Changes in 5.0.13.3 1) Update release documents. 2) Fix 'blacklist' command. Changes in 5.0.13.2 1) Update release documents. 2) Prevent compiler crash when generating ipset creations. Changes in 5.0.13.1 1) Update release documents. 2) Only specify 'counters' in ipset creation if the IPSET_MATCH_COUNTERS capability is available. Changes in 5.0.13 Final 1) Update release documents. 2) Reverse ECN fix. 3) Restrict hypen in port ranges to numberic ports. 4) Correct typo in process_mangle_inline(). Changes in 5.0.13 RC 2 1) Update release documents. 2) Accept '-' as a port-range separator. 3) Correct shorewall6-masq examples. 4) Add -exists to ADD command with timeout 5) ECN fix. Changes in 5.0.13 RC 1 1) Update release documents. 2) Merge fix from 5.0.12. 3) Make the output of 'blacklist' dependent on the verbosity and clean up that output. 4) Detect bad characters in interface names. Changes in 5.0.13 Beta 2 1) Update release documents. 2) Add 'timeout' DYNAMIC_BLACKLISTING option 3) Add FIREWALL option in shorewall[6].conf. 4) Remove restrictions on IPv6 'balance' and 'fallback'. Changes in 5.0.13 Beta 1 1) Update release documents. 2) Roberto's typo fix in the mangle manpages. 3) Reorder the entries in the .conf files in ASCII collating sequence. 4) Correct DYNAMIC_BLACKLIST documentation. 4) Add 'disconnect' option to the DYNAMIC_BLACKLIST setting. Changes in 5.0.12 Final 1) Update release documents. 2) Correct permissions of files created by the 'save' command. Changes in 5.0.12 RC 3 1) Update release documents. 2) Correct disabled persistent' WRT start, restart and reload. 3) Don't assume that all probability-balanced interfaces are optional. Changes in 5.0.12 RC 2 1) Update release documents. 2) Handle down or missing interfaces in the disable logic. Changes in 5.0.12 RC 1 1) Update release documents. 2) Add DEFAULT_PAGER to shorewallrc. 3) Add support for the 'contiguous' time option. 4) Clear packet marks in PREROUTING and OUTPUT. Changes in 5.0.12 Beta 2 1) Update release documents. 2) Restore 'use Shorewall::Config(shorewall)' in ?PERL handling. 3) Make POSTROUTING the default chain for CHECKSUM. Changes in 5.0.12 Beta 1 1) Update release documents. 2) Minor cleanup in the Rules module 3) Allow zone lists in policy SOURCE and DEST columns. Changes in 5.0.11 Final 1) Update release documents. Changes in 5.0.11 RC 1 1) Update release documents. 2) Update module versions. 3) Allow provider interface to match wildcard interfaces entry. Changes in 5.0.11 Beta 2 1) Update release documents 2) Default DSCP rules to the POSTROUTING chain. 3) Correct 'trace' handing of in-rule comments. 4) Correct handling of a provider interface that matches a wildcard. 5) Re-add a handle to flow classifiers. Changes in 5.0.11 Beta 1 1) Update release documents 2) Allow 'comment' in alternate input. Changes in 5.0.10.1 1) Update release documents 2) Update Debian SysV init scripts (Roberto Sánchez). 3) Implement LOGFILE=systemd (Scott Shumate). Changes in 5.0.10 1) Update release documents 2) Avoid silly duplicate rules. Changes in 5.0.10 RC 1 1) Update release documents 2) Convert the RPMs to use systemd Changes in 5.0.10 Beta 2 1) Update release documents 2) Add 'dbl' interface option. 3) Transfer permissions during 'update' 4) Allow ':' in USER columns 5) Correct update/compatibility issues. Changes in 5.0.10 Beta 1 1) Update release documents 2) Allow can now re-enable addresses disabled using the 'blacklist' command. Changes in 5.0.9 Final 1) Update release documents 2) Document DOCKER fix. Changes in 5.0.9 RC 1 1) Update release documents 2) Cross-check core version during compilation. 3) Cross-check Shorewall6 version during IPv6 compilation. 4) Turn on AUTOMAKE in the sample configurations. 5) Date/time in 'date' format. Changes in 5.0.9 Beta 2 1) Update release documents 2) Improve compile date/time implementation 3) Add VERBOSE_MESSAGES option. 4) Allow NFLOG in the mangle file Changes in 5.0.9 Beta 1 1) Update release documents 2) Fix handling of optional provider with no IP address 3) Correct typos in the Events article 4) Implement standard error messages in the CLI 5) Include compile time and date in the output of 'status' 6) Apply Matt Darfeuille's patch set. Changes in 5.0.8 Final 1) Update release documents Changes in 5.0.8 RC 2 1) Update release documents. 2) Implement SW_LOGGERTAG 3) Correct logging of 'reloaded' message. 4) Enable compiler logging on reload and restart 5) Use uniform timestamp formatting on compiler messages 6) Flag 0 in the tcclasses MARK column 7) Correct tcclasses filter priority documentation. 8) Add an ESTABLISHED,RELATED rule for o => docker0 9) Add ?WARNING and ?INFO directives. Changes in 5.0.8 RC 1 1) Update release documents. 2) Correct date format in messages produced by startup_error(). 3) Correct many issues with save/restore of ipsets. 4) Update DHCP article (refresh -> reload) 5) Correct start command's handling of AUTOMAKE. 6) Place deprecated files with name collisions in a separate directory. 7) Create an undo_routing file for the main table. Changes in 5.0.8 Beta 4 1) Update release documents. 2) Use '-g' when the target is a terminating chain. 3) Catch case where a transformed rule jumps to its own chain. 4) Implement ipset-based blacklisting. 5) Add 'nodbl' interface option. 6) Correct handling of MINIUPNPD with DOCKER 7) Correct handling of interface options with multi-interface zones. 8) Merge Tuomo's new macros. 9) Reverse the order of Broadcast and ICMP checking in the default actions. Changes in 5.0.8 Beta 3 1) Update release documents. 2) Make the physical interface name a true synonym of the logical name. 3) Update IPv6 article. 4) Make IPv6 Drop Auth default consistent with IPv4. 5) Delete four IPv6 actions that duplicate their IPv4 counterparts 6) Allow reject method to be specified in REJECT and A_REJECT Changes in 5.0.8 Beta 2 1) Update release documents. 2) Correct handling of physical interface names in the nat-related INTERFACE columns. 3) Add MINIUPNPD option to shorewall.conf. 4) Document '+' in the MODULESDIR description. Changes in 5.0.7 Final 1) Update release documents. 2) Correct 3-interface doc. 3) Updates to the configuration basics document. 4) Small efficiency change. Changes in 5.0.7.2 1) Update release documents. 2) Fix warning when using older Perl versions. 3) Improve handling of inline matches Changes in 5.0.7.1 1) Update release documents. 2) Fix inline matches in rule with wildcard zones 3) Allow ';R' with DIVERT. Changes in 5.0.7 Final 1) Update release documents. 2) Correct 3-interface doc. 3) Updates to the configuration basics document. 4) Small efficiency change. Changes in 5.0.7 RC 1 1) Update release documents. 2) Add stab to ingress qdiscs. 3) Fix action in policing filters. 4) Correct handling of second visit to the same mangle action. 5) Correct action handling in ingress filters. 6) Tighten up editing of .conf options. Changes in 5.0.7 Beta 4 1) Update release documents. 2) Action and Inline options are now a bit map. 3) Implement 'audit' action option. 4) Make RST and NotSyn 'audit' actions. 5) Rename %actparms to %actparams. 6) Implement state action option 7) Update state actions to use the option. 8) Implement passed() in the compiler. 9) Update actions to use passed(). 10) Update release notes for 5.0.6.2. 11) Another fix for 'check -r' - this time regarding Docker=Yes 12) Make '&' and '|' work with CONNMARK 13) Allow MARK and CONNMARK in the rules file. Changes in 5.0.7 Beta 3 1) Update release documents. 2) Restore NotSyn parameter in action.Reject. 3) Add jump to DOCKER from OUTPUT. 4) More 'prerule' fixes in expand_rule() Changes in 5.0.7 Beta 2 1) Update release documents. 2) Move convert_tos() back to the Tc module. 3) Allow inline mangle actions. 4) Always look in the main routing table for default gateway. 5) 'check -r' and 'trace' compiler commands use the pager. 6) Add ?ERROR directive. 7) Eliminate ?begin perl .... ?end perl in many actions. 8) Implement '+' in inline matches to force those matches before column matches. 9) Use '+' to remove embedded Perl from the TCP-specific actions. 10) Fix nested inline action and macro invocations. Changes in 5.0.7 Beta 1 1) Update release documents. 2) Implement mangle actions. Changes in 5.0.6 Final 1) Update release documents. 2) Avoid duplicate routing rules with persistent providers. Changes in 5.0.6 RC 1 1) Update release documents. Changes in 5.0.6 Beta 5 1) Update release documents. 2) Generate docker0 rules when it is known to Shorewall 3) Avoid duplicated code out of save_dynamic_chains() 4) Remove dead code from define_firewall() 5) Save/Restore the DOCKER jump in the nat table OUTPUT chain. 6) Avoid a duplicated rule after restart when DOCKER=Yes Changes in 5.0.6 Beta 4 1) Update release documents. 2) Add the PAGER option Changes in 5.0.6 Beta 3 1) Update release documents. 2) Add sample ulogd.conf file to the logging article. 3) Added ECN action in shorewall-mangle(8). 4) Add DOCKER network support. 5) Save/restore docker0 FORWARD rules if that interface is not defined to Shorewall. Changes in 5.0.6 Beta 2 1) Update release documents. 2) Create SNMPtrap macro to supersede SNMPTrap 3) Fix two issues reported by Steven Springl. 4) Generate more compact conditional code when DOCKER=Yes 5) Correct stop/start handling when DOCKER=Yes Changes in 5.0.6 Beta 1 1) Update release documents. 2) Allow providers with no gateway 3) Add Docker support. Changes in 5.0.5 Final 1) Update release documents. Changes in 5.0.5 RC 2 1) Update release documents. 2) Update to Macros - Tuomo Soini 3) Update to Documenttion for new column names - Tuomo Soini Changes in 5.0.5 RC 1 1) Update release documents. 2) Correct indentation in the output of 'show macros'. Changes in 5.0.5 Beta 2 1) Update release documents. 2) Enhance rule tracking. Changes in 5.0.5 Beta 1 1) Update release documents. 2) Add origin comments to the .ip[6]tables-restore-input file 3) Correct test for interface assigned to two providers. Changes in 5.0.4 Final 1) Update release documents. Changes in 5.0.4 RC 2 1) Update release documents. 2) Handle @CALLER in policy actions 3) Sort red and codel options for reproducability. 4) Remove chain restrictions from -m geoip 5) Clean up sysconfig files. Changes in 5.0.4 RC 1 1) Update release documents. 2) Create unique chains when @caller is used. 3) Correct hashlimit in logging rules 4) Avoid errors when 'status -i' finds no .status files. 5) Improve the maintainability of action-tuple code Changes in 5.0.4 Beta 2 1) Update release documents. 2) Added HAProxy support. Changes in 5.0.4 Beta 1 1) Update release documents. 2) Shorewall-init installer support for OpenWRT. 3) sysconfig files included for additional distributions. 4) Make IP[6]TABLES transparent. 5) Specify the '--wait' option when creating the mangle table capability test chain. 6) Implement the WAIT_OPTION capability. 7) Assume 2.14 or later systemd (Tuomo Soini). Changes in 5.0.3 Final 1) Update release documents. Changes in 5.0.3 RC 2 1) Update release documents. 2) Allow a timeout to be specified in ADD rules. 3) Allow commas in log tags when LOGTAGONLY=Yes Changes in 5.0.3 RC 1 1) Update release documents. Changes in 5.0.3 Beta 2 1) Update release documents. 2) Merge 5.0.2.1 install/uninstall/configure changes from Matt. 3) Fix MAC handling in IPv6. 4) Another configure.pl fix from Matt. Changes in 5.0.3 Beta 1 1) Update release documents. 2) Merge Matt Darfeuille's installer/uninstaller changes. 3) Merge Tuomo Soini's column-name change and update manpages. 4) Redefine MODULESDIR. 5) Set IP_FORWARDING=keep in all shorewall6.conf files. Changes in 5.0.2.1 1) Update release documents. 2) Use 'netstat' if 'ss' isn't installed. 3) Install/Uninstall fixes from Matt Darfeuille. Changes in 5.0.2 Final 1) Update release documents. 2) 'configure' detects OpenWRT 3) Corrected the Shorewall6-lite uninstaller Changes in 5.0.2 RC 1 1) Update release documents. 2) Add OpenWRT support in the installers (Tom and Matt Darfeuille) 3) Correct mkdir command in mutex_on. 4) Add support for openWRT's 'lock' utility 5) Enable optional interface during 'start' and 'restart' Changes in 5.0.2 Beta 2 1) Update release documents. 2) Support for lib.cli-user 3) Support for OpenWRT BB and later 4) Correct installer/uninstaller issues 5) Improve circular buffer check 6) Correct HOST=default behavior 7) Allow remote- commands to return correct exit status Changes in 5.0.2 Beta 1 1) Update release documents. 2) Merge Tuomo's MSSQL fix. 3) Merge Tuomo's version removal fix. 4) Add 'persistent' options to providers, rtrules and routes 5) Add 'lib.cli-user' support. Changes in 5.0.1.1 1) Update release documents. 2) More version removal (Tuomo Soini). 3) Delete default route from main when load= or fallback. 4) Add 'persistent' options to providers, rtrules and routes. 5) Correct L2TP documentation. Changes in 5.0.1 1) Update release documents. 2) Replace LEGACY_RESTART with RESTART 3) Merge 'seconds' and 'minutes' change from 4.6.13. Changes in 5.0.0 1) Update release documents. 2) Remove options from 'update' warning messages. 3) Update documentation for obsolete file removal. 4) Apply Erich Titl's 'date' fix. Changes in 5.0.0 RC 1 1) Update release documents. 2) .service file fixes from Tuomo Soini Changes in 5.0.0 Beta 2 1) Update release documents. 2) Correct the 'reset' command 3) Allow table names in the reset command. 4) Add Gluster FS action Changes in 5.0.0 Beta 1 1) Update release documents. 2) Redefine 'reload' and 'restart'. 3) Eliminate service.214 files. 4) Add 'reload' to the service files. 5) Allow connlimit by destination. 6) Add the LEGACY_RESTART option. 7) Deimplement support for several old options 8) Merge from 4.6.12 9) Correct a warning message to refer to 'mangle' rather than 'tcrules'. 10) Drop support for the 'tos', 'tcrules', 'routestopped', 'notrack' and 'blacklist' files. 11) Disallow bare SECTION, COMMENT and FORMAT lines. 12) The -t update option also converts the 'tos' file. 13) Merge from 4.6.13. 14) Remove all of the individual options from the 'update' command. 15) Delimit inline matches with ';;'. 16) Allow log-tags in shorewall.conf options 17) Allow non-expoerts access to the user bits in the fw mark. 18) Add a PROBABILITY column to the masq files