Shorewall and the 2.6 Linux Kernel
Tom
Eastep
2003
2004
2005
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
General
Shorewall is compatible with the Linux 2.6 kernel series and
contains support for the following features that are added in that
series:
NETMAP Target Support.
Bridge/Firewall Support
(physdev match support).
CLASSIFY Target
Support.
IPSEC
The 2.6 Linux kernel introduces a new implementation of IPSEC which
eliminates the ipsecN device
names. Netfilter/iptables support for this new implementation is
incomplete unless your kernel has been patched. For unpatched kernels, see
the Shorewall IPSEC documentation
(Shorewall support for IPSEC with unpatched 2.6 kernels is very limited).
For patched 2.6 kernels (including those supplied with
SUSE 9.2) see the Kernel 2.6 IPSEC documentation.