Document fix for IPSETs and ORIGINAL DEST

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/changelog.txt

@@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 1
 
 1) Apply Togan's patch for installation flexibility.
 
+2) Restore use of IPSETS in the ORIGINAL DEST column.
+
 Changes in Shorewall 4.4.19.1
 
 1)  Eliminate silly duplicate rule when stopped.

Shorewall/releasenotes.txt

@@ -39,6 +39,19 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
     DNAT and REDIRECT rules. That capability, inadvertently dropped in
     Shorewall-perl, has now been restored.
 
+    Please note, however, that using an IPSET in this way will open the
+    server port from the SOURCE zone.
+
+    Example:
+
+    This rule:
+
+    	 DNAT	net	dmz:10.1.10.2	tcp	80	-	+foo
+
+    will implicitly add this rule:
+
+    	 ACCEPT	net	dmz:10.1.10.2	tcp	80
+
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------