Bug 45

...and not, like we do for TCP, periodically, after pasta is started.

This is the same for both outbound (-U auto) and inbound (-u auto) ports, and documented in the man page, but there's no particular reason why we can't re-scan bound ports periodically, other than the fact I was in a hurry when I implemented the equivalent feature for TCP.

This would support the use case where Podman creates a network namespace, running as unprivileged user, and several containers with associated network namespaces within that one, with their interfaces bridged.

Podman controls the network namespace in the middle, whereas pasta provides connectivity between that and the init namespace. To enable port forwarding from the outer namespace (init) or external hosts all the way to the innermost namespaces, without any explicit configuration, Podman could bind ports there, then pasta would notice and dynamically forward ports. However, this needs to work with UDP too, in order to be usable.