From 9aa2a4b70463faad2dfa6aadbe40422412af2c21 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 19 Sep 2020 11:20:10 -0700
Subject: [PATCH 1/5] Use less obscure code to set $call_generate_all_acasts;

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Compiler.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 73f541107..2d7516589 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -279,7 +279,7 @@ sub generate_script_2() {
     #
     # Conditionally emit the 'generate_all_acasts() function
     #
-    my $call_generate_all_acasts = $family == F_IPV6 && ! have_capability( 'ADDRTYPE' ) && generate_all_acasts;
+    my $call_generate_all_acasts = $family == F_IPV6 && ! have_capability( 'ADDRTYPE' ) ? generate_all_acasts : '';
 
     emit( '' ,
 	  '#' ,

From 34c59dca32c0a5bf20c1300962aaec2bfb36dc7a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 19 Sep 2020 11:38:41 -0700
Subject: [PATCH 2/5] Don't export interface_is_plain()

- It was used in a superseded change

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Zones.pm | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index cfe8598df..3be33ecf7 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -75,7 +75,6 @@ our @EXPORT = ( qw( NOTHING
 		    all_interfaces
 		    all_real_interfaces
 		    all_plain_interfaces
-		    interface_is_plain
 		    all_bridges
 		    managed_interfaces
 		    unmanaged_interfaces

From eeec6f2396d280b4573d7d2fda160b5130d6e95b Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 24 Sep 2020 11:19:12 -0700
Subject: [PATCH 3/5] Update shorewall-snat(5)

- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/manpages/shorewall-snat.xml | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml
index 6d6bbf4d5..948af8c2a 100644
--- a/Shorewall/manpages/shorewall-snat.xml
+++ b/Shorewall/manpages/shorewall-snat.xml
@@ -207,9 +207,6 @@
                 the IP addresses configured on the interface named in the DEST
                 column and substitute them in this column.</para>
 
-                <para>Finally, you may also specify a comma-separated list of
-                ranges and/or addresses in this column.</para>
-
                 <para>DNS Names names are not allowed.</para>
 
                 <para>Normally, Netfilter will attempt to retain the source
@@ -805,21 +802,16 @@
         <term>IPv4 Example 6:</term>
 
         <listitem>
-          <para>SNAT outgoing connections on eth0 from 192.168.1.0/24 in
-          round-robin fashion between addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9
-          (Shorewall 4.5.9 and later).</para>
+          <para>SNAT outgoing connections on eth0 from 192.168.1.0/24 randomly
+          to addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 (Shorewall 5.0.0 and
+          later).</para>
 
-          <programlisting>/etc/shorewall/tcrules:
-
-       #ACTION   SOURCE         DEST         PROTO   DPORT         SPORT    USER    TEST
-       1-3:CF    192.168.1.0/24 eth0 ; state=NEW
-
-/etc/shorewall/snat:
+          <programlisting>/etc/shorewall/snat:
 
        #ACTION                 SOURCE          DEST
-       SNAT(1.1.1.1)           192.168.1.0/24  eth0  { mark=1:C }
-       SNAT(1.1.1.3)           192.168.1.0/24  eth0  { mark=2:C }
-       SNAT(1.1.1.9)           192.168.1.0/24  eth0  { mark=3:C }</programlisting>
+       SNAT(1.1.1.1)           192.168.1.0/24  eth0  { probability=0.33 }
+       SNAT(1.1.1.3)           192.168.1.0/24  eth0  { probability=0.50 }
+       SNAT(1.1.1.9)           192.168.1.0/24  eth0</programlisting>
         </listitem>
       </varlistentry>
 

From 5b0cacd9c4cd95d669e386500460e0dc93a66e51 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 24 Sep 2020 14:46:24 -0700
Subject: [PATCH 4/5] Add NFS V1.4 macro

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Macros/macro.NFS | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 Shorewall/Macros/macro.NFS

diff --git a/Shorewall/Macros/macro.NFS b/Shorewall/Macros/macro.NFS
new file mode 100644
index 000000000..4501e4d09
--- /dev/null
+++ b/Shorewall/Macros/macro.NFS
@@ -0,0 +1,12 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.NFS
+#
+# This macro handles NFS v4.1+ traffic with default ports.
+# You should only allow NFS traffic between hosts you fully trust.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	111		# portmapper, rpcbind
+PARAM	-	-	tcp	2049		# nfs
+PARAM	-	-	tcp	20048		# mountd

From 97165ed41e54d7dc66b90f51dbc9cedf9870d08e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 24 Sep 2020 15:16:51 -0700
Subject: [PATCH 5/5] Add target file(s) 5.2.8-base

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Shorewall-targetname | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Shorewall-targetname b/Shorewall/Shorewall-targetname
index e45247509..c57ae7cac 100644
--- a/Shorewall/Shorewall-targetname
+++ b/Shorewall/Shorewall-targetname
@@ -1 +1 @@
-5.2.8-RC1
+5.2.8-base