1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

2)  The 'enable', 'reenable' and 'disable' commands do not work
    correctly in configurations with USE_DEFAULT_RT=No and optional
    providers listed in the DUPLICATE column.

3)  While the 'ip' utility now accepts IPv6 routes with multiple
    'nexthop' destinations, these routes are not balanced. They are
    rather instantiated as a sequence of single routes with different
    metrics.  Furthermore,  the 'ip route replace' command fails on
    such routes. Beginning with Shorewall6 5.0.15, the generated script
    uses a "delete..add.." sequence on these routes rather than a
    single "replace" command.

4)  If more than one zone is excluded in a policy file entry, an error
    similar to the following is raised:

      ERROR: 'all' is not allowed in a source zone list
      	     /etc/shorewall/policy (line 8) 

    Corrected in Shorewall 5.2.3.1

5)  Shorewall 5.2 automatically converts and existing 'masq' file to an
    equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
    automatic update, such that the following error message was issued:

       Use of uninitialized value $Shorewall::Nat::rawcurrentline in
       pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
       line 511, <$currentfile> line nnn.

    and the generted 'masq' file contains only initial comments.

    Workaround:

        After upgrading to 5.2.3, issue this command:

	    'shorewall[6] update'

    Corrected in 5.2.3.2.
