Date: Fri, 31 May 2002 04:38:59 +0400 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Re: kernel 2.4 On Thu, May 30, 2002 at 02:02:40PM +0200, Radoslaw Stachowiak wrote: > after reading list archive i found: > >> Userland package not yet ready to support 2.4 kernel. Is there any > >> chance to use 2.4 kernel on Owl? > > >Most things appear to work in practice. Including insmod. But I'm > >not using 2.4 kernels in production yet, nor do I recommend doing so. > > can anyone confirm running kernel 2.4 on -current Owl? I can. I do so on one of my systems at home (with X and lots of other stuff installed, but the base system is Owl-current) and on one of the servers at work. Also with ext3fs. Both are x86/SMP. (That's a very small percentage of the Owl installs we have.) What doesn't work yet is most importantly Owl _builds_ (buildworld) with Linux 2.4 kernel headers. This also means that not all of the kernel features are available to such a userland (libraries built against Linux 2.2 header files don't get a chance to detect Linux 2.4 specific features). > propably ill do it very soon, but i like to know other > opinions/suggestions. Maybe someone can provide me list of > need-to-update-packages for 2.4 compatility? Things just work. But not rebuilds of the Owl userland with the 2.4 kernels (you may be _running_ 2.4 when doing the rebuilds, but for everything to build you'd need to provide 2.2 kernel headers). We will be fixing that. Rebuilds of 2.4 kernels themselves on Owl-current do work. iptables you will need to build, it is simply not a part of Owl yet. The two installs I mentioned use 2.4's ipchains compatibility. > I have to use 2.4 due to netfilter. > > after digging in archives it was quite suprising for me that most > 2.4-upgrade reasons were filesystem issues. > > For me Owl, with its security, is perfect match for firewall/router which > extremly needs flexible statefull firewalling code (netfilter) instead > old and feature lacking ipchains. As Michael has pointed out, stateful firewalling isn't always better than static packet filters. In fact, I try to do as much as possible with static filters. And it's not just DoS issues, stateful filters also run a higher risk of being bypassed. -- /sd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.