diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index 730621ae4..3996b9150 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -4,6 +4,10 @@ Changes in 3.9.4
 
 2)  Fix log_martians.
 
+3)  Make LOG_MARTIANS and ROUTE_FILTER tri-valued.
+
+4)  Fix arp_ignore.
+
 Changes in 3.9.3
 
 1)  Apply Steven Springl's patch for port checking.
diff --git a/Shorewall-common/lib.config b/Shorewall-common/lib.config
index 0e973943c..dc95a400f 100644
--- a/Shorewall-common/lib.config
+++ b/Shorewall-common/lib.config
@@ -1863,7 +1863,45 @@ do_initialize() {
 	IP_FORWARDING=On
     fi
 
-   [ -n "${BLACKLIST_DISPOSITION:=DROP}" ]
+    if [ -n "$ROUTE_FILTER" ]; then
+	case "$ROUTE_FILTER" in
+	    Yes|yes|YES)
+		ROUTE_FILTER=yes
+		;;
+	    No|no|NO)
+		ROUTE_FILTER=no
+		;;
+	    Keep|keep|KEEP)
+		ROUTE_FILTER=
+		;;
+	    *)
+		startup_error "Invalid value ($ROUTE_FILTER) for ROUTE_FILTER"
+		;;
+	esac
+    else
+	ROUTE_FILTER=yes
+    fi
+
+    if [ -n "$LOG_MARTIANS" ]; then
+	case "$LOG_MARTIANS" in
+	    Yes|yes|YES)
+		LOG_MARTIANS=yes
+		;;
+	    No|no|NO)
+		LOG_MARTIANS=no
+		;;
+	    Keep|keep|KEEP)
+		LOG_MARTIANS=
+		;;
+	    *)
+		startup_error "Invalid value ($LOG_MARTIANS) for LOG_MARTIANS"
+		;;
+	esac
+    else
+	LOG_MARTIANS=yes
+    fi
+
+    [ -n "${BLACKLIST_DISPOSITION:=DROP}" ]
 
     case "$CLAMPMSS" in
 	[0-9]*)
@@ -1874,8 +1912,6 @@ do_initialize() {
     esac
 
     ADD_SNAT_ALIASES=$(added_param_value_no ADD_SNAT_ALIASES $ADD_SNAT_ALIASES)
-    ROUTE_FILTER=$(added_param_value_no ROUTE_FILTER $ROUTE_FILTER)
-    LOG_MARTIANS=$(added_param_value_no LOG_MARTIANS $LOG_MARTIANS)
     DETECT_DNAT_IPADDRS=$(added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS)
 
     MACLIST_TARGET=reject
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index b01e32519..45b04021f 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -22,9 +22,17 @@ Problems corrected in 3.9.4.
 
 2)  logmartions=0 was being treated the same as logmartians=1.
 
+3)  arp_ignore caused an internal error in validate_interfaces_file().
+
 Other changes in Shorewall 3.9.4
 
-None.
+1)  The LOG_MARTIANS and ROUTE_FILTER options are not tri-valued.
+
+	Yes -  Same as before
+	No  -  Same as before except that it applies regardless of
+	       whether any interfaces have the logmartians/routefilter
+	       option
+	Keep - Shorewall ignores the option entirely.
 
 Migration Considerations:
 
diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm
index b396ded44..b1fbc3bdb 100644
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@@ -792,10 +792,22 @@ sub get_configuration( $ ) {
 	$config{IP_FORWARDING} = 'On';
     }
 
+    if ( $config{ROUTE_FILTER} ) {
+	fatal_error "Invalid value ( $config{ROUTE_FILTER} ) for ROUTE_FILTER"
+	    unless $config{ROUTE_FILTER} =~ /^(Yes|No|Keep)$/i;
+    } else {
+	$config{ROUTE_FILTER} = 'Keep';
+    }
+
+    if ( $config{LOG_MARTIANS} ) {
+	fatal_error "Invalid value ( $config{LOG_MARTIANS} ) for LOG_MARTIANS"
+	    unless $config{LOG_MARTIANS} =~ /^(Yes|No|Keep)$/i;
+    } else {
+	$config{LOG_MARTIANS} = 'Keep';
+    }
+
     default_yes_no 'ADD_IP_ALIASES'             , 'Yes';
     default_yes_no 'ADD_SNAT_ALIASES'           , '';
-    default_yes_no 'ROUTE_FILTER'               , '';
-    default_yes_no 'LOG_MARTIANS'               , '';
     default_yes_no 'DETECT_DNAT_IPADDRS'        , '';
     default_yes_no 'DETECT_DNAT_IPADDRS'        , '';
     default_yes_no 'CLEAR_TC'                   , 'Yes';
diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm
index aa83d14e5..ec08ed152 100644
--- a/Shorewall-perl/Shorewall/Interfaces.pm
+++ b/Shorewall-perl/Shorewall/Interfaces.pm
@@ -208,11 +208,11 @@ sub validate_interfaces_file()
 		    $options{$option} = $value;
 		} elsif ( $type == ENUM_IF_OPTION ) {
 		    fatal_error "The $option option may not be used with a wild-card interface name" if $wildcard;
-		    if ( $option eq 'arp_filter' ) {
+		    if ( $option eq 'arp_ignore' ) {
 			if ( $value =~ /^[1-3,8]$/ ) {
-			    $options{arp_filter} = $value;
+			    $options{arp_ignore} = $value;
 			} else {
-			    fatal_error "Invalid value ($value) for arp_filter";
+			    fatal_error "Invalid value ($value) for arp_ignore";
 			}
 		    } else {
 			fatal_error "Internal Error in validate_interfaces_file"
diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm
index 6ec3747e8..9a534386f 100644
--- a/Shorewall-perl/Shorewall/Proc.pm
+++ b/Shorewall-perl/Shorewall/Proc.pm
@@ -95,7 +95,7 @@ sub setup_route_filtering() {
 
     my $interfaces = find_interfaces_by_option 'routefilter';
 
-    if ( @$interfaces || $config{ROUTE_FILTER} ) {
+    if ( @$interfaces || ! ( $config{ROUTE_FILTER} =~ /keep/i ) ) {
 
 	progress_message2 "$doing Kernel Route Filtering...";
 
@@ -114,9 +114,9 @@ sub setup_route_filtering() {
 
 	emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
 
-	if ( $config{ROUTE_FILTER} ) {
+	if ( $config{ROUTE_FILTER} =~ /yes/i ) {
 	    emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter';
-	} else {
+	} elsif (  $config{ROUTE_FILTER} =~ /no/i ) {
 	    emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
 	}
 
@@ -131,7 +131,7 @@ sub setup_route_filtering() {
 sub setup_martian_logging() {
     my $interfaces = find_interfaces_by_option 'logmartians';
 
-    if ( @$interfaces || $config{LOG_MARTIANS} ) {
+    if ( @$interfaces || ! ( $config{LOG_MARTIANS} =~ /keep/i ) ) {
 
 	progress_message2 "$doing Martian Logging...";
 
@@ -149,14 +149,13 @@ sub setup_martian_logging() {
 	    emit   "fi\n";
 	}
 
-	if ( $config{LOG_MARTIANS} ) {
+	if ( $config{LOG_MARTIANS} =~ /yes/i ) {
 	    emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
 	    emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians';
-	} else {
+	} elsif ( $config{LOG_MARTIANS} =~ /no/i ) {
 	    emit 'echo 0 > /proc/sys/net/ipv4/conf/all/log_martians';
 	    emit 'echo 0 > /proc/sys/net/ipv4/conf/default/log_martians';
 	}
-
     }
 }
 
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index ac2dff434..b4409d870 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1108,7 +1108,9 @@ sub process_rule1 ( $$$$$$$$$ ) {
 }
 
 #
-# Process a Record in the rules file
+# Process a Record in the rules file 
+#
+#     Deals with the ugliness of wildcard zones ('all' in rules).
 #
 sub process_rule ( $$$$$$$$$ ) {
     my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_;
diff --git a/Shorewall-shell/compiler b/Shorewall-shell/compiler
index c07b153d4..db210f87e 100755
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@@ -3715,7 +3715,7 @@ __EOF__
 
 	save_progress_message "Setting up Route Filtering..."
 
-	if [ -z "$ROUTE_FILTER" ]; then
+	if [ "$ROUTE_FILTER" = no ]; then
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
@@ -3739,7 +3739,7 @@ __EOF__
 
 	save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
 
-	if [ -n "$ROUTE_FILTER" ]; then
+	if [ "$ROUTE_FILTER" = yes ]; then
 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
 	fi
 
@@ -3756,7 +3756,7 @@ __EOF__
 
 	save_progress_message "Setting up Martian Logging..."
 
-	if [ -z "$LOG_MARTIANS" ]; then
+	if [ "$LOG_MARTIANS" = no ]; then
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
@@ -3779,7 +3779,7 @@ fi
 __EOF__
 	    done
 	
-	if [ -n "$LOG_MARTIANS" ]; then
+	if [ "$LOG_MARTIANS" = yes ]; then
 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians"
 	fi