diff --git a/Shorewall-init/ifupdown.sh b/Shorewall-init/ifupdown.sh
index f58a41d09..049251377 100644
--- a/Shorewall-init/ifupdown.sh
+++ b/Shorewall-init/ifupdown.sh
@@ -180,9 +180,11 @@ else
     esac
 fi
 
+[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+
 for PRODUCT in $PRODUCTS; do
     if [ -x $VARDIR/$PRODUCT/firewall ]; then
-	  ( ${VARDIR}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE ) || true
+	  ( ${VARDIR}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
     fi
 done
 
diff --git a/Shorewall-init/sysconfig b/Shorewall-init/sysconfig
index ed9627e86..24530f2d0 100644
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -16,3 +16,8 @@ IFUPDOWN=0
 # during 'start' and will save them there during 'stop'.
 #
 SAVE_IPSETS=""
+#
+# Where Up/Down events get logged
+#
+LOGFILE=/var/log/shorewall-updown.log
+
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 15d3cec67..542bc9605 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1445,13 +1445,13 @@ sub compile_updown() {
 	      q(        disable_provider $1) ,
 	      q(    fi) ,
 	      q(elif [ "$COMMAND" = up ]; then) ,
-	      q(    echo 0 > \${VARDIR}/${1}.state) ,
+	      q(    echo 0 > ${VARDIR}/${1}.status) ,
 	      q(    COMMAND=start),
 	      q(    progress_message3 "$g_product attempting start") ,
 	      q(    detect_configuration),
 	      q(    define_firewall),
 	      q(else),
-	      q(    progress_message3 "\$COMMAND on interface $1 ignored") ,
+	      q(    progress_message3 "$COMMAND on interface $1 ignored") ,
 	      q(fi) ,
 	      q(;;) );