diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index c1075e5dc..cbc16deee 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -3931,7 +3931,7 @@ usage() # $1 = exit status
     echo "   status [ -i ]"
     echo "   stop"
     ecko "   try <directory> [ <timeout> ]"
-    ecko "   update [ -a ] [ -b ] [ -r ] [ -T ]  [ -D ] [ -i ] [-t] [-A] [ <directory> ]"
+    ecko "   update [ -a ] [ -b ] [ -r ] [ -T ]  [ -D ] [ -i ] [-t] [-s] [-n] [-A] [ <directory> ]"
     echo "   version [ -a ]"
     echo
     exit $1
@@ -3985,6 +3985,7 @@ shorewall_cli() {
     g_loopback=
     g_compiled=
     g_routestopped=
+    g_notrack=
 
     VERBOSE=
     VERBOSITY=1
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 337650bd6..529c887f2 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -592,8 +592,8 @@ EOF
 #
 sub compiler {
 
-    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc                      , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped ) =
-       ( '',              '',         -1,          '',          0,      '',       '',   -1,             0,        0,         0,        0,        , 0       , ''          , '/usr/share/shorewall/shorewallrc', ''            , 0 ,          0 ,      0 ,       0 );
+    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc                      , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped , $notrack ) =
+       ( '',              '',         -1,          '',          0,      '',       '',   -1,             0,        0,         0,        0,        , 0       , ''          , '/usr/share/shorewall/shorewallrc', ''            , 0 ,          0 ,      0 ,       0 ,             0 );
 
     $export         = 0;
     $test           = 0;
@@ -845,7 +845,7 @@ sub compiler {
     #
     # Process the conntrack file
     #
-    setup_conntrack;
+    setup_conntrack( $notrack );
     #
     # Add Tunnel rules.
     #
diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index 0b5ab6b2a..b73cdf808 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -36,7 +36,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_conntrack );
 our @EXPORT_OK = qw( handle_helper_rule );
-our $VERSION = 'MODULEVERSION';
+our $VERSION = '4.6_10';
 
 our %valid_ctevent = ( new        => 1,
 		       related    => 1,
@@ -56,7 +56,7 @@ sub initialize($) {
 }
 
 #
-# Conntrack
+# Notrack
 #
 sub process_conntrack_rule( $$$$$$$$$$ ) {
 
@@ -275,52 +275,131 @@ sub process_format( $ ) {
     $file_format = $format;
 }
 
-sub setup_conntrack() {
+sub setup_conntrack($) {
+    my $convert = shift;
+    my $fn;
+    my @files = $convert ? ( qw/notrack conntrack/ ) : ( 'conntrack' );
 
-    my $fn = open_file( 'conntrack', 3 , 1 );
+    for my $name ( qw/notrack conntrack/ ) {
 
-    if ( $fn ) {
+	$fn = open_file( $name, 3 , 1 );
 
-	my $action;
+	if ( $fn ) {
 
-	first_entry( "$doing $fn..." );
+	    my $action;
 
-	while ( read_a_line( NORMAL_READ ) ) {
-	    my ( $source, $dest, $protos, $ports, $sports, $user, $switch );
+	    my $empty = 1;
 
-	    ( $action, $source, $dest, $protos, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 };
+	    first_entry( "$doing $fn..." );
 
-	    for my $proto ( split_list $protos, 'Protocol' ) {
-		if ( $file_format < 3 ) {
-		    if ( $source =~ /^all(-)?(:(.+))?$/ ) {
-			fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-';
-			for my $zone ( $1 ? off_firewall_zones : all_zones ) {
-			    process_conntrack_rule( undef ,
-						    undef,
-						    $action,
-						    $zone . ( $2 || ''),
-						    $dest,
-						    $proto,
-						    $ports,
-						    $sports,
-						    $user ,
-						    $switch );
-			}
-		    } else {
-			process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
-		    }
-		} elsif ( $action =~ s/:O$// ) {
-		    process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
-		} elsif ( $action =~ s/:OP$// || $action =~ s/:PO// ) {
-		    process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
-		    process_conntrack_rule( $raw_table->{OUTPUT},     undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+	    while ( read_a_line( NORMAL_READ ) ) {
+		my ( $source, $dest, $protos, $ports, $sports, $user, $switch );
+
+		if ( $file_format == 1 ) {
+		    ( $source, $dest, $protos, $ports, $sports, $user, $switch ) =
+			split_line1( 'Conntrack File',
+				     { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5, switch => 6 } );
+		    $action = 'NOTRACK';
 		} else {
-		    $action =~ s/:P$//;
-		    process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+		    ( $action, $source, $dest, $protos, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 };
+		}
+
+		$empty = 0;
+
+		for my $proto ( split_list $protos, 'Protocol' ) {
+		    if ( $file_format < 3 ) {
+			if ( $source =~ /^all(-)?(:(.+))?$/ ) {
+			    fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-';
+			    for my $zone ( $1 ? off_firewall_zones : all_zones ) {
+				process_conntrack_rule( undef ,
+							undef,
+							$action,
+							$zone . ( $2 || ''),
+							$dest,
+							$proto,
+							$ports,
+							$sports,
+							$user ,
+							$switch );
+			    }
+			} else {
+			    process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+			}
+		    } elsif ( $action =~ s/:O$// ) {
+			process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+		    } elsif ( $action =~ s/:OP$// || $action =~ s/:PO// ) {
+			process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+			process_conntrack_rule( $raw_table->{OUTPUT},     undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+		    } else {
+			$action =~ s/:P$//;
+			process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
+		    }
 		}
 	    }
+
+	    if ( $name eq 'notrack') {
+		if ( $empty ) {
+		    if ( unlink( $fn ) ) {
+			warning_message "Empty notrack file ($fn) removed";
+		    } else {
+			warning_message "Unable to remove empty notrack file ($fn): $!";
+		    }
+		    $convert = undef;
+		}
+	    }
+	} elsif ( $name eq 'notrack' ) {
+	    $convert = undef;
 	}
     }
+
+    if ( $convert ) {
+	my $conntrack;
+	my $empty  = 1;
+
+	if ( $fn ) {
+	    open $conntrack, '>>', $fn or fatal_error "Unable to open $fn for notrack conversion: $!";
+	} else {
+	    open $conntrack, '>', $fn = find_file 'conntrack' or fatal_error "Unable to open $fn for notrack conversion: $!";
+
+	    print $conntrack <<'EOF';
+#
+# Shorewall version 5 - conntrack File
+#
+# For information about entries in this file, type "man shorewall-conntrack"
+#
+##############################################################################################################
+EOF
+	    print $conntrack '?' . "FORMAT 3";
+	    
+	    print $conntrack <<'EOF';
+#ACTION                 SOURCE          DESTINATION     PROTO   DEST            SOURCE  USER/           SWITCH
+#                                                               PORT(S)         PORT(S) GROUP
+EOF
+	}
+
+	$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
+
+	while ( read_a_line( PLAIN_READ ) ) {
+	    #
+	    # Don't copy the header comments from the old notrack file
+	    #
+	    next if $empty && ( $currentline =~ /^\s*#/ || $currentline =~ /^\s*$/ );
+
+	    if ( $empty ) {
+		#
+		# First non-commentary line
+		#
+		$empty = undef;
+
+		print $conntrack '?' . "format 1\n" unless $currentline =~ /^\s*\??FORMAT/i;
+	    }
+
+	    print $conntrack "$currentline\n";
+	}
+
+	rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!";
+	progress_message2 "notrack file $fn saved in $fn.bak"
+    }
 }
 
 1;
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 610642ed7..59a6f5da5 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -3140,7 +3140,7 @@ sub process_secmark_rule() {
 }
 
 #
-# Process the tcrules file and setup traffic shaping
+# Process the mangle file and setup traffic shaping
 #
 sub setup_tc( $ ) {
     $tcrules = $_[0];
@@ -3222,6 +3222,8 @@ sub setup_tc( $ ) {
 
 		close $mangle, directive_callback( 0 );
 	    }
+	} elsif ( my $fn = find_file( 'tcrules' ) ) {
+	    warning_message "The tcrules file is no longer supported -- use the '$product update -t' to convert $fn to an equivalent 'mangle' file";
 	}
 
 	if ( my $fn = open_file( 'mangle', 1, 1 ) ) {
diff --git a/Shorewall/Perl/compiler.pl b/Shorewall/Perl/compiler.pl
index d682c8749..067d6730c 100755
--- a/Shorewall/Perl/compiler.pl
+++ b/Shorewall/Perl/compiler.pl
@@ -43,6 +43,7 @@
 #         --inline                    # Update alternative column specifications
 #         --tcrules                   # Create mangle from tcrules
 #         --routestopped              # Create stoppedrules from routestopped
+#         --notrack                   # Create conntrack from notrack
 #
 use strict;
 use FindBin;
@@ -79,6 +80,7 @@ usage: compiler.pl [ <option> ... ] [ <filename> ]
     [ --inline ]
     [ --tcrules ]
     [ --routestopped ]
+    [ --notrack ]
 _EOF_
 
 exit shift @_;
@@ -110,6 +112,7 @@ my $shorewallrc1  = '';
 my $inline        = 0;
 my $tcrules       = 0;
 my $routestopped  = 0;
+my $notrack       = 0;
 
 Getopt::Long::Configure ('bundling');
 
@@ -145,6 +148,7 @@ my $result = GetOptions('h'               => \$help,
 			'inline'          => \$inline,
 			'tcrules'         => \$tcrules,
 			'routestopped'    => \$routestopped,
+			'notrack'         => \$notrack,
 			'config_path=s'   => \$config_path,
 			'shorewallrc=s'   => \$shorewallrc,
 			'shorewallrc1=s'  => \$shorewallrc1,
@@ -176,4 +180,5 @@ compiler( script          => $ARGV[0] || '',
 	  inline          => $inline,
 	  tcrules         => $tcrules,
 	  routestopped    => $routestopped,
+	  notrack         => $notrack
 	);
diff --git a/Shorewall/configfiles/actions b/Shorewall/configfiles/actions
index 84bedefbc..b29a9bb18 100644
--- a/Shorewall/configfiles/actions
+++ b/Shorewall/configfiles/actions
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Actions File
+# Shorewall version 5 - Actions File
 #
 # /etc/shorewall/actions
 #
diff --git a/Shorewall/configfiles/blrules b/Shorewall/configfiles/blrules
index d52c714fe..9124484c0 100644
--- a/Shorewall/configfiles/blrules
+++ b/Shorewall/configfiles/blrules
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Blacklist Rules File
+# Shorewall version 5 - Blacklist Rules File
 #
 # For information about entries in this file, type "man shorewall-blrules"
 #
diff --git a/Shorewall/configfiles/conntrack b/Shorewall/configfiles/conntrack
index 963696e1c..cb3152c4c 100644
--- a/Shorewall/configfiles/conntrack
+++ b/Shorewall/configfiles/conntrack
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - conntrack File
+# Shorewall version 5 - conntrack File
 #
 # For information about entries in this file, type "man shorewall-conntrack"
 #
diff --git a/Shorewall/configfiles/findgw b/Shorewall/configfiles/findgw
index bbab0c8bd..012c7dae1 100644
--- a/Shorewall/configfiles/findgw
+++ b/Shorewall/configfiles/findgw
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Findgw File
+# Shorewall version 5 - Findgw File
 #
 # /etc/shorewall/findgw
 #
diff --git a/Shorewall/configfiles/init b/Shorewall/configfiles/init
index 3c70ed407..249f7bb40 100644
--- a/Shorewall/configfiles/init
+++ b/Shorewall/configfiles/init
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Init File
+# Shorewall version 5 - Init File
 #
 # /etc/shorewall/init
 #
diff --git a/Shorewall/configfiles/interfaces b/Shorewall/configfiles/interfaces
index 7520c4f19..5d51d6a6a 100644
--- a/Shorewall/configfiles/interfaces
+++ b/Shorewall/configfiles/interfaces
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Interfaces File
+# Shorewall version 5 - Interfaces File
 #
 # For information about entries in this file, type "man shorewall-interfaces"
 #
diff --git a/Shorewall/configfiles/lib.private b/Shorewall/configfiles/lib.private
index 24743905d..d5d23fc4c 100644
--- a/Shorewall/configfiles/lib.private
+++ b/Shorewall/configfiles/lib.private
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - lib.private File
+# Shorewall version 5 - lib.private File
 #
 # /etc/shorewall/lib.private
 #
diff --git a/Shorewall/configfiles/mangle b/Shorewall/configfiles/mangle
index e338889cd..22aa2e363 100644
--- a/Shorewall/configfiles/mangle
+++ b/Shorewall/configfiles/mangle
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Mangle File
+# Shorewall version 5 - Mangle File
 #
 # For information about entries in this file, type "man shorewall-mangle"
 #
diff --git a/Shorewall/configfiles/nat b/Shorewall/configfiles/nat
index 803084e05..5b694e66e 100644
--- a/Shorewall/configfiles/nat
+++ b/Shorewall/configfiles/nat
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Nat File
+# Shorewall version 5 - Nat File
 #
 # For information about entries in this file, type "man shorewall-nat"
 #
diff --git a/Shorewall/configfiles/params b/Shorewall/configfiles/params
index a60512b4a..c78e7ee27 100644
--- a/Shorewall/configfiles/params
+++ b/Shorewall/configfiles/params
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Params File
+# Shorewall version 5 - Params File
 #
 # /etc/shorewall/params
 #
diff --git a/Shorewall/configfiles/providers b/Shorewall/configfiles/providers
index b4a5990f1..fd6addc65 100644
--- a/Shorewall/configfiles/providers
+++ b/Shorewall/configfiles/providers
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Providers File
+# Shorewall version 5 - Providers File
 #
 # For information about entries in this file, type "man shorewall-providers"
 #
diff --git a/Shorewall/configfiles/refresh b/Shorewall/configfiles/refresh
index ad00d21f1..62d9d8535 100644
--- a/Shorewall/configfiles/refresh
+++ b/Shorewall/configfiles/refresh
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - refresh File
+# Shorewall version 5 - refresh File
 #
 # /etc/shorewall/refresh
 #
diff --git a/Shorewall/configfiles/restored b/Shorewall/configfiles/restored
index 2cd6891fc..0fb156211 100644
--- a/Shorewall/configfiles/restored
+++ b/Shorewall/configfiles/restored
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Restored File
+# Shorewall version 5 - Restored File
 #
 # /etc/shorewall/restored
 #
diff --git a/Shorewall/configfiles/routestopped b/Shorewall/configfiles/routestopped
index 0586fab0b..4859767b0 100644
--- a/Shorewall/configfiles/routestopped
+++ b/Shorewall/configfiles/routestopped
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Routestopped File
+# Shorewall version 5 - Routestopped File
 #
 # This file is deprecated in favor of the stoppedrules file
 #
diff --git a/Shorewall/configfiles/rules b/Shorewall/configfiles/rules
index abeefcf7e..bd98d7a13 100644
--- a/Shorewall/configfiles/rules
+++ b/Shorewall/configfiles/rules
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Rules File
+# Shorewall version 5 - Rules File
 #
 # For information on the settings in this file, type "man shorewall-rules"
 #
diff --git a/Shorewall/configfiles/secmarks b/Shorewall/configfiles/secmarks
index dc23f6c3b..ae4577890 100644
--- a/Shorewall/configfiles/secmarks
+++ b/Shorewall/configfiles/secmarks
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Secmarks File
+# Shorewall version 5 - Secmarks File
 #
 # For information about entries in this file, type "man shorewall-secmarks"
 #
diff --git a/Shorewall/configfiles/start b/Shorewall/configfiles/start
index ad72931ab..ea25493b1 100644
--- a/Shorewall/configfiles/start
+++ b/Shorewall/configfiles/start
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Start File
+# Shorewall version 5 - Start File
 #
 # /etc/shorewall/start
 #
diff --git a/Shorewall/configfiles/stop b/Shorewall/configfiles/stop
index 794a4f54b..565e1b7f6 100644
--- a/Shorewall/configfiles/stop
+++ b/Shorewall/configfiles/stop
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Stop File
+# Shorewall version 5 - Stop File
 #
 # /etc/shorewall/stop
 #
diff --git a/Shorewall/configfiles/tcclear b/Shorewall/configfiles/tcclear
index fd5d0f649..85788f7ce 100644
--- a/Shorewall/configfiles/tcclear
+++ b/Shorewall/configfiles/tcclear
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - tcclear File
+# Shorewall version 5 - tcclear File
 #
 # /etc/shorewall/tcclear
 #
diff --git a/Shorewall/configfiles/tcfilters b/Shorewall/configfiles/tcfilters
index 45efe1db2..353f0a5a7 100644
--- a/Shorewall/configfiles/tcfilters
+++ b/Shorewall/configfiles/tcfilters
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Tcfilters File
+# Shorewall version 5 - Tcfilters File
 #
 # For information about entries in this file, type "man shorewall-tcfilters"
 #
diff --git a/Shorewall/configfiles/tcpri b/Shorewall/configfiles/tcpri
index dbbc74791..c56c54a43 100644
--- a/Shorewall/configfiles/tcpri
+++ b/Shorewall/configfiles/tcpri
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Tcpri File
+# Shorewall version 5 - Tcpri File
 #
 # For information about entries in this file, type "man shorewall-tcpri"
 #
diff --git a/Shorewall/configfiles/tunnels b/Shorewall/configfiles/tunnels
index 4b8bb0a4c..5b687f28e 100644
--- a/Shorewall/configfiles/tunnels
+++ b/Shorewall/configfiles/tunnels
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Tunnels File
+# Shorewall version 5 - Tunnels File
 #
 # For information about entries in this file, type "man shorewall-tunnels"
 #
diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index 6bbb1b24b..a47a7b611 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -439,6 +439,7 @@ compiler() {
     [ -n "$g_tcrules" ] && options="$options --tcrules"
     [ -n "$g_inline" ] && options="$options --inline"
     [ -n "$g_routestopped" ] && options="$options --routestopped"
+    [ -n "$g_notrack" ] && options="$options --notrack"
 
     if [ -n "$PERL" ]; then
 	if [ ! -x "$PERL" ]; then
@@ -849,12 +850,17 @@ update_command() {
 			    g_routestopped=Yes
 			    option=${option#s}
 			    ;;
+			n*)
+			    g_notrack=Yes
+			    option=${option#n}
+			    ;;
 			A*)
 			    g_inline=Yes
 			    g_convert=Yes
 			    g_directives=Yes
 			    g_tcrules=Yes
 			    g_routestopped=Yes
+			    g_notrack=Yes
 			    option=${option#A}
 			    ;;
 			*)