On Thursday 08 December 2005 04:17, Tanović Branko
wrote:> I was wondering which kernel is recommended for
> shorewall 3.0.x
> and what
> iptables 1.3.x 1.2.9
> and what patch-o-matic or *-ng to.
> and what are other patches would I require to use
> fully functional shorewall
Any recent 2.6 kernel that includes all bug/security fixes will work. I
personally run 2.6.14.3.
I recommend iptables 1.3.3.
There are two features of Shorewall that require patching:
a) IPSEC using the native PF_KEY implementation in the 2.6 kernels. That
requires the 4 ipsec patches and ''policy match'' from
patch-o-matic-ng. All of
these patches are included in recent SuSE kernels and iptables.
b) Using ipsets requires the ipset patch from patch-o-matic-ng and the ipset
user-space utility.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key