nano -w /etc/portage/package.keywords
==
net-firewall/iptables
net-firewall/shorewall
sys-kernel/genkernel
==
emerge -pv shorewall
emerge shorewall
==
NAT: Not available
Packet Mangling: Not available
Multi-port Match: Not available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
CLASSIFY Target: Not available
==
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
http://www.gentoo.org/proj/en/infrastructure/firewall/server-firewall.xml
http://www.gentoo.org/doc/en/genkernel.xml
http://gentoo-wiki.com/HOWTO_Compile_a_Kernel_Manually
genkernel –menuconfig all
==
Device Drivers —>
Networking Support —>
Networking Options —>
<*> PF_KEY sockets
<*> IP: AH transformations
<*> IP: ESP transformations
<*> IP: IPComp transformations
<*> IP: tunnel transformations
<*> IPsec user configuration interface
Network Packet Filtering —>
IP: Netfilter Configuration —>
<*> IPsec policy match support
==
==
[*] QoS and/or fair queueing
[*] HBQ
==
=n=
You could also specify pf_key, ah?, esp?, ipcomp and xfrm_user as modules (M) but then you would have to load them at boot time by including them in /etc/modules.autoload.d/kernel-
=n=
nano -w /etc/modules.autoload.d/kernel-2.6
or
echo “ip_tables” >> /etc/modules.autoload.d/kernel-2.6 && modules-update
# ebuild /path/to/iptables.ebuild compile
# ebuild /path/to/iptables.ebuild install
# ebuild /path/to/iptables.ebuild qmerge
shorewall show capabilities
=o=
Policy Match: Available
=o=
You can now define IPsec tunnels within Shorewall’s configuration files in /etc/shorewall/