Changes in Shorewall 4.4.0-RC2 1) Fix capabilities file with Shorewall6. 2) Allow Shorewall6 to recognize TC, IP and IPSET 3) Make 'any' a reserved zone name. 4) Correct handling of an ipsec zone nested in a non-ipsec zone. Changes in Shorewall 4.4.0-RC1 1) Delete duplicate Git macro. 2) Fix routing when no providers. 3) Add 'any' as a SOURCE/DEST in rules. 4) Fix NONAT on child zone. 5) Fix rpm -U from earlier versions 6) Generate error on 'status' by non-root. 7) Get rid of prog.functions and prog.functions6 Changes in Shorewall 4.4.0-Beta4 1) Add more macros. 2) Correct broadcast address detection 3) Fix 'show dynamic' 4) Fix BGP and OSFP macros. 5) Change DISABLE_IPV6 default and use 'correct' ip6tables. Changes in Shorewall 4.4.0-Beta3 1) Add new macros. 2) Work around mis-configured interfaces. 3) Fix 'show dynamic'. 4) Check for xt_LOG. 5) Fix 'findgw' Changes in Shorewall 4.4.0-Beta2 1) The 'find_first_interface_address()' and 'find_first_interface_address_if_any()' functions have been restored to lib.base. 2) Integerize r2q before inserting it into 'tc qdisc add root' command. 3) Remove '-h' from the help text for install.sh in Shorewall and Shorewall6. 4) Delete the 'continue' file from the Shorewall package. 5) Add 'upnpclient' interface option. 6) Fix handling of optional interfaces. 7) Add 'iptrace' and 'noiptrace' command. 8) Add 'USER/GROUP' column to masq file. 9) Added lib.private. Changes in Shorewall 4.4.0-Beta1 1) Correct typo in Shorewall6 two-interface sample shorewall.conf. 2) Fix TOS mnemonic handling in /etc/shorewall/tcfilters. Changes in Shorewall 4.3.12 1) Eliminate 'large quantum' warnings. 2) Add HFSC support. 3) Delete support for ipset binding. Jozsef has removed the capability from ipset. 4) Add TOS and LENGTH columns to tcfilters file. 5) Fix 'reset' command. 6) Fix 'findgw'. 7) Remove 'norfc1918' support. Changes in Shorewall 4.3.11 1) Reduce the number of arguments passed in may cases. 2) Fix SCTP source port handling in tcfilters. 3) Add 'findgw' user exit. 4) Add macro.Trcrt Changes in Shorewall 4.3.10 1) Fix handling of shared optional providers. 2) Add WIDE_TC_MARKS option. 3) Allow compile to STDOUT. 4) Fix handling of class IDs. 5) Deprecate use of an interface in the SOURCE column of /etc/shorewall/masq. 6) Fix handling of 'all' in the SOURCE of DNAT- rules. 7) Fix compile for export. 8) Optimize IPMARK. 9) Implement nested HTB classes. 10) Fix 'iprange' command. 11) Make traffic shaping work better with IPv6. 12) Externalize 'flow'. 13) Fix 'start' with AUTOMAKE=Yes Changes in Shorewall 4.3.9 1) Logging rules now create separate chain. 2) Fix netmask genereation in tcfilters. 3) Allow Shorewall6 with kernel 2.6.24 4) Avoid 'Invalid BROADCAST address' errors. 5) Allow Shorewall6 on kernel 4.2.24:Shorewall/changelog.txt 6) Add IP, TC and IPSET options in shorewall.conf and shorewall6.conf. 7) Add IPMARK support Changes in Shorewall 4.3.8 1) Apply Tuomo Soini's patch for USE_DEFAULT_RT. 2) Use 'startup_error' for those errors caught early. 3) Fix swping 4) Detect gateway via dhclient leases file. 5) Suppress leading whitespace on certain continuation lines. 6) Use iptables[6]-restore to stop the firewall. 7) Add AUTOMAKE option 8) Remove SAME support. 9) Allow 'compile' without a pathname. 10) Fix LOG_MARTIANS=Yes. 11) Adapt I. Buijs's hashlimit patch. Changes in Shorewall 4.3.7 1) Fix forward treatment of interface options. 2) Replace $VARDIR/.restore with $VARDIR/firewall 3) Fix DNAT- parsing of DEST column. 4) Implement dynamic zones 5) Allow 'HOST' options on bridge ports. 6) Deprecate old macro parameter syntax. Changes in Shorewall 4.3.6 1) Add SAME tcrules target. 2) Make 'dump' display the raw table. Fix shorewall6 dump anomalies. 3) Fix split_list1() 4) Fix Shorewall6 file location bugs. Changes in Shorewall 4.3.5 1) Remove support for shorewall-shell. 2) Combine shorewall-common and shorewall-perl to product shorewall. 3) Add nets= OPTION in interfaces file. 4) Add SAME MARK/CLASSIFY target