I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as my main firewall. It is running a home-built 2.6.9 kernel with the ipsec-netfilter and policy match patches. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Thu, 2004-12-16 at 09:37, Tom Eastep wrote:> I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as > my main firewall. It is running a home-built 2.6.9 kernel with the > ipsec-netfilter and policy match patches.I just built myself a VERY old P133 w/ 128MB ram w/ FC3 and using shorewall to act as a firewall/apache/squid. I don''t know about ipsec-netfilter and policy matches though -- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz 98% Microsoft(tm) Free!! Neuromancer 14:07:50 up 4:34, 7 users, 0.76, 0.86, 0.57
> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Wednesday, December 15, 2004 8:37 PM > To: Shorewall Users > Subject: [Shorewall-users] [OT] New (old) Firewall at shorewall.net > > I''ve rebuilt my old P-II/233 with Debian Sarge and it is now > serving as my main firewall. It is running a home-built 2.6.9 > kernel with the ipsec-netfilter and policy match patches. > > -TomWhat about a short "How-To" on applying the patches. I''ve googled my eyeballs out of socket the past several days and used about every combination of POM-NG, Iptables, and Kernel version without getting the patches to apply successfully. Admittedly, I haven''t tried the patches from the links that you posted Tuesday. I had previously discovered these patches with vague instructions on a site but was too tired to try figuring out the procedure for installation. Best regards, Mitch
On Thu, 2004-12-16 at 08:33 -0500, Mitch Martin wrote:> > > What about a short "How-To" on applying the patches.For the patches that I posted, you may apply them by: cd <your 2.6.9 kernel source directory> patch -p1 < <first-patch-file> patch -p1 < <second-patch-file> ... To apply the policy match patch, you need to use the ''patch-o-matic-ng'' runme script; the patch is in the ''extra'' category. See the README in the patch-o-matic-ng directory. Beyond that, you are on your own. One thing I do NOT do is provide help with building software (including kernels). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Thursday, December 16, 2004 11:06 AM > To: Shorewall Users > Subject: RE: [Shorewall-users] [OT] New (old) Firewall at > shorewall.net > > On Thu, 2004-12-16 at 08:33 -0500, Mitch Martin wrote: > > > > > > What about a short "How-To" on applying the patches. > > For the patches that I posted, you may apply them by: > > cd <your 2.6.9 kernel source directory> > patch -p1 < <first-patch-file> > patch -p1 < <second-patch-file> > ... > > To apply the policy match patch, you need to use the > ''patch-o-matic-ng'' > runme script; the patch is in the ''extra'' category. See the > README in the patch-o-matic-ng directory.My mistake... I shouldn''t have used the word "howto" but instead simply asked these questions: 1- Debian kernel or kernel.org? 2- POM-NG stable or CVS (if cvs which date)? 3- Iptables source code from Sarge or newer version from Netfilter? 4- Anything else that you consider pertinent? You would better understand these questions had you been in my office the past few days. ;-)> > Beyond that, you are on your own. One thing I do NOT do is > provide help with building software (including kernels).Understood! Fortunately, that wasn''t one of my many problems. ;-) Mitch
On Thu, 2004-12-16 at 12:44 -0500, Mitch Martin wrote:> 1- Debian kernel or kernel.org?kernel.org> 2- POM-NG stable or CVS (if cvs which date)?snapshot - -20041207> 3- Iptables source code from Sarge or newer version from Netfilter?1.2.11 from Netfilter.org -- this is all fluff since you don''t need to change iptables at all but POM-ng wants to see the source (1.2.11 has policy match already). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> > 1- Debian kernel or kernel.org? > > kernel.org > > > 2- POM-NG stable or CVS (if cvs which date)? > > snapshot - -20041207 > > > 3- Iptables source code from Sarge or newer version from Netfilter? > > 1.2.11 from Netfilter.org -- this is all fluff since you > don''t need to change iptables at all but POM-ng wants to see > the source (1.2.11 has policy match already). > > -TomMany thanks!! Mitch