1) The Netfilter team decided to change the names of many kernel
   modules in kernel 2.6.20. As a result, the helper modules are no
   longer being loaded automatically.

   Either:

   a) Replace /usr/share/shorewall/modules with the 'modules' file from
   the errata/Shorewall sub-directory.

   or

   b) Patch /usr/share/shorewall/modules with the 'patch-3.4.1-1.diff'
   patch in the errata/patches sub-directory.

2) In their renaming frenzy, the Netfilter team also chose to rename
   /proc/net/ip_conntrack to /proc/net/nf_conntrack. This has broken
   the "shorewall[-lite] show connections" and "shorewall[-lite] dump"
   commands.

   Either:

   a) Replace /usr/share/shorewall/lib.cli with the 'lib.cli' file from
   the 'errata/Shorewall' sub-directory. (Shorewall lite users can get
   the same file from the 'errata/Shorewall-lite' subdirectory).

   or

   b) Patch /usr/share/shorewall-[lite]/lib.cli with the 'patch-3.4.1-2.diff'
   patch in the errata/patches sub-directory.

3)  Shoreall 3.4 is not consistent with respect to its treatment of
    log level 'none' and 'none!' and built-in actions. In particular,
    specifying 'none' with the Limit action produces a run-time error.

    Either:

   a) Replace /usr/share/shorewall/compiler with the 'compiler' file from
   the errata/Shorewall sub-directory.

   or

   b) Patch /usr/share/shorewall/compiler with the 'patch-3.4.1-3.diff'
   patch in the errata/patches sub-directory.

4) Shorewall Lite users and Shorewall users who utilize the
   /etc/shorewall/capabilities file may find that '[re]start' errors
   occur after upgrading to Shorewall 3.4.x. The 3.4 capabilities file
   includes capabilities not recorded in earlier versions of the file
   so you will need to regenerate these files after upgrading.