Changes since 1.4.5 1) Worked around RH7.3 "service" anomaly. 2) Implemented 'newnotsyn' interface option. 3) Document range in masq ADDRESS column and suppress ADD_SNAT_ALIASES behavior in that case. 4) Enable ADD_SNAT_ALIASES=Yes for SNAT ranges. 5) Allow Shorewall to add aliases to other than the first subnet on an interface. 6) Add support for load-balancing. 7) Toned down the disclaimer for the 'check' command. 8) Implemented support for the Connection Tracking Match extension in iptables 1.2.8/Kernel 2.4.21. 9) Removed the NAT_ENABLED, MANGLE_ENABLED and MULTIPORT configuration parameters and replaced them with code that detects these capabilities. 10) Added the SHOREWALL_SHELL configuraiton parameter. 11) Fixed capability reporting (thanks to Simon Matter). 12) Correct the implementation of destination IP list in DNAT[-] rules. 13) Check for broken shells that don't support "^" in arithmetic expressions or whose arithmetic support is otherwise broken.