diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 45ae63615..28e8bc564 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -442,6 +442,7 @@ do_save() {
 			    rm -f ${VARDIR}/restore-$$
 			fi
 		    fi
+		fi
 	    else
 		case "$ARPTABLES" in
 		    */*)
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 4fd02fc7a..145a8ac26 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -301,7 +301,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY WORKAROUNDS/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@@ -5718,7 +5718,7 @@ sub get_configuration( $$$$$ ) {
     default_yes_no 'TRACK_RULES'                , '';
     default_yes_no 'INLINE_MATCHES'             , '';
     default_yes_no 'BASIC_FILTERS'              , '';
-    default_yes_no 'WORKAROUNDS'                , '';
+    default_yes_no 'WORKAROUNDS'                , 'Yes';
 
     require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
 
@@ -6263,7 +6263,7 @@ sub generate_aux_config() {
 
     emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";
 
-    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE) ) {
+    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS) ) {
 	conditionally_add_option $option;
     }
 
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 8e306543d..d7a0e6eca 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2397,14 +2397,22 @@ sub compile_stop_firewall( $$$ ) {
     my $output  = $filter_table->{OUTPUT};
     my $forward = $filter_table->{FORWARD};
 
-    emit <<'EOF';
+    if ( $config{WORKAROUNDS} ) {
+	emit <<'EOF';
+#
+# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
+#
+stop_firewall() {
+    local hack
+EOF
+    } else {
+	emit <<'EOF';
 #
 # Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
 #
 stop_firewall() {
 EOF
-
-    emit ( '    local hack' ) if $config{WORKAROUNDS};
+    }
 
     $output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};