diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 2ec1d03fc..1ec38406a 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,40 +1,5 @@
-Changes since 1.4.7
+Changes since 1.4.8
 
-1) Applied patch from Tuomo Soini that fixes syntax error occuring with
-   some versions of 'ash'.
+1) Replace "Static NAT" with "One-to-one NAT".
 
-2) Applied Andrew Zhoglo's patch that avoids using multiport match for
-   ICMP.
-
-3) Added support for QUEUE target.
-
-4) Fix error handling after "Unable to determine the routes..."
-
-5) Fix handling of LOGUNCLEAN
-
-6) Added BLACKLISTNEWONLY support.
-
-7) Correct optimization for 'complex' zones.
-
-8) Fix tcrules processing.
-
-9) Liberalize chain names used in the accounting file.
-
-10) Fix the fix for 'complex' zones (twice).
-
-11) Remove incorrect comment from shorewall.conf regarding Debian
-    lockfiles.
-
-12) Change "_exists" suffix (including _nat_exists) to an "exists_"
-    prefix to allow chain names beginning with a digit without
-    lengthening the variable name.
-
-13) Applied and improved Eric Bowles's fix for route filtering.
-
-14) Corrected handling of /32 addresses with broadcast in maclist
-    processing.
-
-15) Generate error for NONE policy where source or destination zone is
-    the firewall itself.
-
-16) Fix 'routeback' for wildcard interfaces.
\ No newline at end of file
+2) Change SMB common rules to DROP.
diff --git a/Shorewall/common.def b/Shorewall/common.def
index 5e1ce0657..e1bd37522 100644
--- a/Shorewall/common.def
+++ b/Shorewall/common.def
@@ -16,12 +16,12 @@ run_iptables -A common -p icmp -j icmpdef
 ############################################################################
 # NETBIOS chatter
 #
-run_iptables -A common -p udp --dport 135	  -j reject
-run_iptables -A common -p udp --dport 137:139     -j reject
-run_iptables -A common -p udp --dport 445         -j reject
-run_iptables -A common -p tcp --dport 139         -j reject
-run_iptables -A common -p tcp --dport 445         -j reject
-run_iptables -A common -p tcp --dport 135	  -j reject
+run_iptables -A common -p udp --dport 135	  -j DROP
+run_iptables -A common -p udp --dport 137:139     -j DROP
+run_iptables -A common -p udp --dport 445         -j DROP
+run_iptables -A common -p tcp --dport 139         -j DROP
+run_iptables -A common -p tcp --dport 445         -j DROP
+run_iptables -A common -p tcp --dport 135	  -j DROP
 ############################################################################
 # UPnP
 #
diff --git a/Shorewall/interfaces b/Shorewall/interfaces
index 7cc373f74..03d5a1df7 100644
--- a/Shorewall/interfaces
+++ b/Shorewall/interfaces
@@ -103,6 +103,11 @@
 #				       This option has no effect if 
 #				       NEWNOTSYN=Yes.
 #
+#			routeback    - If specified, indicates that Shorewall
+#				       should include rules that allow filtering
+#				       traffic arriving on this interface back
+#				       out that same interface.
+#
 #			arp_filter   - If specified, this interface will only
 #				       respond to ARP who-has requests for IP
 #				       addresses configured on the interface.
diff --git a/Shorewall/nat b/Shorewall/nat
index b56c938ca..7bbbcd54d 100755
--- a/Shorewall/nat
+++ b/Shorewall/nat
@@ -4,11 +4,12 @@
 #
 # /etc/shorewall/nat
 #
-#	This file is used to define static Network Address Translation (NAT).
+#	This file is used to define one-to-one Network Address Translation
+#	(NAT).
 #
 # WARNING: If all you want to do is simple port forwarding, do NOT use this
 #          file. See http://www.shorewall.net/FAQ.htm#faq1. Also, in most
-#	   cases, Proxy ARP is a better solution that static NAT.
+#	   cases, Proxy ARP is a better solution that one-to-one NAT.
 #
 # Columns must be separated by white space and are:
 #
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 3dd145478..d1ec08d83 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -1,114 +1,24 @@
 This is a minor release of Shorewall.
 
-Problems Corrected since version 1.4.7:
+Problems Corrected since version 1.4.8:
 
-1) Tuomo Soini has supplied a correction to a problem that occurs using
-   some versions of 'ash'. The symptom is that "shorewall start" fails
-   with:
-
-   local: --limit: bad variable name
-   iptables v1.2.8: Couldn't load match `-j':/lib/iptables/libipt_-j.so: 
-   cannot open shared object file: No such file or directory
-   Try `iptables -h' or 'iptables --help' for more information.
-
-2) Andres Zhoglo has supplied a correction that avoids trying to use
-   the multiport match iptables facility on ICMP rules.
-
-   Example of rule that previously caused "shorewall start" to fail:
-
-	   ACCEPT      loc  $FW  icmp    0,8,11,12
-
-3) Previously, if the following error message was issued, Shorewall
-   was left in an inconsistent state.
-
-   Error: Unable to determine the routes through interface xxx
-
-4) Handling of the LOGUNCLEAN option in shorewall.conf has been
-   corrected.
-
-5) In Shorewall 1.4.2, an optimization was added. This optimization
-   involved creating a chain named "<zone>_frwd" for most zones
-   defined using the /etc/shorewall/hosts file. It has since been
-   discovered that in many cases these new chains contain redundant
-   rules and that the "optimization" turns out to be less than
-   optimal. The implementation has now been corrected.
-
-6) When the MARK value in a tcrules entry is followed by ":F" or ":P",
-   the ":F" or ":P" was previously only applied to the first Netfilter
-   rule generated by the entry. It is now applied to all entries.
-
-7) The original fix for item 5) above contained a bug which caused the
-   "<zone>_frwd" chain to have too few rules. That has been corrected
-   (twice).  
-
-8) An incorrect comment concerning Debian's use of the SYBSYSLOCK
-   option has been removed from shorewall.conf.
-
-9) Previously, neither the 'routefilter' interface option nor the
-   ROUTE_FILTER parameter were working properly. This has been
-   corrected (thanks to Eric Bowles for his patch). The definition
-   of the ROUTE_FILTER option has changed however. Previously,
-   ROUTE_FILTER=Yes was documented as enabling route filtering on all
-   interfaces (which didn't work). Beginning with this release, setting
-   ROUTE_FILTER=Yes will enable route filtering of all interfaces
-   brought up while Shorewall is started. As a consequence,
-   ROUTE_FILTER=Yes can coexist with the use of the 'routefilter'
-   option in the interfaces file.
-
-10) If MAC verification was enabled on an interface that had a /32
-    address with a broadcast address then an error would occur during
-    startup.
-
-11) The NONE policy's intended use is to suppress the generating of
-    rules that can't possibly be traversed. This means that a policy of
-    NONE is inappropriate where the source or destination zone is
-    $FW. Shorewall now generates an error message if such a policy is
-    given in /etc/shorewall/policy. Previously such a policy caused
-    "shorewall start" to fail.
-
-12) The 'routeback' option was broken for wildcard interfaces (e.g.,
-    "tun+"). This has been corrected so that 'routeback' now works as
-    expected in this case.
+1) There has been a low level of confusion over the terms "Source NAT" (SNAT)
+   and "Static NAT". To avoid future confusion, all instances of "Static
+   NAT" have been replaced with "One-to-one NAT" in the documentation and
+   configuration files.
 
 Migration Issues:
 
-1. The definition of the ROUTE_FILTER option in shorewall.conf has
-   changed as described in item 9) above.
+None.
 
 New Features:
 
-1. A new QUEUE action has been introduced for rules. QUEUE allows you
-   to pass connection requests to a user-space filter such as ftwall
-   (http://p2pwall.sourceforge.net). The ftwall program allows for
-   effective filtering of p2p applications such as Kazaa.
-
-   For example, to use ftwall to filter P2P clients in your 'loc' zone,
-   you would add the following rules:
-
-   QUEUE   loc	     net	tcp
-   QUEUE   loc	     net	udp
-   QUEUE   loc	     fw		udp
-
-   You would normally want to place those three rules BEFORE any ACCEPT
-   rules for loc->net or loc->fw udp or tcp.
-
-   Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
-   Shorewall will only pass connection requests (SYN packets) to user
-   space. This is for compatibility with ftwall.
-
-2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
-   this option is set to "Yes", the blacklists (dynamic and static)
-   are only consulted for new connection requests. When set to "No"
-   (the default if the variable is not set), the blacklists are
-   consulted on every packet.
-
-   Setting this option to "No" allows blacklisting to stop existing
-   connections from a newly blacklisted host but is more expensive in
-   terms of packet processing time. This is especially true if the
-   blacklists contain a large number of entries.
-
-3. Chain names used in the /etc/shorewall/accounting file may now begin
-   with a digit ([0-9]) and may contain embedded dashes ("-").
+1) To cut down on the number of "Why are these ports closed rather than
+   sealthed?" questions, the SMB-related rules in
+   /etc/shorewall/common.def have been changed from 'reject' to 'DROP'.
+ 
+
+