1)  The IPv6 allowBcast built-in action generates an invalid ip6tables
    rule. This defect is present in all versions of Shorewall that 
    support IPv6.

    Fixed in Shorewall 4.4.10.1.

2)  If IPSET=<pathname> is specified in shorewall.conf, then when an
    ipset is used in a configuration file entry, the following fatal
    compilation error occurs:

    ERROR: ipset names in Shorewall configuration files require Ipset
    Match in your kernel and iptables : /etc/shorewall/rules (line nn)

    You can work around this problem by executing the following at a
    root shell prompt:

    	 shorewall show -f capabilities > /etc/shorewall/capabilities

    Fixed in Shorewall 4.4.10.1. After installing this fix, if you 
    executed the above command to work around the problem, we recommend
    that you remove /etc/shorewall/capabilities.

3)  On Debian and derivatives, shorewall-init is starting too late.

    To work around this issue, at a root prompt:

       cd /etc/rcS.d
       mv S38shorewall-init S08shorewall-init

4)  The new REQUIRE_INTERFACE option was not added to shorewall.conf
    and shorewall6.conf.

    You can simply add it if you need it.

5)  Under Perl 5.12.1, a harmless Perl run-time diagnostic is
    produced when options are omitted from shorewall.conf or
    shorewall6.conf. 

    Example:

	Use of uninitialized value
	$Shorewall::Config::config{"REQUIRE_INTERFACE"} in lc at
    	/usr/share/shorewall/Shorewall/Config.pm line 1902.