Template: shorewall/upgrade_to_14
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now?
 This is a major release of Shorewall that introduces some changes in the
 configuration files. The major changes are listed below.
 .
 You _must_ review your firewall configuration in order to get Shorewall to
 work properly.
 .
 * The MERGE_HOSTS variable in shorewall.conf is no longer
   supported. Shorewall 1.4 behavior is the same as 1.3 with
   MERGE_HOSTS=Yes.
 .
 * Interface names of the form <device>:<integer> in
   /etc/shorewall/interfaces now generate an error.
 .
 * OLD_PING_HANDLING=Yes will generate an error at startup as will
   specification of the 'noping' or 'filterping' interface options.
 .
 * In addition to behaving like OLD_PING_HANDLING=No, Shorewall 1.4 no
   longer unconditionally accepts outbound ICMP packets. So if you want
   to 'ping' from the firewall, you will need the appropriate rule or
   policy.
 .
 * The 'routestopped' option in the /etc/shorewall/interfaces and
   /etc/shorewall/hosts files is no longer supported and will generate
   an error at startup if specified.
 .
 * The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer
   accepted.
 .
 * The ALLOWRELATED variable in shorewall.conf is no longer
   supported. Shorewall 1.4 behavior is the same as 1.3 with
   ALLOWRELATED=Yes.
 .
 * The 'multi' interface option is no longer supported.
 .
 * The SHARED_DIR variable has been removed from shorewall.conf. This
   variable was for use by package maintainers and was not documented
   for general use.

Template: shorewall/dont_restart
Type: note
Description: Shorewall won't be restarted automatically
 This will prevent network blackout due to changes in configuration files.
 .
 Check your configuration and then restart Shorewall issuing:
 .
         invoke-rc.d shorewall restart
 .
 or
 .
         /etc/init.d/shorewall restart

Template: shorewall/upgrade_14_20
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now? 
 This is a major release of Shorewall that introduces some changes in the
 configuration files. You have to check carefully your configuration before
 restarting your firewall to avoid failures and network blackout. The changes
 are listed below (or in /usr/share/doc/shorewall/upgrade_14-20.txt.gz):
 .
 * The 'dropunclean' and 'logunclean' interface options are no longer
   supported. If either option is specified in /etc/shorewall/interfaces, an
   threatening message will be generated.
 .
 * The NAT_BEFORE_RULES option has been removed from shorewall.conf. The
   behavior of Shorewall is as if NAT_BEFORE_RULES=No had been specified. In
   other words, DNAT rules now always take precidence over one-to-one NAT
   specifications.
 .
 * The default value for the ALL INTERFACES column in /etc/shorewall/nat has
   changed. In Shorewall 1.*, if the column was left empty, a value of "Yes"
   was assumed. This has been changed so that a value of "No" is now assumed.
 .
 * The following files don't exist in Shorewall 2.0:
 .
     /etc/shorewall/common.def
     /etc/shorewall/common
     /etc/shorewall/icmpdef
     /etc/shorewall/action.template (Moved to /usr/share/shorewall)
     /etc/shorewall/rfc1918 (Moved to /usr/share/shorewall).
 .
 * The /etc/shorewall/action file now allows an action to be designated as the
   "common" action for a particular policy type by following the action name
   with ":" and the policy (DROP, REJECT or ACCEPT).
 .
 * The /etc/shorewall directory no longer contains a 'users' file or a
   'usersets' file. Similar functionality is now available using user-defined
   actions.
 .
 * It is no longer possible to specify rate limiting in the ACTION column of
   /etc/shorewall/rules -- you must use the RATE LIMIT column.
 .
 * Depending on which method you use to upgrade, if you have your own version
   of /etc/shorewall/rfc1918, you may have to take special action to restore it
   after the upgrade. Look for /etc/shorewall/rfc1918*, locate the proper file
   and rename it back to /etc/shorewall/rfc1918. The contents of that file will
   supercede the contents of /usr/share/shorewall/rfc1918.

Template: shorewall/upgrade_20_22
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now? 
 This is a major release of Shorewall that introduces some changes in the
 configuration files. You have to check carefully your configuration before
 restarting your firewall to avoid failures and network blackout. The changes
 are listed in /usr/share/doc/shorewall/releasenotes.txt.gz.

Template: shorewall/warnrfc1918
Type: note
Description: Possible out-of-date rfc1918 configration file
 The file rfc1918 has been found in your shorewall configuration
 directory. It probably comes from an upgrade from a previous
 version. Note that the file has now been replaced by rfc1918 and
 bogons, the former is only used to list private network
 addresses and the latter is used to list unassigned addresses
 and must be kept up-to-date; previously rfc1918 was used for
 both kind of addresses. It is strongly recommended to remove the file
 from the configuration directory and let shorewall to use its default
 one (located at /usr/share/shorewall/).