diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 24e22b340..1ce769b50 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -324,6 +324,15 @@ install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
 
 echo
 echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
+#
+# Install stop_service
+#
+if [ -n "${STOPSERVICEFILE}" ]; then
+    install_file ${STOPSERVICEFILE} ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service 0755
+
+    echo
+    echo "${STOPSERVICEFILE} installed in ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service"
+fi
 
 #
 # Install the libraries
diff --git a/Shorewall-core/shorewallrc.debian.systemd b/Shorewall-core/shorewallrc.debian.systemd
index 41ba8b72e..390274638 100644
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -22,3 +22,4 @@ SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf
+STOPSERVICEFILE=stop_service.debian	#Name of script to stop systemd service that honours `SAFESTOP`.
diff --git a/Shorewall-core/stop_service.debian b/Shorewall-core/stop_service.debian
new file mode 100644
index 000000000..5301100da
--- /dev/null
+++ b/Shorewall-core/stop_service.debian
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+PRODUCT=$1
+
+. /etc/default/${PRODUCT}
+
+if [ "$SAFESTOP" = 1 ]; then
+  COMMAND=stop
+else
+  COMMAND=clear
+fi
+
+if [ "${PRODUCT}" = shorewall6 ]; then
+  EXEC="/sbin/shorewall -6"
+else
+  EXEC="/sbin/${PRODUCT}"
+fi
+
+exec ${EXEC} ${OPTIONS} ${COMMAND}
diff --git a/Shorewall-lite/shorewall-lite.service.debian b/Shorewall-lite/shorewall-lite.service.debian
index 4eeaee8aa..47a68d51f 100644
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -17,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall-lite
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 
 [Install]
diff --git a/Shorewall/shorewall.service.debian b/Shorewall/shorewall.service.debian
index 7e4f04461..180cbce36 100644
--- a/Shorewall/shorewall.service.debian
+++ b/Shorewall/shorewall.service.debian
@@ -17,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall
 StandardOutput=syslog
 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall
 ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS
 
 [Install]
diff --git a/Shorewall6-lite/shorewall6-lite.service.debian b/Shorewall6-lite/shorewall6-lite.service.debian
index e101cd204..00f0cf681 100644
--- a/Shorewall6-lite/shorewall6-lite.service.debian
+++ b/Shorewall6-lite/shorewall6-lite.service.debian
@@ -17,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall6-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall6-lite $OPTIONS start
-ExecStop=/sbin/shorewall6-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6-lite
 ExecReload=/sbin/shorewall6-lite $OPTIONS reload
 
 [Install]
diff --git a/Shorewall6/shorewall6.service.debian b/Shorewall6/shorewall6.service.debian
index 1ad666a29..befa1c15b 100644
--- a/Shorewall6/shorewall6.service.debian
+++ b/Shorewall6/shorewall6.service.debian
@@ -18,7 +18,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall6
 StandardOutput=syslog
 ExecStart=/sbin/shorewall -6 $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall -6 $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6
 ExecReload=/sbin/shorewall -6 $OPTIONS reload $RELOADOPTIONS
 
 [Install]
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml
index 8c3cdf3ed..984a9b317 100644
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -206,12 +206,12 @@
   <section>
     <title>systemd</title>
 
-    <para>As with SysV init described in the preceeding section, the behavior
-    of systemctl commands differ from the Shorewall CLI commands on
-    Debian-based systems. To make systemctl stop shorewall[-lite] and
-    systemctl restart shorewall[-lite] behave like shorewall stop and
-    shorewall restart, use this workaround provided by J Cliff
-    Armstrong:</para>
+    <para>As with SysV init described in the preceeding section, the behavior of
+    systemctl commands differ from the Shorewall CLI commands on Debian-based
+    systems. In versions of Shorewall before 5.2.9, to make <command>systemctl
+    stop shorewall</command> and <command>systemctl restart shorewall</command>
+    behave like <command>shorewall stop</command> and <command>shorewall
+    restart</command>, use this workaround provided by J Cliff Armstrong:</para>
 
     <para> Type (as root):</para>
 
@@ -231,10 +231,14 @@ ExecStop=/sbin/shorewall $OPTIONS stop</programlisting>
 
     <para>to activate the changes. This change will survive future updates of
     the shorewall package from apt repositories. The override file itself will
-    be saved to `/etc/systemd/system/shorewall.service.d/`.</para>
+    be saved to <filename>/etc/systemd/system/shorewall.service.d/</filename>.</para>
 
     <para>The same workaround may be applied to the other Shorewall products
     (excluding Shorewall Init).</para>
+
+    <para>From Shorewall 5.2.9 onwards, the systemd service files have been
+    updated to execute a shell script that obeys the SAFESTOP setting to stop
+    the firewall, and the workaround is no longer necessary.</para>
   </section>
 
   <section id="Trace">