1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The generated firewall cannot detect the gateway added by recent
    versions of dhclient.

    Corrected in 4.6.5.1.

3)  In 4.6.5, the bash-based configure script would issue the following
    diagnostic if SERVICEDIR was not specified in the shorewallrc
    file.

      ./configure: line 199: [SERVICEDIR]=: command not found

    This is compounded by the fact that all of the released
    shorewallrc files still specify SYSTEMDDIR rather than SERVICEDIR
    (Evangelos Foutras)

    Corrected in 4.6.5.1.

4)  LOG_BACKEND=LOG is broken in Shorewall6 on all but the most recent
    kernel versions.

    Corrected in 4.6.5.2.

5)  The Shorewall-init scripts are currently using the incorrect
    variable to set the state directory.

    Corrected in 4.6.5.3

6)  For normal dynamic zones, the 'add' command fails with a
    diagnostic such as:

      ERROR: Zone ast, interface net0 does not have a dynamic host list

    Corrected in 4.6.5.3

7)  When a mark range is used in the marks (tcrules) file, a run-time
    error occurs while attempting to load the generated ruleset.

    Corrected in 4.6.5.3
    

8)  The '-c' option of the 'dump' and 'show routing' commands is
    currently undocumented. It causes the routing cache to be displayed
    along with the other routing information.

    Corrected in 4.6.5.4.

9)  The handling of the 'DIGEST' environmental variable is incorrect
    in the Shorewall installer. Specifying that option does not
    correctly update the Chains module which leads to a Perl
    compilation failure.

    Corrected in 4.6.5.4.

10) Handling of ipset names on PORT columns is incorrect. Such usage
    results in an invalid iptables rule being generated.

    Corrected in 4.6.5.4.

11) The Shorewall-init ifupdown scripts currently look in the wrong
    directory for the firewall script.

    Corrected in 4.6.5.5.