Hi Charles, > Besides driver issues, another reason to migrate to a 2.6 kernel is > support for IPV6, which will become vastly more important in the years > to come, particularly outside the US, where the IPV4 address pool is > already beginning to be exhausted. Good point. I haven't had to touch it yet, but I guess sooner or later, we all will have to tackle that beast.
> I can likely assist with the IPSec stuff. I have migrated a few sites > from leaf-based firewalls to minimal debian installs, using the new > IPSec tools (racoon and racoon-tool, in my case). I have a few more > sites that still run leaf and will need to be upgraded soon. A 2.6 > kernel based release with modern IPSec would allow me to avoid migrating > to debian (and rotating HDDs). That would be great. If you could help with IPSEC on a 2.6 kernel, and you don't have to migrate your LEAF boxes to something else, I guess we all win :-) > I don't yet have any real-world experience with IPV6, other than the > dropped IPV6 packets seen by anyone running a firewall...the nasties > have taken to using IPV6 tunneling to try and circumvent firewall rules, > as many routers block IPV4 traffic but have separate (and frequently > non-existent or less maintained) rule sets for IPV6. That's a good point - and something we should focus on as we're moving towards IPV6 (and no matter how hard we try to ignore it - IPV6 will be something all of us will have to face at some point). I guess we already have 6Wall - but I'm afraid I have no idea how up to date it is, compared to shorewall. Martin ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel