diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml
index 1ba8f2129..1b30333fd 100644
--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@@ -200,6 +200,149 @@
against the parent zone(s) rules. In 4.4.0, such traffic IS compared
against the parent zone rules.
+
+
+ The name any is now reserved
+ and may not be used as a zone name.
+
+
+
+ Perl module initialization has changed in Shorewall 4.4.1.
+ Previously, each Shorewall Perl package would initialize its global
+ variables for IPv4 in an INIT block. Then, if the compilation turned
+ out to be for IPv6, Shorewall::Compiler::compiler() would reinitialize
+ them for IPv6.
+
+ Beginning in Shorewall 4.4.1, the modules do not initialize
+ themselves in an INIT block. So if you use Shorewall modules outside
+ of the Shorewall compilation environment, then you must explicitly
+ call the module's 'initialize' function after the module has been
+ loaded.
+
+
+
+ Checking for zone membership has been tighened up. Previously, a
+ zone could contain <interface>:0.0.0.0/0 along with other hosts;
+ now, if the zone has <interface>:0.0.0.0/0 (even with
+ exclusions), then it may have no additional members in /etc/shorewall/hosts.
+
+
+
+ ADD_IP_ALIASES=No is now the setting in the released shorewall.conf and in all
+ of the samples. This will not affect you during upgrade unless you
+ choose to replace your current shorewall.conf with the one from the
+ release (not recommended).
+
+
+
+ The names of interface configuration variables in generated
+ scripts have been changed to ensure uniqueness. These names now begin
+ with SW_. This change will only affect you if your extension scripts
+ are using one or more of these variables.
+
+
+
+
+
+ Old Variable Name
+
+ New Variable Name
+
+
+
+ iface_address
+
+ SW_iface_ADDRESS
+
+
+
+ iface_BCASTS
+
+ SW_iface_BCASTS
+
+
+
+ iface_ACASTS
+
+ SW_iface_CASTS
+
+
+
+ iface_GATEWAY
+
+ SW_iface_NETWORKS
+
+
+
+ iface_ADDRESSES
+
+ SW_iface_ADDRESSES
+
+
+
+ iface_NETWORKS
+
+ SW_iface_NETWORKS
+
+
+
+ iface_MAC
+
+ SW_iface_MAC
+
+
+
+ provider_IS_USABLE
+
+ SW_provider_IS_USABLE
+
+
+
+
+
+ were iface is a capitalized interface
+ name (e.g., ETH0) and provider isthe
+ capitalized name of a provider.
+
+
+
+ If your /etc/shorewall/params (or
+ /etc/shorewall6/params)
+ file sends output to Standard Output, you need to be aware that the
+ output will be redirected to Standard Error beginning with Shorewall
+ 4.4.16.
+
+
+
+ Beginning with Shorewall 4.4.17, the EXPORTPARAMS option is
+ deprecated. With EXPORTPARAMS=No, the variables set by /etc/shorewall/params
+ (/etc/shorewall6/params)
+ at compile time are now available in the compiled firewall
+ script.
+
+
+
+ The iprange and ipaddr
+ commands require the 'bc' utility.
+
+
+
+ Beginning with Shorewall 4.4.26, the WIDE_TC_MARKS and
+ HIGH_ROUTE_MARKS options are deprecated in favor of TC_BITS,
+ MASK_BITS, PROVIDER_BITS and PROVIDER_OFFSET. See the Packet Marking using
+ /etc/shorewall/tcrules article. The shorewall
+ update (shorewall6 update) command will
+ automatically generate the correct values for these new options
+ depending on your settings of WIDE_TC_MARKS and
+ HIGH_ROUTE_MARKS.
+
Be sure to check the latest 4.4 Release Notes linked from the