diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm
index f5b418f9b..f18db5bd7 100644
--- a/Shorewall/Perl/Shorewall/Proxyarp.pm
+++ b/Shorewall/Perl/Shorewall/Proxyarp.pm
@@ -78,6 +78,8 @@ sub setup_one_proxy_arp( $$$$$$$ ) {
     }
 
     unless ( $haveroute ) {
+	fatal_error "HAVEROUTE=No requires an INTERFACE" if $interface eq '-';
+
 	if ( $family == F_IPV4 ) {
 	    emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address/32 dev $physical";
 	} else {
@@ -123,15 +125,18 @@ sub setup_proxy_arp() {
 		$first_entry = 0;
 	    }
 
-	    fatal_error "Unknown interface ($interface)" unless known_interface $interface;
 	    fatal_error "Unknown interface ($external)"  unless known_interface $external;
-
-	    my $physical = physical_name $interface;
-	    my $extphy   = physical_name $external;
-
-	    $set{$interface}  = 1;
 	    $reset{$external} = 1 unless $set{$external};
 
+	    my $extphy   = physical_name $external;
+	    my $physical = '-';
+
+	    if ( $interface ne '-' ) {
+		fatal_error "Unknown interface ($interface)" unless known_interface $interface;
+		$physical = physical_name $interface;
+		$set{$interface}  = 1;
+	    }
+
 	    setup_one_proxy_arp( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent );
 	}
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 2c88c4edc..592720474 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -58,6 +58,27 @@ Beta 1
 
 1)  Shorewall-init now handles ppp devices.
 
+2)  To support proxy NDP in a manner similar to Proxy ARP, an
+    /etc/shorewall6/proxyndp file has been added. It should be noted
+    that IPv6 implements a "strong host model" whereas Linux IPv4
+    implements a "weak host model". In the strong model, IP addresses
+    are associated with interfaces; in the weak model, they are
+    associated with the host. This is relevant with respect to Proxy
+    NDP in that a multi-homed Linux IPv6 host will only respond to
+    neighbor discoverey requests for IPv6 addresses configured on the
+    interface receiving the request. So if eth0 has address
+    2001:470:b:227::44/128 and eth1 has address 2001:470:b:227::1/64
+    then in order for eth1 to respond to neighbor discovery requests
+    for 2001:470:b:227::44, the following entry in
+    /etc/shorewall6/proxyndp is required:
+
+    #ADDRESS	       INTERFACE    EXTERNAL	HAVEROUTE	PERSISTENT
+    2001:470:b:227::44 -            eth1        Yes
+
+    As part of this change, the INTERFACE column in
+    /etc/shorewall/proxyarp is now optional and is only required when
+    HAVEROUTE=No (the default).
+
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------
diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh
index c55cd2bfd..266f54bc0 100755
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@@ -633,12 +633,32 @@ fi
 #
 # Install the Scfilter file
 #
-run_install $OWNERSHIP -m 0644 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
+run_install $OWNERSHIP -m 0644 scfilter ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
 
 if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then
     run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/shorewall6/scfilter
     echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter"
 fi
+
+#
+# Install the Providers file
+#
+run_install $OWNERSHIP -m 0644 providers ${DESTDIR}/usr/share/shorewall6/configfiles/providers
+
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/providers ]; then
+    run_install $OWNERSHIP -m 0600 providers ${DESTDIR}/etc/shorewall6/providers
+    echo "Providers file installed as ${DESTDIR}/etc/shorewall6/providers"
+fi
+#
+# Install the Proxyndp file
+#
+run_install $OWNERSHIP -m 0644 proxyndp ${DESTDIR}/usr/share/shorewall6/configfiles/proxyndp
+
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/proxyndp ]; then
+    run_install $OWNERSHIP -m 0600 proxyndp ${DESTDIR}/etc/shorewall6/proxyndp
+    echo "Proxyndp file installed as ${DESTDIR}/etc/shorewall6/proxyndp"
+fi
+
 #
 # Install the Standard Actions file
 #
diff --git a/Shorewall6/proxyndp b/Shorewall6/proxyndp
new file mode 100644
index 000000000..41072770a
--- /dev/null
+++ b/Shorewall6/proxyndp
@@ -0,0 +1,9 @@
+#
+# Shorewall version 4 - Proxyndp File
+#
+# For information about entries in this file, type "man shorewall6-proxyndp"
+#
+# See http://shorewall.net/ProxyARP.htm for additional information.
+#
+##################################################################################
+#ADDRESS		INTERFACE	EXTERNAL	HAVEROUTE	PERSISTENT
diff --git a/docs/Manpages6.xml b/docs/Manpages6.xml
index 7ca286513..cf4b05fa5 100644
--- a/docs/Manpages6.xml
+++ b/docs/Manpages6.xml
@@ -104,6 +104,10 @@
         url="manpages6/shorewall6-providers.html">providers</ulink> - Define
         routing tables, usually for multiple Internet links.</member>
 
+        <member><ulink
+        url="manpages6/shorewall6-proxyndp.html">proxyndp</ulink> - Defines
+        Proxy NDP</member>
+
         <member><ulink
         url="manpages6/shorewall6-route_rules.html">route_rules</ulink> -
         Define routing rules.</member>
diff --git a/docs/ProxyARP.xml b/docs/ProxyARP.xml
index 798c056d6..8fe71cfc1 100644
--- a/docs/ProxyARP.xml
+++ b/docs/ProxyARP.xml
@@ -300,4 +300,38 @@ shorewall start</programlisting>
       <para>You want the second one by Alexey Kuznetsov.</para>
     </warning>
   </section>
+
+  <section>
+    <title>IPv6 - Proxy NDP</title>
+
+    <para>The IPv6 analog of Proxy ARP is Proxy NDP (Neighbor Discovery
+    Protocol). Begiinning with Shorewall 4.4.16, Shorewall6 supports Proxy NDP
+    in a manner similar to Proxy ARP support in Shorewall:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>The configuration file is /etc/shorewall6/proxyndp (see <ulink
+        url="manpages6/shorewall6-proxyndp.html">shorewall6-proxyndp
+        </ulink>(5)).</para>
+      </listitem>
+
+      <listitem>
+        <para>The ADDRESS column of that file contains an IPv6 address.</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>It should be noted that IPv6 implements a "strong host model"
+    whereas Linux IPv4 implements a "weak host model". In the strong model, IP
+    addresses are associated with interfaces; in the weak model, they are
+    associated with the host. This is relevant with respect to Proxy NDP in
+    that a multi-homed Linux IPv6 host will only respond to neighbor
+    discoverey requests for IPv6 addresses configured on the interface
+    receiving the request. So if eth0 has address 2001:470:b:227::44/128 and
+    eth1 has address 2001:470:b:227::1/64 then in order for eth1 to respond to
+    neighbor discovery requests for 2001:470:b:227::44, the following entry in
+    /etc/shorewall6/proxyndp is required: </para>
+
+    <programlisting>#ADDRESS	          INTERFACE    EXTERNAL    HAVEROUTE    PERSISTENT
+2001:470:b:227::44 -            eth1        Yes</programlisting>
+  </section>
 </article>
diff --git a/manpages/shorewall-proxyarp.xml b/manpages/shorewall-proxyarp.xml
index e9bb4247a..eb8681e4b 100644
--- a/manpages/shorewall-proxyarp.xml
+++ b/manpages/shorewall-proxyarp.xml
@@ -40,11 +40,14 @@
 
       <varlistentry>
         <term><emphasis role="bold">INTERFACE</emphasis> -
-        <emphasis>interface</emphasis></term>
+        <emphasis>interface</emphasis> (Optional as of Shorewall
+        4.4.16)</term>
 
         <listitem>
           <para>Local interface where system with the ip address in ADDRESS is
-          connected.</para>
+          connected. This column is only required when HAVEROUTE is set to
+          <emphasis role="bold">No</emphasis> (<emphasis
+          role="bold">no</emphasis>) or is left empty.</para>
         </listitem>
       </varlistentry>
 
@@ -132,12 +135,13 @@
     url="http://shorewall.net/ProxyARP.htm">http://shorewall.net/ProxyARP.htm</ulink></para>
 
     <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
-    shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
-    shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
-    shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
-    shorewall-providers(5), shorewall-route_rules(5),
-    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
-    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
-    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
+    shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-route_rules(5),
+    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+    shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-zones(5)</para>
   </refsect1>
 </refentry>
diff --git a/manpages6/shorewall6-proxyndp.xml b/manpages6/shorewall6-proxyndp.xml
index 5d49a10e1..e1645fbe2 100644
--- a/manpages6/shorewall6-proxyndp.xml
+++ b/manpages6/shorewall6-proxyndp.xml
@@ -41,11 +41,13 @@
 
       <varlistentry>
         <term><emphasis role="bold">INTERFACE</emphasis> -
-        <emphasis>interface</emphasis></term>
+        <emphasis>interface</emphasis> (Optional)</term>
 
         <listitem>
           <para>Local interface where system with the ip address in ADDRESS is
-          connected.</para>
+          connected. Only required when the HAVEROUTE column is left empty or
+          is set to <emphasis role="bold">no</emphasis> or <emphasis
+          role="bold">No</emphasis>. </para>
         </listitem>
       </varlistentry>