Remove mailing list problem report

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@454 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-18 23:14:23 +00:00 · 2003-02-18 23:14:23 +00:00 · d08a68991a
commit d08a68991a
parent 0babfcf177
3 changed files with 633 additions and 648 deletions
--- a/STABLE/documentation/errata.htm
+++ b/STABLE/documentation/errata.htm
@ -22,14 +22,14 @@
 <table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#400169" height="90">
-                       <tbody>
+                         <tbody>
-                       <tr>
+                         <tr>
-                         <td width="100%">                              
+                           <td width="100%">                            
      <h1 align="center"><font color="#ffffff">Shorewall Errata/Upgrade Issues</font></h1>
-                         </td>
+                           </td>
-                       </tr>
+                         </tr>
  </tbody>                     
@ -38,27 +38,30 @@
 <p align="center">       <b><u>IMPORTANT</u></b></p>
 <ol>
-                       <li>                                             
+                         <li>                                           
    <p align="left">          <b><u>I</u>f you use a Windows system to download 
-         a corrected     script, be sure to run the script through <u>   
+          a corrected     script, be sure to run the script through <u>  
-        <a href="http://www.megaloman.com/%7Ehany/software/hd2u/"
+         <a href="http://www.megaloman.com/%7Ehany/software/hd2u/"
 style="text-decoration: none;"> dos2unix</a></u>      after you have moved 
-         it to your Linux system.</b></p>
+          it to your Linux system.</b></p>
-                                    </li>
+                                      </li>
-                       <li>                                             
+                         <li>                                           
    <p align="left">          <b>If you are installing Shorewall for the first
 time and plan to use the        .tgz and install.sh script, you can untar
 the archive, replace the        'firewall' script in the untarred directory 
-         with the one you downloaded        below, and then run install.sh.</b></p>
+          with the one you downloaded        below, and then run install.sh.</b></p>
-                                    </li>
+                                      </li>
-                       <li>                                             
+                         <li>                                           
    <p align="left">          <b>If you are running a Shorewall version earlier 
-  than 1.3.11, when the instructions say to install a corrected        firewall 
+   than 1.3.11, when the instructions say to install a corrected        firewall 
-  script in        /etc/shorewall/firewall, /usr/lib/shorewall/firewall  
+   script in        /etc/shorewall/firewall, /usr/lib/shorewall/firewall 
-    or /var/lib/shorewall/firewall,  use the 'cp' (or 'scp') utility to overwrite
+     or /var/lib/shorewall/firewall,  use the 'cp' (or 'scp') utility to overwrite
       the        existing file. DO  NOT REMOVE OR RENAME THE OLD /etc/shorewall/firewall
              or /var/lib/shorewall/firewall  before you do that. /etc/shorewall/firewall
              and /var/lib/shorewall/firewall  are symbolic links that point
@ -66,39 +69,39 @@ the archive, replace the        'firewall' script in the untarred directory
    to         start Shorewall during boot. It is  that file that must be
 overwritten              with the corrected script. Beginning with Shorewall
 1.3.11, you may rename the existing file before copying in the new file.</b></p>
-               </li>
+                 </li>
-               <li>                                                     
+                 <li>                                                   
    <p align="left"><b><font color="#ff0000">DO NOT INSTALL CORRECTED COMPONENTS 
-      ON A RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW. 
+       ON A RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW. 
-For    example,  do NOT install the 1.3.9a firewall script if you are running 
+ For    example,  do NOT install the 1.3.9a firewall script if you are running 
- 1.3.7c.</font></b><br>
+  1.3.7c.</font></b><br>
-                           </p>
+                             </p>
-               </li>
+                 </li>
 </ol>
 <ul>
-                       <li><b><a href="upgrade_issues.htm">Upgrade Issues</a></b></li>
+                         <li><b><a href="upgrade_issues.htm">Upgrade Issues</a></b></li>
-                       <li>                            <b><a
+                         <li>                            <b><a
 href="#V1.3">Problems      in  Version    1.3</a></b></li>
-                       <li>                            <b><a
+                         <li>                            <b><a
 href="errata_2.htm">Problems      in  Version 1.2</a></b></li>
-                       <li>                            <b><font
+                         <li>                            <b><font
 color="#660066">       <a href="errata_1.htm">Problems in Version 1.1</a></font></b></li>
-                       <li>                            <b><font
+                         <li>                            <b><font
 color="#660066"><a href="#iptables">    Problem with iptables version 1.2.3
-   on RH7.2</a></font></b></li>
+    on RH7.2</a></font></b></li>
-                       <li>                            <b><a
+                         <li>                            <b><a
 href="#Debug">Problems      with   kernels  &gt;= 2.4.18 and            RedHat
 iptables</a></b></li>
-                       <li><b><a href="#SuSE">Problems installing/upgrading 
+                         <li><b><a href="#SuSE">Problems installing/upgrading 
- RPM   on  SuSE</a></b></li>
+  RPM   on  SuSE</a></b></li>
-                       <li><b><a href="#Multiport">Problems with iptables 
+                         <li><b><a href="#Multiport">Problems with iptables 
-version     1.2.7    and       MULTIPORT=Yes</a></b></li>
+ version     1.2.7    and       MULTIPORT=Yes</a></b></li>
-                 <li><b><a href="#NAT">Problems with RH Kernel 2.4.18-10
+                   <li><b><a href="#NAT">Problems with RH Kernel 2.4.18-10
-and   NAT</a></b><br>
+ and   NAT</a></b><br>
-                 </li>
+                   </li>
 </ul>
@ -107,126 +110,133 @@ and   NAT</a></b><br>
 <h3>Version 1.3.14</h3>
 <ul>
-  <li>There is an <a
+    <li>There is an <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.14/rfc1918">updated
-rfc1918</a> file that reflects the resent allocation of 222.0.0.0/8 and 223.0.0.0/8.</li>
+ rfc1918</a> file that reflects the resent allocation of 222.0.0.0/8 and
-  <li>The documentation for the routestopped file claimed that a comma-separated
+223.0.0.0/8.</li>
 list could appear in the second column while the code only supported a single
 host or network address. This has been corrected in <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.14/firewall">this
 firewall script</a> which may be installed in /usr/lib/shorewall as described
 above.<br>
  </li>
 </ul>
 <ul>
    <li>The documentation for the routestopped file claimed that a comma-separated
 list could appear in the second column while the code only supported a single
 host or network address.</li>
   <li>Log messages produced by 'logunclean' and 'dropunclean' were not rate-limited.</li>
 </ul>
 Both problems have been corrected in <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.14/firewall">this
 firewall script</a> which may be installed in /usr/lib/shorewall as described
 above.<br>
 <h3>Version 1.3.13</h3>
 <ul>
-      <li>The 'shorewall add' command produces an error message referring 
+        <li>The 'shorewall add' command produces an error message referring 
-to  'find_interfaces_by_maclist'.</li>
+ to  'find_interfaces_by_maclist'.</li>
-     <li>The 'shorewall delete' command can leave behind undeleted rules.</li>
+       <li>The 'shorewall delete' command can leave behind undeleted rules.</li>
-   <li>The 'shorewall add' command can fail with "iptables: Index of insertion 
+     <li>The 'shorewall add' command can fail with "iptables: Index of insertion 
-too big".<br>
+ too big".<br>
-   </li>
+     </li>
 </ul>
-   All three problems are corrected by <a
+     All three problems are corrected by <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.13/firewall">this 
-  firewall script</a> which may be installed in /usr/lib/shorewall as described 
+   firewall script</a> which may be installed in /usr/lib/shorewall as described 
-  above.<br>
+   above.<br>
 <ul>
-    <li>VLAN interface names of the form "eth<i>n</i>.<i>m</i>" (e.g., eth0.1)
+      <li>VLAN interface names of the form "eth<i>n</i>.<i>m</i>" (e.g.,
- are not supported in this version or in 1.3.12. If you need such support,
+eth0.1)   are not supported in this version or in 1.3.12. If you need such
- post on the users list and I can provide you with a patched version.<br>
+support,   post on the users list and I can provide you with a patched version.<br>
-    </li>
+      </li>
 </ul>
 <h3>Version 1.3.12</h3>
 <ul>
-       <li>If RFC_1918_LOG_LEVEL is set to anything but ULOG, the effect
+         <li>If RFC_1918_LOG_LEVEL is set to anything but ULOG, the effect
-is  the  same as if RFC_1918_LOG_LEVEL=info had been specified. The problem 
+ is  the  same as if RFC_1918_LOG_LEVEL=info had been specified. The problem 
-is  corrected  by <a
+ is  corrected  by <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.12/firewall">this 
-  firewall script</a> which may be installed in /usr/lib/shorewall as described 
+   firewall script</a> which may be installed in /usr/lib/shorewall as described 
-  above.</li>
+   above.</li>
-    <li>VLAN interface names of the form "eth<i>n</i>.<i>m</i>" (e.g., eth0.1) 
+      <li>VLAN interface names of the form "eth<i>n</i>.<i>m</i>" (e.g.,
- are not supported in this version or in 1.3.13. If you need such support, 
+eth0.1)   are not supported in this version or in 1.3.13. If you need such
- post on the users list and I can provide you with a patched version.<br>
+support,   post on the users list and I can provide you with a patched version.<br>
-     </li>
+       </li>
 </ul>
 <h3>Version 1.3.12 LRP</h3>
 <ul>
-        <li>The .lrp was missing the /etc/shorewall/routestopped file --
+          <li>The .lrp was missing the /etc/shorewall/routestopped file --
-a  new   lrp (shorwall-1.3.12a.lrp) has been released which corrects this
+ a  new   lrp (shorwall-1.3.12a.lrp) has been released which corrects this
-problem.<br>
+ problem.<br>
-        </li>
+          </li>
 </ul>
 <h3>Version 1.3.11a</h3>
 <ul>
-         <li><a
+           <li><a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.11/rfc1918">This 
-   copy of /etc/shorewall/rfc1918</a> reflects the recent allocation of 82.0.0.0/8.<br>
+    copy of /etc/shorewall/rfc1918</a> reflects the recent allocation of 82.0.0.0/8.<br>
-         </li>
+           </li>
 </ul>
 <h3>Version 1.3.11</h3>
 <ul>
-            <li>When installing/upgrading using the .rpm, you may receive 
+              <li>When installing/upgrading using the .rpm, you may receive 
-the   following   warnings:<br>
+ the   following   warnings:<br>
-              <br>
+                <br>
-               user teastep does not exist - using root<br>
+                 user teastep does not exist - using root<br>
-               group teastep does not exist - using root<br>
+                 group teastep does not exist - using root<br>
-              <br>
+                <br>
-          These warnings are harmless and may be ignored. Users downloading 
+            These warnings are harmless and may be ignored. Users downloading 
- the   .rpm  from shorewall.net or mirrors should no longer see these warnings 
+  the   .rpm  from shorewall.net or mirrors should no longer see these warnings 
- as  the .rpm you will get from there has been corrected.</li>
+  as  the .rpm you will get from there has been corrected.</li>
-           <li>DNAT rules that exclude a source subzone (SOURCE column contains 
+             <li>DNAT rules that exclude a source subzone (SOURCE column
-   !  followed by a sub-zone list) result in an error message and Shorewall 
+contains     !  followed by a sub-zone list) result in an error message and
-  fails  to start.<br>
+Shorewall    fails  to start.<br>
-             <br>
+               <br>
-         Install <a
+           Install <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.11/firewall">this 
-    corrected script</a> in /usr/lib/shorewall/firewall to correct this problem.
+     corrected script</a> in /usr/lib/shorewall/firewall to correct this problem.
    Thanks go to Roger Aich who analyzed this problem and provided a fix.<br>
-            <br>
+              <br>
-        This problem is corrected in version 1.3.11a.<br>
+          This problem is corrected in version 1.3.11a.<br>
-           </li>
+             </li>
 </ul>
 <h3>Version 1.3.10</h3>
 <ul>
-              <li>If you experience problems connecting to a PPTP server
+                <li>If you experience problems connecting to a PPTP server
-running     on  your firewall and you have a 'pptpserver' entry in /etc/shorewall/tunnels, 
+ running     on  your firewall and you have a 'pptpserver' entry in /etc/shorewall/tunnels, 
-         <a
+          <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.10/firewall">this 
-     version of the firewall script</a> may help. Please report any cases 
+      version of the firewall script</a> may help. Please report any cases 
-where     installing this script in /usr/lib/shorewall/firewall solved your 
+ where     installing this script in /usr/lib/shorewall/firewall solved your 
-connection     problems. Beginning with version 1.3.10, it is safe to save 
+ connection     problems. Beginning with version 1.3.10, it is safe to save 
-the old version     of /usr/lib/shorewall/firewall before copying in the new
+ the old version     of /usr/lib/shorewall/firewall before copying in the 
-one since /usr/lib/shorewall/firewall     is the real script now and not
+new one since /usr/lib/shorewall/firewall     is the real script now and not
 just a symbolic link to the real script.<br>
-              </li>
+                </li>
 </ul>
 <h3>Version 1.3.9a</h3>
 <ul>
-               <li> If entries are used in /etc/shorewall/hosts and MERGE_HOSTS=No
+                 <li> If entries are used in /etc/shorewall/hosts and MERGE_HOSTS=No
-     then  the following message appears during "shorewall [re]start":</li>
+      then  the following message appears during "shorewall [re]start":</li>
 </ul>
@ -235,60 +245,64 @@ just a symbolic link to the real script.<br>
 <blockquote> The updated firewall script at  <a
 href="ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall"
 target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
-       corrects this problem.Copy the script to /usr/lib/shorewall/firewall
+        corrects this problem.Copy the script to /usr/lib/shorewall/firewall
-  as   described  above.<br>
+   as   described  above.<br>
-             </blockquote>
+               </blockquote>
 <blockquote> Alternatively, edit /usr/lob/shorewall/firewall and change the 
-      single occurence (line 483 in version 1.3.9a) of 'recalculate_interefacess' 
+       single occurence (line 483 in version 1.3.9a) of 'recalculate_interefacess' 
-      to 'recalculate_interface'. <br>
+       to 'recalculate_interface'. <br>
-             </blockquote>
+               </blockquote>
 <ul>
-               <li>The installer (install.sh) issues a misleading message 
+                 <li>The installer (install.sh) issues a misleading message 
-"Common     functions   installed in /var/lib/shorewall/functions" whereas 
+ "Common     functions   installed in /var/lib/shorewall/functions" whereas 
-the file   is  installed  in /usr/lib/shorewall/functions. The installer also
+ the file   is  installed  in /usr/lib/shorewall/functions. The installer 
-performs   incorrectly  when updating old configurations that had the file
+also performs   incorrectly  when updating old configurations that had the 
-/etc/shorewall/functions.         <a
+file /etc/shorewall/functions.         <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/1.3.9/install.sh">Here 
-      is an updated version that corrects these problems.<br>
+       is an updated version that corrects these problems.<br>
-                 </a></li>
+                   </a></li>
 </ul>
 <h3>Version 1.3.9</h3>
-                <b>TUNNELS Broken in 1.3.9!!! </b>There is an updated firewall
+                  <b>TUNNELS Broken in 1.3.9!!! </b>There is an updated firewall
-   script    at  <a
+    script    at  <a
 href="ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall"
 target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
-       -- copy that file to /usr/lib/shorewall/firewall as described above.<br>
+        -- copy that file to /usr/lib/shorewall/firewall as described above.<br>
-                 <br>
+                   <br>
-                Version 1.3.8                   
+                  Version 1.3.8                     
 <ul>
-                    <li> Use of shell variables in the LOG LEVEL or SYNPARMS
+                      <li> Use of shell variables in the LOG LEVEL or SYNPARMS
-  columns     of  the  policy file doesn't work.</li>
+   columns     of  the  policy file doesn't work.</li>
-                    <li>A DNAT rule with the same original and new IP addresses 
+                      <li>A DNAT rule with the same original and new IP addresses 
-   but   with   different  port numbers doesn't work (e.g., "DNAT loc dmz:10.1.1.1:24 
+    but   with   different  port numbers doesn't work (e.g., "DNAT loc dmz:10.1.1.1:24 
-     tcp   25 - 10.1.1.1")<br>
+      tcp   25 - 10.1.1.1")<br>
-                    </li>
+                      </li>
 </ul>
-                  Installing                               <a
+                    Installing                               <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.8/firewall">    
                          this corrected firewall script</a> in /var/lib/shorewall/firewall 
-                                        as described above corrects these 
+                                         as described above corrects these 
-problems.                          
+ problems.                            
 <h3>Version 1.3.7b</h3>
 <p>DNAT rules where the source zone is 'fw' ($FW)                        
       result in an error message. Installing                           
   <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">    
                          this corrected firewall script</a> in /var/lib/shorewall/firewall 
-                                        as described above corrects this problem.</p>
+                                         as described above corrects this 
 problem.</p>
 <h3>Version 1.3.7a</h3>
 <p>"shorewall refresh" is not creating the proper                        
       rule for FORWARDPING=Yes. Consequently, after                    
           "shorewall refresh", the firewall will not forward           
@ -296,25 +310,29 @@ problems.
                      <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">    
                          this corrected firewall script</a> in /var/lib/shorewall/firewall 
-                                        as described above corrects this problem.</p>
+                                         as described above corrects this 
 problem.</p>
 <h3>Version &lt;= 1.3.7a</h3>
 <p>If "norfc1918" and "dhcp" are both specified as                       
        options on a given interface then RFC 1918                      
         checking is occurring before DHCP checking. This               
                means that if a DHCP client broadcasts using an         
                      RFC 1918 source address, then the firewall will   
                            reject the broadcast (usually logging it). This 
-                                        has two problems:</p>
+                                         has two problems:</p>
 <ol>
-                                                    <li>If the firewall is
+                                                      <li>If the firewall 
- running     a  DHCP   server,                                   the client
+is  running     a  DHCP   server,                                   the client
- won't be   able   to obtain   an IP  address                           
+  won't be   able   to obtain   an IP  address                          
-      lease  from that   server.</li>
+       lease  from that   server.</li>
-                                                    <li>With this order of
+                                                      <li>With this order 
- checking,      the   "dhcp"                                   option cannot
+of  checking,      the   "dhcp"                                   option cannot
 be used as   a  noise-reduction                                     measure
 where there   are  both dynamic and    static                          
       clients  on a LAN segment.</li>
@ -325,42 +343,45 @@ problems.
 <p>                               <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.7/firewall">    
                          This version of the 1.3.7a firewall script </a>
-                                        corrects the problem. It must be
+                                         corrects the problem. It must be
 installed          in /var/lib/shorewall                                as
 described  above.</p>
 <h3>Version 1.3.7</h3>
 <p>Version 1.3.7 dead on arrival -- please use                           
    version 1.3.7a and check your version against                       
        these md5sums -- if there's a difference, please                
               download again.</p>
 <pre>	d2fffb7fb99bcc6cb047ea34db1df10 shorewall-1.3.7a.tgz<br>	6a7fd284c8685b2b471a2f47b469fb94 shorewall-1.3.7a-1.noarch.rpm<br>	3decd14296effcff16853106771f7035 shorwall-1.3.7a.lrp</pre>
 <p>In other words, type "md5sum &lt;<i>whatever package you downloaded</i>&gt; 
-         and   compare the result with what you see above.</p>
+          and   compare the result with what you see above.</p>
 <p>I'm embarrassed to report that 1.2.7 was also DOA -- maybe I'll skip the 
-         .7   version in each sequence from now on.</p>
+          .7   version in each sequence from now on.</p>
 <h3 align="left">Version 1.3.6</h3>
 <ul>
-                                <li>                                    
+                                  <li>                                  
    <p align="left">If ADD_SNAT_ALIASES=Yes is specified in            /etc/shorewall/shorewall.conf, 
-         an error occurs when the firewall            script attempts to add
+          an error occurs when the firewall            script attempts to 
-   an   SNAT   alias.  </p>
+add    an   SNAT   alias.  </p>
-                     </li>
+                       </li>
-                     <li>                                               
+                       <li>                                             
    <p align="left">The <b>logunclean </b>and <b>dropunclean</b> options 
          cause errors during startup when Shorewall is run with iptables 
-         1.2.7. </p>
+          1.2.7. </p>
-                     </li>
+                       </li>
 </ul>
@ -374,7 +395,7 @@ described  above.</p>
 <p align="left">A line was inadvertently deleted from the "interfaces    
       file" -- this line should be added back in if the version that you 
-                    downloaded is missing it:</p>
+                     downloaded is missing it:</p>
 <p align="left">net    eth0    detect               routefilter,dhcp,norfc1918</p>
@ -396,20 +417,20 @@ described  above.</p>
 <div align="left">                                  
 <pre>	adm	eth0:1.2.4.5,eth0:5.6.7.8</pre>
-                     </div>
+                       </div>
 <div align="left">                         
 <p align="left">That capability was lost in version 1.3.4 so that it is only 
-             possible to  include a single host specification on each line. 
+              possible to  include a single host specification on each line. 
-  This         problem is corrected by    <a
+   This         problem is corrected by    <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.5a/firewall">this 
-             modified 1.3.5a firewall script</a>. Install the script in /var/lib/pub/shorewall/firewall 
+              modified 1.3.5a firewall script</a>. Install the script in /var/lib/pub/shorewall/firewall
-             as instructed above.</p>
+              as instructed above.</p>
-                   </div>
+                     </div>
 <div align="left">                         
 <p align="left">This problem is corrected in version 1.3.5b.</p>
-                   </div>
+                     </div>
 <h3 align="left">Version 1.3.5</h3>
@ -417,8 +438,8 @@ described  above.</p>
   <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.5/firewall">    
      this corrected firewall script</a> in /var/lib/pub/shorewall/firewall 
-                    as instructed above. This problem is corrected in version 
+                     as instructed above. This problem is corrected in version 
-    1.3.5a.</p>
+     1.3.5a.</p>
 <h3 align="left">Version 1.3.n, n &lt; 4</h3>
@ -427,17 +448,18 @@ described  above.</p>
           have been previously defined in the /etc/shorewall/zones file.
 The            "shorewall check" command does perform this verification so
 it's a            good idea to run that command after you have made configuration 
-                    changes.</p>
+                     changes.</p>
 <h3 align="left">Version 1.3.n, n &lt; 3</h3>
 <p align="left">If you have upgraded from Shorewall 1.2 and after        
   "Activating rules..." you see the message: "iptables: No            chains/target/match 
-         by that name" then you probably have an entry in            /etc/shorewall/hosts 
+          by that name" then you probably have an entry in            /etc/shorewall/hosts 
-         that specifies an interface that you didn't            include in 
+          that specifies an interface that you didn't            include in
- /etc/shorewall/interfaces.        To correct this problem, you          
+  /etc/shorewall/interfaces.        To correct this problem, you        
- must add an entry to /etc/shorewall/interfaces.        Shorewall 1.3.3 and
+   must add an entry to /etc/shorewall/interfaces.        Shorewall 1.3.3 
-            later versions produce a clearer error    message    in this case.</p>
+and             later versions produce a clearer error    message    in this 
 case.</p>
 <h3 align="left">Version 1.3.2</h3>
@ -447,76 +469,77 @@ it's a            good idea to run that command after you have made configuratio
           has a size of 38126 bytes.</p>
 <ul>
-                                <li>The code to detect a duplicate interface
+                                  <li>The code to detect a duplicate interface
-  entry    in             /etc/shorewall/interfaces contained a typo that
+   entry    in             /etc/shorewall/interfaces contained a typo that
-prevented    it from               working correctly. </li>
+ prevented    it from               working correctly. </li>
-                                <li>"NAT_BEFORE_RULES=No" was broken; it
+                                  <li>"NAT_BEFORE_RULES=No" was broken; it
-behaved     just   like   "NAT_BEFORE_RULES=Yes".</li>
+ behaved     just   like   "NAT_BEFORE_RULES=Yes".</li>
 </ul>
 <p align="left">Both problems are corrected in           <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.2/firewall">    
      this script</a> which should be installed in <b><u>/var/lib/shorewall</u></b> 
-         as described above.</p>
+          as described above.</p>
 <ul>
-                                <li>                                    
+                                  <li>                                  
    <p align="left">The IANA have just announced the allocation of subnet 
-                    221.0.0.0/8. This           <a
+                     221.0.0.0/8. This           <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.2/rfc1918">     
     updated rfc1918</a> file reflects that allocation.</p>
-                                                 </li>
+                                                   </li>
 </ul>
 <h3 align="left">Version 1.3.1</h3>
 <ul>
-                                <li>TCP SYN packets may be double counted 
+                                  <li>TCP SYN packets may be double counted 
-when              LIMIT:BURST  is included in a CONTINUE or ACCEPT policy 
+ when              LIMIT:BURST  is included in a CONTINUE or ACCEPT policy 
-(i.e.,    each              packet is sent through the limit chain twice).</li>
+ (i.e.,    each              packet is sent through the limit chain twice).</li>
-                                <li>An unnecessary jump to the policy chain 
+                                  <li>An unnecessary jump to the policy chain 
- is  sometimes                 generated for a CONTINUE policy.</li>
+  is  sometimes                 generated for a CONTINUE policy.</li>
-                                <li>When an option is given for more than 
+                                  <li>When an option is given for more than 
-one   interface      in               /etc/shorewall/interfaces then depending 
+ one   interface      in               /etc/shorewall/interfaces then depending 
- on the option,     Shorewall                may ignore all but the first 
+  on the option,     Shorewall                may ignore all but the first 
-appearence of the   option.  For example:<br>
+ appearence of the   option.  For example:<br>
-                                <br>
+                                  <br>
-                                net    eth0    dhcp<br>
+                                  net    eth0    dhcp<br>
-                                loc    eth1    dhcp<br>
+                                  loc    eth1    dhcp<br>
-                                <br>
+                                  <br>
-                                Shorewall will ignore the 'dhcp' on eth1.</li>
+                                  Shorewall will ignore the 'dhcp' on eth1.</li>
-                                <li>Update 17 June 2002 - The bug described 
+                                  <li>Update 17 June 2002 - The bug described 
- in  the   prior    bullet               affects the following options: dhcp,
+  in  the   prior    bullet               affects the following options: dhcp,
  dropunclean,   logunclean,                 norfc1918, routefilter, multi,
  filterping and   noping. An additional                 bug has been found
  that affects only   the 'routestopped' option.<br>
-                                <br>
+                                  <br>
-                                Users who downloaded the corrected script 
+                                  Users who downloaded the corrected script 
-prior    to  1850   GMT   today              should download and install the
+ prior    to  1850   GMT   today              should download and install 
-corrected     script   again   to ensure              that this second problem
+the corrected     script   again   to ensure              that this second 
-is corrected.</li>
+problem is corrected.</li>
 </ul>
 <p align="left">These problems are corrected in           <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall">    
      this firewall script</a> which should be installed in            /etc/shorewall/firewall 
-         as described above.</p>
+          as described above.</p>
 <h3 align="left">Version 1.3.0</h3>
 <ul>
-                                <li>Folks who downloaded 1.3.0 from the links 
+                                  <li>Folks who downloaded 1.3.0 from the 
-  on  the   download    page              before 23:40 GMT, 29 May 2002 may 
+links    on  the   download    page              before 23:40 GMT, 29 May 
-  have  downloaded   1.2.13    rather than              1.3.0. The "shorewall 
+2002 may    have  downloaded   1.2.13    rather than              1.3.0. The
-  version"  command   will tell    you which version              that you 
+"shorewall    version"  command   will tell    you which version        
- have installed.</li>
+     that you   have installed.</li>
-                                <li>The documentation NAT.htm file uses non-existent
+                                  <li>The documentation NAT.htm file uses 
-                 wallpaper and bullet graphic files. The           <a
+non-existent                  wallpaper and bullet graphic files. The    
      <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.0/NAT.htm">     
     corrected version is here</a>.</li>
@ -530,133 +553,142 @@ is corrected.</li>
 <hr>                                               
 <h3 align="left"><a name="iptables"></a><font color="#660066">  Problem with 
-         iptables version 1.2.3</font></h3>
+          iptables version 1.2.3</font></h3>
 <blockquote>                                                            
  <p align="left">There are a couple of serious bugs in iptables 1.2.3 that
-                  prevent it from working with Shorewall. Regrettably,  RedHat
+                   prevent it from working with Shorewall. Regrettably, 
-     released    this buggy iptables in RedHat   7.2. </p>
+RedHat       released    this buggy iptables in RedHat   7.2. </p>
  <p align="left"> I have built a <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3-3.i386.rpm">
-           corrected 1.2.3 rpm which you can download here</a>  and I have
+            corrected 1.2.3 rpm which you can download here</a>  and I have
- also     built            an <a
+  also     built            an <a
 href="ftp://ftp.shorewall.net/pub/shorewall/iptables-1.2.4-1.i386.rpm">
 iptables-1.2.4   rpm which you can download here</a>. If  you are currently 
-         running RedHat 7.1, you can install either of these RPMs        
+          running RedHat 7.1, you can install either of these RPMs       
-     <b><u>before</u>        </b>you upgrade to RedHat 7.2.</p>
+      <b><u>before</u>        </b>you upgrade to RedHat 7.2.</p>
  <p align="left"><font color="#ff6633"><b>Update   11/9/2001: </b></font>RedHat 
-         has   released an iptables-1.2.4 RPM of their own which you can download
+          has   released an iptables-1.2.4 RPM of their own which you can 
-        from<font color="#ff6633">   <a
+download         from<font color="#ff6633">   <a
 href="http://www.redhat.com/support/errata/RHSA-2001-144.html">http://www.redhat.com/support/errata/RHSA-2001-144.html</a>.
-            </font>I have installed this RPM   on my firewall and it works
+             </font>I have installed this RPM   on my firewall and it works
- fine.</p>
+  fine.</p>
  <p align="left">If you         would like to patch iptables 1.2.3 yourself, 
-         the patches are available         for download. This <a
+          the patches are available         for download. This <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3/loglevel.patch">patch</a>
-              which corrects a problem with parsing of the --log-level specification 
+               which corrects a problem with parsing of the --log-level specification 
-         while         this <a
+          while         this <a
 href="ftp://ftp.shorewall.net/pub/shorewall/errata/iptables-1.2.3/tos.patch">patch</a>
-                  corrects a problem in handling the  TOS target.</p>
+                   corrects a problem in handling the  TOS target.</p>
  <p align="left">To install one of the above patches:</p>
  <ul>
-                              <li>cd iptables-1.2.3/extensions</li>
+                                <li>cd iptables-1.2.3/extensions</li>
-                              <li>patch -p0 &lt; <i>the-patch-file</i></li>
+                                <li>patch -p0 &lt; <i>the-patch-file</i></li>
  </ul>
-                               </blockquote>
+                                 </blockquote>
 <h3><a name="Debug"></a>Problems with kernels &gt;= 2.4.18               
              and RedHat iptables</h3>
 <blockquote>                                                            
  <p>Users who use RedHat iptables RPMs and who upgrade to kernel 2.4.18/19 
-         may     experience the following:</p>
+          may     experience the following:</p>
  <blockquote>                                                          
    <pre># shorewall start<br>Processing /etc/shorewall/shorewall.conf ...<br>Processing /etc/shorewall/params ...<br>Starting Shorewall...<br>Loading Modules...<br>Initializing...<br>Determining Zones...<br>Zones: net<br>Validating interfaces file...<br>Validating hosts file...<br>Determining Hosts in Zones...<br>Net Zone: eth0:0.0.0.0/0<br>iptables: libiptc/libip4tc.c:380: do_check: Assertion<br>`h-&gt;info.valid_hooks == (1 &lt;&lt; 0 | 1 &lt;&lt; 3)' failed.<br>Aborted (core dumped)<br>iptables: libiptc/libip4tc.c:380: do_check: Assertion<br>`h-&gt;info.valid_hooks == (1 &lt;&lt; 0 | 1 &lt;&lt; 3)' failed.<br>Aborted (core dumped)<br></pre>
-                       </blockquote>
+                         </blockquote>
  <p>The RedHat iptables RPM is compiled with debugging enabled but the 
   user-space debugging code was not updated to reflect recent changes in 
-         the     Netfilter 'mangle' table. You can correct the problem by 
+          the     Netfilter 'mangle' table. You can correct the problem by 
-installing            <a
+ installing            <a
 href="http://www.shorewall.net/pub/shorewall/iptables-1.2.5-1.i386.rpm">
-             this iptables RPM</a>. If you are already running a 1.2.5 version
+              this iptables RPM</a>. If you are already running a 1.2.5 version
-     of       iptables, you will need to specify the --oldpackage option
+      of       iptables, you will need to specify the --oldpackage option
 to   rpm   (e.g.,        "iptables -Uvh --oldpackage iptables-1.2.5-1.i386.rpm").</p>
-                     </blockquote>
+                       </blockquote>
 <h3><a name="SuSE"></a>Problems                                installing/upgrading 
-         RPM on SuSE</h3>
+          RPM on SuSE</h3>
 <p>If you find that rpm complains about a conflict                       
        with kernel &lt;= 2.2 yet you have a 2.4 kernel                 
              installed, simply use the "--nodeps" option to            
                   rpm.</p>
 <p>Installing: rpm -ivh --nodeps <i>&lt;shorewall rpm&gt;</i></p>
 <p>Upgrading: rpm -Uvh --nodeps <i>&lt;shorewall rpm&gt;</i></p>
 <h3><a name="Multiport"></a><b>Problems with                             
  iptables version 1.2.7 and MULTIPORT=Yes</b></h3>
 <p>The iptables 1.2.7 release of iptables has made                       
        an incompatible change to the syntax used to                    
           specify multiport match rules; as a consequence,             
                  if you install iptables 1.2.7 you must be running     
                          Shorewall 1.3.7a or later or:</p>
 <ul>
-                                                    <li>set MULTIPORT=No
+                                                      <li>set MULTIPORT=No
-in                                   /etc/shorewall/shorewall.conf; or </li>
+ in                                   /etc/shorewall/shorewall.conf; or </li>
-                                                    <li>if you are running
+                                                      <li>if you are running
- Shorewall      1.3.6    you may                                  install
+  Shorewall      1.3.6    you may                                  install
-                                <a
+                                 <a
 href="http://www.shorewall.net/pub/shorewall/errata/1.3.6/firewall">    
                            this firewall script</a> in /var/lib/shorewall/firewall 
-                                          as described above.</li>
+                                           as described above.</li>
 </ul>
 <h3><a name="NAT"></a>Problems with RH Kernel 2.4.18-10 and NAT<br>
-                  </h3>
+                    </h3>
-               /etc/shorewall/nat entries of the following form will result 
+                 /etc/shorewall/nat entries of the following form will result 
- in  Shorewall     being unable to start:<br>
+  in  Shorewall     being unable to start:<br>
-               <br>
+                 <br>
 <pre>#EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES          LOCAL<br>192.0.2.22      eth0            192.168.9.22    yes                     yes<br>#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</pre>
-               Error message is:<br>
+                 Error message is:<br>
 <pre>Setting up NAT...<br>iptables: Invalid argument<br>Terminated<br><br></pre>
-               The solution is to put "no" in the LOCAL column. Kernel support
+                 The solution is to put "no" in the LOCAL column. Kernel
-   for   LOCAL=yes   has never worked properly and 2.4.18-10 has disabled
+support     for   LOCAL=yes   has never worked properly and 2.4.18-10 has
-it.   The  2.4.19 kernel   contains corrected support under a new kernel
+disabled  it.   The  2.4.19 kernel   contains corrected support under a new
-configuraiton    option; see <a href="Documentation.htm#NAT">http://www.shorewall.net/Documentation.htm#NAT</a><br>
+kernel configuraiton    option; see <a href="Documentation.htm#NAT">http://www.shorewall.net/Documentation.htm#NAT</a><br>
-<p><font size="2">  Last updated 2/17/2003 -                            
+<p><font size="2">  Last updated 2/18/2003 -                            
  <a href="support.htm">Tom Eastep</a></font> </p>
 <p><a href="copyright.htm"><font size="2">Copyright</font>          © <font
 size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
-          </p>
+            </p>
            <br>
           <br>
          <br>
         <br>
        <br>
--- a/STABLE/documentation/mailing_list.htm
+++ b/STABLE/documentation/mailing_list.htm
@ -17,6 +17,7 @@
  <title>Shorewall Mailing Lists</title>
  <meta name="Microsoft Theme" content="none">
 </head>
  <body>
@ -24,58 +25,57 @@
 <table height="90" bgcolor="#400169" id="AutoNumber1" width="100%"
 style="border-collapse: collapse;" cellspacing="0" cellpadding="0"
 border="0">
-                       <tbody>
+                        <tbody>
-                        <tr>
+                         <tr>
-                         <td width="33%" valign="middle" align="left">  
+                          <td width="33%" valign="middle" align="left"> 
      <h1 align="center"><a
 href="http://www.centralcommand.com/linux_products.html"><img
 src="images/Vexira_Antivirus_Logo.gif" alt="Vexira Logo" width="78"
 height="79" align="left">
-                    </a></h1>
+                     </a></h1>
-                                             <a
+                                              <a
 href="http://www.gnu.org/software/mailman/mailman.html">         <img
 border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110"
 height="35" alt="">
-                          </a>                                          
+                           </a>                                         
      <p align="right"><font color="#ffffff"><b>      </b></font>     </p>
-                          </td>
+                           </td>
-            <td valign="middle" width="34%" align="center">             
+             <td valign="middle" width="34%" align="center">            
      <h1 align="center"><font color="#ffffff">Shorewall Mailing Lists</font></h1>
-            </td>
+             </td>
-            <td valign="middle" width="33%">                     <a
+             <td valign="middle" width="33%">                     <a
 href="http://www.postfix.org/">       <img
 src="images/small-picture.gif" align="right" border="0" width="115"
 height="45" alt="(Postfix Logo)">
-                          </a><br>
+                           </a><br>
      <div align="left"><a href="http://www.spamassassin.org"><img
 src="images/ninjalogo.png" alt="" width="110" height="42" align="right"
 border="0">
-         </a> </div>
+          </a> </div>
-         <br>
+          <br>
      <div align="right"><br>
-            <b><font color="#ffffff"><br>
+             <b><font color="#ffffff"><br>
-   Powered by Postfix    </font></b><br>
+    Powered by Postfix    </font></b><br>
-            </div>
+             </div>
-            </td>
+             </td>
-                       </tr>
+                        </tr>
  </tbody>                     
 </table>
 <h2 align="left">Not getting List Mail? -- <a
 href="mailing_list_problems.htm">Check Here</a></h2>
 <p align="left">If you experience problems with any of these lists, please
-          let <a href="mailto:teastep@shorewall.net">me</a> know</p>
+           let <a href="mailto:teastep@shorewall.net">me</a> know</p>
 <h2 align="left">Not able to Post Mail to shorewall.net?</h2>
@ -87,32 +87,32 @@
 <p>Before subscribing please read my <a href="spam_filters.htm">policy   
-    about list traffic that bounces.</a> Also please note that the mail server
+   about list traffic that bounces.</a> Also please note that the mail server 
                 at shorewall.net checks incoming mail:<br>
-                </p>
+                 </p>
 <ol>
-                  <li>against <a href="http://spamassassin.org">Spamassassin</a>
+                   <li>against <a href="http://spamassassin.org">Spamassassin</a> 
    (including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
-          </li>
+           </li>
-                  <li>to ensure that the sender address is fully qualified.</li>
+                   <li>to ensure that the sender address is fully qualified.</li>
-                  <li>to verify that the sender's domain has an A or MX record
+                   <li>to verify that the sender's domain has an A or MX
-   in  DNS.</li>
+record    in  DNS.</li>
-                  <li>to ensure that the host name in the HELO/EHLO command 
+                   <li>to ensure that the host name in the HELO/EHLO command
- is  a  valid    fully-qualified  DNS name that resolves.</li>
+  is  a  valid    fully-qualified  DNS name that resolves.</li>
 </ol>
 <h2>Please post in plain text</h2>
-          A growing number of MTAs serving list subscribers are rejecting 
+           A growing number of MTAs serving list subscribers are rejecting
-all   HTML   traffic. At least one MTA has gone so far as to blacklist shorewall.net 
+ all   HTML   traffic. At least one MTA has gone so far as to blacklist shorewall.net
-  "for  continuous abuse" because it has been my policy to allow HTML in list
+   "for  continuous abuse" because it has been my policy to allow HTML in
-  posts!!<br>
+list   posts!!<br>
-          <br>
+           <br>
-          I think that blocking all HTML is a Draconian way to control spam 
+           I think that blocking all HTML is a Draconian way to control spam
-  and   that the ultimate losers here are not the spammers but the list subscribers
+   and   that the ultimate losers here are not the spammers but the list
-     whose MTAs are bouncing all shorewall.net mail. As one list subscriber
+subscribers      whose MTAs are bouncing all shorewall.net mail. As one list
-  wrote  to me privately "These e-mail admin's need to get a <i>(explitive
+subscriber   wrote  to me privately "These e-mail admin's need to get a <i>(explitive 
 deleted)</i>  life instead of trying to rid the planet of HTML based e-mail". 
 Nevertheless,  to allow subscribers to receive list posts as must as possible, 
 I have now  configured the list server at shorewall.net to strip all HTML 
@ -120,13 +120,13 @@ all   HTML   traffic. At least one MTA has gone so far as to blacklist shorewall
 the list server.<br>
 <p align="left"> <b>Note: </b>The list server limits posts to 120kb.<br>
-       </p>
+        </p>
 <h2>Other Mail Delivery Problems</h2>
-        If you find that you are missing an occasional list post, your e-mail 
+         If you find that you are missing an occasional list post, your e-mail
-  admin  may be blocking mail whose <i>Received:</i> headers contain the names
+   admin  may be blocking mail whose <i>Received:</i> headers contain the
-  of certain ISPs. Again, I believe that such policies hurt more than they
+names   of certain ISPs. Again, I believe that such policies hurt more than
- help but I'm not prepared to go so far as to start stripping <i>Received:</i>
+they  help but I'm not prepared to go so far as to start stripping <i>Received:</i> 
   headers to circumvent those policies.<br>
 <h2 align="left">Mailing Lists Archive Search</h2>
@ -140,13 +140,13 @@ the list server.<br>
  <option value="or">Any </option>
  <option value="boolean">Boolean </option>
  </select>
-                    Format:                                             
+                     Format:                                            
  <select name="format">
  <option value="builtin-long">Long </option>
  <option value="builtin-short">Short </option>
  </select>
-                    Sort by:                                            
+                     Sort by:                                           
  <select name="sort">
  <option value="score">Score </option>
@ -156,22 +156,23 @@ the list server.<br>
  <option value="revtime">Reverse Time </option>
  <option value="revtitle">Reverse Title </option>
  </select>
-                    </font> <input type="hidden" name="config"
+                     </font> <input type="hidden" name="config"
 value="htdig">    <input type="hidden" name="restrict"
 value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden"
 name="exclude" value=""> <br>
-                    Search: <input type="text" size="30" name="words"
+                     Search: <input type="text" size="30" name="words"
 value="">    <input type="submit" value="Search"> </p>
-                    </form>
+                     </form>
-<h2 align="left"><font color="#ff0000">Please do not try to download the entire
+ 
-Archive -- it is 75MB (and growing daily) and my slow DSL line simply won't
+<h2 align="left"><font color="#ff0000">Please do not try to download the
-stand the traffic. If I catch you, you will be blacklisted.<br>
+entire Archive -- it is 75MB (and growing daily) and my slow DSL line simply
-             </font></h2>
+won't stand the traffic. If I catch you, you will be blacklisted.<br>
              </font></h2>
 <h2 align="left">Shorewall CA Certificate</h2>
-                  If you want to trust X.509 certificates issued by Shoreline 
+                   If you want to trust X.509 certificates issued by Shoreline
-  Firewall     (such   as the one used on my web site), you may <a
+   Firewall     (such   as the one used on my web site), you may <a
 href="Shorewall_CA_html.html">download and install my CA certificate</a> 
         in your browser. If you don't wish to trust my certificates then 
 you    can    either use unencrypted access when subscribing to Shorewall 
@ -190,12 +191,12 @@ to  this list.</p>
 guidelines</a>.</b></p>
 <p align="left">To subscribe to the mailing list:<br>
-    </p>
+     </p>
 <ul>
-      <li><b>Insecure: </b><a
+       <li><b>Insecure: </b><a
 href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
-      <li><b>SSL:</b> <a
+       <li><b>SSL:</b> <a
 href="https://lists.shorewall.net/mailman/listinfo/shorewall-users"
 target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
@ -207,30 +208,30 @@ to  this list.</p>
 <p align="left">The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-users/index.html">http://lists.shorewall.net/pipermail/shorewall-users</a>.</p>
-<p align="left">Note that prior to 1/1/2002, the mailing list was hosted
+<p align="left">Note that prior to 1/1/2002, the mailing list was hosted at
-at <a href="http://sourceforge.net">Sourceforge</a>. The archives from that
+<a href="http://sourceforge.net">Sourceforge</a>. The archives from that list
-list may be found at <a
+may be found at <a
 href="http://www.geocrawler.com/lists/3/Sourceforge/9327/0/">www.geocrawler.com/lists/3/Sourceforge/9327/0/</a>.</p>
 <h2 align="left">Shorewall Announce Mailing List</h2>
 <p align="left">This list is for announcements of general interest to the
-          Shorewall community. To subscribe:<br>
+           Shorewall community. To subscribe:<br>
-    </p>
+     </p>
 <p align="left"></p>
 <ul>
-      <li><b>Insecure:</b> <a
+       <li><b>Insecure:</b> <a
 href="http://lists.shorewall.net/mailman/listinfo/shorewall-announce">http://lists.shorewall.net/mailman/listinfo/shorewall-announce</a></li>
-      <li><b>SSL</b>: <a
+       <li><b>SSL</b>: <a
 href="https://lists.shorewall.net/mailman/listinfo/shorewall-announce"
 target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-announce.</a></li>
 </ul>
 <p align="left"><br>
-                  The list archives are at <a
+                   The list archives are at <a
 href="http://lists.shorewall.net/pipermail/shorewall-announce">http://lists.shorewall.net/pipermail/shorewall-announce</a>.</p>
 <h2 align="left">Shorewall Development Mailing List</h2>
@ -240,12 +241,12 @@ list may be found at <a
         ongoing Shorewall Development.</p>
 <p align="left">To subscribe to the mailing list:<br>
-     </p>
+      </p>
 <ul>
-      <li><b>Insecure: </b><a
+       <li><b>Insecure: </b><a
 href="http://lists.shorewall.net/mailman/listinfo/shorewall-devel">http://lists.shorewall.net/mailman/listinfo/shorewall-devel</a></li>
-      <li><b>SSL:</b> <a
+       <li><b>SSL:</b> <a
 href="https://lists.shorewall.net/mailman/listinfo/shorewall-devel"
 target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-devel.</a></li>
@ -261,30 +262,30 @@ list may be found at <a
          the  Mailing Lists</h2>
 <p align="left">There seems to be near-universal confusion about unsubscribing 
-           from Mailman-managed lists although Mailman 2.1 has attempted
+           from Mailman-managed lists although Mailman 2.1 has attempted to
-to   make  this less confusing. To unsubscribe:</p>
+  make  this less confusing. To unsubscribe:</p>
 <ul>
-                       <li>                                             
+                        <li>                                            
    <p align="left">Follow the same link above that you used to subscribe 
          to the  list.</p>
-                       </li>
+                        </li>
-                       <li>                                             
+                        <li>                                            
    <p align="left">Down at the bottom of that page is the following text: 
          " 	To <b>unsubscribe</b> from <i>&lt;list name&gt;</i>, get a password 
    reminder,         or change your subscription options enter your subscription
-            email address:". Enter your email  address   in the box and click
+             email address:". Enter your email  address   in the box and
-     on the "<b>Unsubscribe</b> or edit options" button.</p>
+click      on the "<b>Unsubscribe</b> or edit options" button.</p>
-                       </li>
+                        </li>
-                       <li>                                             
+                        <li>                                            
    <p align="left">There will now be a box where you can enter your password 
          and  click on "Unsubscribe"; if you have forgotten your password, 
  there      is  another  button that will cause your password to be emailed 
  to you.</p>
-                       </li>
+                        </li>
 </ul>
@ -293,12 +294,13 @@ to   make  this less confusing. To unsubscribe:</p>
 <p align="left"><a href="gnu_mailman.htm">Check out these instructions</a></p>
-<p align="left"><font size="2">Last updated 2/3/2003 - <a
+<p align="left"><font size="2">Last updated 2/18/2003 - <a
 href="http://www.shorewall.net/support.htm">Tom Eastep</a></font></p>
-<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font> ©
+<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font>
-<font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
+© <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
- </p>
+  </p>
  <br>
 <br>
 </body>
 </html>
--- a/STABLE/documentation/mailing_list_problems.htm
+++ b/STABLE/documentation/mailing_list_problems.htm
@ -1,49 +0,0 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
  <meta http-equiv="Content-Language" content="en-us">
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  <meta name="ProgId" content="FrontPage.Editor.Document">
  <title>Mailing List Problems</title>
 </head>
  <body>
 <table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#400169" height="90">
              <tbody>
               <tr>
                <td width="100%">                                       
      <h1 align="center"><font color="#ffffff">Mailing List Problems</font></h1>
                </td>
              </tr>
  </tbody>           
 </table>
 <h2 align="left">Shorewall.net is currently experiencing mail delivery problems
      to at least one address in each of the following domains:</h2>
 <blockquote>                                    
  <div align="left">                                      
  <pre>2020ca - delivery to this domain has been disabled (cause unknown)<br>arosy.de - delivery to this domain has been disabled (Relay access denied)<br>arundel.homelinux.org - delivery to this domain has been disabled (connection timed out, connection refused)<br>asurfer.com - (Mailbox full)<br>bol.com.br - delivery to this domain has been disabled (Mailbox Full)<br>cuscominc.com - delivery to this domain has been disabled (bouncing mail from all sources with "Mail rejected because the server you are sending to is misconfigured").<br>cvnet.psi.br - (DNS configuration error -- MX is cvn-srv1.cvnet.psi.br.cvnet.psi.br)<br>datakota.com - (DNS Timeouts)<br>excite.com - delivery to this domain has been disabled (cause unknown)<br>epacificglobal.com - delivery to this domain has been disabled (no MX record for domain)<br>freefish.dyndns.org - delivery to this domain has been disabled (Name Server Problem -- Host not found)<br>gmx.net - delivery to this domain has been disabled (cause unknown)<br>hotmail.com - delivery to this domain has been disabled (Mailbox over quota)<br>intercom.net - delivery to this domain has been disabled (cause unknown)<br>nitialcs.com - delivery to this domain has been disabled (cause unknown)<br>intelligents.2y.net - delivery to this domain has been disabled (Name Service Problem -- Host not Found).<br>khp-inc.com - delivery to this domain has been disabled (anti-virus problems)<br>kieninger.de - delivery to this domain has been disabled (relaying to &lt;xxxxx@kieninger.de&gt; prohibited by administrator)<br>lariera.com - delivery to this domain has been disabled (Unknown User)<br>mfocus.com.my - delivery to this domain has been disabled (MTA at mailx.mfocus.com.my not delivering and not giving a reason)<br>navair.navy.mil - delivery to this domain has been disabled (A restriction in the system prevented delivery of the message)<br>opermail.net - delivery to this domain has been disabled (cause unknown)<br>penquindevelopment.com - delivery to this domain has been disabled (connection timed out)<br>scip-online.de - delivery to this domain has been disabled (cause unknown)<br>spctnet.com - connection timed out - delivery to this domain has been disabled<br>telusplanet.net - delivery to this domain has been disabled (cause unknown)<br>the-techy.com - delivery to this domain has been disabled  (clueless administrator - continuous DNS problems) <br>yahoo.com - delivery to this domain has been disabled (Mailbox over quota)</pre>
              </div>
            </blockquote>
 <p align="left"><font size="2">Last updated 12/17/2002 02:51 GMT - <a
 href="support.htm">Tom Eastep</a></font></p>
 <p align="left"><a href="copyright.htm"> <font
 size="2">Copyright</font> © <font size="2">2002 Thomas M. Eastep.</font></a></p>
 <p align="left"> </p>
 <br>
 </body>
 </html>