I just installed 2.6.11 and I have found a couple of things:
a) As I mentioned yesterday, there are Netfilter-ipsec patches available
in the contrib/IPSEC/2.6.11 directory (they were created against rc4 and
they thus apply with offsets to 2.6.11 final). There are now 5 patches
-- the 5th is mine and is necessary to allow iptables to compile against
the patched kernel source tree. I''m using iptables-1.3.0 patched with
the ''policy'' match and ''ipp2p''.
b) The ''ports'' parameter has been removed from the ip_nat_ftp
kernel
module (it appears that module now just piggybacks on the similar
parameter to ip_conntrack_ftp). You will see a harmless error message
about this when Shorewall is [re]started if you have specified that
parameter in /etc/shorewall/modules or in /etc/modules.conf.
-Tom
--
Tom Eastep \ Off-list replies are cheerfully ignored
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key