Hi David I agree with you Thanks very much Graziano
Il 21/05/2012 20.37, davidMbrooke ha scritto: > On Mon, 2012-05-21 at 15:41 +0200, Graziano Brioschi wrote: >> I have checked on a Bering uClibc 4.2.1 system and the "policy match >> capability" is available.... >> Must I to upgrade my firewall to the new version? > I think so. For "Policy match" it seems you need kernel module > xt_policy.ko, which is generated based on > CONFIG_NETFILTER_XT_MATCH_POLICY being specified when the Kernel was > compiled. > > http://cateee.net/lkddb/web-lkddb/NETFILTER_XT_MATCH_POLICY.html says > this needs a 2.6 kernel, so Policy Match is not possible with BuC 3.x > (2.4 kernel). > > david > >> Thanks >> Graziano >> >> Il 21/05/2012 15.33, Graziano Brioschi ha scritto: >>> Hi list >>> >>> i'm trying to setup a L2TPd server on a bering uClibc 3.1 firewall using >>> as reference some documents that i have found in the net >>> (http://blog.bertelsen.co/2012/02/debian-squeeze-l2tpipsec-vpn-server.html). >>> >>> My problem is related to shorewall: I'm defining a line as the follow in >>> /etc/shorewall/policy file: >>> ... >>> vips ipsec >>> .... >>> >>> When I try to run "shorewall check" the system answers with the >>> following error: >>> >>> # shorewall check >>> Checking... >>> Initializing... >>> Determining Zones... >>> ERROR: Your kernel and/or iptables does not support policy match >>> Terminated >>> # >>> >>> Running "shorewall show capabilities" on the same firewall: >>> >>> # shorewall show capabilities >>> Shorewall has detected the following iptables/netfilter capabilities: >>> NAT: Available >>> Packet Mangling: Available >>> Multi-port Match: Available >>> Extended Multi-port Match: Not available >>> Connection Tracking Match: Not available >>> Packet Type Match: Available >>> Policy Match: Not available >>> Physdev Match: Not available >>> Packet length Match: Available >>> IP range Match: Not available >>> Recent Match: Not available >>> Owner Match: Not available >>> Ipset Match: Not available >>> CONNMARK Target: Available >>> Extended CONNMARK Target: Available >>> Connmark Match: Available >>> Extended Connmark Match: Available >>> Raw Table: Not available >>> IPP2P Match: Available >>> CLASSIFY Target: Not available >>> Extended REJECT: Available >>> Repeat match: Not available >>> MARK Target: Available >>> Extended MARK Target: Not available >>> Mangle FORWARD Chain: Available >>> Comments: Not available >>> Address Type Match: Not available >>> TCPMSS Match: Available >>> Hashlimit Match: Not available >>> >>> ...It seems that my system has a problem with the policy match capability... >>> >>> I think that this problem is due to a missing kernel module, but I >>> cannot find which module I must load to fix it >>> >>> Is there someone who have make some tests with bering uclibc 3.1 and >>> L2TP/IPSec VPN daemon? >>> >>> thanks in advance >>> Graziano >>> > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ -- Graziano Brioschi Outland s.a.s. sede operativa: Via A. Don Rocca, 13 20030, Senago (MI) tel: 02 9948 6014 mobile: 328 8382622 email: graziano.brios...@outland.it --> U4E<-- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
