Just a bug-fix roll up: Problems corrected in 3.0.7 1) Previously, if your kernel did not supply the mangle table FORWARD chain then "shorewall [re]start" would fail. Now, if your mangle table does not supply this chain Shorewall will avoid using either that chain or the mangle table POSTROUTING chain. This change is strictly to stop Shorewall from blowing up during [re]start on very old kernels (such as 2.4.17 running on a PS2); if your kernel does not support these chains and you try to mark packets in either of them using entries in /etc/shorewall/tcrules, [re]start will fail. 2) Previously, if there were more than 10 IP addresses on a multi-ISP interface, some of the routing rules generated by Shorewall were placed after the default rule which resulted in them not being recognized. 3) When install.sh is used to install on a Debian or Ubuntu system, the SUBSYSLOCK option in shorewall.conf was not being cleared. It will now be cleared, provided that Perl is installed on the system. 4) When exclusion lists appeared in the /etc/shorewall/tcrules file, the resulting ''exclusion chains'' (whose names begin with ''excl_'') were not deleted as part of ''shorewall [re]start''. This meant that ''refresh'' would fail, either the first or second time that it was done since the last ''shorewall [re]start''. Other changes in 3.0.7 None. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key