From a16dfcbc7b6eaf7551b774e3dbcf955fbe582602 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 10 May 2011 07:42:12 -0700
Subject: [PATCH] More documentation updates

---
 Shorewall/known_problems.txt | 16 ++++++++++++++++
 Shorewall/releasenotes.txt   |  7 ++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index 9f103a1ec..c12b1eb1b 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -20,3 +20,19 @@
 
     Corrected in Shorewall 4.4.19.1 
 
+4)  The changes in 4.4.19.1 that corrected long-standing issues with
+    default route save/restore are incompatible with 'gawk'. When
+    'gawk' is installed (rather than 'mawk'), awk syntax errors having
+    to do with the symbol 'default' were issued.
+
+    Workaround: Install mawk
+
+5)  An entry in the USER/GROUP column in the rules and tcrules files
+    can cause run-time start/restart failures if the rule(s) being
+    added did not have the firewall as the source or and was not being
+    added to the POSTROUTING chain.
+
+    Workaround: Insure that all USER/GROUP matches are only specified
+    when the SOURCE is $FW (rules file) or is being added to the
+    POSTROUTING chain (:T designator in the tcrules file).
+
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 7c71a10ea..b097f6530 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -24,13 +24,14 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 
 2)  Previously, an entry in the USER/GROUP column in the rules and
     tcrules files could cause run-time start/restart failures if the
-    rule(s) being added did not have the firewall as the source or was
-    being added to the POSTROUTING chain. This error is now caught by
+    rule(s) being added did not have the firewall as the source (rules
+    file) and were not being added to the POSTROUTING chain (:T
+    designator in the tcrules file). This error is now caught by
     the compiler.
 
 3)  Shorewall now insures that a route to a default gateway exists in
     the main table before it attempts to add a default route through
-    that gateway to a provider table. This prevents start/restart
+    that gateway in a provider table. This prevents start/restart
     failures in the rare event that such a route does not exist.
 
 4)  CLASSIFY TC rules can apply to traffic exiting only the interface