Shorewall 3.3.1
	  	 
 Note to users upgrading from Shorewall 3.0 or 3.2	 
  	 
    Most problems associated with upgrades come from two causes: 	 
	  	 
    - The user didn't read and follow the migration considerations in these 	 
      release notes. 	 
	  	 
    - The user mis-handled the /etc/shorewall/shorewall.conf file during 	 
      upgrade. Shorewall is designed to allow the default behavior of 	 
      the product to evolve over time. To make this possible, the design 	 
      assumes that you will not replace your current shorewall.conf file 	 
      during upgrades. If you feel absolutely compelled to have the latest 	 
      comments and options in your shorewall.conf then you must proceed 	 
      carefully. 	 
	  	 
    While you are at it, if you have a file named /etc/shorewall/rfc1918 then 	 
    please check that file. If it has addresses listed that are NOT in one of 	 
    these three ranges, then please rename the file to 	 
    /etc/shorewall/rfc1918.old. 	 
  	 
         10.0.0.0 - 10.255.255.255 	 
         172.16.0.0 - 172.31.255.255 	 
         192.168.0.0 - 192.168.255.255 	 
  	 
    If you have a file named /etc/shorewall/modules, please remove 	 
    it. The default modules file is now located in /usr/share/shorewall/ 	 
    (see the "Migration Considerations" below). 	 
  	 
    Please see the "Migration Considerations" below for additional upgrade 	 
    information. 	 
  	 
Problems Corrected in 3.3.1

1)  The 'proxyarp' option in /etc/shorewall/interfaces was not
    triggering the loading of lib.proxyarp with the result that the
    option was ignored unless there were also entries in
    /etc/shorewall/proxyarp.

Other changes in 3.3.1

None. 

Migration Considerations: 	 
  	 
New Features:

1)  In order to accomodate small embedded applications, Shorewall 3.3
    is now modularized. In addition to the base files, there are
    loadable "libraries" that may be included or omitted from an
    embedded system as required.

    Loadable Shorewall libraries reside in /usr/share/shorewall/ and
    have names that begin with "lib.". The following libraries are
    included in Shorewall 3.3:

    - lib.accounting. Must be available if you include entries in
      /etc/shorewall/accounting.

    - lib.dynamiczones. Must be available if you specify
      DYNAMIC_ZONES=Yes in shorewall.conf.

    - lib.maclist. Must be available if you specify the 'maclist'
      option in /etc/shorewall/interfaces or /etc/shorewall/hosts.

    - lib.nat. Must be available if you have entries in
      /etc/shorewall/masq, /etc/shorewall/nat or /etc/shorewall/netmap.

    - lib.providers. Must be available if you have entries in
      /etc/shorewall/providers.

    - lib.proxyarp. Must be available if you have entries in
      /etc/shorewall/proxyarp or if you specify the 'proxyarp' option
      in /etc/shorewall/interfaces.

    - lib.tc. Must be available if you have entries in
      /etc/shorewall/tcdevices and /etc/shorewall/tcclasses.

    - lib.tcrules. Must be available if you have entries in
      /etc/shorewall/tcrules.

    - lib.tunnels. Must be available if you have entries in
      /etc/shorewall/tunnels.

    Embedded applications can further decrease the size of the Shorewall
    footprint by:

    - Omitting the macro files.
    - Only including the 'modules' file appropriate for the kernel in
      use.
    - Omitting all unused extension scripts.
    - Stripping the comments (except for copyright) from the various
      files.