1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 'enable', 'reenable' and 'disable' commands do not work
    correctly in configurations with USE_DEFAULT_RT=No and optional
    providers listed in the DUPLICATE column.

3)  There is a typo in the BLACKLIST_DEFAULT settings in the IPv6
    sample config files.

    The settings end with:

    	"...dropInvalid:$LOG_LEVEL:DropDNSrep:$LOG_LEVEL"

    when they should end with:

        "...dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"

    Workaround: Edit /etc/shorewall6/shorewall6.conf and
                make the correction.

    Corrected in Shorewall 5.1.3.1.

4)  The two-interface sample snat file contains a typo; 192.16.0.0/16
    was inadvertently entered as 92.16.0.0/16.

    Corrected in Shorewall 5.1.3.1.

5)  In the policy file, all+ is incorrectly processed the same as all.

    Corrected in Shorewall 5.1.3.1.

6)  If a Shorewall Variable ( e.g., @chain ) is the target
    of a conditional ?RESET directive (one that was enclosed in ?if...
    ?else...?endif logic), the compiler can incorrectly use an
    existing chain created from the action rather than creating a new
    (and different) chain.

    Corrected in Shorewall 5.1.3.2.

7)  If alternate input format specifies a column that has
    already been specified, the contents of that column are silently
    overwritten.

    Corrected in Shorewall 5.1.3.2.