From f1d12d193b020605b94a2abf22679f8c63862fd0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 18 Aug 2009 09:22:05 -0700 Subject: [PATCH] A little reorganization of the FAQ wrt IPv6 --- docs/FAQ.xml | 72 ++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 76c9e6a8e..070ff4407 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -2153,42 +2153,6 @@ We have an error talking to the kernel url="http://linuxman.wikispaces.com/Clustering+Shorewall">This article by Paul Gear should help you get started. - -
- (FAQ 80) Does Shorewall support IPV6? - - Answer: Shorewall IPv6 - support is currently available in Shorewall 4.2.4 and - later. - -
- (FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24 - or later? - - Answer: Shorewall implements a - stateful firewall which requires connection tracking be present in - ip6tables and in the kernel. Linux kernel's before 2.6.20 didn't - support connection tracking for IPv6. So we could not even start to - develop Shorewall IPv6 support until 2.6.20 and there were significant - problems with the facility until at least kernel 2.6.23. When - distributions began offering IPv6 connection tracking support, it was - with kernel 2.6.25. So that is what we developed IPv6 support on and - that's all that we initially tested on. Subsequently, we have tested - Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running - 2.6.20 or later, you can try to run - Shorewall6 by hacking - /usr/share/shorewall/prog.footer6 and changing the kernel - version test to check for your kernel version rather than 2.6.24 - (20624). But after that, you are on your own. - - kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2> /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1) -if [ $kernel -lt 20624 ]; then - error_message "ERROR: $PRODUCT requires Linux kernel 2.6.24 or later" - status=2 -else - -
-
@@ -2303,6 +2267,42 @@ rmmod nf_conntrack_sipThen change the DONT_LOAD specification
IPv6 +
+ (FAQ 80) Does Shorewall support IPV6? + + Answer: Shorewall IPv6 + support is currently available in Shorewall 4.2.4 and + later. + +
+ (FAQ 80a) Why does Shorewall lPv6 Support Require Kernel 2.6.24 + or later? + + Answer: Shorewall implements a + stateful firewall which requires connection tracking be present in + ip6tables and in the kernel. Linux kernels before 2.6.20 didn't + support connection tracking for IPv6. So we could not even start to + develop Shorewall IPv6 support until 2.6.20 and there were significant + problems with the facility until at least kernel 2.6.23. When + distributions began offering IPv6 connection tracking support, it was + with kernel 2.6.25. So that is what we developed IPv6 support on and + that's all that we initially tested on. Subsequently, we have tested + Shorewall6 on Ubuntu Hardy with kernel 2.6.24. If you are running + 2.6.20 or later, you can try to run + Shorewall6 by hacking + /usr/share/shorewall/prog.footer6 and changing the kernel + version test to check for your kernel version rather than 2.6.24 + (20624). But after that, you are on your own. + + kernel=$(printf "%2d%02d%02d\n" $(echo $(uname -r) 2> /dev/null | sed 's/-.*//' | tr '.' ' ' ) | head -n1) +if [ $kernel -lt 20624 ]; then + error_message "ERROR: $PRODUCT requires Linux kernel 2.6.24 or later" + status=2 +else + +
+
+
(FAQ 40) I have an interface that gets its IPv6 configuration from radvd. When I start Shorewall6, I immediately loose my default