diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 0aa6ae5f1..ab4f2b8d0 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,10 +1,5 @@
-Changes since 1.3.12
+Changes since 1.3.13
 
-1. Added 'DNAT-' target.
-
-2. Print policies in 'check' command.
-
-3. Added CLEAR_TC option.
-
-4. Added SHARED_DIR option.
+1. Fix 'shorewall add' bug.
 
+2. Add OLD_PING_HANDLING option
diff --git a/Shorewall/firewall b/Shorewall/firewall
index e18cbd055..a1a3d595c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -599,12 +599,16 @@ validate_interfaces_file() {
 
 	for option in $options; do
 	    case $option in
-	    dhcp|noping|filterping|routestopped|norfc1918|multi|tcpflags)
-                ;;
-	    routefilter|dropunclean|logunclean|blacklist|proxyarp|maclist|-)
-		;;
-	    *)
-		error_message "Warning: Invalid option ($option) in record \"$r\""
+		dhcp|routestopped|norfc1918|multi|tcpflags)
+		    ;;
+		routefilter|dropunclean|logunclean|blacklist|proxyarp|maclist|-)
+		    ;;
+		noping|filterping)
+		    [ -n "$OLD_PING_HANDLING" ] || \
+			startup_error "Option $option only allowed with old ping handling"
+		    ;;
+		*)
+		    error_message "Warning: Invalid option ($option) in record \"$r\""
 		;;
 	    esac
 	done
@@ -3350,11 +3354,14 @@ initialize_netfilter () {
 # Build the common chain -- called during [re]start and refresh
 #
 build_common_chain() {
-    #
-    # PING
-    #
-    [ -n "$FORWARDPING" ] && \
-	run_iptables -A icmpdef -p icmp --icmp-type echo-request -j ACCEPT
+    
+    if [ -n "$OLD_PING_HANDLING" ]; then
+        #
+        # PING
+        #
+	[ -n "$FORWARDPING" ] && \
+	    run_iptables -A icmpdef -p icmp --icmp-type echo-request -j ACCEPT
+    fi
     #
     # Common ICMP rules
     #
@@ -3907,23 +3914,25 @@ define_firewall() # $1 = Command (Start or Restart)
 
     process_rules $rules
 
-    echo "Setting up ICMP Echo handling..."
+    if [ -n "$OLD_PING_HANDLING" ]; then
+	echo "Setting up ICMP Echo handling..."
 
-    filterping_interfaces="`find_interfaces_by_option filterping`"
-    noping_interfaces="`find_interfaces_by_option noping`"
+	filterping_interfaces="`find_interfaces_by_option filterping`"
+	noping_interfaces="`find_interfaces_by_option noping`"
 
-    for interface in $all_interfaces; do
-	if ! list_search $interface $filterping_interfaces; then
-	    if list_search $interface $noping_interfaces; then
-		target=DROP
-	    else
-		target=ACCEPT
+	for interface in $all_interfaces; do
+	    if ! list_search $interface $filterping_interfaces; then
+		if list_search $interface $noping_interfaces; then
+		    target=DROP
+		else
+		    target=ACCEPT
+		fi
+		
+		run_iptables -A `input_chain $interface` \
+		    -p icmp --icmp-type echo-request -j $target
 	    fi
-	    
-	    run_iptables -A `input_chain $interface` \
-		-p icmp --icmp-type echo-request -j $target
-	fi
-    done
+	done
+    fi
 
     policy=`find_file policy`
 
@@ -4471,6 +4480,7 @@ do_initialize() {
     TCP_FLAGS_LOG_LEVEL=
     RFC1918_LOG_LEVEL=
     MARK_IN_FORWARD_CHAIN=
+    OLD_PING_HANDLING=
     SHARED_DIR=/usr/lib/shorewall
     FUNCTIONS=
     VERSION_FILE=
@@ -4596,7 +4606,7 @@ do_initialize() {
     else
 	CLEAR_TC=
     fi
-
+    OLD_PING_HANDLING=`added_param_value_yes OLD_PING_HANDLING $OLD_PING_HANDLING`
 
     run_user_exit params
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index f9f09cad3..ad1414bc3 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -2,48 +2,14 @@ This is a minor release of Shorewall that has a couple of new features.
 
 New features include:
 
-1) A new 'DNAT-' action has been added for entries in the
-   /etc/shorewall/rules file. DNAT- is intended for advanced users who
-   wish to minimize the number of rules that connection requests must
-   traverse.
-   
-   A Shorewall DNAT rule actually generates two iptables rules: a
-   header rewriting rule in the 'nat' table and an ACCEPT rule in the
-   'filter' table. A DNAT- rule only generates the first of these
-   rules. This is handy when you have several DNAT rules that would
-   generate the same ACCEPT rule.
+1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
+   set to Yes, Shorewall ping handling is as it has always been (see
+   http://www.shorewall.net/ping.html).
 
-   Here are three rules from my previous rules file:
-   
-	DNAT   net  dmz:206.124.146.177 tcp smtp - 206.124.146.178
-	DNAT   net  dmz:206.124.146.177 tcp smtp - 206.124.146.179
-	ACCEPT net  dmz:206.124.146.177 tcp www,smtp,ftp,...
+   When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
+   policies just like any other connection request. The FORWARDPING
+   option in shorewall.conf is ignored and the 'noping' and
+   'filterping' options in /etc/shorewall/interfaces will generate an
+   error.
 
-   These three rules ended up generating _three_ copies of 
 
-	 ACCEPT net  dmz:206.124.146.177 tcp smtp
-
-   By writing the rules this way, I end up with only one copy of the
-   ACCEPT rule.
-
-	DNAT-  net  dmz:206.124.146.177 tcp smtp -  206.124.146.178
-	DNAT-  net  dmz:206.124.146.177 tcp smtp -  206.124.146.179
-	ACCEPT net  dmz:206.124.146.177 tcp www,smtp,ftp,...
-
-2) The 'shorewall check' command now prints out the applicable policy
-   between each pair of zones.
-
-3. A new CLEAR_TC option has been added to shorewall.conf. If this
-   option is set to 'No' then Shorewall won't clear the current
-   traffic control rules during [re]start. This setting is intended
-   for use by people that prefer to configure traffic shaping when
-   the network interfaces come up rather than when the firewall
-   is started. If that is what you want to do, set TC_ENABLED=Yes and
-   CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That
-   way, your traffic shaping rules can still use the 'fwmark'
-   classifier based on packet marking defined in /etc/shorewall/tcrules.
-
-4. A new SHARED_DIR variable has been added that allows distribution
-   packagers to easily move the shared directory (default
-   /usr/lib/shorewall). Users should never have a need to change the
-   value of this shorewall.conf setting.
diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf
index 5d6c3e8a5..4789c150f 100755
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@@ -400,11 +400,21 @@ MUTEX_TIMEOUT=60
 
 LOGNEWNOTSYN=
 
+#
+# Old Ping Handling
+#
+# If this option is set to "Yes" then Shorewall will use its old ping handling
+# facility including the FORWARDPING option below and the 'noping' and
+# 'filterping' interface options. If this option is set to 'No' then ping
+# is handled via policy and rules just like any other connection request.
+#
+OLD_PING_HANDLING=No
+
 #
 # Forward "Ping"
 #
 # If FORWARDPING is set to "Yes" then Echo Request ("Ping") packets are
-# forwarded by the firewall.
+# forwarded by the firewall. This option is only used if OLD_PING_HANDLING=Yes
 
 FORWARDPING=Yes