shorewall_code/Shorewall/releasenotes.txt

This is a minor release of Shorewall.

Problems Corrected since version 1.4.8:

1) There has been a low continuing level of confusion over the terms
   "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
   instances of "Static NAT" have been replaced with "One-to-one NAT"
   in the documentation and configuration files.

2) The description of NEWNOTSYN in shorewall.conf has been reworded for
   clarity.

Migration Issues:

None.

New Features:

1) To cut down on the number of "Why are these ports closed rather than
   stealthed?" questions, the SMB-related rules in
   /etc/shorewall/common.def have been changed from 'reject' to 'DROP'.

2) For easier identification, packets logged under the 'norfc1918'
   interface option are now logged out of chains named
   'rfc1918'. Previously, such packets were logged under chains named
   'logdrop'.

3) Distributors and developers seem to be regularly inventing new
   naming conventions for kernel modules. To avoid the need to change
   Shorewall code for each new convention, the MODULE_SUFFIX option has
   been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix
   for module names in your particular distribution. If MODULE_SUFFIX
   is not set in shorewall.conf, Shorewall will use the list "o gz ko
   o.gz".

   To see what suffix is used by your distribution:

      ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter

   IMPORTANT: Those are back single quotes (upper lefthand corner of
   your keyboard).
   
   All of the files listed should have the same suffix (extension). Set
   MODULE_SUFFIX to that suffix.

   Examples: 

	    If all files end in ".kzo" then set MODULE_SUFFIX="kzo"
	    If all files end in ".kz.o" then set MODULE_SUFFIX="kz.o"