Changes in 3.0.4 1) Console-friendly version of shorewall.conf. 2) Add 'Limit' as a standard action. 3) Enabled loopback traffic under the DISABLE_IPV6 option. Changes in 3.0.3 1) Implement "shorewall show macros" 2) Comments regarding bridge configuration were improved. 3) Applied Tuomo Soini's patch to pretty up the tc4shorewall files. 4) Fix 'safe-start' and 'safe'restart' -- add support for -q in the process. 5) Fix help text for restore. Add -q to help for safe-start and safe-restart. 6) Add more migration information to release notes. 7) Allow "-" in the ADDRESS/SUBNET column of the blacklist file. 8) Add traffic shaping information to "dump" output. 9) Allow 'none' in the COPY column of /etc/shorewall/providers. 10) Implement 'ipdecimal' command. 11) Implement 'reload' in the init script. 12) Correct README.txt 13) Add upgrade considerations for 2.0 users to release notes. 14) Change default for CLEAR_TC to "Yes". 15) Added warning to the zones file. 16) Fixed bug in tcrules processing (interface name in SOURCE column). 17) Create /var/log/shorewall-init.log when installing on Debian. Changes in 3.0.2 1) Typos in the Samples corrected. 2) Incompatibility with old kernels worked around. 3) Added new Webmin macro 4) Arch Linux installation routines improved Changes in 3.0.1 1) Set policies for chains in nat, mangle and raw tables. 2) Applied Tuomo's patch for Makefile. 3) Add Farkas ordering to generated SOURCE and DEST column when expanding macros. 4) Clarify PORTS column in blacklist file. 5) Correct CLAMPMSS/FASTACCEPT interaction. Changes in 3.0.0 Final None. Changes in 3.0.0 RC 3. 1) ROUTE target and Extended Mark removed from capabilities. 2) Suppress 'ambiguous redirect' error messages. 3) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon). 4) Stop whining about ipt_owner messages under kernel 2.6.14. 5) Update config files with cmd-owner info. 6) Fix DHCP with MACLIST_TABLE=mangle. 7) Remove Slackware special case from INSTALL instructions. Changes in 3.0.0 RC 2. 1) Fix support for OpenVPN and tcp. 2) Correct cut-and-paste error in 'arp_ignore' processing. 3) Add 'src' to gateway routes. Make 'find_first_interface_address' look for global addresses only. 4) Update /etc/shorewall/interfaces to describe multiple interfaces to a zone. Changes in 3.0.0 RC 1. 1) Correct spelling of MACLIST_TABLE in shorewall.conf. Changes in 3.0.0 Beta 1. 1) Add TC_ENABLED=Internal 2) Fix default tc class bug. Changes in 2.5.8 1) Fix 'shorewall refresh' with long tcrules entries. 2) Implement MACLIST_TABLE. 3) Make tc class ids unique between devices. Changes in 2.5.7 1) Fix ADMINISABSENTMINDED=Yes vs. entries in /etc/shorewall/routestopped. 2) Fix traffic shaping and "shorewall refresh" 3) Add capabilities report to "shorewall dump". 4) Rename 'plain' to 'ipv4' 5) Deimplement NEWNOTSYN 6) Fix logging IPP2P rules. 7) Add zone type to /var/lib/shorewall/zones. 8) Give better diagnostics when IPP2P match isn't available. 9) Do not touch mangle chain during "refresh". 10) Implement support for UDP IPP2P Matching. Changes in 2.5.6 1) Finish install/fallback cleanup. 2) Fix startup failure. 3) Add "-n" option. Changes in 2.5.5 1) Zone file alchemy attempted. 2) Fix install.sh re: Makefile 3) Fix error handling. 4) Add SHOREWALL_LIBRARY function. Changes in 2.5.4 1) Allow TAG to be used as a general parameter mechanism [hack]. 2) Fix some ghastly bugs in macros. 3) "shorewall check" now checks the masq file. 4) "shorewall check" now checks the proxyarp file. 5) "shorewall check" now checks the nat file. 6) "shorewall check" now checks the providers file. 7) Merge 'tc4shorewall' 8) Modify tc4shorewall so that it plays well with Shorewall save/restore. Changes in 2.5.3 1) Allow exclusion lists in /etc/shorewall/tcrules. 2) Added 'openvpnserver' and 'openvpnclient' tunnel types. 3) Set COMMAND=restore in restore-base. 4) Allow exclusion lists in actions. 5) Make intra-zone policies more rational. 6) Clear the raw table on stop and [re]start 7) Section the rules file. 8) Fixed tunnels/rules interaction problems. 9) Provide hack for passing arguments to action extension scripts. Changes in 2.5.2 1) Allow port lists in /etc/shorewall/accounting. 2) Fix PKTTYPE=No and packet type match capability reporting. 3) Add FASTACCEPT option. 4) Generate error if norfc1918 is specified on an interface with an RFC 1918 IP address. 5) Implement exclusion lists in /etc/shorewall/rules. Changes in 2.5.1 1) Make "shorewall add" work with 'ipsec' in hosts file. 2) Remove dependence on 'which' 3) Rename "status" to "dump" and add real status command. 4) Fix Makefile (compare to restore-base rather than restarted). 5) Add "all+" 6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME 7) Add FASTACCEPT option in shorewall.conf. 8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP address. 9) Finally implement exclude lists in rules. Changes in 2.5.1ex/2.5.0 1) Clean up handling of zones 2) Make the removal of the ipsec file upward compatible. 3) Improve CONTINUE policy handling. 4) Implement arp_ignore support. Changes in 2.5.0ex 1) Make warning and error messages easier to find by using capitalization. 2) Remove /etc/shorewall/ipsec and merge it's function with /etc/shorewall/zones. 3) Apply small fix to the above patch. 4) Remove dynamic zone support. 5) Add "established policy" support. 6) Add CRITICALHOSTS support. 7) Remove 'bogon' stuff. 8) Implement Macros.