diff --git a/Shorewall/compiler b/Shorewall/compiler
index f2b8f664a..fdec24dfb 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -101,7 +101,7 @@ progress_message_and_save()
 indent() {
     if [ -n "$INDENT" ]; then
 	if [ -n "$HAVEAWK" ]; then
-	    eval awk \''BEGIN { indent=1; }; /^[[:space:]]*$/ { print ""; indent=1; next; }; { if (indent == 1) print "'"$INDENT"'" $0; else print; }; { indent=1; }; /\\$/ { indent=0; };'\' $1
+	    eval awk \''BEGIN { indent=1; }; /^\s*$/ { print ""; indent=1; next; }; { if (indent == 1) print "'"$INDENT"'" $0; else print; }; { indent=1; }; /\\$/ { indent=0; };'\' $1
 	else
 	    eval sed \'s\/^/"$INDENT"\/\' $1
 	fi
@@ -3467,7 +3467,7 @@ __EOF__
 
 	for interface in $interfaces; do
 	    if [ -n "$BRIDGING" ]; then
-		is_bridge=$( brctl show $interface 2> /dev/null | grep ^$interface[[:space:]] )
+		is_bridge=$( brctl show 2> /dev/null | grep "^$interface[[:space:]]" )
 		[ -n "$is_bridge" ] && \
 		    do_iptables -A $(forward_chain $interface) -p udp -o $interface --dport 67:68 -j ACCEPT
             fi
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 35ea59f1f..c33ed58c5 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -61,7 +61,8 @@ Other Changes in 3.3.6
 3)  Shorewall now uses tc fwmark filters to classify packets for
     traffic shaping when the DEVICE isn't an interface described in
     /etc/shorewall/interfaces. This is in preparation for the upcoming
-    change to the way that --physdev-out works in iptables/Netfilter.
+    change to the way that --physdev-out works in iptables/Netfilter;
+    that change is now scheduled for kernel 2.6.20.
 
 4)  If your kernel and iptables have extended multiport support, then
     Shorewall will use that support for the destination port when