diff --git a/LrpN/sbin/shorewall b/LrpN/sbin/shorewall
index d657ea865..35b17ebd3 100755
--- a/LrpN/sbin/shorewall
+++ b/LrpN/sbin/shorewall
@@ -418,7 +418,6 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 		   #		     an 'interesting' packet count changes
 {
 
-    get_config
     host=$(echo $HOSTNAME | sed 's/\..*$//')
     oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
 
@@ -528,7 +527,6 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
 	   #		     an 'interesting' packet count changes
 {
 
-    get_config
     host=$(echo $HOSTNAME | sed 's/\..*$//')
     oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
 
@@ -756,6 +754,8 @@ ensure_config_path
 
 export CONFIG_PATH
 
+get_config
+
 [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
 
 if [ ! -f $FIREWALL ]; then
@@ -822,8 +822,6 @@ case "$1" in
 		;;
 	esac
 	
-	get_config
-	
 	if [ -n "$FAST" ]; then
 	    
 	    RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
@@ -842,7 +840,6 @@ case "$1" in
 	;;
     stop|reset|clear|refresh)
 	[ $# -ne 1 ] && usage 1
-	get_config
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     check|restart)
@@ -867,12 +864,10 @@ case "$1" in
 		usage 1
 		;;
 	esac
-	get_config
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     add|delete)
 	[ $# -ne 3 ] && usage 1
-	get_config
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 $2 $3
 	;;
     show|list)
@@ -900,7 +895,6 @@ case "$1" in
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
-	    get_config
 	    echo "Shorewall-$version Log at $HOSTNAME - $(date)"
 	    echo
 	    show_reset
@@ -948,7 +942,6 @@ case "$1" in
     status)
     	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] || usage 1
-	get_config
 	clear
 	echo "Shorewall-$version Status at $HOSTNAME - $(date)"
 	echo
@@ -1007,7 +1000,6 @@ case "$1" in
     hits)
     	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] || usage 1
-	get_config
 	clear
 	echo "Shorewall-$version Hits at $HOSTNAME - $(date)"
 	echo
@@ -1118,8 +1110,6 @@ case "$1" in
     save)
     	[ -n "$debugging" ] && set -x
 
-	get_config
-
 	case $# in
 	1)
 	    ;;
@@ -1175,7 +1165,6 @@ case "$1" in
 	mutex_off
 	;;
     forget)
-	get_config
 	case $# in
 	1)
 	    ;;
@@ -1234,7 +1223,6 @@ case "$1" in
 	esac
 	;;
     restore)
-	get_config
 	case $# in
 	1)
 	    ;;
diff --git a/LrpN/usr/share/shorewall/firewall b/LrpN/usr/share/shorewall/firewall
index ca1a03946..6aadddbdc 100755
--- a/LrpN/usr/share/shorewall/firewall
+++ b/LrpN/usr/share/shorewall/firewall
@@ -1756,7 +1756,7 @@ setup_ipsec() {
     set_mss1() # $1 = chain, $2 = MSS
     {
 	eval local policy=\$${1}_policy
-	if [ "$policy" != NONE ]; then
+	if [ "$policy" != NONE -a "$COMMAND" != add ]; then
 	    ensurechain $1
 	    run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $2
 	fi
diff --git a/LrpN/usr/share/shorewall/version b/LrpN/usr/share/shorewall/version
index 926f19e80..889244276 100644
--- a/LrpN/usr/share/shorewall/version
+++ b/LrpN/usr/share/shorewall/version
@@ -1 +1 @@
-2.2.0-Beta5
+2.2.0-Beta6