diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 348ea5879..501019aa9 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -937,11 +937,28 @@ show_events() {
     fi
 }
 
+sort_actions() {
+    local sep #separates sort keys from the action[.std] record
+    sep="##"
+
+    awk -v sep="$sep" \
+         'BEGIN		  { action = ""; ifrec = ""; nr = 0; };\
+	  /^#/	  	  { next; };\
+	  /^\?(if|IF|If)/ { ifrec = $0; nr = NR; next; };\
+	  /^( |\t|\?)/	  { if ( action != "" ) print action, NR, sep $0; next; };\
+			  { action = $1; };\
+	  nr != 0	  { print action , nr, sep ifrec; nr = 0; };\
+			  { print action , NR, sep $0; }' | sort -k 1,2 | sed "s/^.*${sep}//"
+}
+
 show_actions() {
-    if [ -f ${g_confdir}/actions ]; then
-	cat ${g_sharedir}/actions.std ${g_confdir}/actions | grep -Ev '^[#?[:space:]]|^$'
+    local actions
+    actions=$(find_file actions)
+
+    if [ -f ${actions} ]; then
+	cat ${actions} ${g_sharedir}/actions.std | sort_actions
     else
-	grep -Ev '^[#?[:space:]]|^$' ${g_sharedir}/actions.std
+        sort_actions < ${g_sharedir}/actions.std
     fi
 }
 
@@ -1108,10 +1125,6 @@ show_blacklists() {
     show_bl;
 }
 
-show_actions_sorted() {
-    show_actions | sort -u -k 1,1
-}
-
 show_macros() {
     for directory in $(split $CONFIG_PATH); do
 	temp=
@@ -1543,7 +1556,7 @@ show_command() {
 			    ;;
 			actions)
 			    [ $# -gt 1 ] && too_many_arguments $2
-			    eval show_actions_sorted $g_pager
+			    eval show_actions $g_pager
 			    return
 			    ;;
 			macro)
@@ -4012,7 +4025,7 @@ get_config() {
 
     ensure_config_path
 
-    [ -f $g_firewall.conf ] && . ${VARDIR}/firewall.conf
+    [ -f ${VARDIR}/firewall.conf ] && . ${VARDIR}/firewall.conf
 
     [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 32b169869..27be3cb74 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5970,9 +5970,9 @@ sub process_snat( )
 {
     my ($action, $source, $dest, $protos, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) =
 	split_line2( 'snat file',
-		     { action => 0, source => 1, dest => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 },
+		     { action => 0, source => 1, dest => 2, proto => 3, port => 4, dport => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 },
 		     {},    #Nopad
-		     undef, #Columns
+		     11,    #Columns
 		     1 );   #Allow inline matches
 
     fatal_error 'ACTION must be specified' if $action eq '-';
diff --git a/Shorewall/Samples/three-interfaces/snat b/Shorewall/Samples/three-interfaces/snat
index 25045a074..386aa6fc1 100644
--- a/Shorewall/Samples/three-interfaces/snat
+++ b/Shorewall/Samples/three-interfaces/snat
@@ -13,7 +13,7 @@
 #
 # See https://shorewall.org/manpages/shorewall-snat.html for more information
 ###########################################################################################################################################
-#ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
+#ACTION			SOURCE			DEST            PROTO	DPORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
 # Rules generated from masq file /home/teastep/shorewall/trunk/Shorewall/Samples/three-interfaces/masq by Shorewall 5.0.13-RC1 - Sat Oct 15 11:43:47 PDT 2016
 #
diff --git a/Shorewall/Samples/two-interfaces/snat b/Shorewall/Samples/two-interfaces/snat
index 916ef1ae6..48c659ea8 100644
--- a/Shorewall/Samples/two-interfaces/snat
+++ b/Shorewall/Samples/two-interfaces/snat
@@ -13,7 +13,7 @@
 #
 # See https://shorewall.org/manpages/shorewall-snat.html for more information
 ###########################################################################################################################################
-#ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
+#ACTION			SOURCE			DEST            PROTO	DPORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
 # Rules generated from masq file /home/teastep/shorewall/trunk/Shorewall/Samples/two-interfaces/masq by Shorewall 5.0.13-RC1 - Sat Oct 15 11:41:40 PDT 2016
 #
diff --git a/Shorewall/Shorewall-targetname b/Shorewall/Shorewall-targetname
index 23e55ae89..57029590c 100644
--- a/Shorewall/Shorewall-targetname
+++ b/Shorewall/Shorewall-targetname
@@ -1 +1 @@
-5.2.5-Beta2
+5.2.5.1
diff --git a/Shorewall/configfiles/snat b/Shorewall/configfiles/snat
index 336bbd73f..7ab873317 100644
--- a/Shorewall/configfiles/snat
+++ b/Shorewall/configfiles/snat
@@ -6,4 +6,4 @@
 # See https://shorewall.org/manpages/shorewall-snat.html for more information
 #
 ###########################################################################################################################################
-#ACTION			SOURCE			DEST		PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
+#ACTION			SOURCE			DEST		PROTO	DPORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml
index 67b3b9bf9..47fb78963 100644
--- a/Shorewall/manpages/shorewall-snat.xml
+++ b/Shorewall/manpages/shorewall-snat.xml
@@ -39,8 +39,8 @@
       <para>If you have more than one ISP link, adding entries to this file
       will <emphasis role="bold">not</emphasis> force connections to go out
       through a particular link. You must use entries in <ulink
-      url="shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or
-      PREROUTING entries in <ulink
+      url="shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or PREROUTING
+      entries in <ulink
       url="shorewall-mangle.html">shorewall-mangle</ulink>(5) to do
       that.</para>
     </warning>
@@ -68,10 +68,10 @@
               <listitem>
                 <para>where <replaceable>action</replaceable> is an action
                 declared in <ulink
-                url="shorewall-actions.html">shorewall-actions(5)</ulink>
-                with the <option>nat</option> option. See <ulink
-                url="../Actions.html">https://shorewall.org/Actions.html</ulink> for
-                further information.</para>
+                url="shorewall-actions.html">shorewall-actions(5)</ulink> with
+                the <option>nat</option> option. See <ulink
+                url="../Actions.html">https://shorewall.org/Actions.html</ulink>
+                for further information.</para>
               </listitem>
             </varlistentry>
 
@@ -165,9 +165,9 @@
                 <para>If you specify an address here, matching packets will
                 have their source address set to that address. If
                 ADD_SNAT_ALIASES is set to Yes or yes in <ulink
-                url="shorewall.conf.html">shorewall.conf</ulink>(5)
-                then Shorewall will automatically add this address to the
-                INTERFACE named in the first column (IPv4 only).</para>
+                url="shorewall.conf.html">shorewall.conf</ulink>(5) then
+                Shorewall will automatically add this address to the INTERFACE
+                named in the first column (IPv4 only).</para>
 
                 <para>You may also specify a range of up to 256 IP addresses
                 if you want the SNAT address to be assigned from that range in
@@ -237,10 +237,10 @@
 
           <para>Normally Masq/SNAT rules are evaluated after those for
           one-to-one NAT (defined in <ulink
-          url="shorewall-nat.html">shorewall-nat</ulink>(5)). If you
-          want the rule to be applied before one-to-one NAT rules, follow the
-          action name with "+": This feature should only be required if you
-          need to insert rules in this file that preempt entries in <ulink
+          url="shorewall-nat.html">shorewall-nat</ulink>(5)). If you want the
+          rule to be applied before one-to-one NAT rules, follow the action
+          name with "+": This feature should only be required if you need to
+          insert rules in this file that preempt entries in <ulink
           url="shorewall-nat.html">shorewall-nat</ulink>(5).</para>
         </listitem>
       </varlistentry>
@@ -279,23 +279,23 @@
           networks. Multiple interfaces may be listed when the ACTION is
           MASQUERADE, but this is usually just your internet interface. If
           ADD_SNAT_ALIASES=Yes in <ulink
-          url="shorewall.conf.html">shorewall.conf</ulink>(5), you
-          may add ":" and a <emphasis>digit</emphasis> to indicate that you
-          want the alias added with that name (e.g., eth0:0). This will allow
-          the alias to be displayed with ifconfig. <emphasis role="bold">That
-          is the only use for the alias name; it may not appear in any other
-          place in your Shorewall configuration.</emphasis></para>
+          url="shorewall.conf.html">shorewall.conf</ulink>(5), you may add ":"
+          and a <emphasis>digit</emphasis> to indicate that you want the alias
+          added with that name (e.g., eth0:0). This will allow the alias to be
+          displayed with ifconfig. <emphasis role="bold">That is the only use
+          for the alias name; it may not appear in any other place in your
+          Shorewall configuration.</emphasis></para>
 
           <para>Beginning with Shorewall 5.1.12, SNAT may be performed in the
           nat table's INPUT chain by specifying $FW rather than one or more
-          interfaces. </para>
+          interfaces.</para>
 
           <para>Each interface must match an entry in <ulink
           url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
           Shorewall allows loose matches to wildcard entries in <ulink
-          url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
-          For example, <filename class="devicefile">ppp0</filename> in this
-          file will match a <ulink
+          url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
+          example, <filename class="devicefile">ppp0</filename> in this file
+          will match a <ulink
           url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
           entry that defines <filename
           class="devicefile">ppp+</filename>.</para>
@@ -315,8 +315,8 @@
           addresses to indicate that you only want to change the source IP
           address for packets being sent to those particular destinations.
           Exclusion is allowed (see <ulink
-          url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5))
-          as are ipset names preceded by a plus sign '+';</para>
+          url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) as
+          are ipset names preceded by a plus sign '+';</para>
 
           <para>If you wish to inhibit the action of ADD_SNAT_ALIASES for this
           entry then include the ":" but omit the digit:</para>
@@ -341,8 +341,7 @@
         <listitem>
           <para>If you wish to restrict this entry to a particular protocol
           then enter the protocol name (from protocols(5)) or number here. See
-          <ulink
-          url="shorewall-rules.html">shorewall-rules(5)</ulink> for
+          <ulink url="shorewall-rules.html">shorewall-rules(5)</ulink> for
           details.</para>
 
           <para>Beginning with Shorewall 4.5.12, this column can accept a
@@ -356,10 +355,14 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">PORT</emphasis> (Optional) -
+        <term><emphasis role="bold">{PORT|DPORT}</emphasis> (Optional) -
         {-|[!]<emphasis>port-name-or-number</emphasis>[,<emphasis>port-name-or-number</emphasis>]...|+<replaceable>ipset</replaceable>}</term>
 
         <listitem>
+          <para>The column was renamed to DPORT in Shorewall 5.2.5.2.
+          Beginning with that release, both PORT and DPORT are accepted in the
+          alternative input format, </para>
+
           <para>If the PROTO column specifies TCP (6), UDP (17), DCCP (33),
           SCTP (132) or UDPLITE (136) then you may list one or more port
           numbers (or names from services(5)) or port ranges separated by
diff --git a/Shorewall6/configfiles/snat b/Shorewall6/configfiles/snat
index 46943dcd2..6185e9c18 100644
--- a/Shorewall6/configfiles/snat
+++ b/Shorewall6/configfiles/snat
@@ -6,4 +6,4 @@
 # See https://shorewall.org/manpages/shorewall-snat.html for more information
 #
 ###########################################################################################################################################
-#ACTION			SOURCE			DEST		PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
+#ACTION			SOURCE			DEST		PROTO	DPORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 7316b871a..28449f7ed 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -663,7 +663,7 @@ ACCEPT      net:\
           <row>
             <entry>mangle</entry>
 
-            <entry>action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers</entry>
+            <entry>action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers,probability,dscp,switch</entry>
           </row>
 
           <row>
@@ -738,6 +738,14 @@ ACCEPT      net:\
             <entry>secmark,chain,source,dest,proto,dport,sport,user,mark</entry>
           </row>
 
+          <row>
+            <entry>snat</entry>
+
+            <entry>action,source,dest,proto,port,ipsec,mark,user,switch,origdest,probability
+            (Note: 'port' may be specified as 'dport' beginning with Shorewall
+            5.2.5.2).</entry>
+          </row>
+
           <row>
             <entry>tcclasses</entry>
 
diff --git a/docs/docs-targetname b/docs/docs-targetname
index 06f1f7cb3..57029590c 100644
--- a/docs/docs-targetname
+++ b/docs/docs-targetname
@@ -1 +1 @@
-5.2.5-RC1
+5.2.5.1