Changes in 4.0.1 1) Add EXPAND_POLICIES. 2) Fix uninstallers. 3) Correct handling of 'ipsec' option in the hosts file. 4) Corrent handling of 'PATH' in Shorewall-perl. 5) Correct handling of ECN with MANGLE_FORWARD. 6) Relax ADDRTYPE restriction. 7) Be sure that chkconfig runs after upgrade from < 4.0.0 8) Better out-of-order policy detection. 9) Fix dropBcast/allowBcast logging and other logging fixes/improvements. Changes in 4.0.0 Final 1) Fix lite install.sh manpage problem. 2) Fix shorewall-shell .spec to modify SHOREWALL_COMPILER. 3) Shuffle code in Providers.pm. 4) Consolicate Common.pm + Config.pm and Interfaces.pm + Hosts.pm + Zones.pm. 5) Validate log level in policy file. Changes in 4.0.0 RC 2 1) Fix zone type check in Tunnels File. 2) Remove -f as default start OPTIONS. 3) Remove 3.4 compatibility hacks. 4) Fix install.sh manpage problem. 5) Fix LITEDIR mess. 6) Fix IPSEC. 7) Add Tunneling Macros from Tuomo Soini. Changes in 4.0.0 RC 1 1) shorewall-perl RPM no longer installable under shorewall 3.4. 2) Fix limited broadcast and detectnets/routeback interfaces. 3) Use optimized 'split' for faster compilation. 4) Validate host part in hosts file entry. 5) Fix IPSECFILE=ipsec. 6) Make ':noah' the default. 7) Work around SELinux nonsense. 8) Restore the 'refresh' command. 9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file. 10) Raise error on chmod failure. 11) Handle shell variables with zero value correctly. Changes in 4.0.0 Beta 6 1) First step to adding compiler debugging facility. 2) Assume that iptables-restore is in the same directory as $IPTABLES 3) Fix buildports.pm to handle bogus entries in /etc/protocols and /etc/services. 4) Allow COMMENT in the accounting file. Changes in 4.0.0 Beta 6 1) Validate the DISPOSITION in /etc/shorewall/maclist entries. 2) Add versioning to capabilities files. 3) Improve compiler selection. 4) DYNAMIC_ZONES=Yes and bridges. 5) Implement port validation. Changes in 4.0.0 Beta 5 1) Fix undefined function call when both an input interface and an output interface are present. 2) Externalize compiler and Compile.pm. Changes in 4.0.0 Beta 4 1) Fix the 'Modules' output of 'dump' 2) Fix FW=xxx with IPSECFILE=ipsec. 3) Fix wildcard-rule/NONE-policy interaction. 4) Clean up generation of user-exit jacket functions. 5) Add new bridge code. 6) Fix bad bug in exclusion. Changes in 4.0.0 Beta 2 1) Fix screwup in get_routed_networks(). 2) Some minor tweaks. 3) Fix synflood chain jumps. 4) Simplify synflood handling and improve error diagnostics. Changes in 4.0.0 Beta 1 1) Fix add/delete . 2) Fix do_proto() and 'use IPConfig' in Providers.pm. 3) Implement dynamic host group detection. Changes in 3.9.7 1) Clean up release notes. 2) Fix several bugs having to do with exclusion in the hosts file. 3) Use '-m addrtype' in detectnet interface output rules. 4) Fix find_hosts_by_option(). 5) Fix more hosts file bugs. 6) Fix 'detect' in GATEWAY column of providers file. 8) Other bug fixes (see release notes). 7) Fix action in 'logreject'. 8) Allow macros to invoke macros outside of action bodies. Changes in 3.9.6 1) Fix parsing problems in protocol handling. 2) Fix bugs in handling of the MARK column. 3) Fix bug in routing table copying 4) Fix bug in ipset handling. 5) Fix bug in handling of CONTINUE in the tcrules file. 6) Add RCP_COMMAND and RSH_COMMAND options in shorewall.conf 7) Apply Luigi's MARK patch. Changes in 3.9.5 1) Fix dynamic zone problem. 2) Fix LOGALLNEW. 3) Implement log level, protocol and port validation. 4) Fix MACLIST log rule generation problem. Changes in 3.9.4 1) Fix port 0 problem (again!). 2) Fix log_martians. 3) Make LOG_MARTIANS and ROUTE_FILTER tri-valued. 4) Fix arp_ignore. 5) Re-work ROUTE_FILTER and LOG_MARTIANS. 6) Fix handling of interface options. 7) Fix handling of zone ipsec options. 8) Fix 'routeback' on multi-zone interface. 9) Fix 'check -d'. 10) Fix intra-zone policies. 11) Fix typo in maclist validation. 12) Allow 'optional' to work with 'maclist'. Changes in 3.9.3 1) Apply Steven Springl's patch for port checking. 2) Implement 'optional' interface option. 3) Fix a couple of bugs in 'owner' handling. 4) Fix several bugs in address/network detection. 5) Make a number of interface options binary. 6) Add wildcard edits in interface processing. 7) Fix dropInvalid. 8) Fix 'none'. 9) Fix SAME with SOURCE $FW 10) Fix tcp:syn. 11) Fix all->z rules with 'NONE' policy. 12) Check for reserved zone names. 13) Add check for firewall zone existance. 14) Add checks for zone existance in 'all' processing. Changes in 3.9.2 1) Implement '-C {shell|perl}'. 2) Implement LOCKFILE 3) Fix typo in prog.footer. 4) Fix Shorewall-perl hosts and tcclasses errors. 5) Add IPPserver macro. 6) Fix problem with 'stop' and 'clear' when shorewall-shell not installed. 7) Moved lib.dynamiczones to Shorewall. 8) Fix silly bug in lib.base. 9) Apply Steven Springl's patch for ICMP.