Changes in 3.2.6

1) Fix echo problem. 

2) Fix tcrules handling.

3) Fix LOGFORMAT whitespace problem.

4) Fix policy match/norfc1918.

5)  Implement -c option to [re]load command.

6)  Remove optimizaiton that suppressed ACCEPT part of a nat rule when
    the policy was ACCEPT.

7)  Fix silly "all+" buglet.

8)  Suppress ingress qdisc creation if IN-BANDWIDTH == 0.

9)  Don't return error status on 'start' when Shorewall is already
    started.

10) Re-order operations in the install.sh scripts.

11) Fix Maclist embarassment from 3.2.5.

12) Fix progress messages in add and delete

13) Collapse 'action' and 'action:none' into a single chain.

14) Fix IPSETS_SAVE=Yes bug.

15) Fix zone definition via ipsets when BRIDGING=No.

--------------------------------------------------------------------------------
Changes in 3.2.5

1)  Fix day-1 masquerade bug with exclusion list after an interface
name in the SUBNET column.

2)  Add logical AND and OR support to tcrules entries.

3)  Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.

4)  Allow HIGH_ROUTE_MARKS in the OUTPUT chain.

5)  Add macro.RDP.

6)  Fix capabilities display in dump command.

7)  Add 'maclog' extension script.

--------------------------------------------------------------------------------
Changes in 3.2.4

1)  Move 'do_initialize()' to functions.

2)  Move common config file parsing to functions.

3)  Fix handling of 'start' command with directory name.

4)  Include library in scripts compiled for export.

5)  Fix module loading.

6)  Fix tos file handling of zones defined via /etc/shorewall/hosts.

7)  Fix tc output on 'shorewall-lite dump'

--------------------------------------------------------------------------------
Changes in 3.2.3

1)  Add 'export' command.

2)  Apply Cedric Schieli's patch for the functions file.

3)  Implement TC_EXPERT.

4)  Correct 'del_ip_addr' screwup.

5)  Make 'detectnets' fatal with default route.

6)  Make 'check -e' behave properly with TC

7)  Fix SUBSYSLOCK.

8)  Fix mss= and the firewall zone.

9)  Add Natanael Copa's fix for BusyBox ash.

10) Ensure that interface is UP and configured in multi-ISP 'optional'
    detection.

11) Fix "shorewall add" command

12) Fix "shorewall refresh" so that subsequent "shorewall save" works
    correctly.

13  Fix DETECT_DNAT_IPADDRS=Yes address detection bug.

--------------------------------------------------------------------------------
Changes in 3.2.2

1)  Correct handling of shorewall.conf options in exported scripts.

2)  Avoid creating empty files /nat and /proxyarp.

3)  Add -f option to 'show' command.

4)  Avoid enabling deferred output hook processing during capabilities
    probe.

5)  Add -n option to install.sh

6)  Add -s option to "shorewall [re]load"

7)  Add 'optional' option to providers file.

8)  Add 'reset' command to prog.footer.
--------------------------------------------------------------------------------
Changes in 3.2.1

1)  Change the detection of physdev match to use
    --physdev-out. Preparation for removal of physdev-out match
    capability.

2)  Add missing edits to configuration parameters in firewall script.

3)  Fix 'hits' formatting under BusyBox 1.2.0.

4)  Remove requirement for extended marks with 'track'.

5)  Fixed output of 'hits' with spaces as delimiters in /etc/services.

6)  Fixed modules/xmodules snafu.

7)  Fix version in shorewall.conf.

8)  Add /usr/share/shorewall-lite: to the front of CONFIG_PATH in 
    /usr/share/shorewall/configfiles/shorewall.conf.

-------------------------------------------------------------------------------
Changes in 3.2.0 Final

1)  Avoid extraneous double quotes in log rules generated at run-time.

Changes in 3.2.0 RC 6

1)  Correct generation of the balanced default route.

2)  Allow 'detect' in the ADDRESS column of the masq file.

3)  Correct some permission problems.

-------------------------------------------------------------------------------
Changes in 3.2.0 RC 5

1)  Fix DOA 'LITEDIR' problem in /sbin/shorewall.

2)  Stop the compiler from running iptables.

3)  Avoid problem with ash.

4)  Make the 'try' command use the correct SHOREWALL_SHELL.

5)  Don't defer Action/chain extension script processing until
    run-time.

6)  Run extension script for policy chains.

-------------------------------------------------------------------------------
Changes in 3.2.0 RC 4

1)  Fix permissions on Limit file.

2)  Make progress messages product-specific.

3)  Add 'reload' command.

-------------------------------------------------------------------------------
Changes in 3.2.0 RC 3

1)  Remove hard directory references from compiled programs.

2)  Fix /nat <-> /proxyarp typo.

3)  Avoid use of symbolic link for /sbin/shorewall

-------------------------------------------------------------------------------
Changes in 3.2.0 RC 2

1)  Update versions.

2)  Rationalize the use of IPTABLES and LOGFORMAT.

3)  Allow Shorewall/Shorewall-lite coexistance under RPM

-------------------------------------------------------------------------------
Changes in 3.2.0 RC 1

1)  Update versions.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 8

1)  Issue more helpful BRIDGING=No error messages.

2)  Implement "all-" in rules file.

3)  Add xmodules file.

4)  Detect devices in tcdevices entries.

5)  Fix for white-space in log prefix.

6)  Fix rule parsing of single excluded MAC address.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 7

1)  Fix mark/mask validation.

2)  Restore traffic control to 'refresh'.

3)  Detect MTU for entries in /etc/shorewall/tcdevices.

4)  Avoid fatal error after missing forwardUPnP rule warning.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 6

1)  Fix tc "notfound" errors when 'restart' is run out of ip-up.local.

2)  Allow 'detectnets' to work.

3)  Add TOS column to tcrules.

4)  Fix 'proxyarp' interface attribute handling.

5)  Fix default route generation in providers handling.

6)  Change interraction of 'track' and PREROUTING marking.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 5

1)  Fix compilation problem on LEAF Bering.

2)  Remove traffic shaping code from the 'firewall' script to avoid
    unmaintainable code duplication.

3)  Fix DETECT_DNAT_IPADDRS=No bug.

4)  Handle absense of mangle FORWARD chain.

5)  Rename the rtrules file to route_rules.

6)  Fix deletion of SNAT ip addresses.

7)  Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.

8)  Clear SUBSYSLOCK on Debian/Ubuntu installs.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 4

1)  Fix 'routeback' with bridge ports.

2)  Add support for explicit routing rules.

3)  Fix mktempdir problem.

4)  Implement HIGH_ROUTE_MARKS

Changes in 3.2.0 Beta 3

1)  Correct handling of verbosity in the 'try' command.

2)  Add IMPLICIT_CONTINUE option to shorewall.conf.

3)  Fix SAME/ADD_SNAT_ALIASES interaction.

-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 2

1)  Make "shorewall start -f" work correctly.

2)  Remove SUBSYSLOCK code from default and debian footers.

3)  Add 'refreshed' extension script.

4)  Implement 'logdrop' and 'logreject'

-------------------------------------------------------------------------------
Changes in 3.1.x. and 3.2.x

1) Removal of dynamic zones.

2) Implement 'generate' command.

3) Implement 'super-quiet' mode using multiple -q options (e.g., -qq).

4) Add back dynamic zones.

5) Allow remote compiles.

6) Change output of 'generate' to always be the file name entered (do not
   prepend /var/lib/shorewall/)

7) Remove some restrictions on remote compiles.

8) Add error checking to generated script.

9) Merge Fabio Longerai's 'length' patch.

10) Add the "-p" option to the compile command.

11) Fix 'check' bug in setup_masq

12) Break compiler/firewall into two files

13) Make Shoreall quiet for a change.

14) Make "Compile-and-go" the only mode of operation.

15) Remove -p

16) Apply Tuomo's patches for IPSEC and Noecho.

17) Fix bridging

18) Fix QUEUE when used in the ESTABLISHED section.

19) Apply Ed Suominen's patch to tcrules.
-------------------------------------------------------------------------------
3.1.5

20) Speed up compilation by rewriting 'fix_bang()'.

21) Correct GATEWAY handling in the providers file.

22) Remove sub-zone exclusion from DNAT/REDIRECT.

23) Add compiled-program/library versioning scheme.

-------------------------------------------------------------------------------
3.1.6

24) Apply Steven Springl's help patch.

25) Fix 'allow/drop/reject' while Shorewall not running.

26) Implement bi-directional macros.

27) Fix TC bridge port handling.

28) Fix/document "check -e"

29) Automatically use capabilities file when non-root.

30) Correct typo in help file ("help drop").

31) Added 'tcpsyn'

-------------------------------------------------------------------------------
3.1.7

32) Change 'tcpsyn' to 'tcp:syn'

33) Remove superfluous rules in MAC validation.

34) Correct Makefile.

35) Add -t option

36) Restore log messages.

37) Fix "shorewall capabilities" with VERBOSITY < 2.

-------------------------------------------------------------------------------
3.1.8

38)  Remove compile-time running of extension scripts.

39)  Correctly handle interfaces named 'inet'.

40)  SUBSYSLOCK functionality restored.

-------------------------------------------------------------------------------
3.1.9

41)  Fix Provider route generation when a specific gateway is specified.

42)  Be sure that restore file name is preserved regardless of 'set --' in
     define_firewall().)

43)  Add Simon's redhat prog files.

44)  Add 'delete_nat' to compiled program.

45)  Move 'shorecap' to /usr/share/shorewall

46)  Add debian prog files.

47)  Correct syntax error in validate_policy()
-------------------------------------------------------------------------------
3.2.0 Beta 1.

48)  Streamlined some code in setup_tc1()

49)  Process /etc/shorewall/params at run-time.

50)  Add new modules to /etc/shorewall/modules.

51)  Make default behavior of "compile" distribution-neutral.
