A little reorganization of the FAQ wrt IPv6

This commit is contained in:
Tom Eastep 2009-08-18 09:22:05 -07:00
parent 82cd525658
commit f1d12d193b

View File

@ -2153,42 +2153,6 @@ We have an error talking to the kernel
url="http://linuxman.wikispaces.com/Clustering+Shorewall">This article
by Paul Gear</ulink> should help you get started.</para>
</section>
<section id="faq80">
<title>(FAQ 80) Does Shorewall support IPV6?</title>
<para>Answer: <ulink url="IPv6Support.html">Shorewall IPv6
support</ulink> is currently available in Shorewall 4.2.4 and
later.</para>
<section id="faq80a">
<title>(FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24
or later?</title>
<para><emphasis role="bold">Answer:</emphasis> Shorewall implements a
stateful firewall which requires connection tracking be present in
ip6tables and in the kernel. Linux kernel's before 2.6.20 didn't
support connection tracking for IPv6. So we could not even start to
develop Shorewall IPv6 support until 2.6.20 and there were significant
problems with the facility until at least kernel 2.6.23. When
distributions began offering IPv6 connection tracking support, it was
with kernel 2.6.25. So that is what we developed IPv6 support on and
that's all that we initially tested on. Subsequently, we have tested
Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running
2.6.20 or later, you can <emphasis role="bold">try</emphasis> to run
Shorewall6 by hacking<filename>
/usr/share/shorewall/prog.footer6</filename> and changing the kernel
version test to check for your kernel version rather than 2.6.24
(20624). But after that, you are on your own.</para>
<programlisting>kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2&gt; /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1)
if [ $kernel -lt <emphasis role="bold">20624</emphasis> ]; then
error_message "ERROR: $PRODUCT requires Linux kernel <emphasis role="bold">2.6.24</emphasis> or later"
status=2
else
</programlisting>
</section>
</section>
</section>
<section id="ALIASES">
@ -2303,6 +2267,42 @@ rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
<section id="faq40">
<title>IPv6</title>
<section id="faq80">
<title>(FAQ 80) Does Shorewall support IPV6?</title>
<para>Answer: <ulink url="IPv6Support.html">Shorewall IPv6
support</ulink> is currently available in Shorewall 4.2.4 and
later.</para>
<section id="faq80a">
<title>(FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24
or later?</title>
<para><emphasis role="bold">Answer:</emphasis> Shorewall implements a
stateful firewall which requires connection tracking be present in
ip6tables and in the kernel. Linux kernels before 2.6.20 didn't
support connection tracking for IPv6. So we could not even start to
develop Shorewall IPv6 support until 2.6.20 and there were significant
problems with the facility until at least kernel 2.6.23. When
distributions began offering IPv6 connection tracking support, it was
with kernel 2.6.25. So that is what we developed IPv6 support on and
that's all that we initially tested on. Subsequently, we have tested
Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running
2.6.20 or later, you can <emphasis role="bold">try</emphasis> to run
Shorewall6 by hacking<filename>
/usr/share/shorewall/prog.footer6</filename> and changing the kernel
version test to check for your kernel version rather than 2.6.24
(20624). But after that, you are on your own.</para>
<programlisting>kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2&gt; /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1)
if [ $kernel -lt <emphasis role="bold">20624</emphasis> ]; then
error_message "ERROR: $PRODUCT requires Linux kernel <emphasis role="bold">2.6.24</emphasis> or later"
status=2
else
</programlisting>
</section>
</section>
<section>
<title>(FAQ 40) I have an interface that gets its IPv6 configuration
from radvd. When I start Shorewall6, I immediately loose my default