<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
  <!--$Id$-->

  <articleinfo>
    <title>Shorewall and the 2.6 Linux Kernel</title>

    <authorgroup>
      <author>
        <firstname>Tom</firstname>

        <surname>Eastep</surname>
      </author>
    </authorgroup>

    <pubdate>2005-01-14</pubdate>

    <copyright>
      <year>2003</year>

      <year>2004</year>

      <year>2005</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>

    <legalnotice>
      <para>Permission is granted to copy, distribute and/or modify this
      document under the terms of the GNU Free Documentation License, Version
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>

  <section>
    <title>General</title>

    <para>Shorewall is compatible with the Linux 2.6 kernel series and
    contains support for the following features that are added in that
    series:</para>

    <orderedlist>
      <listitem>
        <para><ulink url="netmap.html">NETMAP</ulink> Target Support.</para>
      </listitem>

      <listitem>
        <para><ulink url="bridge.html">Bridge/Firewall</ulink> Support
        (physdev match support).</para>
      </listitem>

      <listitem>
        <para><ulink url="traffic_shaping.htm">CLASSIFY</ulink> Target
        Support.</para>
      </listitem>
    </orderedlist>
  </section>

  <section>
    <title>IPSEC</title>

    <para>The 2.6 Linux kernel introduces a new implementation of IPSEC which
    eliminates the <filename class="devicefile">ipsecN</filename> device
    names. Netfilter/iptables support for this new implementation is
    incomplete unless your kernel has been patched. For unpatched kernels, see
    the <ulink url="IPSEC.htm">Shorewall IPSEC documentation</ulink>
    (Shorewall support for IPSEC with unpatched 2.6 kernels is very limited).
    For patched 2.6 kernels (including those supplied with
    <trademark>SUSE</trademark> 9.2) see the <ulink
    url="IPSEC-2.6.html">Kernel 2.6 IPSEC documentation</ulink>.</para>
  </section>
</article>