Within the next few days, I will be making the first 4.3.0 Alpha release available. Shorewall 4.3 will feature support for IPV6.
Two new packages will be included:
1) Shorewall6 -- analagous to the current Shorewall-common but for
IPv6.
2) Shorewall6-lite -- analagous to the current Shorewall-lite.
The Shorewall-perl compiler is enhanced to be able to handle either an
IPv4 configuration or an IPv6 configuration.
Key features of Shorewall6 are:
1) There is no NAT of any kind (most people see this as a giant step
forward). When an ISP assigns you a public IPv6 address, you are
actually assigned an IPv6 'prefix' which is like an IPv4 subnet. A
64-bit prefix allows 4 billion individual hosts (the size of the current
IPv4 address space).
2) The configuration is kept in /etc/shorewall6
3) The default zone type is ipv6.
4) The currently-supported interface options in Shorewall6 are:
blacklist
bridge
optional
routeback
sourceroute
tcpflags
mss
forward (replaces the IP_FORWARDING .conf option -- forwarding
is enabled on a per-interface basis in IPv6).
5) The currently-supported host options in Shorewall6 are:
blacklist
routeback
tcpflags
6) Traffic Shaping and Multi-ISP support are currently disabled. Packet
marking and connection marking are available to feed your current
traffic shaping defined in Shorewall.
7) When both an interface and an IPv6 address or address list need to
be specified in a rule, the address or list must be enclosed in square
brackets. Example:
ACCEPT net:eth0:[2001:19f0:feee::dead:beef:cafe] dmz
8) There are currently no Shorewall6 or Shorewall6-lite manpages.
9) The options available in shorewall6.conf are a subset of those
available in shorewall.conf
-Tom
--
Tom Eastep \ The ultimate result of shielding men from the
Shoreline, \ effects of folly is to fill the world with fools.
Washington, USA \ -Herbert Spencer
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
