diff --git a/docs/LennyToSqueeze.xml b/docs/LennyToSqueeze.xml
index cc98129e5..402209338 100644
--- a/docs/LennyToSqueeze.xml
+++ b/docs/LennyToSqueeze.xml
@@ -47,7 +47,8 @@
Although this article is targeted specifically at Lenny ->
Squeeze upgrades, it should be useful to any Shorewall-shell user
- upgrading to Shorewall 4.4.x.
+ upgrading to Shorewall 4.4.x. Footnotes are used to flag areas where
+ non-Debian users may experience different results.
@@ -55,7 +56,12 @@
Packaging Differences
The first key difference between Shorewall 4.0 and Shorewall 4.4 is
- in the packaging. In Lenny, there are six Shorewall packages:
+ in the packaging
+ Most distributions use a similar packaging structure. Note,
+ however, that the 'shorewall' package in Simon Mater's RPMs for
+ RedHat/Fedora/CentOS is like the Debian shorewall-common
+ package.
+ . In Lenny, there are six Shorewall packages:
@@ -151,9 +157,17 @@
Squeeze does not include the shell-based configuration compiler. As a
consequence, unless you are already using Shorewall-perl on Lenny, an
upgrade from Lenny to Squeeze will mean that you will be switching from
- the old shell-based compiler to the new Perl-based compiler. While the two
- compilers are highly compatible, there are some differences. Those
- differences are detailed in the following sections.
+ the old shell-based compiler to the new Perl-based compiler
+ Note that Perl is a required package on Debian. If you are
+ running an embedded distribution which does not include Perl and it is
+ not feasible to install Perl on your firewall, then you should
+ consider installing Shorewall on another system in your network (may
+ be a Windows system running
+ Cygwin) and installing Shorewall-lite on your
+ firewall.
+ . While the two compilers are highly compatible, there are
+ some differences. Those differences are detailed in the following
+ sections.
@@ -206,10 +220,17 @@
by Shorewall 4.4.x
You should not be receiving this error if you are upgrading
- from Lenny since BRIDGING=Yes did not work in that release. If you
- have a bridge configuration where you want to control connections
- through the bridge, you will want to visit http://www.shorewall.net/bridge-Shorewall-perl.html.
+ from Lenny since BRIDGING=Yes did not work in that
+ release
+ If you are upgrading from a release using a kernel
+ earlier than 2.6.20, then BRIDGING=Yes did work correctly with
+ Shorewall-shell.
+ . If you have a bridge configuration where you want
+ to control connections through the bridge, you will want to visit
+ http://www.shorewall.net/bridge-Shorewall-perl.html
+ Kernel 2.6.20 or later is required.
+ .
@@ -450,7 +471,11 @@ ipsec2 ipv4
The BROADCAST column is essentially unused in Squeeze. If it
contains anything except 'detect' or '-', then you will receive this
- warning:
+ warning
+ Users whose kernel and/or iptables do not include Address Type
+ Match Support can continue to list broadcast addresses in this
+ column; no warning will be issued.
+ :
WARNING: Shorewall no longer uses