diff --git a/docs/images/2.6.21_conf_01.png b/docs/images/2.6.21_conf_01.png
new file mode 100644
index 000000000..2c20d7200
Binary files /dev/null and b/docs/images/2.6.21_conf_01.png differ
diff --git a/docs/images/2.6.21_conf_02.png b/docs/images/2.6.21_conf_02.png
new file mode 100644
index 000000000..938fb57bb
Binary files /dev/null and b/docs/images/2.6.21_conf_02.png differ
diff --git a/docs/images/2.6.21_conf_03.png b/docs/images/2.6.21_conf_03.png
new file mode 100644
index 000000000..fc61de73c
Binary files /dev/null and b/docs/images/2.6.21_conf_03.png differ
diff --git a/docs/kernel.xml b/docs/kernel.xml
index 97b690cc3..e9a2a8f9f 100644
--- a/docs/kernel.xml
+++ b/docs/kernel.xml
@@ -362,12 +362,12 @@ CONFIG_IP_NF_ARP_MANGLE=m
support (Ubuntu inexplicably includes conntrack match support but not
CONNTRACK target support). The two graphics show mostly the same
information but the configuration menu is slignly larger than my display
- so I captured it in two images.![]()
![]()
![]()
The next graphic shows the IP
Netfilter Configuration -- these are the standard Ubuntu settions.![]()
Here is the corresponding CONFIG
- file exerpt.CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+ align="center" fileref="images/kernel-2.6.20-3.png" />Here is the
+ corresponding CONFIG file exerpt.CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
@@ -464,4 +464,17 @@ CONFIG_IP_NF_ARP_MANGLE=m
+
+
+ Minimal Configuration using Kernel 2.6.20 and later
+
+ Massimo Burcheri has contributed this minimal configuration which is
+ suitable for securing a laptop or desktop. It is strictly a "no-frills"
+ configuration and represents the minimum that will work with Shorewall
+ when using only the very basic Shorewall features described in the one-interface quickstart guide.![]()
![]()
![]()
+
\ No newline at end of file