diff --git a/Shorewall/Shorewall/Compiler.pm b/Shorewall/Shorewall/Compiler.pm
index 6bfefd788..65e2237da 100644
--- a/Shorewall/Shorewall/Compiler.pm
+++ b/Shorewall/Shorewall/Compiler.pm
@@ -111,6 +111,10 @@ sub generate_script_1() {
 	   'initialize()',
 	   '{',
 	   '    #',
+	   '    # Be sure that umask is sane',
+	   '    #',
+	   '    umask 077',
+	   '    #',
 	   '    # These variables are required by the library functions called in this script',
 	   '    #'
 	   );
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 1f33b5a64..f9fc58215 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,3 +1,9 @@
+Changes in Shorewall 4.3.6
+
+1)  Add SAME tcrules target.
+
+2)  Make 'dump' display the raw table. Fix shorewall6 dump anomalies.
+
 Changes in Shorewall 4.3.5
 
 1)  Remove support for shorewall-shell.
diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli
index b82cadfb7..fc520fea3 100644
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@@ -710,6 +710,9 @@ dump_command() {
     heading "Mangle Table"
     $IPTABLES -t mangle -L $IPT_OPTIONS
 
+    heading "Raw Table"
+    $IPTABLES -t raw -L $IPT_OPTIONS
+
     heading "Conntrack Table"
     [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index fd304f9a5..96769362d 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -1,4 +1,7 @@
-Shorewall 4.3.5
+Shorewall 4.3.6
+
+Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
+released late in 2009.
 
 ----------------------------------------------------------------------------
                R E L E A S E  4 . 4  H I G H L I G H T S
@@ -11,15 +14,32 @@ Shorewall 4.3.5
 2) The interfaces file OPTIONs have been extended to largely remove the
    need for the hosts file.  
 
-Problems corrected in 4.3.5
+Problems corrected in 4.3.6
 
-None.
+1)  The shorewall6 dump command now correctly displays the installed
+    Shorewall version.
+  
+2)   Previously, the 'start' command set the permission flags on
+    /var/lib/shorewall*/state so that it could be read by
+    non-root users while the 'stop' command set the permissions such
+    that the file could not be read by those users.
+
+    Beginning with 4.3.6, both commands will secure the file for
+    root-only access. If you want the file to be world-readable, then
+    add 
+
+    	chmod 744 /var/lib/shorewall*/state
+
+    To your /etc/shorewall*/started, /etc/shorewall*/stopped and
+    /etc/shorewall*/restored files.
 
 Known Problems Remaiining:
 
 None.
 
-New Features in Shorewall 4.3.5
+New Features in Shorewall 4.3.6
+
+None.
 
 New Features in Shorewall 4.4
 
diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli
index f677cc27c..26008c5e7 100644
--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@@ -640,6 +640,9 @@ dump_command() {
     heading "Mangle Table"
     $IP6TABLES -t mangle -L $IPT_OPTIONS
 
+    heading "Raw Table"
+    $IP6TABLES -t raw -L $IPT_OPTIONS
+
     heading "Conntrack Table"
     grep '^ipv6' /proc/net/nf_conntrack