Changes in 2.5.3 1) Allow exclusion lists in /etc/shorewall/tcrules. 2) Added 'openvpnserver' and 'openvpnclient' tunnel types. 3) Set COMMAND=restore in restore-base. 4) Allow exclusion lists in actions. 5) Make intra-zone policies more rational. 6) Clear the raw table on stop and [re]start 7) Section the rules file. 8) Fixed tunnels/rules interaction problems. Changes in 2.5.2 1) Allow port lists in /etc/sorewall/accounting. 2) Fix PKTTYPE=No and packet type match capability reporting. 3) Add FASTACCEPT option. 4) Generate error if norfc1918 is specified on an interface with an RFC 1918 IP address. 5) Implement exclusion lists in /etc/shorewall/rules. Changes in 2.5.1 1) Make "shorewall add" work with 'ipsec' in hosts file. 2) Remove dependence on 'which' 3) Rename "status" to "dump" and add real status command. 4) Fix Makefile (compare to restore-base rather than restarted). 5) Add "all+" 6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME 7) Add FASTACCEPT option in shorewall.conf. 8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP address. 9) Finally implement exclude lists in rules. Changes in 2.5.1ex/2.5.0 1) Clean up handling of zones 2) Make the removal of the ipsec file upward compatible. 3) Improve CONTINUE policy handling. 4) Implement arp_ignore support. Changes in 2.5.0ex 1) Make warning and error messages easier to find by using capitalization. 2) Remove /etc/shorewall/ipsec and merge it's function with /etc/shorewall/zones. 3) Apply small fix to the above patch. 4) Remove dynamic zone support. 5) Add "established policy" support. 6) Add CRITICALHOSTS support. 7) Remove 'bogon' stuff. 8) Implement Macros.