Changes in 3.0.1 1) Set policies for chains in nat, mangle and raw tables. 2) Applied Tuomo's patch for Makefile. 3) Add Farkas ordering to generated SOURCE and DEST column when expanding macros. 4) Clarify PORTS column in blacklist file. 5) Correct CLAMPMSS/FASTACCEPT interaction. Changes in 3.0.0 Final None. Changes in 3.0.0 RC 3. 1) ROUTE target and Extended Mark removed from capabilities. 2) Suppress 'ambiguous redirect' error messages. 3) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon). 4) Stop whining about ipt_owner messages under kernel 2.6.14. 5) Update config files with cmd-owner info. 6) Fix DHCP with MACLIST_TABLE=mangle. 7) Remove Slackware special case from INSTALL instructions. Changes in 3.0.0 RC 2. 1) Fix support for OpenVPN and tcp. 2) Correct cut-and-paste error in 'arp_ignore' processing. 3) Add 'src' to gateway routes. Make 'find_first_interface_address' look for global addresses only. 4) Update /etc/shorewall/interfaces to describe multiple interfaces to a zone. Changes in 3.0.0 RC 1. 1) Correct spelling of MACLIST_TABLE in shorewall.conf. Changes in 3.0.0 Beta 1. 1) Add TC_ENABLED=Internal 2) Fix default tc class bug. Changes in 2.5.8 1) Fix 'shorewall refresh' with long tcrules entries. 2) Implement MACLIST_TABLE. 3) Make tc class ids unique between devices. Changes in 2.5.7 1) Fix ADMINISABSENTMINDED=Yes vs. entries in /etc/shorewall/routestopped. 2) Fix traffic shaping and "shorewall refresh" 3) Add capabilities report to "shorewall dump". 4) Rename 'plain' to 'ipv4' 5) Deimplement NEWNOTSYN 6) Fix logging IPP2P rules. 7) Add zone type to /var/lib/shorewall/zones. 8) Give better diagnostics when IPP2P match isn't available. 9) Do not touch mangle chain during "refresh". 10) Implement support for UDP IPP2P Matching. Changes in 2.5.6 1) Finish install/fallback cleanup. 2) Fix startup failure. 3) Add "-n" option. Changes in 2.5.5 1) Zone file alchemy attempted. 2) Fix install.sh re: Makefile 3) Fix error handling. 4) Add SHOREWALL_LIBRARY function. Changes in 2.5.4 1) Allow TAG to be used as a general parameter mechanism [hack]. 2) Fix some ghastly bugs in macros. 3) "shorewall check" now checks the masq file. 4) "shorewall check" now checks the proxyarp file. 5) "shorewall check" now checks the nat file. 6) "shorewall check" now checks the providers file. 7) Merge 'tc4shorewall' 8) Modify tc4shorewall so that it plays well with Shorewall save/restore. Changes in 2.5.3 1) Allow exclusion lists in /etc/shorewall/tcrules. 2) Added 'openvpnserver' and 'openvpnclient' tunnel types. 3) Set COMMAND=restore in restore-base. 4) Allow exclusion lists in actions. 5) Make intra-zone policies more rational. 6) Clear the raw table on stop and [re]start 7) Section the rules file. 8) Fixed tunnels/rules interaction problems. 9) Provide hack for passing arguments to action extension scripts. Changes in 2.5.2 1) Allow port lists in /etc/shorewall/accounting. 2) Fix PKTTYPE=No and packet type match capability reporting. 3) Add FASTACCEPT option. 4) Generate error if norfc1918 is specified on an interface with an RFC 1918 IP address. 5) Implement exclusion lists in /etc/shorewall/rules. Changes in 2.5.1 1) Make "shorewall add" work with 'ipsec' in hosts file. 2) Remove dependence on 'which' 3) Rename "status" to "dump" and add real status command. 4) Fix Makefile (compare to restore-base rather than restarted). 5) Add "all+" 6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME 7) Add FASTACCEPT option in shorewall.conf. 8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP address. 9) Finally implement exclude lists in rules. Changes in 2.5.1ex/2.5.0 1) Clean up handling of zones 2) Make the removal of the ipsec file upward compatible. 3) Improve CONTINUE policy handling. 4) Implement arp_ignore support. Changes in 2.5.0ex 1) Make warning and error messages easier to find by using capitalization. 2) Remove /etc/shorewall/ipsec and merge it's function with /etc/shorewall/zones. 3) Apply small fix to the above patch. 4) Remove dynamic zone support. 5) Add "established policy" support. 6) Add CRITICALHOSTS support. 7) Remove 'bogon' stuff. 8) Implement Macros.