From b491eae3c00a2c579153d01d8eb5920edaf7b25a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 4 Jan 2010 10:20:40 -0800
Subject: [PATCH] Document Lenny/xtables-addons hack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/changelog.txt    | 2 ++
 Shorewall/releasenotes.txt | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 3544dc130..df42335a3 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -2,6 +2,8 @@ Changes in Shorewall 4.4.6
 
 1)  Fix for rp_filter and kernel 2.6.31.
 
+2)  Add a hack to work around a bug in Lenny + xtables-addons
+
 Changes in Shorewall 4.4.5
 
 1)  Fix 15-port limit removal change.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 440624a0e..d7f1f6909 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -173,7 +173,14 @@ Shorewall 4.4.5
         P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 6
 ----------------------------------------------------------------------------
 
-None.
+1)  A 'feature' of xtables-addons when applied to Lenny causes extra
+    /31 networks to appear for nethash sets in the output of "ipset
+    -L" and "ipset -S". A hack has been added to prevent these from
+    being saved when Shorewall is saving IPSETS during 'stop'.
+
+    As part of this change, the generated script is more careful about
+    verifying the existence of the correct ipset utility before using
+    it to save the contents of the sets.
 
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G