From 51dec8cf86a6c4c5518991f259304383157b5912 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 19 Feb 2011 08:33:15 -0800
Subject: [PATCH] Document USER/GROUP accounting restriction

---
 Shorewall/releasenotes.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 47ba48f0f..6a9bcd7eb 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -113,6 +113,11 @@ None.
     - Traffic being forwarded through the firewall goes through the
       rules defined in the FORWARD section.
 
+    As part of this change, the USER/GROUP column must now be empty
+    except in the OUTPUT section. This is consistent with recent
+    Netfilter releases which disallow the owner match in rules
+    reachable from the INPUT and FORWARD hooks.
+
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------