Some accounting fixes (code and docs)

Shorewall/Perl/Shorewall/Config.pm

@@ -570,6 +570,7 @@ sub initialize( $ ) {
 	       FWMARK_RT_MASK => undef,
 	       MARK_ANYWHERE => undef,
 	       HEADER_MATCH => undef,
+               ACCOUNT_TARGET => undef,
 	       CAPVERSION => undef,
 	       KERNELVERSION => undef,
 	       );

Shorewall/releasenotes.txt

@@ -124,6 +124,12 @@ Beta 3
     traffic (IP is SRC) are listed. The -f option causes the table to
     be flushed (reset all counters to zero). 
 
+    One nice feature of per-IP accounting is that the counters survive
+    'shorewall restart'. This has a downside, however. If you change
+    the <network> associated with an accounting table, then you must
+    "shorewall stop; shorewall start" to have a successful restart
+    (counters will be cleared).
+
 Beta 2
 
 1)  Traditionally, the -lite products have used the modules (or

docs/Accounting.xml

@@ -262,8 +262,13 @@
       </listitem>
     </itemizedlist>
 
-    <para>Versions of xtables-addons supporting the ACCOUNT target do not
+    <para>and xtables-addons Version 1.21 on:</para>
-    install successfully on Debian Lenny.</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>Debian Lenny</para>
+      </listitem>
+    </itemizedlist>
 
     <para>Information about xtables-addons installation may be found at <ulink
     url="Dynamic.html#xtables-addons">here</ulink>.</para>
@@ -290,6 +295,12 @@
       notation. The network can be as large as a /8 (class A).</member>
     </simplelist>
 
+    <para>One nice feature of per-IP accounting is that the counters survive
+    <command>shorewall restart</command>. This has a downside, however. If you
+    change the network associated with an accounting table, then you must
+    <command>shorewall stop; shorewall start</command> to have a successful
+    restart (counters will be cleared). </para>
+
     <para>Example: Suppose your WAN interface is eth0 and your LAN interface
     is eth1 with network 172.20.1.0/24. To account for all traffic between the
     WAN and LAN interfaces:</para>
@@ -299,9 +310,11 @@ ACCOUNT(net-loc,172.20.1.0/24)  -            eth0                eth1
 ACCOUNT(net-loc,172.20.1.0/24)  -            eth1                eth0</programlisting>
 
     <para>This will create a <emphasis role="bold">net-loc</emphasis> table
-    for counting packets and bytes for traffic between the two interfaces. The
+    for counting packets and bytes for traffic between the two
-    table is dumped using the <command>iptaccount</command> utility (part of
+    interfaces.</para>
-    xtables-addons):</para>
+
+    <para>The table is dumped using the <command>iptaccount</command> utility
+    (part of xtables-addons):</para>
 
     <programlisting><command>iptaccount [-f] -l net-loc</command></programlisting>
 

manpages/shorewall-accounting.xml

@@ -109,6 +109,13 @@
                   /8 (class A).</member>
                 </simplelist>
 
+                <para>One nice feature of per-IP accounting is that the
+                counters survive <command>shorewall restart</command>. This
+                has a downside, however. If you change the network associated
+                with an accounting table, then you must <command>shorewall
+                stop; shorewall start</command> to have a successful restart
+                (counters will be cleared).</para>
+
                 <para>The counters in a <replaceable>table</replaceable> are
                 printed using the <command>iptaccount</command> utility. As of
                 February 2011, the ACCOUNT Target capability and the