From 38851fe446326457acd2ca36d7e5e609cee64e4c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 4 Oct 2010 07:44:28 -0700
Subject: [PATCH] Delete obsolete options from shorewall.conf

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Samples/Universal/shorewall.conf        | 6 ------
 Samples/one-interface/shorewall.conf    | 6 ------
 Samples/three-interfaces/shorewall.conf | 6 ------
 Samples/two-interfaces/shorewall.conf   | 6 ------
 Shorewall/changelog.txt                 | 2 ++
 Shorewall/configfiles/shorewall.conf    | 6 ------
 Shorewall/releasenotes.txt              | 9 +++++++++
 docs/bridge-Shorewall-perl.xml          | 5 +++--
 8 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/Samples/Universal/shorewall.conf b/Samples/Universal/shorewall.conf
index 44f58f8e1..737641019 100644
--- a/Samples/Universal/shorewall.conf
+++ b/Samples/Universal/shorewall.conf
@@ -126,18 +126,12 @@ ADMINISABSENTMINDED=Yes
 
 BLACKLISTNEWONLY=Yes
 
-DELAYBLACKLISTLOAD=No
-
 MODULE_SUFFIX=ko
 
 DISABLE_IPV6=No
 
-BRIDGING=No
-
 DYNAMIC_ZONES=No
 
-PKTTYPE=Yes
-
 NULL_ROUTE_RFC1918=No
 
 MACLIST_TABLE=filter
diff --git a/Samples/one-interface/shorewall.conf b/Samples/one-interface/shorewall.conf
index 7b5846e99..961892a9c 100644
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@@ -137,14 +137,10 @@ ADMINISABSENTMINDED=Yes
 
 BLACKLISTNEWONLY=Yes
 
-DELAYBLACKLISTLOAD=No
-
 MODULE_SUFFIX=ko
 
 DISABLE_IPV6=No
 
-BRIDGING=No
-
 DYNAMIC_ZONES=No
 
 PKTTYPE=Yes
@@ -165,8 +161,6 @@ IMPLICIT_CONTINUE=No
 
 HIGH_ROUTE_MARKS=No
 
-USE_ACTIONS=Yes
-
 OPTIMIZE=1
 
 EXPORTPARAMS=No
diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf
index f3007976d..6aa1bb45a 100644
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@@ -137,14 +137,10 @@ ADMINISABSENTMINDED=Yes
 
 BLACKLISTNEWONLY=Yes
 
-DELAYBLACKLISTLOAD=No
-
 MODULE_SUFFIX=ko
 
 DISABLE_IPV6=No
 
-BRIDGING=No
-
 DYNAMIC_ZONES=No
 
 PKTTYPE=Yes
@@ -165,8 +161,6 @@ IMPLICIT_CONTINUE=No
 
 HIGH_ROUTE_MARKS=No
 
-USE_ACTIONS=Yes
-
 OPTIMIZE=1
 
 EXPORTPARAMS=No
diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf
index 62cc166f3..9ec4646f9 100644
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@@ -144,14 +144,10 @@ ADMINISABSENTMINDED=Yes
 
 BLACKLISTNEWONLY=Yes
 
-DELAYBLACKLISTLOAD=No
-
 MODULE_SUFFIX=ko
 
 DISABLE_IPV6=No
 
-BRIDGING=No
-
 DYNAMIC_ZONES=No
 
 PKTTYPE=Yes
@@ -172,8 +168,6 @@ IMPLICIT_CONTINUE=No
 
 HIGH_ROUTE_MARKS=No
 
-USE_ACTIONS=Yes
-
 OPTIMIZE=1
 
 EXPORTPARAMS=No
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 059a946b5..70d6fa1c5 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -17,6 +17,8 @@ Changes in Shorewall 4.4.14
 
 8)  Clamp VERBOSITY to valid range.
 
+9)  Delete obsolete options from shorewall.conf.
+
 Changes in Shorewall 4.4.13
 
 1)  Allow zone lists in rules SOURCE and DEST.
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index f4d428978..83ffaf765 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -126,14 +126,10 @@ ADMINISABSENTMINDED=Yes
 
 BLACKLISTNEWONLY=Yes
 
-DELAYBLACKLISTLOAD=No
-
 MODULE_SUFFIX=ko
 
 DISABLE_IPV6=No
 
-BRIDGING=No
-
 DYNAMIC_ZONES=No
 
 PKTTYPE=Yes
@@ -154,8 +150,6 @@ IMPLICIT_CONTINUE=No
 
 HIGH_ROUTE_MARKS=No
 
-USE_ACTIONS=Yes
-
 OPTIMIZE=0
 
 EXPORTPARAMS=Yes
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index f51a121e0..3140e4b65 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -62,6 +62,15 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 7)  The log reading commands (show log, logwatch, and dump) returned no
     log records when run on one of the -lite products.
 
+8)  To avoid future confusion, the following obsolete options have been
+    deleted from the sample shorewall.conf files:
+
+    	    BRIDGING
+    	    DELETEBLACKLISTLOAD
+	    PKTTYPE
+
+    They will still be recognized by the rules compiler.
+
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------
diff --git a/docs/bridge-Shorewall-perl.xml b/docs/bridge-Shorewall-perl.xml
index f544137c1..c4d5c7787 100644
--- a/docs/bridge-Shorewall-perl.xml
+++ b/docs/bridge-Shorewall-perl.xml
@@ -559,8 +559,9 @@ rc-update add bridge boot
 
     <para>In /etc/shorewall/zones, BP zones are specified using the <emphasis
     role="bold">bport</emphasis> (or <emphasis role="bold">bport4</emphasis>)
-    keyword. Shorewall 4.4 or later requires that BRIDGING=No in
-    <filename>shorewall.conf</filename>.</para>
+    keyword. If your version of <filename>shorewall.conf</filename> contains
+    the <emphasis role="bold">BRIDGING</emphasis> option, it must be set to
+    <emphasis role="bold">No</emphasis>.</para>
 
     <para>In the scenario pictured above, there would probably be two BP zones
     defined -- one for the Internet and one for the local LAN so in