Changes in 4.5.11.2

1)  Update release documents.

2)  Correct modules.xtables.

Changes in 4.5.11.1

1)  Update release documents

2)  Avoid invalid function name to start optional interface.

3)  Add modules from xtables-addons to modules.xtables

Changes in 4.5.11 Final

1)  Update release documents

2)  Update Perl module versions.

3)  Make all module-global variables 'our' to aid debugging.

Changes in 4.5.11 RC 1

1)  update -D

Changes in 4.5.11 Beta 3

1)  Implement user-defined address variables.

2)  Sort output of 'show capabilities'.

3)  ?FORMAT and ?COMMENT

Changes in 4.5.11 Beta 2

1)  Update release documents.

2)  Implement @-variables.

3)  Rename ALLOWUNKNOWNVARIABLES to IGNOREUNKNOWNVARIABLES.

4)  Make $chain (@chain) a synonym for $0 ($0).

Changes in 4.5.11 Beta 1

1)  Add ${loglevel} and ${logtag} as variables visible within actions.

2)  Add 'nolog' action option.

3)  Create a symbol table to hold all non-action shell variables.

4)  Implement ?set and ?reset

Changes in 4.5.10 Final

1)  Update release documents.

Changes in 4.5.10 RC 1

1)  Change '@' substitution to '@0' (${0}'.

2)  Disallow leading '0' in action parameter numbers.

3)  Eliminate the need for functions called by
    Shorewall::Compiler::generate_script_3 to have knowledge of the
    current script file indentation.

4)  Copy the temporary script to $VARDIR/$PRODUCT/firewall before
    running the 'started' script.

5)  Ignore 'inline' on certain actions.

6)  Only initialize switches that survived optimization.

7)  Be more agressive about detecting action recursion.

8)  Support passing log levels inside parameters.

9)  Fix AUTOCOMMENT=No

10) Delete duplicate rules in tables

Changes in 4.5.10 Beta 3

1)  Update release documents.

2)  Inherit 'tag' from macro/action invocation.

3)  Correct NFLOG/ULOG documentation.

4)  Another optimizer bug fixed.

5)  Multiple parameter support for macros.

6)  $0 expands to current action chain name.

7)  Replace '@' by chain name in SWITCH contents.

8)  Add in-line actions.

9)  Add switch initialization.

10) Allowing inline override on Standard Actions.

Changes in 4.5.10 Beta 2

1)  Update release documents.

2)  New macro expansion capability.

3)  Add NFLOG and ULOG macros.

4)  Add UNTRACKED match to the secmarks file.

5)  Add DROP target to the conntrack file.

6)  Remove references to USE_ACTIONS

7)  Allow macros to be used as default actions.

8)  Correct the compiler's CHECKSUM detection

9)  Don't generate start/stop functions for wildcard optional
    interfaces.

10) Apply Tuomo Soini's fix for RHEL5

11) Improve handling of 'all' in the conntrack file.

12) Add SWITCH column to the conntrack file.

13) Add AUDIT built-in

14) Support audited targets on IPv6.

Changes in 4.5.10 Beta 1

1)  Update release documents.

2)  Treat optional interfaces as pseudo-providers.

3)  New macro expansion capability.

4)  Add NFLOG and ULOG macros.

Changes in 4.5.9.2

1)  Update release documents.

2)  Add mask to routemark rules.

3)  Document TPROXY gotcha.

4)  Make exclusion work with TPROXY.

Changes in 4.5.9.1

1)  Update release documents.

2)  Correct handling of wildcard interfaces in rules.

3)  Correct shorewall-masq(5).

4)  Remove spurious warning message.

5)  Don't default IPSET to 'ipset'

Changes in 4.5.9 Final

1)  Update release documents.

2)  Small wording change in the release notes description of CHECKSUM.
    The text copied from iptables(8) didn't read quite right. 

Changes in 4.5.9 RC 1

1)  Update release documents.

2)  Add Terado Macro (Paul Gear).

3)  Don't display naked chain heading when -b

4)  Add CHECKSUM action in tcrules.

5)  Sort IPv6 routing tables

6)  Allow mark range in /etc/shorewall/tcrules.

Changes in 4.5.9 Beta 3

1)  Update release documents.

2)  Apply Paul Gear's typo correction

3)  Add Pupet Macro (Paul Gear).

4)  Don't shout in compiler directives in lib.core.

5)  Don't include IPv6-specific code in the IPv4 checkkernelversion()
    function.

6)  Rename crvsn -> vlsm in sort_routes() (lib.core)

7)  Add the Shorewall Logging URL to the "Log doesn't exist" message.

8)  Correct a typo in a comment in get_params()

9)  Allow quotes in paremeter to run_iptables()

10) Correct error messages in action.RST.

11) Apply Paul Gear's '-b' option patchset.

Changes in 4.5.9 Beta 2

1)  Update release documents.

2)  More 'show dynamic fixes'

3)  Implement 'dynamic_shared' zone option.

4)  Implement RESTORE_ROUTEMARKS option in shorewall[6].conf.

Changes in 4.5.9 Beta 1

1)  Update release documents.

2)  Allow [...]/vlsm for IPv6 Nets.

3)  Don't suppress '-' in generated ipset names.

4)  Expunge some of the g_* variables.

Changes in 4.5.8 Final.

1)  Update release documents.

Changes in 4.5.8 RC 2

1)  Update release documents.

2)  Minor updates to the manpages.

3)  Update rc file during shorewall-core install.

4)  Disallow ':' as the contents of a USER/GROUP column.

Changes in 4.5.8 RC 1

1)  Add PRIORITY column to the tcfilters file.

2)  Add capability to adjust priority of Shorewall-generated filters.

3)  Don't require PRIORITY in HFSC classes.

4)  Assign sequential priorities to filters.

Changes in 4.5.8 Beta 3

1)  Don't process routestopped if stoppedrules is non-empty

2)  Correct handling of -e with a directory name specified

3)  Simplify handling of export rc file.

4)  Add support for multiple UID/GIDs in a rule.

Changes in 4.5.8 Beta 2

1)  Pass both shorewallrc file name from lib.cli-std to compiler.pl

2)  Correct PRODUCT handling in rpm-generated configurations.

3)  Make ./firewall the default script when 'compile -e'

Changes in 4.5.8 Beta 1

1)  Update Release Documents.

2)  HELPER column in the rules file.

3)  Macros specify HELPER

4)  Add VARLIB

5)  Fix handling of different admin/firewall configurations.

6)  Include "." in CONFIG_PATH when compiling for export.

Changes in 4.5.7 Final

1)  Update Release Documents.

2)  Downcase conditional directives in the conntrack files.

3)  Adjust reference counts in the new opt level 4 logic.

4)  Correct 'enable' of ppp devices.

5)  Don't combine rules that specify -m policy

6)  Eliminate hard-wired directory paths in the installers.

7)  Workaround for silly RHEL bug.

Changes in 4.5.7 RC 2

1)  Update Release Documents.

2)  Merge content previously scheduled for 4.5.8.

3)  Add HELPER action.

Changes in 4.5.7 RC 1

1)  Update Release Documents.

2)  Handle CT/NOTRACK rules from vserver zones.

3)  Make conditional directives case insensitive.

Changes in 4.5.7 Beta 5

1)  Update Release Documents.

2)  Factor out ?IF __CT_TARGET tests in the conntrack files.

3)  Correctly handle disabled helpers in pre-3.5 kernels.

Changes in 4.5.7 Beta 4

1)  Update Release Documents.

2)  Fix 'netbios-ns' detection in the CLIs.

3)  Replace list separator in 'helper' specs.

Changes in 4.5.7 Beta 3

1)  Update Release Documents.

2)  Rename the notrack file to conntrack

3)  Rename the AUTO_COMMENT option to AUTOCOMMENT

4)  Add HELPERS option

5)  Redesign the CT:helper feature.

Changes in 4.5.7 Beta 2

1)  Update Release Documents.

2)  Add support for nfacct.

Changes in 4.5.7 Beta 1

1)  Update Release Documents

2)  Implement 'rpfilter' interface option.

3)  Correct systemctl command in installers.

Changes in 4.5.6 Final

1)  Update release documents.

2)  Simplify handling of __IPVn in conditional directives

3)  Avoid a call to eval() for simple expressions

4)  Apply patch from Daniel Meißner correcting STARTUP_ENABLED=No message

5)  Correct typo in ISO 3660 doc.

6)  Add FAQ 99 (empty ruleset after boot)

7)  When TC_ENABLED=No, require providers to process tcrules.

Changes in 4.5.6 RC 1

1)  Update release documents.

2)  Add $VERSION as a defined variable.

3)  Add missing 'sleep 1' when waiting for wildcard interfaces.

4)  Only require MANGLE_ENABLED for tcrules processing.

Changes in 4.5.6 Beta 4

1)  Support ?ELSIF

2)  Allow generalized expressions in ?IF and ?ELSIF

3)  Correct a logical name bug in tc

4)  Add ORIGINAL DEST column to the masq file.

Changes in 4.5.6 Beta 3

1)  Rewrote RED option handling.

2)  Rewrote USER/GROUP column handling.

3)  Allow UID/GID ranges in USR/GROUP.

4)  Display PROXY_MARK in 'show marks'.

Changes in 4.5.6 Beta 2

1)  May logical->physical name when using an IFB.

2)  Allow fractional delays in TC.

3)  Allow Linksharing rate to be specified in HFSC.

4)  Add RED support.

Changes in 4.5.6 Beta 1

1)  Fix multiple unweighted 'fallback' providers.

2)  Add stab TC support.

Changes in 4.5.5 Final

1)  Restore fix to configure script.

2)  Fix installer's handling of SYSCONFDIR

3)  Add DIGEST support.

Changes in 4.5.5 RC 1

1)  Change in 'ignore' behavior.

2)  Optional '?' in embedded script directives.

3)  Fix IPv6 Shorecap

4)  Fix iprange match on RHEL5

Changes in 4.5.5 Beta 2

1)  Merged bug fixes from 4.5.4.

2)  Added LOGFILE setting for Shorewall-init.

3)  Reverse the order of continuation/directive checks.

Changes in 4.5.5 Beta 1

1)  Add support for additional log options.

2)  Many fixes for Shoreawll-init.

Changes in 4.5.4 Final

1)  Update the release documents.

Changes in 4.5.4 RC 2

1)  Remove GeoIP from Shorewall6/actions.std

2)  Minor cleanup of geoip; mostly documentation

Changes in 4.5.4 RC 1

1)  Use 'blackhole' routes rather than 'unreachable' for null-routing
    RFC1918 addresses.

2)  Don't overwrite empty mark geometry settings during update.

3)  Additional optimization under level 4.

4)  Allow bracketing of CC lists in [...]

5)  Load country codes from geoip database.

6)  Clear the DEFAULT table if no fallback providers are up.

Changes in 4.5.4 Beta 3

1)  Replace {...} with '^' prefix to denote CC list.

Changes in 4.5.4 Beta 2

1)  Clear the balance table if no balanced providers.

2)  Use "(S)" consistently in column headings.

3)  Correct add of default IPv6 when no gateway

4)  Update .status file on 'disable'.

5)  Ignore 'isusable' on 'disable'

6)  Split a couple of functions with address-family dependent logic.

7)  Don't allow RSTs to be rejected

8)  Exit the tcpost chain if a connection mark is restored

9)  Add geoip support.

Changes in 4.5.4 Beta 1

1)  Correct nested conditional defect.

2)  Re-implement TPROXY

Changes in 4.5.3 Final

1)  Update release documents.

2)  Add RST Action.

3)  Remove a couple of hard-coded '/usr/share' instances.

4)  Allow synonyms for column names in the alternate specification
    formats.

5)  Allow COMMENT by itself in the tunnels file.

Changes in 4.5.3 RC 1

1)  Print out include/openstack in warning and error messages.

2)  Fix manual chain invocation in macro.

3)  Make BLACKLIST use blacklog

Changes in 4.5.3 Beta 2

1)  Use format 2 for all interfaces files.

2)  Fix the installers WRT Debian startup on boot.

3)  Enhance 'refresh' command.

Changes in 4.5.3 Beta 1

1)  Eliminate read_a_line1().

2)  Add the -T option to the load, reload, restart and start commands.

3)  Improve debuggability of assertion failures.

4)  Allow multiple tunnel gateways.

Changes in 4.5.2.1

1)  Added configure.pl script to allow rpm builds on old systems.

2)  Correct INCLUDE inside an ?IF ... ?ENDIF

3)  Add comments to shorewallrc files.

4)  Correct a couple of defects in the shorewallrc files.

5)  Modify Makefiles if directories non-standard.

6)  configure[.pl] improvements.

Changes in 4.5.2 Final

1)  Update release documents.

2)  Don't strip comments in embedded Perl and Shell because it can
    lead to an un-terminated string when '#' appears in a string.

3)  Don't suppress whitespace in embedded Perl and Shell.

Changes in 4.5.2 RC 1

1)  Update release documents.

2)  Remove several more absolute pathnames.

3)  Deimplement option '?' in BEGIN and END directives.

4)  Allow ?IF, ?ELSE and ?END in embedded Perl and Shell.

Changes in 4.5.2 RC 1

1)  Update release documents.

2)  Allow remote firewalls with a different directory structure.

3)  Fix a lot of bugs.

4)  Avoid modifying shorewallrc variables (except VARDIR).

Changes in 4.5.2 Beta 5

1)  Eliminate 'local file' error in installers.

2)  Make requested change to the shorewallrc.suse file.

3)  Add aliases to configure.

4)  Fix 'nets=' with 'dhcp'.

Changes in 4.5.2 Beta 4

1)  Add a configure script

2)  Expand the places where .shorewallrc can be found.

Changes in 4.5.2 Beta 3

1)  Fix syntax error in init.sh

2)  Fix shorewall-core.spec

3)  Modify Redhat/Fedora init scripts for shorewallrc.

Changes in 4.5.2 Beta 2

1)  Fix conditional compilation.

2)  Add IPSET_WARNINGS option.

3)  Add configuration files to track where Shorewall components are
    installed.

Changes in 4.5.2 Beta 1

1)  Implement 'mss=' in the hosts file.

2)  Implement conditional compilation.

3)  Promote a couple of zone options out of the 'options' hash.

4)  Remove the 'nexted' zone option.

5)  Rename the MARK/CLASSIFY column to ACTION

Changes in 4.5.1 Final

1)  Update release documents.

Changes in 4.5.1 RC 1

1)  Update release documents.

2)  Don't automatically install 'isusable'

3)  Clean up TOS handling

Changes in 4.5.1 Beta 3

1)  Add support for packager's config file

2)  Implement run-time gateway variables.

3)  Add /sbin/shorewall-init

4)  Don't copy non-default mark layout settings during update.

Changes in 4.5.1 Beta 2

1)  Remove some cruft from the Zones module.

2)  Collapse the three 'dont_' members of the chain table into a single
    'optflags' member.

3)  Add DSCP match and target support.

4)  Rework install.sh scripts and .spec files.

5)  Fix standard init files.

Changes in 4.5.1 Beta 1

1)  Add IMQ support.

2)  Remove requirement to supply a mark value on the default class.

3)  New install script structure.

4)  Give warning when opposite flag is used in an ipset invocation.

5)  Add a SWITCH column to the masq file.

6)  Correct a typo in the blrules files.

7)  Eliminate compiler crash from unknown IPv6 interface.

Changes in 4.5.0 Final

1)  Update release documents.

Changes in 4.5.0 RC 2

1)  Correct 'get_routed_networks()' in lib.core.

2)  Move Samples and Manpages under their corresponding product
    directories.

Changes in 4.5.0 RC 1

1)  Sort the routing table in 'show_routing'.

2)  Restore shorewall-init functionality.

3)  Correct 'ip -p route' commands for Proxy NDP.

Changes in 4.5.0 Beta 4

1)  Implement load=<load-factor>

2)  Add STARTOPTIONS and RESTARTOPTIONS to /etc/default/shorweall*
    (/etc/sysconfig/shorewall*).

3)  Ensure a routing rule targeting the main table when
    USE_DEFAULT_RT=Yes.

Changes in 4.5.0 Beta 3

1)  Move lib.core from Shorewall-core to Shorewall.

2)  Make '0' equivalent to '-' in the IN_BANDWIDTH column.

3)  Fix MARK_IN_FORWARD_CHAIN=Yes with $FW source

4)  Allow runtime address variables in the SOURCE column of
    route_rules.

5)  Add a PROBABILITY column to the tcrules file.

6)  Don't rm /usr/share/shorewall/wait4ifup during Shorewall install.

7)  Combine prog.footer and prog.footer6

Changes in 4.5.0 Beta 2

1)  Move common routines from prog.header/prog.header6 to lib.core.

2)  Unify install between Shorewall and Shorewall6.

2)  Unify install between Shorewall-lite and Shorewall6-lite.  

Changes in 4.5.0 Beta 1

1)  Reorganize blacklist and interface option handling.

2)  Allow <timeout> on safe- commands.

3)  Add Shorewall Core package


