Shorewall users - Dec 2005 - Recomended Kernel and patches

I was wondering which kernel is recommended for 
shorewall 3.0.x 
and what 
iptables 1.3.x 1.2.9 
and what patch-o-matic or *-ng to.
and what are other patches would I require to use 
fully functional shorewall 




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

On Thursday 08 December 2005 04:17, Tanović Branko
wrote:
> I was wondering which kernel is recommended for
> shorewall 3.0.x
> and what
> iptables 1.3.x 1.2.9
> and what patch-o-matic or *-ng to.
> and what are other patches would I require to use
> fully functional shorewall
Any recent 2.6 kernel that includes all bug/security fixes will work. I 
personally run 2.6.14.3.

I recommend iptables 1.3.3.

There are two features of Shorewall that require patching:

a) IPSEC using the native PF_KEY implementation in the 2.6 kernels. That 
requires the 4 ipsec patches and ''policy match'' from
patch-o-matic-ng. All of
these patches are included in recent SuSE kernels and iptables.

b) Using ipsets requires the ipset patch from patch-o-matic-ng and the ipset 
user-space utility.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key