shorewall_code/STABLE/releasenotes.txt

This is a bugfix release of Shorewall.

Problems Corrected since version 1.4.6:

1) Tuomo Soini has supplied a correction to a problem that occurs using
   some versions of 'ash'. The symptom is that "shorewall start" fails
   with:

   local: --limit: bad variable name
   iptables v1.2.8: Couldn't load match `-j':/lib/iptables/libipt_-j.so: 
   cannot open shared object file: No such file or directory
   Try `iptables -h' or 'iptables --help' for more information.

2) Andres Zhoglo has supplied a correction that avoids trying to use
   the multiport match iptables facility on ICMP rules.

   Example of rule that previously caused "shorewall start" to fail:

	   ACCEPT      loc  $FW  icmp    0,8,11,12

3) Previously, if the following error message was issued, Shorewall
   was left in an inconsistent state.

   Error: Unable to determine the routes through interface xxx

4) Handling of the LOGUNCLEAN option in shorewall.conf has been
   corrected.

5) In Shorewall 1.4.2, an optimization was added. This optimization
   involved creating a chain named "<zone>_frwd" for most zones
   defined using the /etc/shorewall/hosts file. It has since been
   discovered that in many cases these new chains contain redundant
   rules and that the "optimization" turns out to be less than
   optimal. The implementation has now been corrected.

6) When the MARK value in a tcrules entry is followed by ":F" or ":P",
   the ":F" or ":P" was previously only applied to the first Netfilter
   rule generated by the entry. It is now applied to all entries.

7) The original fix for item 5) above contained a bug which caused the
   "<zone>_frwd" chain to have too few rules. That has been corrected.  

Migration Issues:

None.

New Features:

None.