diff --git a/Shorewall-common/lib.base b/Shorewall-common/lib.base
index eb13e0474..065ebc6fe 100644
--- a/Shorewall-common/lib.base
+++ b/Shorewall-common/lib.base
@@ -1424,7 +1424,7 @@ undo_routing() {
 	# Restore rt_tables database
 	#
 	if [ -f ${VARDIR}/rt_tables ]; then
-	    [ -w /etc/iproute2/rt_table ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
+	    [ -w /etc/iproute2/rt_table -a -z "$KEEP_RT_TABLES" ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
 	    rm -f ${VARDIR}/rt_tables
 	fi
 	#
diff --git a/Shorewall-common/lib.config b/Shorewall-common/lib.config
index daa831e5c..3e9090863 100644
--- a/Shorewall-common/lib.config
+++ b/Shorewall-common/lib.config
@@ -1741,7 +1741,7 @@ do_initialize() {
     USE_ACTIONS=
     OPTIMIZE=
     EXPORTPARAMS=
-    #EXPERIMENTAL is inherited
+    KEEP_TC_RULES=
 
     #
     # Packet Disposition
@@ -2017,6 +2017,7 @@ do_initialize() {
     TC_EXPERT=$(added_param_value_no TC_EXPERT $TC_EXPERT)
     USE_ACTIONS=$(added_param_value_yes USE_ACTIONS $USE_ACTIONS)
     EXPORTPARAMS=$(added_param_value_yes EXPORTPARAMS $EXPORTPARAMS)
+    KEEP_TC_RULES=$(added_param_value_no KEEP_TC_RULES $KEEP_TC_RULES)
 
     [ "$PROGRAM" = compiler ] && [ -n "$USE_ACTIONS" ] && lib_load actions "USE_ACTIONS=Yes"
 
diff --git a/Shorewall-perl/prog.header b/Shorewall-perl/prog.header
index 6cf884d7f..e275fbabd 100644
--- a/Shorewall-perl/prog.header
+++ b/Shorewall-perl/prog.header
@@ -819,7 +819,7 @@ undo_routing() {
 	# Restore rt_tables database
 	#
 	if [ -f ${VARDIR}/rt_tables ]; then
-	    [ -w /etc/iproute2/rt_table ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
+	    [ -w /etc/iproute2/rt_table -a -z "$KEEP_RT_TABLES" ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
 	    rm -f ${VARDIR}/rt_tables
 	fi
 	#
diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml
index 9efaafc3b..0f1a140ff 100644
--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@@ -307,6 +307,18 @@ loc     eth2            -</programlisting>
               </listitem>
             </varlistentry>
 
+            <varlistentry>
+              <term><emphasis
+              role="bold">mss</emphasis>[=<emphasis>number</emphasis>]</term>
+
+              <listitem>
+                <para>Added in Shorewall 4.0.3. Causes forwarded TCP SYN
+                packets entering or leaving on this interface to have their
+                MSS field set to the specified
+                <replaceable>number</replaceable>.</para>
+              </listitem>
+            </varlistentry>
+
             <varlistentry>
               <term><emphasis role="bold">norfc1918</emphasis></term>
 
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index dcc099350..3cac01a50 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -635,10 +635,10 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
 
         <listitem>
-          <para>When set to <option>Yes</option>, this option prevents scripts
-          generated by Shorewall-perl from altering the
-          /etc/iproute2/rt_tables database when there are entries in
-          <filename>/etc/shorewall/providers</filename>. If you set this
+          <para>Added in Shorewall 4.0.3. When set to <option>Yes</option>,
+          this option prevents scripts generated by Shorewall-perl from
+          altering the /etc/iproute2/rt_tables database when there are entries
+          in <filename>/etc/shorewall/providers</filename>. If you set this
           option to <option>Yes</option> while Shorewall (Shorewall-lite) is
           running, you should remove the file
           <filename>/var/lib/shorewall/rt_tables</filename>
diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml
index d4746ad23..8bf4b533d 100644
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@@ -582,9 +582,10 @@
           are untouched. Clear is often used to see if the firewall is causing
           connection problems.</para>
 
-          <para>If the <option>-f</option> is given, the command will be
-          processed by the compiled script that executed the last successful
-          <emphasis role="bold">start</emphasis>, <emphasis
+          <para>The <option>-f</option> option was added in Shorewall 4.0.3.
+          If <option>-f</option> is given, the command will be processed by
+          the compiled script that executed the last successful <emphasis
+          role="bold">start</emphasis>, <emphasis
           role="bold">restart</emphasis> or <emphasis
           role="bold">refresh</emphasis> command if that script exists.</para>
         </listitem>
@@ -1179,9 +1180,10 @@
           url="shorewall-routestopped.html">shorewall-routestopped</ulink>(5)
           or by ADMINISABSENTMINDED.</para>
 
-          <para>If the <option>-f</option> is given, the command will be
-          processed by the compiled script that executed the last successful
-          <emphasis role="bold">start</emphasis>, <emphasis
+          <para>The <option>-f</option> option was added in Shorewall 4.0.3.
+          If <option>-f</option> is given, the command will be processed by
+          the compiled script that executed the last successful <emphasis
+          role="bold">start</emphasis>, <emphasis
           role="bold">restart</emphasis> or <emphasis
           role="bold">refresh</emphasis> command if that script exists.</para>
         </listitem>