On Mon, Sep 05, 2005 at 12:38:21PM +0100, Antony Gelberg wrote: > Package: linux-source-2.6.12 > Severity: normal > > Hi, > > Please can we have the patches in 2.6 for netfilter and ipsec, and the policy > match patch in iptables. See http://www.shorewall.net/IPSEC-2.6.html > > The problem is thus: > Shorewall needs a patched kernel to work with the 2.6 ipsec stack. (Netfilter > currently lacks full support for the 2.6 kernel's implementation of IPSEC.) > If one tries to use a 2.4 Debian kernel, it's no use, due to the backporting > of the 2.6 stack. > If one tries to use a vanilla kernel with the openswan-modules-source, this > fails due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276521. This > bug renders the package useless. AES is a strong and desirable cipher. > > This means that it is a right pain to buid a Sarge firewall with ipsec, and it > really shouldn't be. I am currently using a vanilla 2.4.31 kernel with the > kernel-patch-openswan package. > > I have raised this with the linux-source-2.6.12 and iptables packages in the > BTS.
Please get these patches included upstream if you want them to be included in the Debian kernel. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
