>Does this imply that compiling the ipchains compatibility 'fix' into the
>kernel does not work?
Not exactly sure what "fix" you're refering to exactly. My
comments assume one is using a Red Hat supplied kernel.
If you use the Red Hat supplied kernels, ipchains is supported
via loadable kernel modules. By default no firewalling modules
are loaded at all. Red Hat kernels support both ipchains and
iptables firewalling via kernel modules. It is not possible to
use both simultaneously nor load support for both simultaneously,
so whatever firewall software you are using, be it the supplied
tools, 3rd party tools, or a homemade script, each is responsible
for loading the kernel modules that it requires.
If using the supplied Red Hat firewall configuration tools, the
appropriate firewall modules should get loaded by the supplied
ipchains or iptables initscripts assuming the given service has
been enabled properly and the firewall properly configured.
If using alternative firewall tools, or homebrew firewall
scripts, you need to manually load either the ipchains module or
the iptables modules depending on which interface the firewall
scripts you are using require. The supplied ipchains/iptables
initscripts are part of the supplied tools, and are not intended
for generically loading kernel modules for custom scripts.
If you use custom kernels, you may or may not have to load kernel
modules depending on how you built the kernel.
There seems to be some confusion lately with ipchains and
iptables and the supplied initscripts. I am just clarifying that
the initscripts are not intended for homebrew scripts. This is
probably confused by the choice of names for the initscripts.
Instead of being called /etc/init.d/ipchains, it probably should
have been called /etc/init.d/redhat-ipchains-firewall, or
/etc/init.d/redhat-lokkit or somesuch.
Hope this clarifies things a bit.