1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 'enable', 'reenable' and 'disable' commands do not work
    correctly in configurations with USE_DEFAULT_RT=No and optional
    providers listed in the DUPLICATE column.

3)  When 10 or more interfaces are listed in the tcinterfaces file,
    Shorewall fails to start with an error similar to the following:

    ERROR: Command "tc filter add dev br166 protocol all prio 1
           parent a1: handle a1 flow hash keys dst divisor 1024" Failed

    Corrected in Shorewall 5.0.9.1.

4)  A harmless Perl runtime diagnostic such as the following can
    be issued when the compiler attempts to validate an omitted log
    level:

      Use of uninitialized value $rawlevel in uc at
      /usr/share/shorewall/Shorewall/Config.pm line 3824.

    Corrected in Shorewall 5.0.9.1.

5)  Ipset-based dynamic blacklisting does not check forwarded
    packets against the blacklist.

    Corrected in Shorewall 5.0.9.2.