Document Fix for SAVE_IPSETS

Shorewall/changelog.txt

@@ -1,6 +1,6 @@
 Changes in Shorewall 4.4.18.2
 
-1)  Handle mis-configured ipsec host group on a bridge.
+1)  Fix SAVE_IPSETS=Yes without dynamic zones.
 
 Changes in Shorewall 4.4.18.1
 

Shorewall/releasenotes.txt

@@ -15,11 +15,7 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 
 4.4.18.2
 
-1)  If a bridge interface had subordinate ports defined in
+1)  
-    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
-    the 'ipsec' option specified) in /etc/shorewall/hosts resulted in
-    the compiler generating an incorrect Netfilter configuration.
-
 4.4.18.1
 
 1)  An issue with params processing on RHEL6 has been corrected. The
@@ -100,6 +96,14 @@ None.
 1)  On systems running Upstart, shorewall-init cannot reliably secure
     the firewall before interfaces are brought up.
 
+2)  If a bridge interface has subordinate ports defined in
+    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
+    the 'ipsec' option specified) in /etc/shorewall/hosts results in
+    an incorrect Netfilter configuration.
+
+    Workaround: Assign the ipsec entry to one or more of the bridge
+    ports rather than the bridge itself.
+
 ----------------------------------------------------------------------------
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------