mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
A little reorganization of the FAQ wrt IPv6
This commit is contained in:
parent
82cd525658
commit
f1d12d193b
72
docs/FAQ.xml
72
docs/FAQ.xml
@ -2153,42 +2153,6 @@ We have an error talking to the kernel
|
||||
url="http://linuxman.wikispaces.com/Clustering+Shorewall">This article
|
||||
by Paul Gear</ulink> should help you get started.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq80">
|
||||
<title>(FAQ 80) Does Shorewall support IPV6?</title>
|
||||
|
||||
<para>Answer: <ulink url="IPv6Support.html">Shorewall IPv6
|
||||
support</ulink> is currently available in Shorewall 4.2.4 and
|
||||
later.</para>
|
||||
|
||||
<section id="faq80a">
|
||||
<title>(FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24
|
||||
or later?</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> Shorewall implements a
|
||||
stateful firewall which requires connection tracking be present in
|
||||
ip6tables and in the kernel. Linux kernel's before 2.6.20 didn't
|
||||
support connection tracking for IPv6. So we could not even start to
|
||||
develop Shorewall IPv6 support until 2.6.20 and there were significant
|
||||
problems with the facility until at least kernel 2.6.23. When
|
||||
distributions began offering IPv6 connection tracking support, it was
|
||||
with kernel 2.6.25. So that is what we developed IPv6 support on and
|
||||
that's all that we initially tested on. Subsequently, we have tested
|
||||
Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running
|
||||
2.6.20 or later, you can <emphasis role="bold">try</emphasis> to run
|
||||
Shorewall6 by hacking<filename>
|
||||
/usr/share/shorewall/prog.footer6</filename> and changing the kernel
|
||||
version test to check for your kernel version rather than 2.6.24
|
||||
(20624). But after that, you are on your own.</para>
|
||||
|
||||
<programlisting>kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2> /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1)
|
||||
if [ $kernel -lt <emphasis role="bold">20624</emphasis> ]; then
|
||||
error_message "ERROR: $PRODUCT requires Linux kernel <emphasis role="bold">2.6.24</emphasis> or later"
|
||||
status=2
|
||||
else
|
||||
</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id="ALIASES">
|
||||
@ -2303,6 +2267,42 @@ rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
|
||||
<section id="faq40">
|
||||
<title>IPv6</title>
|
||||
|
||||
<section id="faq80">
|
||||
<title>(FAQ 80) Does Shorewall support IPV6?</title>
|
||||
|
||||
<para>Answer: <ulink url="IPv6Support.html">Shorewall IPv6
|
||||
support</ulink> is currently available in Shorewall 4.2.4 and
|
||||
later.</para>
|
||||
|
||||
<section id="faq80a">
|
||||
<title>(FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24
|
||||
or later?</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> Shorewall implements a
|
||||
stateful firewall which requires connection tracking be present in
|
||||
ip6tables and in the kernel. Linux kernels before 2.6.20 didn't
|
||||
support connection tracking for IPv6. So we could not even start to
|
||||
develop Shorewall IPv6 support until 2.6.20 and there were significant
|
||||
problems with the facility until at least kernel 2.6.23. When
|
||||
distributions began offering IPv6 connection tracking support, it was
|
||||
with kernel 2.6.25. So that is what we developed IPv6 support on and
|
||||
that's all that we initially tested on. Subsequently, we have tested
|
||||
Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running
|
||||
2.6.20 or later, you can <emphasis role="bold">try</emphasis> to run
|
||||
Shorewall6 by hacking<filename>
|
||||
/usr/share/shorewall/prog.footer6</filename> and changing the kernel
|
||||
version test to check for your kernel version rather than 2.6.24
|
||||
(20624). But after that, you are on your own.</para>
|
||||
|
||||
<programlisting>kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2> /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1)
|
||||
if [ $kernel -lt <emphasis role="bold">20624</emphasis> ]; then
|
||||
error_message "ERROR: $PRODUCT requires Linux kernel <emphasis role="bold">2.6.24</emphasis> or later"
|
||||
status=2
|
||||
else
|
||||
</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>(FAQ 40) I have an interface that gets its IPv6 configuration
|
||||
from radvd. When I start Shorewall6, I immediately loose my default
|
||||
|
Loading…
Reference in New Issue
Block a user