shorewall_code/STABLE2/releasenotes.txt

Shorewall 2.0.7

----------------------------------------------------------------------
Problems Corrected in version 2.0.4

1)  A DNAT rule with 'fw' as the source that specified logging caused
    "shorewall start" to fail.

----------------------------------------------------------------------
Problems Corrected in version 2.0.5

1) Eliminated "$RESTOREBASE: ambiguous redirect" messages during 
   "shorewll stop" in the case where DISABLE_IPV6=Yes in 
   shorewall.conf.

2) An anachronistic reference to the mangle option was removed from
   shorewall.conf.

----------------------------------------------------------------------
Problems Corrected in version 2.0.6

1) Some users have reported the pkttype match option in iptables/
   Netfilter failing to match certain broadcast packets. The result 
   is that the firewall log shows a lot of broadcast packets.

   Other users have complained of the following message when 
   starting Shorewall:

	    modprobe: cant locate module ipt_pkttype

   Users experiencing either of these problems can use PKTTYPE=No in
   shorewall.conf to cause Shorewall to use IP address filtering of 
   broadcasts rather than packet type.

2) The shorewall.conf and zones file are no longer given execute
   permission by the installer script.

3) ICMP packets that are in the INVALID state are now dropped by the
   Reject and Drop default actions. They do so using the new 
   'dropInvalid' builtin action.
-----------------------------------------------------------------------
Problems Corrected in version 2.0.7

1) To improve supportability, the "shorewall status" command now
   includes the output from "ip rule ls" and "ip addr ls".