shorewall_code/Shorewall/known_problems.txt

1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 4.4.20 Shorewall6 installer always installs the 'plain'
    (unannotated) version of shorewall6.conf, regardless of the '-p'
    option.

3)  Fixed item 1 from 4.4.19.4 was inadvertently omitted from
    4.4.20.

2)  A defect introduced in 4.4.20 can cause the following failure at
    start/restart:

	ERROR: Command "tc qdisc add dev eth0 parent 1:11 handle 1:
                        sfq quantum 12498 limit 127 perturb 10" failed

    The error occurs when explicit interface numbers are assigned in
    /etc/shorewall/tcdevices and the default HTB queuing discipline is
    used.

3)  The 'sfilter' interface option introduced in 4.4.20 is not applied
    to traffic addressed to the firewall itself.

4)  IPSEC traffic is incorrectly included in the rules generated by
    sfiltering.

5)  Shorewall 4.4.20 can, under some circumstances, fail during
    iptables-restore with a message such as the following:

    iptables-restore v1.4.10: Couldn't load target
    `dsl0_fwd':/usr/lib/xtables/libipt_dsl0_fwd.so: cannot open shared object
    file: No such file or directory

    Error occurred at line: 113
    Try `iptables-restore -h' or 'iptables-restore --help' for more
    information.

    ERROR: iptables-restore Failed. Input is in
    	   /var/lib/shorewall/.iptables-restore-input

6)  The following extraneous warning message may be ignored:

    	WARNING: sfilter is ineffective with FASTACCEPT=Yes