diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl/Shorewall/Nat.pm
index 3d0edb374..6294b7509 100644
--- a/Shorewall-perl/Shorewall/Nat.pm
+++ b/Shorewall-perl/Shorewall/Nat.pm
@@ -262,14 +262,14 @@ sub setup_masq()
 
     while ( read_a_line ) {
 
-	my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark ) = split_line 2, 7, 'masq file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    require_capability( 'NAT_ENABLED' , 'a non-empty masq file' , 's' );
 	    $first_entry = 0;
 	}
 
+	my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark ) = split_line 2, 7, 'masq file';
+
 	if ( $fullinterface eq 'COMMENT' ) {
 	    process_comment;
 	} else {
@@ -371,14 +371,14 @@ sub setup_nat() {
 
     while ( read_a_line ) {
 
-	my ( $external, $interface, $internal, $allints, $localnat ) = split_line 3, 5, 'nat file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    require_capability( 'NAT_ENABLED' , 'a non-empty nat file', 's' );
 	    $first_entry = 0;
 	}
 
+	my ( $external, $interface, $internal, $allints, $localnat ) = split_line 3, 5, 'nat file';
+
 	if ( $external eq 'COMMENT' ) {
 	    process_comment;
 	} else {
@@ -401,14 +401,14 @@ sub setup_netmap() {
 
     while ( read_a_line ) {
 
-	my ( $type, $net1, $interface, $net2 ) = split_line 4, 4, 'netmap file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' , 's' );
 	    $first_entry = 0;
 	}
 
+	my ( $type, $net1, $interface, $net2 ) = split_line 4, 4, 'netmap file';
+
 	fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
 
 	if ( $type eq 'DNAT' ) {
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index a9c57efd3..74f67c37b 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -78,8 +78,6 @@ sub process_tos() {
 
 	while ( read_a_line ) {
 
-	    my ($src, $dst, $proto, $sports, $ports , $tos, $mark ) = split_line 6, 7, 'tos file';
-
 	    if ( $first_entry ) {
 		progress_message2 "$doing $fn...";
 		$pretosref = ensure_chain 'mangle' , $chain;
@@ -87,6 +85,8 @@ sub process_tos() {
 		$first_entry = 0;
 	    }
 
+	    my ($src, $dst, $proto, $sports, $ports , $tos, $mark ) = split_line 6, 7, 'tos file';
+
 	    fatal_error "TOS field required" unless $tos ne '-';
 
 	    if ( defined ( my $tosval = $tosoptions{"\L$tos"} ) ) { 
@@ -146,13 +146,13 @@ sub setup_ecn()
 
 	while ( read_a_line ) {
 
-	    my ($interface, $hosts ) = split_line 1, 2, 'ecn file';
-
 	    if ( $first_entry ) {
 		progress_message2 "$doing $fn...";
 		$first_entry = 0;
 	    }
 
+	    my ($interface, $hosts ) = split_line 1, 2, 'ecn file';
+
 	    fatal_error "Unknown interface ( $interface )" unless known_interface $interface;
 
 	    $interfaces{$interface} = 1;
@@ -213,15 +213,15 @@ sub setup_rfc1918_filteration( $ ) {
 
     while ( read_a_line ) {
 
-	my ( $networks, $target ) = split_line 2, 2, 'rfc1918 file';
-
-	my $s_target;
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    $first_entry = 0;
 	}
 
+	my ( $networks, $target ) = split_line 2, 2, 'rfc1918 file';
+
+	my $s_target;
+
 	if ( $target eq 'logdrop' ) {
 	    $target   = 'rfc1918';
 	    $s_target = 'rfc1918';
@@ -296,8 +296,6 @@ sub setup_blacklist() {
 
 	    while ( read_a_line ) {
 
-		my ( $networks, $protocol, $ports ) = split_line 1, 3, 'blacklist file';
-
 		if ( $first_entry ) {
 		    unless  ( @$hosts ) {
 			warning_message "The entries in $fn have been ignored because there are no 'blacklist' interfaces";
@@ -309,6 +307,8 @@ sub setup_blacklist() {
 		    $first_entry = 0;
 		}
 
+		my ( $networks, $protocol, $ports ) = split_line 1, 3, 'blacklist file';
+
 		expand_rule(
 			    $chainref ,
 			    NO_RESTRICT ,
@@ -355,13 +355,13 @@ sub process_criticalhosts() {
 
 	my $routeback = 0;
 
-	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn for critical hosts...";
 	    $first_entry = 0;
 	}
 
+	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
+
 	$hosts = ALLIPv4 unless $hosts ne '-';
 
 	my @hosts;
@@ -398,13 +398,13 @@ sub process_routestopped() {
 
 	my $routeback = 0;
 
-	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    $first_entry = 0;
 	}
 
+	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
+
 	$hosts = ALLIPv4 unless $hosts && $hosts ne '-';
 
 	my @hosts;
@@ -691,13 +691,13 @@ sub setup_mac_lists( $ ) {
 
 	while ( read_a_line ) {
 
-	    my ( $disposition, $interface, $mac, $addresses  ) = split_line 3, 4, 'maclist file';
-
 	    if ( $first_entry ) {
 		progress_message2 "$doing $fn...";
 		$first_entry = 0;
 	    }
 
+	    my ( $disposition, $interface, $mac, $addresses  ) = split_line 3, 4, 'maclist file';
+
 	    if ( $disposition eq 'COMMENT' ) {
 		process_comment;
 	    } else {
@@ -1252,13 +1252,13 @@ sub process_rules() {
 
     while ( read_a_line ) {
 
-	my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = split_line 1, 10, 'rules file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    $first_entry = 0;
 	}
 
+	my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = split_line 1, 10, 'rules file';
+
 	if ( $target eq 'COMMENT' ) {
 	    process_comment;
 	} elsif ( $target eq 'SECTION' ) {
diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm
index 15c765745..2c92f2f5a 100644
--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@@ -372,13 +372,13 @@ sub setup_traffic_shaping() {
 
 	while ( read_a_line ) {
 
-	    my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices';
-
 	    if ( $first_entry ) {
 		progress_message2 "$doing $fn...";
 		$first_entry = 0;
 	    }
 
+	    my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices';
+
 	    fatal_error "Invalid tcdevices entry" if $outband eq '-';
 	    validate_tc_device( $device, $inband, $outband );
 	}
@@ -524,14 +524,14 @@ sub setup_tc() {
 
 	while ( read_a_line ) {
 
-	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 2, 10, 'tcrules file';
-
 	    if ( $first_entry ) {
 		progress_message2 "$doing $fn...";
 		require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' , 's' );
 		$first_entry = 0;
 	    }
 
+	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 2, 10, 'tcrules file';
+
 	    if ( $mark eq 'COMMENT' ) {
 		process_comment;
 	    } else {
diff --git a/Shorewall-perl/Shorewall/Tunnels.pm b/Shorewall-perl/Shorewall/Tunnels.pm
index 297c1aba2..3085f92c5 100644
--- a/Shorewall-perl/Shorewall/Tunnels.pm
+++ b/Shorewall-perl/Shorewall/Tunnels.pm
@@ -255,13 +255,13 @@ sub setup_tunnels() {
 
     while ( read_a_line ) {
 
-	my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 2, 4, 'tunnels file';
-
 	if ( $first_entry ) {
 	    progress_message2 "$doing $fn...";
 	    $first_entry = 0;
 	}
 
+	my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 2, 4, 'tunnels file';
+
 	if ( $kind eq 'COMMENT' ) {
 	    process_comment;
 	} else {