diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index df27f784d..7516a2859 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -22,6 +22,8 @@ Changes in 4.1.7
 
 11) Defer enabling of forwarding until rules are in place.
 
+12) Merge Tuomo's SANE support patch. 
+
 Changes in 4.1.6
 
 1)  Deprecate IMPLICIT_CONTINUE=Yes
diff --git a/Shorewall-common/macro.SANE b/Shorewall-common/macro.SANE
new file mode 100644
index 000000000..19312256e
--- /dev/null
+++ b/Shorewall-common/macro.SANE
@@ -0,0 +1,23 @@
+#
+# Shorewall version 4 - SANE Macro
+#
+# /usr/share/shorewall/macro.SANE
+#
+#	This macro handles SANE network scanning.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	6566
+#
+# Kernels 2.6.23+ has nf_conntrack_sane module which will handle
+# sane data connection.
+#
+# If you don't have sane conntracking support you need to open whole dynamic
+# port range.
+#
+# This is for normal linux 2.4+
+#PARAM	-	-	tcp	32768:61000
+# This is generic rule for any os running saned.
+#PARAM	-	-	tcp	1024:
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/modules b/Shorewall-common/modules
index ce832aa76..1d4c7e188 100644
--- a/Shorewall-common/modules
+++ b/Shorewall-common/modules
@@ -89,6 +89,7 @@ loadmodule nf_conntrack_proto_gre
 loadmodule nf_conntrack_proto_sctp
 loadmodule nf_conntrack_sip
 loadmodule nf_conntrack_tftp
+loadmodule nf_conntrack_sane
 loadmodule nf_nat_amanda
 loadmodule nf_nat_ftp
 loadmodule nf_nat_h323
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index bc6cb32be..e83ecb235 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -249,6 +249,12 @@ New Features in 4.1.7.
     NULL_ROUTE_RFC1918 defaults to 'No' and is only supported by
     Shorewall-perl; Shorewall-shell ignores the option.
 
+7)  There is now a macro.SANE which supports network-attached
+    scanners. Shorewall now automatically loads the sane connection
+    tracking helper module.
+
+    Thanks for this feature go to Tuomo Soini.
+
 New Features in Shorewall 4.1.
 
 1)  Shorewall 4.1 contains support for multiple Internet providers