this is really great. I am really looking forward to this! Expecially since we are moving the firewall in our lab at work to Linux and IPv6 is a high on our wish list there. Shorewall was already the firewall configuration tool of choice. Here at home I am currently using 6wall dues to lack of something better.
One question though, you said: The Shorewall-perl compiler is enhanced to be able to handle either an IPv4 configuration or an IPv6 configuration. I hope that should or should read and/or. I hope I can use Ipv4 and IPv6 on the same machine, with just different configuration files? keep up the good work! Louis On Wed, 2008-12-10 at 09:35 -0800, Tom Eastep wrote: > Within the next few days, I will be making the first 4.3.0 Alpha release > available. Shorewall 4.3 will feature support for IPV6. > > Two new packages will be included: > > 1) Shorewall6 -- analagous to the current Shorewall-common but for > IPv6. > 2) Shorewall6-lite -- analagous to the current Shorewall-lite. > > The Shorewall-perl compiler is enhanced to be able to handle either an > IPv4 configuration or an IPv6 configuration. > > Key features of Shorewall6 are: > > 1) There is no NAT of any kind (most people see this as a giant step > forward). When an ISP assigns you a public IPv6 address, you are > actually assigned an IPv6 'prefix' which is like an IPv4 subnet. A > 64-bit prefix allows 4 billion individual hosts (the size of the current > IPv4 address space). > > 2) The configuration is kept in /etc/shorewall6 > > 3) The default zone type is ipv6. > > 4) The currently-supported interface options in Shorewall6 are: > > blacklist > bridge > optional > routeback > sourceroute > tcpflags > mss > forward (replaces the IP_FORWARDING .conf option -- forwarding > is enabled on a per-interface basis in IPv6). > > 5) The currently-supported host options in Shorewall6 are: > > blacklist > routeback > tcpflags > > 6) Traffic Shaping and Multi-ISP support are currently disabled. Packet > marking and connection marking are available to feed your current > traffic shaping defined in Shorewall. > > 7) When both an interface and an IPv6 address or address list need to > be specified in a rule, the address or list must be enclosed in square > brackets. Example: > > ACCEPT net:eth0:[2001:19f0:feee::dead:beef:cafe] dmz > > 8) There are currently no Shorewall6 or Shorewall6-lite manpages. > > 9) The options available in shorewall6.conf are a subset of those > available in shorewall.conf > > -Tom > ------------------------------------------------------------------------------ > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > _______________________________________________ Shorewall-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-devel ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
