Hi, i have used shorewall for several years now, but now i have a problem i can not solve by my own. I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel. In the next few weeks i need several IPSEC VPN tunnels - ans thats the problem. "shorewall check" tells me that "Policy Match: not available". As i have RTFMd i need some iptables ans netfilter patches for 2.6 kernels. This is writen x times all over the Shorwall website. I shall use Netfilter-patch-o-matic etc. pp. Ok - i can read this, but i can not understand how to do that. Every time i go to www.netfilter.org i click on patch-o-matic-ng After that i see a welcom screen and a question (Which is realy my own) What is patch-o-matic? But no explanation ... How do i identify which patches i need for the 2.6.10 or the 2.6.11 kernel ? And how do i actually use this patch-o-matic thing ? If it is written somewhere on this website i did not found it. So please - can someone explain this to me ? Thanks! regards ~ Joerg
kermit wrote:> What is patch-o-matic? > But no explanation ... > How do i identify which patches i need for the 2.6.10 or the 2.6.11 > kernel ? And how do i actually use this patch-o-matic thing ? > If it is written somewhere on this website i did not found it. > So please - can someone explain this to me ?a) Go to the netfilter site. b) In the left-hand frame is a link named "Documentation -- HOWTOs" -- please click on it. c) Go down to "Netfilter Extensions HOWTO" -- click on the language and format of your choice. That will tell you what Patch-o-matic is and how to run it. As to which patches you need: a) For kernel 2.6.9-11, you can download 4 of the kernel patches from my site: http://shorewall.net/contrib/IPSEC (the 2.6.10 patches were merged into a single patch). b) The fifth patch needs to come from Patch-O-Matic-NG and is called ''policy match''; it was in the ''extras'' collection the last time that I looked. This patch must be applied to both your kernel and iptables. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> a) Go to the netfilter site. > b) In the left-hand frame is a link named "Documentation -- HOWTOs" -- > please click on it. > c) Go down to "Netfilter Extensions HOWTO" -- click on the language and > format of your choice. > > That will tell you what Patch-o-matic is and how to run it.Thanks for your realy fast answer. It seems i have to be ashamed that i did not found this on my own ... regards Joerg
kermit wrote:> Tom Eastep wrote: > >> a) Go to the netfilter site. >> b) In the left-hand frame is a link named "Documentation -- HOWTOs" -- >> please click on it. >> c) Go down to "Netfilter Extensions HOWTO" -- click on the language and >> format of your choice. >> >> That will tell you what Patch-o-matic is and how to run it. > > Thanks for your realy fast answer. > It seems i have to be ashamed that i did not found this on my own ... >Be sure to take note of the fact that ''patch-o-matic-ng'' has replaced ''patch-o-matic''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key