Timothy Murphy wrote:
> I wonder if anyone is running IPv6 under Centos-5.2?
>
YES!!! On some systems it is strictly IPv6. IPv4 only on lo loopback.
> Particularly with shorewall?
>
NO!!!
> I see that shorewall6 is specifically designed for updating shorewall
> to IPv6, as described in <http://www.shorewall.net/IPv6Support.html>.
>
> Unfortunately, this explicity requires kernel 2.6.25 or later,
> and iptables 1.4.0 or later,
> both of which are later than any versions I've seen on a Centos repository.
>
Tom was rather explicit about why we will NOT see Shorewall6 with Centos
and the 2.6.18 kernel:
"2.6.18 doesn't support stateful IPv6 firewalling at all!"
I think that says it. You want stateful IPv6 firewalling, then you will
get a newer kernel which means most likely Centos 6.0...
> I'm wondering how safe it would be to install Fedora versions
> of the required kernel and iptables?
>
I seem to recall kernel discussions here on this list and why this is a
VERY bad idea.
> Or is there any alternative to shorewall that is IPv6 compatible?
> I don't really want to run iptables directly, unless forced to do so,
> as I have found shorewall very reliable and simple to configure.
>
What I am working on is a FC9 system with shorewall6, then doing a
ip6tables -L and copying those rules that do not require stateful
firewalling...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
