Add additional migration considerations for 2.0 users

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -24,6 +24,8 @@ Changes in 3.0.3
 
 12) Correct README.txt
 
+13) Add upgrade considerations for 2.0 users to release notes.
+
 Changes in 3.0.2
 
 1) Typos in the Samples corrected.

Shorewall/releasenotes.txt

@@ -61,7 +61,7 @@ New Features in 3.0.3
 1) A "shorewall show macros" command has been added. This command displays
    a list of the standard macros along with a brief description of each.
 
-2) The '-q' option now works with 'safe-start' and 'safe-restart'.
+2) The '-q' option is now supported with 'safe-start' and 'safe-restart'.
 
 3) The value "-" is now allowed in the ADDRESS/SUBNET column of
    /etc/shorewall/blacklist. That value is equivalent to specifying
@@ -364,7 +364,79 @@ Migration Considerations for Users upgrade from Shorewall 2.2 or 2.4.
     /etc/shorewall/tcstart so if you set TC_ENABLED=Yes, then you must
     supply that script.
 
-New Features in Shorewall 3.0.*
+Additional Migration Considerations for Users upgrading from Shorewall 2.0.
+
+Note that these are in addition to the considerations listed above.
+
+1)  Shorewall configuration files except shorewall.conf are now empty
+    (they contain only comments). If you wish to retain the defaults
+    in any of the following files, you should copy these files before
+    upgrading them then restore them after the upgrade:
+
+    /etc/shorewall/zones
+    /etc/shorewall/policy
+    /etc/shorewall/tos
+
+2)  If shorewall.conf is upgraded to the latest version, it needs to be
+    modified to set STARTUP_ENABLED=Yes
+
+3) 5)  The ORIGINAL DEST column of the /etc/shorewall/rules file may no
+    longer contain a second (SNAT) address. You must use an entry in
+    /etc/shorewall/masq instead.
+
+    Example from Shorewall FAQ #1:
+
+    Prior to Shorewall 2.2:
+
+	  /etc/shorewall/interfaces
+
+		loc	eth1	detect	routeback,...
+
+	  /etc/shorewall/rules
+
+		DNAT	loc	loc:192.168.1.12	tcp	80 \
+			-	130.252.100.69:192.168.1.254
+
+    Shorewall 2.2 and Later:
+
+	  /etc/shorewall/interfaces
+
+		loc	eth1	detect	routeback,...
+
+	  /etc/shorewall/masq:
+
+		eth1	eth1	192.168.1.254	tcp	80
+
+
+	  /etc/shorewall/rules:
+
+		DNAT	loc	loc:192.168.1.12	tcp	80 \
+			-	130.252.100.69
+
+4)  The 'logunclean' and 'dropunclean' options that were deprecated in
+    Shorewall 2.0 have now been removed completely.
+
+5)  A new IPTABLES variable has been added to shorewall.conf. This
+    variable names the iptables executable that Shorewall will use. The
+    variable is set to "/sbin/iptables". If you use the new
+    shorewall.conf, you may need to change this setting to maintain
+    compabibility with your current setup (if you use your existing
+    shorewall.conf that does not set IPTABLES then you should
+    experience no change in behavior).
+
+6)  The default port for OpenVPN tunnels has been changed from 5000 to
+    1194 to reflect the recent IANA allocation of that port for
+    OpenVPN.
+
+7)  If you are setting a shell variable using a statement similar to:
+
+	ETH0_IP=`find_interface_address eth0`
+
+    then you must change that statement to read as follows:
+
+	ETH0_IP=`find_first_interface_address eth0`
+
+New Features in Shorewall 3.0.0
 
 1) Error and warning messages are made easier to spot by using
    capitalization (e.g., ERROR: and WARNING:).