diff --git a/Samples/Universal/shorewall.conf b/Samples/Universal/shorewall.conf
index f22e4c76b..337a44138 100644
--- a/Samples/Universal/shorewall.conf
+++ b/Samples/Universal/shorewall.conf
@@ -71,8 +71,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
-IPSECFILE=zones
-
LOCKFILE=
###############################################################################
@@ -212,4 +210,11 @@ TCP_FLAGS_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
+################################################################################
+# L E G A C Y O P T I O N
+# D O N O T D E L E T E O R A L T E R
+################################################################################
+
+IPSECFILE=zones
+
#LAST LINE -- DO NOT REMOVE
diff --git a/Samples/one-interface/shorewall.conf b/Samples/one-interface/shorewall.conf
index abe851590..11601bed0 100644
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@@ -82,8 +82,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
-IPSECFILE=zones
-
LOCKFILE=
###############################################################################
@@ -143,8 +141,6 @@ DISABLE_IPV6=No
DYNAMIC_ZONES=No
-PKTTYPE=Yes
-
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
@@ -223,4 +219,11 @@ TCP_FLAGS_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
+################################################################################
+# L E G A C Y O P T I O N
+# D O N O T D E L E T E O R A L T E R
+################################################################################
+
+IPSECFILE=zones
+
#LAST LINE -- DO NOT REMOVE
diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf
index 3039f5091..0c2015d35 100644
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@@ -82,8 +82,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
-IPSECFILE=zones
-
LOCKFILE=
###############################################################################
@@ -143,8 +141,6 @@ DISABLE_IPV6=No
DYNAMIC_ZONES=No
-PKTTYPE=Yes
-
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
@@ -223,4 +219,11 @@ TCP_FLAGS_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
+################################################################################
+# L E G A C Y O P T I O N
+# D O N O T D E L E T E O R A L T E R
+################################################################################
+
+IPSECFILE=zones
+
#LAST LINE -- DO NOT REMOVE
diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf
index a47c3da7f..1befe2403 100644
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@@ -89,8 +89,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
-IPSECFILE=zones
-
LOCKFILE=
###############################################################################
@@ -150,8 +148,6 @@ DISABLE_IPV6=No
DYNAMIC_ZONES=No
-PKTTYPE=Yes
-
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
@@ -230,4 +226,11 @@ TCP_FLAGS_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
+################################################################################
+# L E G A C Y O P T I O N
+# D O N O T D E L E T E O R A L T E R
+################################################################################
+
+IPSECFILE=zones
+
#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index de66a459d..3ddc97b61 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -73,8 +73,6 @@ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
-IPSECFILE=zones
-
LOCKFILE=
###############################################################################
@@ -198,7 +196,7 @@ EXPORTMODULES=Yes
ACCOUNTING_TABLE=filter
-LEGACY_FASTSTART=No
+LEGACY_FASTSTART=Yes
###############################################################################
# P A C K E T D I S P O S I T I O N
@@ -214,4 +212,11 @@ SMURF_DISPOSITION=DROP
FILTER_DISPOSITION=DROP
+################################################################################
+# L E G A C Y O P T I O N
+# D O N O T D E L E T E O R A L T E R
+################################################################################
+
+IPSECFILE=zones
+
#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 9149e3ae4..69b95fa95 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -70,6 +70,9 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
#ZONE INTERFACE BROADCAST OPTIONS
loc br1 - sfilter=2001:470:b:227::40/124
+3) The obsolete PKTTYPE option has been removed from shorewall.conf
+ and the associated manpage.
+
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index b522d68c2..7d1b31a15 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -821,6 +821,20 @@ net all DROP infothen the chain name is 'net2all'
+
+ IPSECFILE=zones
+
+
+ This option indicates that zone-related ipsec information is
+ found in the zones file (shorewall-zones(5)). The option
+ indicates to the compiler that this is not a legacy configuration
+ where the ipsec information was contained in a separate file. The
+ value of this option must not be changed and the option must not be
+ deleted.
+
+
+
IPSET=[pathname]
@@ -1475,17 +1489,6 @@ net all DROP infothen the chain name is 'net2all'
-
- PKTTYPE={Yes|No}
-
-
- Obsolete - This option is
- included for compatibility with older Shorewall releases. Its
- setting has no effect.
-
-
-
RCP_COMMAND="command