diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 30a73d7cd..c417e3671 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -6,6 +6,8 @@ Changes in 3.4.0 Beta 3
 
 3)  Be more careful about converting pre-3.2 maclist records.
 
+4)  'noah' is implied by ipsecnat in /etc/shorewall/tunnels.
+
 Changes in 3.4.0 Beta 2
 
 1)  Fix for empty blacklist file.
diff --git a/Shorewall/lib.tunnels b/Shorewall/lib.tunnels
index 8b34929e9..21c2755fc 100644
--- a/Shorewall/lib.tunnels
+++ b/Shorewall/lib.tunnels
@@ -49,6 +49,8 @@ setup_tunnels() # $1 = name of tunnels file
 
 	[ $kind = IPSEC ] && kind=ipsec
 
+	[ $kind = ipsec ] || noah=noah
+
 	options="-m state --state NEW -j ACCEPT"
 	addrule2 $inchain	  -p 50	 $source -j ACCEPT
 	addrule2 $outchain	  -p 50	 $dest   -j ACCEPT
diff --git a/Shorewall/macro.BitTorrent b/Shorewall/macro.BitTorrent
index 09a26b1b4..b418e6786 100644
--- a/Shorewall/macro.BitTorrent
+++ b/Shorewall/macro.BitTorrent
@@ -11,6 +11,7 @@
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
-#PARAM	-	-	udp	6881
+#
+PARAM	-	-	udp	6881
 #
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 798aa5bc1..cc85ac8e6 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -52,7 +52,14 @@ Problems Corrected in 3.4.0 Beta 3
 
     The new error message is:
 
-        ERROR: Invalid DISPOSITION (ALOW:info) in rule "ALOW:info eth0 02:0C:03:04:05:06"
+        ERROR: Invalid DISPOSITION (ALOW:info) in rule "ALOW:info eth0
+        02:0C:03:04:05:06"
+
+Other Changes in 3.4.0 Beta 3
+
+1)  Previously, 'ipsecnat' tunnels allowed AH traffic by default
+    (unless 'isecnat:noah' was given). Given that AH is incompatible
+    with nat-traversal, 'ipsecnat' now implies 'ipsecnat:noah'.
 
 Migration Considerations:
 
@@ -126,6 +133,11 @@ Migration Considerations:
     /etc/shorewall-lite/shorewall-lite.conf. When you upgrade,
     your shorewall.conf file will be renamed shorewall-lite.conf.
 
+5)  Previously, 'ipsecnat' tunnels allowed AH traffic by default
+    (unless 'isecnat:noah' was given). Given that AH is incompatible
+    with nat-traversal, 'ipsecnat' now implies 'ipsecnat:noah' and the
+    latter is now redundant.
+
 New Features in Shorewall 3.4:
 
 1)  In order to accomodate small embedded applications, Shorewall 3.4