Changes since 2.0.3 1) Fix security vulnerability involving temporary files/directories. 2) Hack security fix so that it works under Slackware. 3) Correct mktempfile() for case where mktemp isn't installed. 4) Implement 'dropInvalid' builtin action. 5) Fix logging nat rules. 6) Fix COMMAND typos. 7) Add PKTTYPE option. 8) Enhancements to /etc/shorewall/masq 8) Allow overriding ADD_IP_ALIASES=Yes 9) Fix syntax error in setup_nat() 10) Port "shorewall status" changes from 2.0.7. 11) All config files are now empty. 12) Port blacklisting fix from 2.0.7 13) Pass rule chain and display chain separately to log_rule_limit. Prep work for action logging. 14) Show the iptables/ip/tc command that failed when failure is fatal. 15) Implement STARTUP_ENABLED. 16) Added DNAT ONLY column to /etc/shorewall/nat. 17) Removed SNAT from ORIGINAL DESTINATION column. 18) Removed DNAT ONLY column. 19) Added IPSEC column to /etc/shorewall/masq. 20) No longer enforce source port 500 for ISAKMP. 21) Apply policy to interface/host options. 22) Fix policy and maclist. 23) Implement additional IPSEC options for zones and masq entries. 24) Deprecate the -c option in /sbin/shorewall. 25) Allow distinct input and output IPSEC parameters. 26) Allow source port remapping in /etc/shorewall/masq. 27) Include params file on 'restore' 28) Apply Richard Musil's patch. 29) Correct parsing of PROTO column in setup_tc1(). 30) Verify Physdev match if BRIDGING=Yes 31) Don't NAT tunnel traffic. 32) Fix shorewall.spec to run chkconfig/insserv after initial install. 33) Add iprange support. 34) Add CLASSIFY support. 35) Fix iprange support so that ranges in both source and destination work. 36) Remove logunclean and dropunclean 37) Fixed proxy arp flag setting for complex configurations. 38) Added RETAIN_ALIASES option. 39) Relax OpenVPN source port restrictions. 40) Implement DELAYBLACKLISTLOAD. 41) Avoid double-setting proxy arp flags. 42) Fix DELAYBLACKLISTLOAD=No. 43) Merge 'brctl show' change from 2.0.9. 44) Implememt LOGTAGONLY. 45) Merge 'tcrules' clarification from 2.0.10. 46) Implement 'sourceroute' interface option. 47) Add 'AllowICMPs' action. 48) Changed 'activate_rules' such that traffic from IPSEC hosts gets handled before traffic from non-IPSEC zones. 49) Correct logmartians handling. 50) Add a clarification and fix a typo in the blacklist file. 51) Allow setting a specify MSS value. 52) Detect duplicate zone names. 53) Add mss= option to the ipsec file. 54) Added CONNMARK/ipp2p support. 55) Added LOGALLNEW support. 56) Fix typo in check_config() 57) Allow outgoing NTP responses in action.AllowNTP. 58) Clarification of the 'ipsec' hosts file option. 59) Allow list in the SUBNET column of the rfc1918 file. 60) Restore missing '#' in the rfc1918 file. 61) Add note for Slackware users to INSTALL. 62) Allow interface in DEST tcrules column. 63) Remove 'ipt_unclean' from search expression in "log" commands. 64) Remove nonsense from IPSEC description in masq file. 65) Correct typo in rules file. 66) Update bogons file. 67) Add a rule for NNTPS to action.AllowNNTP 68) Fix "shorewall add" 69) Change CLIENT PORT(S) to SOURCE PORT(S) in tcrules file. 70) Correct typo in shorewall.conf. 71) Add the 'icmp_echo_ignore_all' file to the /proc display. 72) Apply Tuomas Jormola's IPTABLES patch. 73) Fixed some bugs in Tuomas's patch. 74) Correct bug in "shorewall add" 75) Correct bridge handling in "shorewall add" and "shorewall delete" 76) Add "shorewall show zones" 77) Remove dependency of "show zones" on dynamic zones. 78) Implement variable expansion in INCLUDE directives 79) More fixes for "shorewall delete" with bridging. 80) Split restore-base into two files. 81) Correct OUTPUT handling of dynamic zones. 83) Add adapter statistics to the output of "shorewall status". 84) Log drops due to policy rate limiting. 85) Continue determining capabilities when fooX1234 already exists. 86) Corrected typo in interfaces file. 87) Add DROPINVALID option. 88) Allow list of hosts in add and delete commands. Fix ipsec problem with "add" and "delete" 89) Clarify add/delete syntax in /sbin/shorewall usage summary. 90) Implement OpenVPN TCP support. 91) Simplify the absurdly over-engineered code that restores the dynamic chain. 92) Add OPENVPNPORT option. 93) Remove OPENVPNPORT option and change default port to 1194. 94) Avoid shell error during "shorewall stop/clear" 95) Change encryption to blowfish in 'ipsecvpn' script. 96) Correct rate limiting rule example. 97) Fix :: handling in setup_masq(). 98) Fix mis-leading typo in tunnels. 99) Fix brain-dead ipsec option handling in setup_masq(). 100) Reconcile ipsec masq file implementation with the documentation. 101) Add netfilter module display to status output. 102) Add 'allowInvalid' builtin action. 103) Expand range of Traceroute ports. 102) Correct uninitialized variable in setup_ecn() 103) Allow DHCP to be IPSEC-encrypted.