diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 0e6b24572..105aef5f2 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1470,10 +1470,22 @@ do_dump_command() {
 	$g_tool -t rawpost -L $g_ipt_options
     fi
 
-    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
-    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+    local count
+    local max
 
-    heading "Conntrack Table ($count out of $max)"
+    if [ -f /proc/sys/net/netfilter/nf_conntrack_count ]; then
+	count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+
+	heading "Conntrack Table ($count out of $max)"
+    elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_count ]; then
+	count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count)
+	max=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max)
+
+	heading "Conntrack Table ($count out of $max)"
+    else
+	heading "Conntrack Table"
+    fi
 
     if [ $g_family -eq 4 ]; then
     	[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
@@ -3583,7 +3595,6 @@ usage() # $1 = exit status
     echo "   start [ -f ] [ -p ] [ <directory> ]"
     echo "   stop"
     echo "   status [ -i ]"
-    echo "   run <function> [ function ... ]"
     echo "   version [ -a ]"
     echo
     exit $1
diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index dea336538..52b1e6426 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -63,18 +63,19 @@ shorewall_start () {
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ -x ${STATEDIR}/firewall ]; then
           #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
+	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
       else
+          echo ERROR:  ${STATEDIR}/firewall does not exist or is not executable!
 	  exit 1
       fi
   done
@@ -95,8 +96,8 @@ shorewall_stop () {
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
+      if [ -x ${STATEDIR}/firewall ]; then
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
       fi
   done
 
diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm
index 69c62574d..add7313af 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -155,8 +155,6 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
 
     my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) = @_;
 
-    $acctable = $config{ACCOUNTING_TABLE};
-
     $jumpchainref = 0;
 
     $asection = LEGACY if $asection < 0;
@@ -453,6 +451,8 @@ sub setup_accounting() {
 
 	set_section_function( &process_section );
 
+	$acctable = $config{ACCOUNTING_TABLE};
+
 	first_entry "$doing $fn...";
 
 	my $nonEmpty = 0;
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index a0ce20821..5330e45a9 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -308,13 +308,14 @@ sub generate_script_2() {
 
 	set_global_variables(1);
 
-	handle_optional_interfaces(0);
-
 	if ( $global_variables & NOT_RESTORE ) {
+	    handle_optional_interfaces(0);
 	    emit ';;';
 	    pop_indent;
 	    pop_indent;
 	    emit ( 'esac' );
+	} else {
+	    handle_optional_interfaces(1);
 	}
     } else {
 	emit( 'true' ) unless handle_optional_interfaces(1);
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index e0a3fb662..8f43fde7a 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -994,7 +994,7 @@ sub add_common_rules ( $$ ) {
 	for my $hostref  ( @$list ) {
 	    $interface     = $hostref->[0];
 	    my $ipsec      = $hostref->[1];
-	    my @policy     = have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
+	    my @policy     = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
 	    my $target     = source_exclusion( $hostref->[3], $chainref );
 
 	    for $chain ( option_chains $interface ) {
@@ -1118,7 +1118,8 @@ sub add_common_rules ( $$ ) {
 	for my $hostref  ( @$list ) {
 	    my $interface  = $hostref->[0];
 	    my $target     = source_exclusion( $hostref->[3], $chainref );
-	    my @policy     = have_ipsec ? ( policy => "--pol $hostref->[1] --dir in" ) : ();
+	    my $ipsec      = $hostref->[1];
+	    my @policy     = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
 
 	    for $chain ( option_chains $interface ) {
 		add_ijump( $filter_table->{$chain} , j => $target, p => 'tcp', imatch_source_net( $hostref->[2] ), @policy );
@@ -1289,7 +1290,7 @@ sub setup_mac_lists( $ ) {
 	for my $hostref ( @$maclist_hosts ) {
 	    my $interface  = $hostref->[0];
 	    my $ipsec      = $hostref->[1];
-	    my @policy     = have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
+	    my @policy     = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
 	    my @source     = imatch_source_net $hostref->[2];
 
 	    my @state = have_capability( 'RAW_TABLE' ) ? state_imatch 'NEW,UNTRACKED' : state_imatch 'NEW';
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 7bfa883d0..064569e1f 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -460,6 +460,9 @@ sub process_a_provider( $ ) {
 
     fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
 
+    #
+    # Switch to the logical name if a physical name was passed
+    #
     my $physical;
 
     if ( $interface eq $interfaceref->{name} ) {
@@ -1293,9 +1296,11 @@ sub start_providers() {
 	    emit_unindented "$providers{$_}{number}\t$_" unless $providers{$_}{pseudo};
 	}
 
-	emit_unindented "EOF\n";
+	emit_unindented 'EOF';
 
-	emit "fi\n";
+	emit( 'else',
+	      '    error_message "WARNING: /etc/iproute2/rt_tables is missing or is not writeable"',
+	      "fi\n" );
     }
 
     emit  ( '#',
@@ -1892,8 +1897,10 @@ sub handle_optional_interfaces( $ ) {
 
     if ( @$interfaces ) {
 	my $require     = $config{REQUIRE_INTERFACE};
+	my $gencase     = shift;
 
-	verify_required_interfaces( shift );
+	verify_required_interfaces( $gencase );
+	emit '' if $gencase;
 
 	emit( 'HAVE_INTERFACE=', '' ) if $require;
 	#
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index df3848f91..98b323c67 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -2121,14 +2121,26 @@ sub have_ipsec() {
 sub find_hosts_by_option( $ ) {
     my $option = $_[0];
     my @hosts;
+    my %done;
+
+    for my $interface ( @interfaces ) {
+	my $value = $interfaces{$interface}{options}{$option};
+	if ( ! $interfaces{$interface}{zone} && $value ) {
+	    push @hosts, [ $interface, '', ALLIP , [], $value ];
+	    $done{$interface} = 1;
+	}
+    }
 
     for my $zone ( grep ! ( $zones{$_}{type} & FIREWALL ) , @zones ) {
 	while ( my ($type, $interfaceref) = each %{$zones{$zone}{hosts}} ) {
 	    while ( my ( $interface, $arrayref) = ( each %{$interfaceref} ) ) {
 		for my $host ( @{$arrayref} ) {
-		    if ( my $value = $host->{options}{$option} ) {
-			for my $net ( @{$host->{hosts}} ) {
-			    push @hosts, [ $interface, $host->{ipsec} , $net , $host->{exclusions}, $value ];
+		    my $ipsec = $host->{ipsec};
+		    unless ( $done{$interface} ) { 
+			if ( my $value = $host->{options}{$option} ) {
+			    for my $net ( @{$host->{hosts}} ) {
+				push @hosts, [ $interface, $ipsec , $net , $host->{exclusions}, $value ];
+			    }
 			}
 		    }
 		}
@@ -2136,12 +2148,6 @@ sub find_hosts_by_option( $ ) {
 	}
     }
 
-    for my $interface ( @interfaces ) {
-	if ( ! $interfaces{$interface}{zone} && $interfaces{$interface}{options}{$option} ) {
-	    push @hosts, [ $interface, 'none', ALLIP , [] ];
-	}
-    }
-
     \@hosts;
 }
 
diff --git a/docs/Events.xml b/docs/Events.xml
index f820b0c81..cf41ae00a 100644
--- a/docs/Events.xml
+++ b/docs/Events.xml
@@ -705,8 +705,9 @@ Knock                 net            $FW       tcp        22,1599-1601
     <section id="Stateful">
       <title>Stateful Port Knocking (knock with a sequence of ports)</title>
 
-      <para>Gerhard Wiesinger has contributed a Perl module that allows you to
-      define portknocking sequences. Download <ulink
+      <para><ulink url="http://www.wiesinger.com/">Gerhard Wiesinger</ulink>
+      has contributed a Perl module that allows you to define portknocking
+      sequences. Download <ulink
       url="pub/shorewall/contrib/PortKnocking/KnockEnhanced.pm">the
       module</ulink> and copy it into your site_perl directory.</para>
 
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index fb6b93be5..8dceec00d 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -2123,6 +2123,11 @@ net      eth1         detect          <emphasis role="bold">optional</emphasis><
           later.</para>
         </warning>
 
+        <para><filename>/etc/shorewall/params:</filename></para>
+
+        <programlisting>EXT_IF=eth0
+COM_IF=eth1</programlisting>
+
         <para><filename>/etc/shorewall/isusable</filename>:</para>
 
         <programlisting>local status=0