diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index de377eb39..2a42ce207 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -18,6 +18,8 @@ Changes in Shorewall 4.4.1
 
 9)  Fix nested ipsec zones.
 
+10) Change one-interface sample to IP_FORWARDING=Off.
+
 Changes in Shorewall 4.4.0
 
 1)  Fix 'compile ... -' so that it no longer requires '-v-1'
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 540694905..0b0318b4c 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -173,7 +173,11 @@ Shorewall 4.4.1
     rules at the end of the INPUT and OUTPUT chains would still use the
     LOG target rather than ULOG.
 
-2)  Using CONTINUE policies with a nested IPSEC zone was broken.
+2)  Using CONTINUE policies with a nested IPSEC zone was still broken.
+
+3)  The setting of IP_FORWARDING has been change to Off in the
+    one-interface sample configuration since forwarding is typically
+    not required with only a single interface.
 
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G