From b0b39cfc390e0049f47717d588e7db659b955a2e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 22 Apr 2010 11:55:13 -0700
Subject: [PATCH] Document optimization level 2 fix.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/changelog.txt    | 5 ++++-
 Shorewall/releasenotes.txt | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 40523ea99..0b00aa1d9 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -27,7 +27,10 @@ Changes in Shorewall 4.4.9
 
 13) Don't create output chains for BPORT zones.
 
-14) Implement 'show log ip-addr' in /sbin/shorewall and /sbin/shorewall-lite/
+14) Implement 'show log ip-addr' in /sbin/shorewall and
+    /sbin/shorewall-lite/
+
+15) Restore lone ACCEPT rule to the OUTPUT chain under OPTIMIZE 2.
 
 Changes in Shorewall 4.4.8
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 1f1b306c6..e05c64409 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -271,6 +271,10 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
     be used. Now, Shorewall avoids setting up these unneeded chains
     and/or rules.
 
+10) If optimization level 2 and there were no OUTPUT rules and the only
+    effective output policy was $FW->all ACCEPT, then the OUTPUT chain
+    was empty and no packets could be sent.
+
 ----------------------------------------------------------------------------
            I V.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------