I wonder if anyone is running IPv6 under Centos-5.2? Particularly with shorewall? I see that shorewall6 is specifically designed for updating shorewall to IPv6, as described in <http://www.shorewall.net/IPv6Support.html>. Unfortunately, this explicity requires kernel 2.6.25 or later, and iptables 1.4.0 or later, both of which are later than any versions I've seen on a Centos repository. I'm wondering how safe it would be to install Fedora versions of the required kernel and iptables? Or is there any alternative to shorewall that is IPv6 compatible? I don't really want to run iptables directly, unless forced to do so, as I have found shorewall very reliable and simple to configure. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
Timothy Murphy wrote:> I wonder if anyone is running IPv6 under Centos-5.2? >YES!!! On some systems it is strictly IPv6. IPv4 only on lo loopback.> Particularly with shorewall? >NO!!!> I see that shorewall6 is specifically designed for updating shorewall > to IPv6, as described in <http://www.shorewall.net/IPv6Support.html>. > > Unfortunately, this explicity requires kernel 2.6.25 or later, > and iptables 1.4.0 or later, > both of which are later than any versions I've seen on a Centos repository. >Tom was rather explicit about why we will NOT see Shorewall6 with Centos and the 2.6.18 kernel: "2.6.18 doesn't support stateful IPv6 firewalling at all!" I think that says it. You want stateful IPv6 firewalling, then you will get a newer kernel which means most likely Centos 6.0...> I'm wondering how safe it would be to install Fedora versions > of the required kernel and iptables? >I seem to recall kernel discussions here on this list and why this is a VERY bad idea.> Or is there any alternative to shorewall that is IPv6 compatible? > I don't really want to run iptables directly, unless forced to do so, > as I have found shorewall very reliable and simple to configure. >What I am working on is a FC9 system with shorewall6, then doing a ip6tables -L and copying those rules that do not require stateful firewalling...