Thanks for reporting. In one of the previous RC versions, we did a small improvement for Sentinel DynFW client and now we forward stderr to syslog by default.
I created an issue from your output:
In the meantime, would you please send me an email to tech.support@turris.cz, where you will include diagnostics and as well output from ipset list | head
? This could help us to take a look at it and if we need any more details, we will get back to you soon!