<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <article> <!--$Id$--> <articleinfo> <title>Shorewall and the 2.6 Linux Kernel</title> <authorgroup> <author> <firstname>Tom</firstname> <surname>Eastep</surname> </author> </authorgroup> <pubdate>2005-01-14</pubdate> <copyright> <year>2003</year> <year>2004</year> <year>2005</year> <holder>Thomas M. Eastep</holder> </copyright> <legalnotice> <para>Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para> </legalnotice> </articleinfo> <section> <title>General</title> <para>Shorewall is compatible with the Linux 2.6 kernel series and contains support for the following features that are added in that series:</para> <orderedlist> <listitem> <para><ulink url="netmap.html">NETMAP</ulink> Target Support.</para> </listitem> <listitem> <para><ulink url="bridge.html">Bridge/Firewall</ulink> Support (physdev match support).</para> </listitem> <listitem> <para><ulink url="traffic_shaping.htm">CLASSIFY</ulink> Target Support.</para> </listitem> </orderedlist> </section> <section> <title>IPSEC</title> <para>The 2.6 Linux kernel introduces a new implementation of IPSEC which eliminates the <filename class="devicefile">ipsecN</filename> device names. Netfilter/iptables support for this new implementation is incomplete unless your kernel has been patched. For unpatched kernels, see the <ulink url="IPSEC.htm">Shorewall IPSEC documentation</ulink> (Shorewall support for IPSEC with unpatched 2.6 kernels is very limited). For patched 2.6 kernels (including those supplied with <trademark>SUSE</trademark> 9.2) see the <ulink url="IPSEC-2.6.html">Kernel 2.6 IPSEC documentation</ulink>.</para> </section> </article>