From a7edb358ed697a98745ad8194b10d698403039a2 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 8 May 2011 06:28:48 -0700
Subject: [PATCH] Document 4.4.19.3 fixes

---
 Shorewall/changelog.txt    |  4 ++++
 Shorewall/releasenotes.txt | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 4b3f10bdf..a9fc619ee 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -2,6 +2,10 @@ Changes in Shorewall 4.4.19.3
 
 1)  Eliminate issue with 'gawk'.
 
+2)  Ensure that a host route to the gateway exists in the main table.
+
+3)  Only allow USER/GROUP in the OUTPUT chain.
+
 Changes in Shorewall 4.4.19.2
 
 1)  Restore the ability to have IPSET names in the ORIGINAL DEST column
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 5799903fa..1fefcc189 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -22,6 +22,16 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 
     This incompatibility has been corrected.
 
+2)  Previously, an entry in the USER/GROUP column in the rules and
+    tcrules files could cause run-time start/restart failures if the
+    rule(s) being added did not have the firewall as the source. This
+    error is now caught by the compiler.
+
+3)  Shorewall now insures that a route to a default gateway exists in
+    the main table before it attempts to add a default route through
+    that gateway in a provider table. This prevents start/restart
+    failures in the rare event that such a route does not exist. 
+
 4.4.19.2
 
 1)  In Shorewall-shell, there was the ability to specify IPSET names in