1)  All versions of Shorewall-perl mishandle per-IP rate limiting in
    REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
    the values given in the rule.

    Corrected in 4.4.7.1

2)  Detection of the 'Old hashlimit match' capability was broken in
    /sbin/shorewall, /sbin/shorewall-lite and in the IPv4 version of 
    shorecap. This problem only affects users of older distributions
    such as RHEL5 and derivatives.

    Corrected in 4.4.7.2

3)  On older distributions such as RHEL5 and derivatives, when
    LOAD_HELPERS_ONLY=No, Shorewall would fail to start if a TYPE was
    specified in /etc/shorewall/tcinterfaces.

    Corrected in 4.4.7.2

4)  On older distributions such as RHEL5 and derivatives, when
    LOAD_HELPERS_ONLY=Yes, Shorewall would fail to start if a TYPE was
    specified in /etc/shorewall/tcinterfaces.

    Corrected in 4.4.7.3

5)  A CONTINUE rule specifying a log level will cause the compiler to
    generate an incorrect rule sequence. The packet will be logged but
    the CONTINUE action will not occur.

    To work around the problem break the rule into two rules; a logging
    rule and a CONTINUE rule.

    Corrected in 4.4.7.5.