From 4e19c193a15206fd51826913bb0f35a83473ba3b Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 31 Jan 2011 07:15:26 -0800
Subject: [PATCH] Document chain name length restriction fix

---
 Shorewall/changelog.txt      |  2 ++
 Shorewall/known_problems.txt | 13 ++++++++++---
 Shorewall/releasenotes.txt   |  5 +++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 083226e5f..4024c121b 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -4,6 +4,8 @@ Changes in Shorewall 4.4.16.3
 
 2)  Correct two defects in compiler module loading.
 
+3)  Ensure that manual and accounting chains aren't too long.
+
 Changes in Shorewall 4.4.16.2
 
 1)  Add sch_prio to modules file.
diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index 5f02575e7..e5295d6e8 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -23,8 +23,8 @@
        a) Copy /usr/share/shorewall/helpers to /etc/shorewall/
        b) Add 'loadmodule sch_prio' to the copy
 
-4)  If the SOURCE column in /etc/shorewall6/rules contains [address],
-    a spurious error is generated:
+4)  If the SOURCE column in /etc/shorewall6/rules contains an address
+    enclosed in [...], a spurious error is generated:
 
     Example:
 
@@ -34,7 +34,14 @@
 
     Workaround:
 
-    Use <address> instead. In the example above, use net:<::/0>.
+    Enclose the address in <...>.  In the example above, use
+    net:<::/0>.
+
+3)  Currently, Shorewall does not check the length of the names of
+    accounting chains and manual chains. This can result in 
+    errors when loading the resulting ruleset if a chain name is longer
+    than 29 characters.
+
 
 
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index b1949dc47..5f60cf703 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -27,6 +27,11 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
     b) A Perl diagnostic was issued when running on a monolithic kernel
        when the modutils package was installed.
 
+3)  Previously, Shorewall did not check the length of the names of
+    accounting chains and manual chains. This could result in 
+    errors when loading the resulting ruleset. Now, the compiler issues
+    an error for chain names longer than 29 characters.
+
 4.4.16.2
 
 1)  Startup could previously fail on a system where module autoloading