From 93504cfeebd1fb2a32265e06a3cba90f4819b043 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 27 Jan 2009 22:22:40 +0000 Subject: [PATCH] FAQ about kernel 2.6.25 and IPv6 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9341 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 8c4aaa8cf..a69aed429 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -2194,9 +2194,34 @@ We have an error talking to the kernel (FAQ 80) Does Shorewall support IPV6? Answer: Shorewall IPv6 - support is currently available in Shorewall - 4.2.4-RC1. + support is currently available in Shorewall 4.2.4 and + later. + +
+ (FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.25 + or later? + + Answer: Shorewall implements a + stateful firewall which requires connection tracking be present in + ip6tables and in the kernel. Kernel's before 2.6.20 didn't have + connection tracking for IPv6. So we could not even start to develop + IPv6 support until then. By the time that distributions began shipping + with kernels that supported IPv6 connection tracking, they were + shipping with 2.6.25. So that is what we developed IPv6 support on and + that's all that it has been tested on. If you are running 2.6.20 or + later, you can try to run Shorewall6 + by hacking /usr/share/shorewall-perl/prog.footer6 + and changing the kernel version test to check for your kernel version + rather than 2.6.25 (20625). But after that, you are on your + own. + + kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2> /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1) +if [ $kernel -lt 20625 ]; then + error_message "ERROR: $PRODUCT requires Linux kernel 2.6.25 or later" + status=2 +else + +