Changes in 3.0.7

1)  Accomodate the absense of a mangle FORWARD and POSTROUTING chains.

2)  Allow for a large number of IP addresses on a multi-ISP interface.

3)  Clear SUBSYSLOCK on Debian/Ubuntu installs.

4)  Delete exclusion chains from mangle table during 'shorewall refresh'

Changes in 3.0.6

1)  Correct typo in help file ("help drop").

2)  Allow interface named 'inet'.

3)  Fix syntax error in validate_policy()

4)  Add iptable_mangle and iptables_nat to the modules file.

5)  Add 'refreshed' extension script.

6)  Fix SAME/ADD_SNAT_ALIASES interaction.

7)  Fix 'routeback' on bridge ports.

Changes in 3.0.5

1)  Run /etc/shorewall/ipsets during 'restore'

2)  Apply Tuomo Soini's IPSEC patch.

3)  Apply Tuomo Soini's Noecho patch.

4)  Fix QUEUE rules in the ESTABLISHED section.

5)  Apply Ed Suominen's patch for tcrules.

6)  Fix allow/drop/reject when Shorewall not started.

7)  Apply Paul Traina's TOS change.

8)  Brige port matching fixes.

Changes in 3.0.4

1)  Console-friendly version of shorewall.conf.

2)  Add 'Limit' as a standard action.

3)  Enabled loopback traffic under the DISABLE_IPV6 option.

4)  Close hole in bridged configurations.

5)  Fix bug in NONE intra-zone policy handling.

6)  Fix bug in RETAIN_ALIASES=Yes.

7)  Wildcard port support.

8)  Fix logging of old mapped standard actions.

9)  Add additional modules to /etc/shorewall/modules.

Changes in 3.0.3

1) Implement "shorewall show macros"

2) Comments regarding bridge configuration were improved.

3) Applied Tuomo Soini's patch to pretty up the tc4shorewall files.

4) Fix 'safe-start' and 'safe'restart' -- add support for -q in the process.

5) Fix help text for restore. Add -q to help for safe-start and safe-restart.

6) Add more migration information to release notes.

7) Allow "-" in the ADDRESS/SUBNET column of the blacklist file.

8) Add traffic shaping information to "dump" output.

9) Allow 'none' in the COPY column of /etc/shorewall/providers.

10) Implement 'ipdecimal' command.

11) Implement 'reload' in the init script.

12) Correct README.txt

13) Add upgrade considerations for 2.0 users to release notes.

14) Change default for CLEAR_TC to "Yes".

15) Added warning to the zones file.

16) Fixed bug in tcrules processing (interface name in SOURCE column).

17) Create /var/log/shorewall-init.log when installing on Debian.

Changes in 3.0.2

1) Typos in the Samples corrected.

2) Incompatibility with old kernels worked around.

3) Added new Webmin macro

4) Arch Linux installation routines improved

Changes in 3.0.1

1) Set policies for chains in nat, mangle and raw tables.

2) Applied Tuomo's patch for Makefile.

3) Add Farkas ordering to generated SOURCE and DEST column when expanding
   macros.

4) Clarify PORTS column in blacklist file.

5) Correct CLAMPMSS/FASTACCEPT interaction.

Changes in 3.0.0 Final

None.

Changes in 3.0.0 RC 3.

1) ROUTE target and Extended Mark removed from capabilities.

2) Suppress 'ambiguous redirect' error messages.

3) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon).

4) Stop whining about ipt_owner messages under kernel 2.6.14.

5) Update config files with cmd-owner info.

6) Fix DHCP with MACLIST_TABLE=mangle.

7) Remove Slackware special case from INSTALL instructions.

Changes in 3.0.0 RC 2.

1) Fix support for OpenVPN and tcp.

2) Correct cut-and-paste error in 'arp_ignore' processing.

3) Add 'src' to gateway routes. Make 'find_first_interface_address' look for
   global addresses only.

4) Update /etc/shorewall/interfaces to describe multiple interfaces to a zone.

Changes in 3.0.0 RC 1.

1) Correct spelling of MACLIST_TABLE in shorewall.conf.

Changes in 3.0.0 Beta 1.

1) Add TC_ENABLED=Internal

2) Fix default tc class bug.

Changes in 2.5.8

1) Fix 'shorewall refresh' with long tcrules entries.

2) Implement MACLIST_TABLE.

3) Make tc class ids unique between devices.

Changes in 2.5.7

1) Fix ADMINISABSENTMINDED=Yes vs. entries in /etc/shorewall/routestopped.

2) Fix traffic shaping and "shorewall refresh"

3) Add capabilities report to "shorewall dump".

4) Rename 'plain' to 'ipv4'

5) Deimplement NEWNOTSYN

6) Fix logging IPP2P rules.

7) Add zone type to /var/lib/shorewall/zones.

8) Give better diagnostics when IPP2P match isn't available.

9) Do not touch mangle chain during "refresh".

10) Implement support for UDP IPP2P Matching.

Changes in 2.5.6

1) Finish install/fallback cleanup.

2) Fix startup failure.

3) Add "-n" option.

Changes in 2.5.5

1) Zone file alchemy attempted.

2) Fix install.sh re: Makefile

3) Fix error handling.

4) Add SHOREWALL_LIBRARY function.

Changes in 2.5.4

1) Allow TAG to be used as a general parameter mechanism [hack].

2) Fix some ghastly bugs in macros.

3) "shorewall check" now checks the masq file.

4) "shorewall check" now checks the proxyarp file.

5) "shorewall check" now checks the nat file.

6) "shorewall check" now checks the providers file.

7) Merge 'tc4shorewall'

8) Modify tc4shorewall so that it plays well with Shorewall
   save/restore.

Changes in 2.5.3

1) Allow exclusion lists in /etc/shorewall/tcrules.

2) Added 'openvpnserver' and 'openvpnclient' tunnel types.

3) Set COMMAND=restore in restore-base.

4) Allow exclusion lists in actions.

5) Make intra-zone policies more rational.

6) Clear the raw table on stop and [re]start

7) Section the rules file.

8) Fixed tunnels/rules interaction problems.

9) Provide hack for passing arguments to action extension scripts.

Changes in 2.5.2

1) Allow port lists in /etc/shorewall/accounting.

2) Fix PKTTYPE=No and packet type match capability reporting.

3) Add FASTACCEPT option.

4) Generate error if norfc1918 is specified on an interface with an RFC
   1918 IP address.

5) Implement exclusion lists in /etc/shorewall/rules.

Changes in 2.5.1

1) Make "shorewall add" work with 'ipsec' in hosts file.

2) Remove dependence on 'which'

3) Rename "status" to "dump" and add real status command.

4) Fix Makefile (compare to restore-base rather than restarted).

5) Add "all+"

6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME

7) Add FASTACCEPT option in shorewall.conf.

8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP
   address.

9) Finally implement exclude lists in rules.

Changes in 2.5.1ex/2.5.0

1) Clean up handling of zones

2) Make the removal of the ipsec file upward compatible.

3) Improve CONTINUE policy handling.

4) Implement arp_ignore support.

Changes in 2.5.0ex

1) Make warning and error messages easier to find by using
   capitalization.

2) Remove /etc/shorewall/ipsec and merge it's function with
   /etc/shorewall/zones.

3) Apply small fix to the above patch.

4) Remove dynamic zone support.

5) Add "established policy" support.

6) Add CRITICALHOSTS support.

7) Remove 'bogon' stuff.

8) Implement Macros.
