I'm really hoping this isn't a stupid question, but I feel like it will be. I've been using the Shorewall program to configure iptables firewalls for various purposes. I have a problem where I can run ipsec no problem until I add ip compression, at which point the firewall is dropping the packets as "protocol 0." Tom, creator of shorewall, strongly recommends patching the kernel with the ipsec and policy match patches when using ipsec, so I figured I would try that first before I start complaining about my ipcomp problem. I'm running a custom Linux kernel, using 2.6.14 as of yesterday. I'm also running the standard iptables 1.3.3. I downloaded today's patch-o-matic-ng and unzipped, and did runme. I selected y for the policy match patch and no others to test the water. It applied without error so I went into my kernel config and selected the new option and recompiled. The kernel module seems to have been a success as I now have the ipt_policy module. Now the problem: I can't get the policy extension to compile into iptables. My iptables source has libipt_policy.c and libipt_policy.man in the extensions directory. I do a make clean && make, but I see no reference to the policy extension being compiled, and there are no new files generated. Furthermore doing iptables -m policy --help produces Couldn't load match `policy'. I checked the recent mailing list archives and the documentation and I didn't see further instructions for extensions. What am I missing? Thanks...
