diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 7cba20408..9d8b573e9 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1250,11 +1250,13 @@ stop_firewall() {
 	    set +x
 
 	    [ -z "$RESTOREFILE" ] && RESTOREFILE=restore
+
+	    RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
 	    
-	    if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
+	    if [ -x $RESTOREPATH ]; then
 		echo Restoring Shorewall...
-		/var/lib/shorewall/$RESTOREFILE
-		echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
+		$RESTOREPATH
+		echo "Shorewall restored from $RESTOREPATH"
 		my_mutex_off
 		kill $$
 		exit 2
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index a7895a3e3..0d339991a 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -41,23 +41,31 @@ New Features:
 
 1) Shorewall now supports multiple saved configurations.
 
-   a) The "save" command has been extended to be able to specify the
+   a) The default saved configuration (restore script) in
+      /var/lib/shorewall is now specified using the RESTOREFILE option
+      in shorewall.conf. If this variable isn't set then to maitain
+      backward compatibility, 'restore' is assumed.
+      
+      The value of RESTOREFILE must be a simple file name; no slashes
+      ("/") may be included.
+      
+   b)  The "save" command has been extended to be able to specify the
       name of a saved configuration.
 
 	   shorewall save [ <file name> ]
 
       The current state is saved to /var/lib/shorewall/<file name>. If
       no <file name> is given, the configuration is saved to
-      /var/lib/shorewall/restore (current behavior).
+      the file determined by the RESTOREFILE setting.
 
-   b) The "restore" command has been extended to be able to specify 
+   c) The "restore" command has been extended to be able to specify 
       the name of a saved configuration:
 
 	  shorewall restore [ <file name> ]
 
       The firewall state is restored from /var/lib/shorewall/<file
       name>. If no <file name> is given, the firewall state is
-      restored from /var/lib/shorewall/restore.
+      restored from the file determined by the RESTOREFILE setting.
 
    c) The "forget" command has changed. Previously, the command
       unconditionally removed the /var/lib/shorewall/save file which
@@ -70,10 +78,11 @@ New Features:
 	      shorewall forget [ <file name> ]
 
       The file /var/lib/shorewall/<file name> is removed. If no <file
-      name> is given, the file /var/lib/shorewall/restore is removed.
+      name> is given, the file determined by the RESTOREFILE setting
+      is removed.
 
-   d) The "shorewall -f start" command continues to restore the state
-      recorded in /var/lib/shorewall/restore.
+   d) The "shorewall -f start" command restores the state from the
+      file determined by the RESTOREFILE setting. 
 
 2) "!" is now allowed in accounting rules.
 
diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall
index a2ed05f0f..f4172bb7c 100755
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@@ -134,6 +134,19 @@ showchain() # $1 = name of chain
     fi
 }
 
+#
+# Validate the value of RESTOREFILE
+#
+validate_restorefile() # $* = label
+{
+    case $RESTOREFILE in
+	*/*)
+	    echo "   ERROR: $@ must specify a simple file name: $RESTOREFILE" >&2
+	    exit 2
+	    ;;
+    esac    
+}
+
 #
 # Set the configuration variables from shorewall.conf
 #
@@ -163,13 +176,17 @@ get_config() {
 
     if [ -n "$SHOREWALL_SHELL" ]; then
 	if [ ! -e "$SHOREWALL_SHELL" ]; then
-	    echo "The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
+	    echo "   ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
 	    exit 2
 	fi
     fi
 
     [ -n "$RESTOREFILE" ] || RESTOREFILE=restore
 
+    validate_restorefile RESTOREFILE
+
+    export RESTOREFILE
+
 }
 
 #
@@ -740,11 +757,14 @@ case "$1" in
 	[ $# -ne 1 ] && usage 1
 	get_config
 	if [ -n "$FAST" ]; then
-	    if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
+	    
+	    RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
+
+	    if [ -x $RESTOREPATH ]; then
 		echo Restoring Shorewall...
-		/var/lib/shorewall/$RESTOREFILE
+		$RESTOREPATH
 		date > $STATEDIR/restarted
-		echo Shorewall restored from /var/lib/shorewall/$RESTOREFILE
+		echo Shorewall restored from $RESTOREPATH
 	    else
 		exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
 	    fi
@@ -976,19 +996,22 @@ case "$1" in
 	    ;;
 	2)
 	    RESTOREFILE="$2"
+	    validate_restorefile '<restore file>'
 	    ;;
 	*)
 	    usage 1
 	    ;;
 	esac
 
+	RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
+
 	mutex_on
 
 	if qt iptables -L shorewall -n; then
 	    [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
 
-	    if [ -f /var/lib/shorewall/$RESTOREFILE -a ! -x /var/lib/shorewall/$RESTOREFILE ]; then
-		echo "   ERROR: /var/lib/shorewall/$RESTOREFILE exists and is not a saved Shorewall configuration"
+	    if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
+		echo "   ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
 	    else
 		case $RESTOREFILE in
 		    save|restore-base)
@@ -1001,9 +1024,9 @@ case "$1" in
 				cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
 				if iptables-save >> /var/lib/shorewall/restore-$$ ; then
 				    echo __EOF__ >> /var/lib/shorewall/restore-$$
-				    mv -f /var/lib/shorewall/restore-$$ /var/lib/shorewall/$RESTOREFILE
-				    chmod +x /var/lib/shorewall/$RESTOREFILE
-				    echo "   Currently-running Configuration Saved to /var/lib/shorewall/$RESTOREFILE"
+				    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
+				    chmod +x $RESTOREPATH
+				    echo "   Currently-running Configuration Saved to $RESTOREPATH"
 				else
 				    rm -f /var/lib/shorewall/restore-$$
 				    echo "   ERROR: Currently-running Configuration Not Saved"
@@ -1029,17 +1052,21 @@ case "$1" in
 	    ;;
 	2)
 	    RESTOREFILE="$2"
+	    validate_restorefile '<restore file>'
 	    ;;
 	*)
 	    usage 1
 	    ;;
 	esac
 
-	if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
-	    rm -f /var/lib/shorewall/$RESTOREFILE
-	    echo "    /var/lib/shorewall/$RESTOREFILE removed"
-	elif [ -f /var/lib/shorewall/$RESTOREFILE ]; then
-	    echo "   ERROR: /var/lib/shorewall/$RESTOREFILE is not a restore script"
+
+	RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
+
+	if [ -x $RESTOREPATH ]; then
+	    rm -f $RESTOREPATH
+	    echo "    $RESTOREPATH removed"
+	elif [ -f $RESTOREPATH ]; then
+	    echo "   ERROR: $RESTOREPATH is not a restore script"
 	fi
 	;;
     ipcalc)
@@ -1084,15 +1111,18 @@ case "$1" in
 	    ;;
 	2)
 	    RESTOREFILE="$2"
+	    validate_restorefile '<restore file>'
 	    ;;
 	*)
 	    usage 1
 	    ;;
 	esac
 
-	if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
+	RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
+
+	if [ -x $RESTOREPATH ]; then
 	    echo Restoring Shorewall...
-	    /var/lib/shorewall/$RESTOREFILE && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
+	    $RESTOREPATH && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
 	else
 	    echo "File /var/lib/shorewall/$RESTOREFILE: file not found"
             exit 2