diff --git a/sbin/firehol.in b/sbin/firehol.in
index c145067..f000ec2 100755
--- a/sbin/firehol.in
+++ b/sbin/firehol.in
@@ -3460,7 +3460,7 @@ version() {
 		FIREHOL_NS_CURR=$FIREHOL_DEFAULT_NAMESPACE
 		FIREHOL_NS_STACK=
 		FIREHOL_NS_PREP=
-		softwarning "Running version 5 config. Update configuration to version 6 for IPv6 support. See http://firehol.org/upgrade/#config-version-${FIREHOL_VERSION}"
+		warning "Running version 5 config. Update configuration to version 6 for IPv6 support. See http://firehol.org/upgrade/#config-version-${FIREHOL_VERSION}"
 	fi
 }
 
@@ -6589,6 +6589,13 @@ rule() {
 	return 0
 }
 
+warning() {
+	echo >&2
+	echo >&2
+	echo >&2 "WARNING: " "$@"
+	
+	return 0
+}
 
 softwarning() {
 	echo >&2
@@ -6982,6 +6989,135 @@ wait_for_interface() {
 }
 
 
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# keep a copy of the running firewall on disk for fast restoration
+
+fixed_save() {
+	local command="$1"
+	local tmp="${FIREHOL_DIR}/iptables-save-$$"
+	local err=
+	
+	load_kernel_module ip_tables
+	${command} -c >$tmp
+	err=$?
+	if [ ! $err -eq 0 ]
+	then
+		${RM_CMD} -f $tmp >/dev/null 2>&1
+		return $err
+	fi
+	
+	${CAT_CMD} ${tmp} |\
+		${SED_CMD} \
+			-e "s/--uid-owner !/! --uid-owner /g"	\
+			-e "s/--gid-owner !/! --gid-owner /g"	\
+			-e "s/--pid-owner !/! --pid-owner /g"	\
+			-e "s/--sid-owner !/! --sid-owner /g"	\
+			-e "s/--cmd-owner !/! --cmd-owner /g"
+	err=$?
+	
+	${RM_CMD} -f $tmp >/dev/null 2>&1
+	return $err
+}
+
+firehol_save_activated_firewall() {
+	echo -n $"FireHOL: Saving activated firewall to ${FIREHOL_SPOOL_DIR}:"
+	
+	if [ -f "${FIREHOL_SPOOL_DIR}/ipv4.enable" ]
+	then
+		fixed_save ${IPTABLES_SAVE_CMD} >"${FIREHOL_SPOOL_DIR}/ipv4.rules"
+		if [ ! $? -eq 0 ]
+		then
+			failure $"FireHOL: Saving activated firewall to ${FIREHOL_SPOOL_DIR}:"
+			echo
+			return 1
+		fi
+		
+		chown root:root "${FIREHOL_SPOOL_DIR}/ipv4.rules"
+		chmod 600 "${FIREHOL_SPOOL_DIR}/ipv4.rules"
+	else
+		test -f "${FIREHOL_SPOOL_DIR}/ipv4.rules" && rm "${FIREHOL_SPOOL_DIR}/ipv4.rules"
+	fi
+	
+	if [ -f "${FIREHOL_SPOOL_DIR}/ipv6.enable" ]
+	then
+		fixed_save ${IP6TABLES_SAVE_CMD} >"${FIREHOL_SPOOL_DIR}/ipv6.rules"
+		if [ ! $? -eq 0 ]
+		then
+			failure $"FireHOL: Saving activated firewall to ${FIREHOL_SPOOL_DIR}:"
+			echo
+			return 1
+		fi
+		
+		chown root:root "${FIREHOL_SPOOL_DIR}/ipv6.rules"
+		chmod 600 "${FIREHOL_SPOOL_DIR}/ipv6.rules"
+	else
+		test -f "${FIREHOL_SPOOL_DIR}/ipv6.rules" && rm "${FIREHOL_SPOOL_DIR}/ipv6.rules"
+	fi
+	
+	success $"FireHOL: Saving activated firewall to ${FIREHOL_SPOOL_DIR}:"
+	echo
+	
+	return 0
+}
+
+firehol_restore_last_activated_firewall() {
+	local do_ipv4=0
+	local do_ipv6=0
+
+	test -f "${FIREHOL_SPOOL_DIR}/ipv4.enable" -a -f "${FIREHOL_SPOOL_DIR}/ipv4.rules" && local do_ipv4=1
+	test -f "${FIREHOL_SPOOL_DIR}/ipv6.enable" -a -f "${FIREHOL_SPOOL_DIR}/ipv6.rules" && local do_ipv6=1
+	if [ "${do_ipv4}${do_ipv6}" = "00" ]
+	then
+		warning "There is no saved firewall to restore."
+		return 1
+	fi
+
+	local config_older=1
+	test ${do_ipv4} -eq 1 -a "${FIREHOL_SPOOL_DIR}/ipv4.rules" -ot "${FIREHOL_CONFIG}" && local config_older=0
+	test ${do_ipv6} -eq 1 -a "${FIREHOL_SPOOL_DIR}/ipv6.rules" -ot "${FIREHOL_CONFIG}" && local config_older=0
+	if [ ${config_older} -eq 0 ]
+	then
+		warning "${FIREHOL_CONFIG} is newer than saved files."
+		return 2
+	fi
+
+	echo -n $"FireHOL: Restoring last activated firewall from ${FIREHOL_SPOOL_DIR}:"
+
+	if [ -x "${FIREHOL_SPOOL_DIR}/firewall_required_kernel_modules.sh" ]
+	then
+		"${FIREHOL_SPOOL_DIR}/firewall_required_kernel_modules.sh"
+		if [ $? -ne 0 ]
+			then
+			failure $"FireHOL: Restoring last activated firewall from ${FIREHOL_SPOOL_DIR}:"
+			return 3
+		fi
+	fi
+
+	if [ -f "${FIREHOL_SPOOL_DIR}/ipv4.enable" -a -f "${FIREHOL_SPOOL_DIR}/ipv4.rules" ]
+		then
+		${IPTABLES_RESTORE_CMD} <"${FIREHOL_SPOOL_DIR}/ipv4.rules"
+		if [ $? -ne 0 ]
+			then
+			failure $"FireHOL: Restoring last activated firewall from ${FIREHOL_SPOOL_DIR}:"
+			return 3
+		fi
+	fi
+
+	if [ -f "${FIREHOL_SPOOL_DIR}/ipv6.enable" -a -f "${FIREHOL_SPOOL_DIR}/ipv6.rules" ]
+		then
+		${IP6TABLES_RESTORE_CMD} <"${FIREHOL_SPOOL_DIR}/ipv6.rules"
+		if [ $? -ne 0 ]
+			then
+			failure $"FireHOL: Restoring last activated firewall from ${FIREHOL_SPOOL_DIR}:"
+			return 3
+		fi
+	fi
+
+	success $"FireHOL: Saving activated firewall to ${FIREHOL_SPOOL_DIR}:"
+	echo
+	return 0
+}
+
 # ------------------------------------------------------------------------------
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # ------------------------------------------------------------------------------
@@ -7078,6 +7214,9 @@ case "${arg}" in
 		test -f "${FIREHOL_LOCK_DIR}/firehol" && ${RM_CMD} -f "${FIREHOL_LOCK_DIR}/firehol"
 		test -f "${FIREHOL_LOCK_DIR}/iptables" && ${RM_CMD} -f "${FIREHOL_LOCK_DIR}/iptables"
 		
+		# keep the currently active rules
+		firehol_save_activated_firewall
+		
 		echo -n $"FireHOL: Clearing Firewall:"
 		if [ $ENABLE_IPV4 -eq 1 ]; then
 			load_kernel_module ip_tables
@@ -7119,6 +7258,13 @@ case "${arg}" in
 		exit 0
 		;;
 	
+	restore)
+		firehol_restore_last_activated_firewall
+		test $? -eq 0 && exit 0
+		warning "Activating ${FIREHOL_CONFIG}..."
+		FIREHOL_MODE="START"
+		;;
+
 	restart|force-reload)
 		test ! -z "${1}" && test ${1} != "--" && softwarning "Arguments after parameter '${arg}' are ignored."
 		FIREHOL_MODE="START"
@@ -7337,6 +7483,10 @@ FireHOL supports the following command line arguments (only one of them):
 			
 	panic		will block all IP communication.
 	
+	restore		will restore the last activated firewall.
+			Useful for quickly restoring at boot the last
+			successfully activated FireHOL firewall.
+
 	save		to start the firewall and then save it to the
 			place where /etc/init.d/iptables looks for it.
 			
@@ -7344,6 +7494,9 @@ FireHOL supports the following command line arguments (only one of them):
 			restored with:
 			/etc/init.d/iptables start
 			
+			The fastest way to restore a FireHOL firewall
+			at boot is the 'restore' feature.
+
 	debug		to parse the configuration file but instead of
 			activating it, to show the generated iptables
 			statements.
@@ -8263,33 +8416,6 @@ firehol_concurrent_run_lock
 
 # --- Initialization -----------------------------------------------------------
 
-fixed_save() {
-	local command="$1"
-	local tmp="${FIREHOL_DIR}/iptables-save-$$"
-	local err=
-	
-	load_kernel_module ip_tables
-	${command} -c >$tmp
-	err=$?
-	if [ ! $err -eq 0 ]
-	then
-		${RM_CMD} -f $tmp >/dev/null 2>&1
-		return $err
-	fi
-	
-	${CAT_CMD} ${tmp} |\
-		${SED_CMD} "s/--uid-owner !/! --uid-owner /g"	|\
-		${SED_CMD} "s/--gid-owner !/! --gid-owner /g"	|\
-		${SED_CMD} "s/--pid-owner !/! --pid-owner /g"	|\
-		${SED_CMD} "s/--sid-owner !/! --sid-owner /g"	|\
-		${SED_CMD} "s/--cmd-owner !/! --cmd-owner /g"
-	
-	err=$?
-	
-	${RM_CMD} -f $tmp >/dev/null 2>&1
-	return $err
-}
-
 echo -n $"FireHOL: Saving your old firewall to a temporary file:"
 if [ $ENABLE_IPV4 -eq 1 ]
 then
@@ -8805,6 +8931,37 @@ then
 fi
 
 
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# last, keep a copy of the firewall we activated, on disk
+
+mv "${FIREHOL_DIR}/modules_to_load.sh" "${FIREHOL_SPOOL_DIR}/firewall_required_kernel_modules.sh"
+chown root:root "${FIREHOL_SPOOL_DIR}/firewall_required_kernel_modules.sh"
+chmod 700 "${FIREHOL_SPOOL_DIR}/firewall_required_kernel_modules.sh"
+
+# keep track if we do ipv4
+if [ $ENABLE_IPV4 -eq 1 ]
+then
+	touch "${FIREHOL_SPOOL_DIR}/ipv4.enable"
+	chown root:root "${FIREHOL_SPOOL_DIR}/ipv4.enable"
+	chmod 600 "${FIREHOL_SPOOL_DIR}/ipv4.enable"
+else
+	test -f "${FIREHOL_SPOOL_DIR}/ipv4.enable" && rm "${FIREHOL_SPOOL_DIR}/ipv4.enable"
+fi
+
+# keep track if we do ipv6
+if [ $ENABLE_IPV6 -eq 1 ]
+then
+	touch "${FIREHOL_SPOOL_DIR}/ipv6.enable"
+	chown root:root "${FIREHOL_SPOOL_DIR}/ipv6.enable"
+	chmod 600 "${FIREHOL_SPOOL_DIR}/ipv6.enable"
+else
+	test -f "${FIREHOL_SPOOL_DIR}/ipv6.enable" && rm "${FIREHOL_SPOOL_DIR}/ipv6.enable"
+fi
+
+# save the rules to ${FIREHOL_SPOOL_DIR}
+firehol_save_activated_firewall
+
+
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
 if [ ${FIREHOL_SAVE} -eq 1 ]
@@ -8848,8 +9005,7 @@ then
 	then
 		echo -n $"FireHOL: Saving firewall to ${FIREHOL_AUTOSAVE}:"
 	
-		fixed_save ${IPTABLES_SAVE_CMD} >${FIREHOL_AUTOSAVE}
-	
+		cat "${FIREHOL_SPOOL_DIR}/ipv4.rules" >${FIREHOL_AUTOSAVE}
 		if [ ! $? -eq 0 ]
 		then
 			syslog err "Failed to save new firewall to '${FIREHOL_AUTOSAVE}'."
@@ -8867,8 +9023,7 @@ then
 	then
 		echo -n $"FireHOL: Saving IPv6 firewall to ${FIREHOL_AUTOSAVE6}:"
 	
-		fixed_save ${IP6TABLES_SAVE_CMD} >${FIREHOL_AUTOSAVE6}
-	
+		cat "${FIREHOL_SPOOL_DIR}/ipv6.rules" >${FIREHOL_AUTOSAVE6}
 		if [ ! $? -eq 0 ]
 		then
 			syslog err "Failed to save new IPv6 firewall to '${FIREHOL_AUTOSAVE6}'."
@@ -8882,20 +9037,5 @@ then
 		echo
 	fi
 	
-	# Save the list of modules we need to run to restore the firewall.
-	if [ -f "${FIREHOL_SPOOL_DIR}/last_save_modules.sh" ]
-	then
-		mv "${FIREHOL_SPOOL_DIR}/last_save_modules.sh" "${FIREHOL_SPOOL_DIR}/last_save_modules.sh.old"
-	fi
-	
-	mv "${FIREHOL_DIR}/modules_to_load.sh" "${FIREHOL_SPOOL_DIR}/last_save_modules.sh"
-	if [ $? -gt 0 ]
-	then
-		error "Cannot save modules restoration script to '${FIREHOL_SPOOL_DIR}/last_save_modules.sh'."
-	else
-		chown root:root "${FIREHOL_SPOOL_DIR}/last_save_modules.sh"
-		chmod 700 "${FIREHOL_SPOOL_DIR}/last_save_modules.sh"
-	fi
-	
 	exit 0
 fi