From b9c303cf921ae89dcd79172eb1ca581ce7f4d40d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 22 Apr 2010 11:51:17 -0700
Subject: [PATCH] Document optimization 2 fix.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/changelog.txt      |  4 ++++
 Shorewall/known_problems.txt | 23 +++++++++++++++++++++++
 Shorewall/releasenotes.txt   |  7 ++++++-
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index e61a263c2..3ff6980a3 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.8.4
+
+1)  Restore lone ACCEPT rule to the OUTPUT chain under OPTIMIZE 2.
+
 Changes in Shorewall 4.4.8.3
 
 1)  Make wildcard interfaces play well with optimize 4.
diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index c1ebac575..cc5306327 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -1,3 +1,5 @@
+Known problems in Shorewall 4.4.8
+
 1)  Logical interface names in the EXTERNAL column of
     /etc/shorewall/proxyarp were previously not mapped to their
     corresponding physical interface names. This could cause 'start' or
@@ -37,3 +39,24 @@
 
     Corrected in Shorewall 4.4.8.2
 
+6)  Wildcard interface names (those ending in '+') can result in
+    iptables-restore failure with optimize 4.
+
+    Corrected in Shorewall 4.4.8.3
+
+7)  Invalid iptables-restore input involving the 'tcpre'
+    mangle chain is possible with optimize 4.
+
+    Corrected in Shorewall 4.4.8.3
+
+8)  A couple of fixes to the 4.4.8.2 change for startup log naming are
+    included. The main symptom occurred on Debian systems where perl
+    reported that /etc/shorewall.conf did not exist.
+
+    Corrected in Shorewall 4.4.8.3
+
+9)  If OPTIMIZE 2 and there are no OUTPUT rules and the only effective
+    output policy is $FW->all ACCEPT, then the OUTPUT chain is empty
+    and no packets can be sent.
+
+    Corrected in Shorewall 4.4.8.4
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index c7c0c430a..dedd1b391 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-                      S H O R E W A L L  4 . 4 . 8 . 3
+                      S H O R E W A L L  4 . 4 . 8 . 4
 ----------------------------------------------------------------------------
 
 I.    RELEASE 4.4 HIGHLIGHTS
@@ -217,6 +217,11 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 ----------------------------------------------------------------------------
 I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
+4.4.8.4
+
+1)  If OPTIMIZE 2 and there were no OUTPUT rules and the only effective
+    output policy was $FW->all ACCEPT, then the OUTPUT chain was empty
+    and no packets could be sent.
 
 4.4.8.3