAT
     if [ $NAT == 1 ]; then
         echo "+ Activate nat"
-        modprobe ip_nat_ftp
-        modprobe ip_nat_irc
-        $IPTABLES -t nat -A POSTROUTING -s $LAN_NETWORK -j MASQUERADE
+        for proto in ftp irc sip h323; do modprobe nf_nat_$proto; done
+        $IPTABLES -t nat -A POSTROUTING -o $WAN_INT -s $LAN_NETWORK -j SNAT --to-source $IP
     fi
 
     ipt_hook
diff --git a/firewall.conf b/firewall.conf
index 1b4e580..8f08a85 100644
--- a/firewall.conf
+++ b/firewall.conf
@@ -1,47 +1,42 @@
 IPTABLES=/sbin/iptables
 
-# WAN configuration
-WAN_INT=''
-IP=''
+## WAN configuration
+WAN_INT=''                     # WAN interface
+IP=''                          # WAN IP
 
-# Allow ping
-PING=1
+PING=1                         # Allow ping
+FTP=0                          # Allow FTP server (passive and active)
 
-# Allow FTP server (passive and active)
-FTP=0
+## LAN configuration
+NAT=0                          # Activate nat (need a LAN_NETWORK)
+LAN_NETWORK=''                 # LAN network (ex: 192.168.1.0/24) 
+LAN=0                          # Allow traffic between the WAN and LAN
+LAN_INT=''                     # LAN interface
 
-# NAT LAN_NETWORK
-NAT=0
-LAN_NETWORK=''
-# Allow traffic between the WAN and LAN
-LAN=0
-LAN_INT=''
-
-# Allow all traffic for interface(s)
+## Allow all traffic for interface(s)
 # example ALLOW_INTS='br0 xenbr42'
 ALLOW_INTS=''
 
-# Open ports
-# source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]
+## Open ports
+# "source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" ...
 # The default destination is the IP !
-# example :
-#OPEN_PORTS=("0.0.0.0/0 tcp 22" "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
+# example : OPEN_PORTS=("0.0.0.0/0 tcp 22" "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
 OPEN_PORTS=("0.0.0.0/0 tcp ssh")
 
-# Port forwarding
-# source-port-destination:port-protocole source-port-destination:port-protocole ...
-# example : TRAFFICS='0.0.0.0/0-80-192.168.0.42:80-tcp 42.42.42.42-4242-192.168.0.43:22-tcp'
-TRAFFICS=""
+## Port forwarding
+# "source port destination:port protocol" "source port destination:port protocol" ...
+# example : TRAFFICS=("0.0.0.0/0 80 192.168.0.42:80 tcp" "42.42.42.42 4242 192.168.0.43:22 tcp")
+TRAFFICS=("")
 
-# Port redirection
-# interface-sourceport-destport-protocole
-# example : REDIRECTIONS='$LAN_INT-25-4242-tcp $WAN_INT-25-4242-udp eth42-32-25-tcp'
-REDIRECTIONS=""
+## Port redirection
+# "interface protocol sourceport destport" ...
+# example : REDIRECTIONS=("eth42 tcp 32 25" "$LAN_INT tcp 25 4242")
+REDIRECTIONS=("")
 
 # Hook point to write your own iptables rules
 ipt_hook()
 {
-  echo "+ Load your own iptables rules"
-  # Write your own iptables rules here
+    echo "+ Load your own iptables rules"
+    # Write your own iptables rules here
 }