diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index cc882d5be..d2d87cb45 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -6,6 +6,8 @@ Changes in 4.0.1
 
 3)  Correct handling of 'ipsec' option in the hosts file.
 
+4)  Corrent handling of 'PATH' in Shorewall-perl.
+
 Changes in 4.0.0 Final
 
 1)  Fix lite install.sh manpage problem.
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index 42eb0a94f..77196fbc1 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -55,6 +55,9 @@ Problems corrected in 4.0.1.
     Use of uninitialized value in string ne at /usr/share/shorewall-perl/Shorewall/Tc.pm line 285, <$currentfile> line 18.
        ERROR: Class Id 1:110 is not associated with device eth0 : /etc/shorewall/tcrules (line 18)
 
+6)   If no PATH was available when Shorewall-perl is run, a Perl run-time
+     warning was issued.
+
 Other changes in Shorewall 4.0.1.
 
 1)  A new EXPAND_POLICIES option is added to shorewall.conf. The
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index e7c48d74b..a110117b9 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -196,12 +196,8 @@ sub setup_ecn()
 	    for my $interface ( @interfaces ) {
 		my $chainref = ensure_chain 'mangle', ecn_chain( $interface );
 
-		if ( $capabilities{MANGLE_FORWARD} ) {
-		    add_rule $mangle_table->{POSTROUTING}, "-p tcp -o $interface -j $chainref->{name}";
-		} else {
-		    add_rule $mangle_table->{PREROUTING}, "-p tcp -o $interface -j $chainref->{name}";
-		    add_rule $mangle_table->{OUTPUT},     "-p tcp -o $interface -j $chainref->{name}";
-		}
+		add_rule $mangle_table->{PREROUTING}, "-p tcp -o $interface -j $chainref->{name}";
+		add_rule $mangle_table->{OUTPUT},     "-p tcp -o $interface -j $chainref->{name}";
 	    }
 
 	    for my $host ( @hosts ) {