1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 'enable', 'reenable' and 'disable' commands do not work
    correctly in configurations with USE_DEFAULT_RT=No and optional
    providers listed in the DUPLICATE column.

3)  In Shorewall 5.1.2, the 'shorewall show action allowinUPdP' fails
    with a 'file not found' error.

    Corrected in 5.1.2.1.

4)  In Shorewall 5.1.2, when BLACKLIST is used in the blrules file,
    logging does not occur even if BLACKLIST_LOG_LEVEL is set.

    Corrected in 5.1.2.1.

5)  The IPv4 target REJECT(icmp-tcp-reset) produces an invalid
    iptables rule. That has been corrected. As part of this
    change, the target may also be written REJECT(tcp-reset).

    Corrected in 5.1.2.2.

3)  The following compiler directives are incorrectly being
    processed when they should be omitted due to ?if...?else logic.

        ERROR
        WARNING
        INFO
        WARNING!
        INFO!
        REQUIRE

    Corrected in 5.1.2.2.

4)  When LOAD_HELPERS_ONLY=Yes, the ?REQUIRES compiler directive can
    report that a capability is not available when it actually is .

    Workaround: Set LOAD_HELPERS_ONLY=No.

    Corrected in 5.1.2.2.

5)  On Debian and derivatives, when systemd asks to stop a Shorewall
    firewall, the firewall would be placed in a safe state rather than
    cleared as was the default case with SysV init.

    Corrected in 5.1.2.2.

6)  When an inline action is used as a policy action, the compiler
    incorrectly applies the policy log level to each of the rules in
    the action.

    Corrected in 5.1.2.2.

7)  Inline policy actions have the policy log level applied
    to each rule rather than the level (if any) specified in the
    xxx_DEFAULT setting in shorewall[6].conf.

    Corrected in 5.1.2.2.

8)  When running the 'update' command where:

    - A tcfile exists
    - There is a writable mangle file on the CONFIG_PATH (not in
      $SHAREDIR/configfiles/)

    the update will not work correctly. Symptoms are attempting to
    write on an unopened file or attempting to close an already closed
    file.

    Corrected in 5.1.2.3.

9)  The shorewall(8) manpage is missing a command synopsis for the
    'reload' command.

10) The 'shorewall help' output has an incorrect command synopsis
    for the 'reload' command.

    Corrected in 5.1.2.3.

11) The CONFIG_PATH setting is incorrect in the IPv6 'Universal' sample
    configuration. It should read:

      CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall

    Workaround: Edit shorewall6.conf and correct the CONFIG_PATH
                setting.

    Corrected in 5.1.2.3.

12) Some instances of $LOG_LEVEL are not correctly expanded
    (some expansions may be empty).

    Corrected in 5.1.2.3.

13) There is a typo in the shorewall6.conf file.

        
	TCP_FLAGS_LOG_LEVEL=:$LOG_LEVEL"

    That should be

    	TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"