From b8453c4bdaf468308961fa46ca2e4cbcb0d05066 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 13 Feb 2010 07:26:49 -0800
Subject: [PATCH] Document per-IP rate limiting bug.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/changelog.txt      | 2 +-
 Shorewall/known_problems.txt | 6 +++++-
 Shorewall/releasenotes.txt   | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index db4c32886..09d291b8b 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,6 +1,6 @@
 Changes in Shorewall 4.4.7-1
 
-None.
+1)  Don't apply rate limiting twice in NAT rules.
 
 Changes in Shorewall 4.4.7
 
diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index b01f94245..1546371ef 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -1 +1,5 @@
-There are no known problems in Shorewall 4.4.7
+1)  All versions of Shorewall-perl mishandle per-IP rate limiting in
+    REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
+    the values given in the rule.
+
+    Corrected in 4.4.7.1
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 4fbc1d407..5932f6e91 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -187,7 +187,9 @@ Shorewall 4.4.7 Patch Release 1.
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 7 . 1
 ----------------------------------------------------------------------------
 
-None.
+1)  All versions of Shorewall-perl mishandle per-IP rate limiting in
+    REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
+    the values given in the rule.
 
 ----------------------------------------------------------------------------
           P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 7