1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 'enable', 'reenable' and 'disable' commands do not work
    correctly in configurations with USE_DEFAULT_RT=No and optional
    providers listed in the DUPLICATE column.

3)  When a list of zones appears in a policy file entry, intra-zone
    traffic is affected even if neither the SOURCE nor DEST list ends
    in '+'.

    Corrected in Shorewall 5.0.15.2

4)  When SAVE_IPSETS=Yes or SAVE_IPSETS=ipv4, the restore phase of a
    rejected safe-restart fails.

    Corrected in Shorewall 5.0.15.3.

5)  It is not possible to include compact IPv6 addresses (those with
    "::") in IP6TABLES() parameters.

    Workaround: Use fully qualified addresses.

    Corrected in Shorewall 5.0.15.3.

6)  Expansions of options appearing in shorewall[6].conf (e.g.,
    $TCP_FLAGS_LOG_LEVEL) are empty.

    Corrected in Shorewall 5.0.15.4.

7)  'all+' is treated the same as 'all' in the policy files.

    Corrected in Shorewall 5.0.15.4.

8)  Now, when systemd stops a Shorewall-generated firewall, the
    placed in the safe state rather than cleared.

    Corrected in Shorewall 5.0.15.4.

9)  Shorewall 5.0.15.4 was built with a buggy toolset which resulted
    is the IPv4 installers being installed in the IPv6 packages.

    Corrected in Shorewall 5.0.15.5.

10) The two-interface sample snat file contained a typo; 192.16.0.0/16
    was inadvertently entered as 92.16.0.0/16.

    Corrected in Shorewall 5.0.15.5.