Initialize release documents for 4.4.15

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/changelog.txt

@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.15
+
+1)  Handle exported VERBOSE.
+
 Changes in Shorewall 4.4.14
 
 1)  Support ipset lists.

Shorewall/releasenotes.txt

@@ -1,5 +1,6 @@
 ----------------------------------------------------------------------------
-                      S H O R E W A L L  4 . 4 . 1 4
+                      S H O R E W A L L  4 . 4 . 1 5
+                               B E T A  1
 ----------------------------------------------------------------------------
 
 I.    PROBLEMS CORRECTED IN THIS RELEASE
@@ -13,98 +14,8 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
   I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-1)  Previously, messages to the STARTUP_LOG had inconsistent date formats.
-
-2)  The blacklisting change in 4.4.13 was broken in some simple
-    configurations with the effect that blacklisting was not enabled.
-
-3)  Previously, Shorewall6 produced an untidy sequence of error
-    messages when an attempt was made to start it on a system running a
-    kernel older than 2.6.24:
-
-       [root@localhost shorewall6]# shorewall6 start
-       Compiling...
-       Processing /etc/shorewall6/shorewall6.conf...
-       Loading Modules...
-       Compiling /etc/shorewall6/zones...
-       ...
-       Shorewall configuration compiled to /var/lib/shorewall6/.start
-          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
-       /usr/share/shorewall6/lib.common: line 73:
-             [: -lt: unary operator expected
-          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
-       [root@localhost shorewall6]#
-
-    This has been corrected so that a single ERROR message is
-    generated.
-
-4)  Previously, an ipset name appearing in the /etc/shorewall/hosts
-    file could be qualified with a list of 'src' and/or 'dst' enclosed
-    in quotes. This was virtually guaranteed not to work since the set
-    must match when used to verify both a packet source and a
-    packet destination. Now, the following error is raised:
-
-    	   ERROR: ipset name qualification is disallowed in this file
-
-    As part of this change, the ipset name is now verified to begin
-    with a letter and be composed of letters, digits, underscores ("_")
-    and hyphens ("-").
-
-5)  The Shorewall-lite and Shorewall6-lite Debian init scripts contained a
-    syntax error.
-
-6)  If the -v or -q options were used in /sbin/shorewall-lite or
-    /sbin/shorewall6-lite commands that involve the compiled firewall
-    script and the resulting effective VERBOSITY was > 2 or < -1, then
-    the command would fail.
-
-7)  The log reading commands (show log, logwatch, and dump) returned no
-    log records when run on one of the -lite products.
-
-8)  To avoid future confusion, the following obsolete options have been
-    deleted from the sample shorewall.conf files:
-
-    	    BRIDGING
-    	    DELAYBLACKLISTLOAD
-	    PKTTYPE
-
-    They will still be recognized by the rules compiler.
-
-9)  All sample .conf files have been changed to specify
-
-    	FORWARD_CLEAR_MARK=
-
-    rather than
-
-    	FORWARD_CLEAR_MARK=Yes
-
-    That way, systems without MARK support will still be able to
-    install the sample configurations and FORWARD_CLEAR_MARK will
-    default to Yes on systems with MARK support.
-
-10) The install scripts in the tarballs now correctly create init
-    symlinks on recent Ubuntu releases.
-
-11) Previously, this entry in the OPTIONS column of
-    /etc/shorewall/interfaces incorrectly generated a syntax error.
-
-    	nets=(1.2.3.0/24)
-
-    The error was:
-
-    	ERROR: Invalid VLSM (24))
-
-12) Previously, if 10 or more interfaces were configured in Complex
-    Traffic Shaping (/etc/shorewall/tcdevices), the following
-    compilation diagnostic was generated:
-
-        Argument "a" isn't numeric in sprintf at
-	/usr/share/shorewall/Shorewall/Config.pm line 893.
- 
-    and an invalid TC configuration was generated.
-
-13) If the current environment exported the VERBOSITY variable with a
-    non-zero value, startup would fail.
+1)  If the variable VERBOSE was exported with a non-zero value then
+    startup would fail.
 
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
@@ -117,48 +28,7 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-1)  Multiple source or destination ipset matches can be generated by
-    enclosing the ipset list in +[...].
-
-    Example (/etc/shorewall/rules):
-
-        ACCEPT $FW net:+[dest-ip-map,dest-port-map]
-
-2)  Shorewall now uses the 'conntrack' utility for 'show connections'
-    if that utility is installed. Going forward, the Netfilter team
-    will be enhancing this interface rather than the /proc interface.
-
-3)  The CPU time required for optimization has been reduced by 2/3.
-
-4)  An 'scfilter' extension script has been added. This extension
-    script differs from other such scripts in that it is invoked by the
-    command line tools (/sbin/shorewall, /sbin/shorewall6,
-    /sbin/shorewall-lite and /sbin/shorewall6-lite).
-
-    The script acts as a filter for the output of the 'show
-    connections' command. Each connection is piped through the filter
-    which can modify and/or drop information as desired.
-
-    Example:
-
-	#!/bin/sh
- 	sed 's/secmark=0 //'
-
-    That script will remove 'secmark=0 ' from each line.
-
-    The default script is:
-
-    	#!/bin/sh
-	cat -
-
-    which passes the output through unmodified.
-
-    If you are using Shorewall-lite and/or Shorewall6-lite, the
-    scfilter file is kept on the administrative system. The compiler
-    encapsulates the script into a shell function that is copied
-    into the generated auxillary configuration file
-    (firewall.conf). That function is then invoked by the 'show
-    connections' command.
+None.
 
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
@@ -379,6 +249,150 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
       I N   P R I O R  R E L E A S E S
+----------------------------------------------------------------------------
+         P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 1 4
+----------------------------------------------------------------------------
+
+1)  Previously, messages to the STARTUP_LOG had inconsistent date formats.
+
+2)  The blacklisting change in 4.4.13 was broken in some simple
+    configurations with the effect that blacklisting was not enabled.
+
+3)  Previously, Shorewall6 produced an untidy sequence of error
+    messages when an attempt was made to start it on a system running a
+    kernel older than 2.6.24:
+
+       [root@localhost shorewall6]# shorewall6 start
+       Compiling...
+       Processing /etc/shorewall6/shorewall6.conf...
+       Loading Modules...
+       Compiling /etc/shorewall6/zones...
+       ...
+       Shorewall configuration compiled to /var/lib/shorewall6/.start
+          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
+       /usr/share/shorewall6/lib.common: line 73:
+             [: -lt: unary operator expected
+          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
+       [root@localhost shorewall6]#
+
+    This has been corrected so that a single ERROR message is
+    generated.
+
+4)  Previously, an ipset name appearing in the /etc/shorewall/hosts
+    file could be qualified with a list of 'src' and/or 'dst' enclosed
+    in quotes. This was virtually guaranteed not to work since the set
+    must match when used to verify both a packet source and a
+    packet destination. Now, the following error is raised:
+
+    	   ERROR: ipset name qualification is disallowed in this file
+
+    As part of this change, the ipset name is now verified to begin
+    with a letter and be composed of letters, digits, underscores ("_")
+    and hyphens ("-").
+
+5)  The Shorewall-lite and Shorewall6-lite Debian init scripts contained a
+    syntax error.
+
+6)  If the -v or -q options were used in /sbin/shorewall-lite or
+    /sbin/shorewall6-lite commands that involve the compiled firewall
+    script and the resulting effective VERBOSITY was > 2 or < -1, then
+    the command would fail.
+
+7)  The log reading commands (show log, logwatch, and dump) returned no
+    log records when run on one of the -lite products.
+
+8)  To avoid future confusion, the following obsolete options have been
+    deleted from the sample shorewall.conf files:
+
+    	    BRIDGING
+    	    DELAYBLACKLISTLOAD
+	    PKTTYPE
+
+    They will still be recognized by the rules compiler.
+
+9)  All sample .conf files have been changed to specify
+
+    	FORWARD_CLEAR_MARK=
+
+    rather than
+
+    	FORWARD_CLEAR_MARK=Yes
+
+    That way, systems without MARK support will still be able to
+    install the sample configurations and FORWARD_CLEAR_MARK will
+    default to Yes on systems with MARK support.
+
+10) The install scripts in the tarballs now correctly create init
+    symlinks on recent Ubuntu releases.
+
+11) Previously, this entry in the OPTIONS column of
+    /etc/shorewall/interfaces incorrectly generated a syntax error.
+
+    	nets=(1.2.3.0/24)
+
+    The error was:
+
+    	ERROR: Invalid VLSM (24))
+
+12) Previously, if 10 or more interfaces were configured in Complex
+    Traffic Shaping (/etc/shorewall/tcdevices), the following
+    compilation diagnostic was generated:
+
+        Argument "a" isn't numeric in sprintf at
+	/usr/share/shorewall/Shorewall/Config.pm line 893.
+ 
+    and an invalid TC configuration was generated.
+
+13) If the current environment exported the VERBOSITY variable with a
+    non-zero value, startup would fail.
+
+----------------------------------------------------------------------------
+               N E W   F E A T U R E S   I N   4 . 4 . 1 4
+----------------------------------------------------------------------------
+
+1)  Multiple source or destination ipset matches can be generated by
+    enclosing the ipset list in +[...].
+
+    Example (/etc/shorewall/rules):
+
+        ACCEPT $FW net:+[dest-ip-map,dest-port-map]
+
+2)  Shorewall now uses the 'conntrack' utility for 'show connections'
+    if that utility is installed. Going forward, the Netfilter team
+    will be enhancing this interface rather than the /proc interface.
+
+3)  The CPU time required for optimization has been reduced by 2/3.
+
+4)  An 'scfilter' extension script has been added. This extension
+    script differs from other such scripts in that it is invoked by the
+    command line tools (/sbin/shorewall, /sbin/shorewall6,
+    /sbin/shorewall-lite and /sbin/shorewall6-lite).
+
+    The script acts as a filter for the output of the 'show
+    connections' command. Each connection is piped through the filter
+    which can modify and/or drop information as desired.
+
+    Example:
+
+	#!/bin/sh
+ 	sed 's/secmark=0 //'
+
+    That script will remove 'secmark=0 ' from each line.
+
+    The default script is:
+
+    	#!/bin/sh
+	cat -
+
+    which passes the output through unmodified.
+
+    If you are using Shorewall-lite and/or Shorewall6-lite, the
+    scfilter file is kept on the administrative system. The compiler
+    encapsulates the script into a shell function that is copied
+    into the generated auxillary configuration file
+    (firewall.conf). That function is then invoked by the 'show
+    connections' command.
+
 ----------------------------------------------------------------------------
          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 1 3
 ----------------------------------------------------------------------------