diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index ce263f533..5a04793e0 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -16,6 +16,8 @@ Changes in 2.5.7
 
 8) Give better diagnostics when IPP2P match isn't available.
 
+9) Do not touch mangle chain during "refresh".
+
 Changes in 2.5.6
 
 1) Finish install/fallback cleanup.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 419d600a9..05f45bd0d 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1261,6 +1261,14 @@ setup_providers()
     add_a_provider() {
 	local t n iface option
 
+	case $MARKING_CHAIN in
+	    tcfor)
+		;;
+	    *)
+		error_message "WARNING: MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
+		;;
+	esac
+
 	for t in $PROVIDERS; do
 	    if [ "$t" = "$table" ]; then
 		fatal_error "Duplicate Provider: $table, provider: \"$provider\""
@@ -3817,8 +3825,9 @@ refresh_tc() {
         # Flush the TC mangle chains
         #
 	run_iptables -t mangle -F $chain
-
+	[ -n "$MARK_IN_FORWARD_CHAIN" ] && run_iptables -t mangle -F tcpre
         run_iptables -t mangle -F tcout
+        run_iptables -t mangle -F tcpost
         #
         # Process the TC Rules File
         #
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 97d639c64..b5377a488 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -15,6 +15,8 @@ Problems Corrected in 2.5.7:
    error on "shorewall start". This is a bug in the ipp2p code but I
    have included a workaround in Shorewall.
 
+4) Fix "shorwall flush" vs mangle table.
+
 New Features in 2.5.7:
 
 1) The output of "shorewall dump" now includes a capabilities report
@@ -33,6 +35,8 @@ New Features in 2.5.7:
    must have restarted Shorewall using this release before this feature
    will work correctly.
 
+5) The multi-ISP code
+
 Migration Considerations:
 
 1) The "monitor" command has been eliminated.