diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index 3b999b15a..67a259e41 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -6,6 +6,8 @@ Changes in 2.2.4
 
 3) Make an error message more self-explanatory
 
+4) Report Owner Match capability
+
 Changes in 2.2.3
 
 1) Added the 'continue' extension script.
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index e764d1499..37193674a 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -5651,6 +5651,7 @@ determine_capabilities() {
     PHYSDEV_MATCH=
     IPRANGE_MATCH=
     RECENT_MATCH=
+    OWNER_MATCH=
 
     qt $IPTABLES -N fooX1234
     qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT             && CONNTRACK_MATCH=Yes
@@ -5660,6 +5661,7 @@ determine_capabilities() {
     qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT                     && PHYSDEV_MATCH=Yes
     qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes
     qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT                               && RECENT_MATCH=Yes
+    qt $IPTABLES -A fooX1234 -m owner --cmd-owner foo -j ACCEPT                         && OWNER_MATCH=Yes
 
     if [ -n "$PKTTYPE" ]; then
 	qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
@@ -5690,6 +5692,7 @@ report_capabilities() {
     report_capability "Physdev Match" $PHYSDEV_MATCH
     report_capability "IP range Match" $IPRANGE_MATCH
     report_capability "Recent Match" $RECENT_MATCH
+    report_capability "Owner Match" $OWNER_MATCH
 }
 
 #
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 218c64171..c564b5feb 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -61,6 +61,10 @@ New Features in version 2.2.4
 
 	     allowoutUPnP	fw	loc
 
+	     Note: To use 'allowoutUPnP', your iptables and kernel must
+	     support the 'owner match' feature (see the output of
+	     "shorewall check").
+
 	     If your loc->fw policy is not ACCEPT then you need this
 	     rule:
 
diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec
index 4fbc6ebc2..7a5e2cfcf 100644
--- a/Shorewall2/shorewall.spec
+++ b/Shorewall2/shorewall.spec
@@ -139,6 +139,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
 
 %changelog
+* Fri Apr 08 2005 Tom Eastep tom@shorewall.net
+- Added /etc/shorewall/started
 * Tue Apr 05 2005 Tom Eastep tom@shorewall.net
 - Updated to 2.2.3-1
 * Mon Mar 07 2005 Tom Eastep tom@shorewall.net