diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm
index 0cbbcf021..c0cd88a2d 100644
--- a/Shorewall/Perl/Shorewall/Actions.pm
+++ b/Shorewall/Perl/Shorewall/Actions.pm
@@ -868,7 +868,8 @@ sub allowInvalid ( $$$ ) {
 }
 
 sub forwardUPnP ( $$$ ) {
-    dont_optimize 'forwardUPnP';
+    my $chainref = dont_optimize 'forwardUPnP';
+    add_commands( $chainref , '[ -f ${VARDIR}/forwardUPnP ] && cat ${VARDIR}/forwardUPnP >&3' );
 }
 
 sub allowinUPnP ( $$$ ) {
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index dbf318181..5da6955a9 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -427,6 +427,48 @@ sub generate_script_3($) {
 	       '    run_init_exit',
 	       'fi',
 	       '' );
+	
+	emit ( 'if [ "$COMMAND" = restart -o "$COMMAND" = restore ]; then' );
+	push_indent;
+
+	if ( $family == F_IPV4 ) {
+	    emit( 'local iptables_save' ,
+		  'iptables_save=${IPTABLES}-save' );
+	} else {
+	    emit( 'local iptables_save' ,
+		  'iptables_save=${IP6TABLES}-save' );
+	}
+
+	emit ( q(if chain_exists "UPnP -t nat"; then) ,
+	       q(    $iptables_save -t nat | grep '^-A UPnP ' > ${VARDIR}/UPnP) ,
+	       q(else) ,
+	       q(    rm -f ${VARDIR}/UPnP) ,
+	       q(fi) ,
+	       '' ,
+	       q(if chain_exists forwardUPnP; then) ,
+	       q(    $iptables_save -t filter | grep '^-A forwardUPnP ' > ${VARDIR}/forwardUPnP) ,
+	       q(else) ,
+	       q(    rm -f ${VARDIR}/forwardUPnP) ,
+	       q(fi) ,
+	       '' ,
+	       q(if chain_exists dynamic; then) ,
+	       q(    $iptables_save -t filter | grep '^-A dynamic ' > ${VARDIR}/dynamic) ,
+	       q(else) ,
+	       q(    rm -f ${VARDIR}/dynamic) ,
+	       q(fi)
+	     );
+
+	pop_indent;
+	emit ( 'else' );
+	push_indent;
+	
+	emit (  'rm -f ${VARDIR}/UPnP' );
+	emit (  'rm -f ${VARDIR}/forwardUPnP' );
+
+	pop_indent;
+
+	emit ( 'fi' ,
+	       '' );
 
 	mark_firewall_not_started;
 
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 5ee14f46d..4e1ddca43 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -443,6 +443,7 @@ sub add_common_rules() {
 	add_rule_pair dont_delete( new_standard_chain( 'logreject' ) ), ' ' , 'reject' , $level ;
 	$chainref = dont_optimize( new_standard_chain( 'dynamic' ) );
 	add_jump $filter_table->{$_}, $chainref, 0, $state for qw( INPUT FORWARD );
+	add_commands( $chainref, '[ -f ${VARDIR}/dynamic ] && cat ${VARDIR}/dynamic >&3' );
     }
 
     setup_mss;
@@ -647,7 +648,9 @@ sub add_common_rules() {
 	if ( @$list ) {
 	    progress_message2 "$doing UPnP";
 
-	    dont_optimize new_nat_chain( 'UPnP' );
+	    $chainref = dont_optimize new_nat_chain( 'UPnP' );
+
+	    add_commands( $chainref, '[ -s /${VARDIR}/UPnP ] && cat ${VARDIR}/UPnP >&3' );
 
 	    $announced = 1;
 
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 384cbe56f..d39cdfa85 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1186,6 +1186,7 @@ sub find_interfaces_by_option1( $ ) {
     for my $interface ( keys %interfaces ) {
 	my $interfaceref = $interfaces{$interface};
 
+	next unless defined $interfaceref->{physical};
 	next if $interfaceref->{physical} =~ /\+/;
 
 	my $optionsref = $interfaceref->{options};