From 5f861655213ee422c3b36cb30773341472ad292c Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 17 Dec 2008 17:40:44 +0000
Subject: [PATCH] Move 4.2 changes to trunk; fix a couple of typos

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-lite/shorewall-lite       | 10 ++++++---
 Shorewall-perl/Shorewall/Config.pm  |  2 +-
 Shorewall-perl/Shorewall/IPAddrs.pm |  4 ++--
 Shorewall-perl/compiler.pl          |  2 +-
 Shorewall-shell/compiler            |  9 ++++----
 Shorewall-shell/prog.footer         | 32 +++++++++++++++++++++++------
 6 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index 0ad6a3203..c7a9966c6 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -380,7 +380,7 @@ usage() # $1 = exit status
     echo "   logreject <address> ..."
     echo "   logwatch [<refresh interval>]"
     echo "   reject <address> ..."
-    echo "   reset"
+    echo "   reset [ <chain> ... ]"
     echo "   restart [ -n ] [ -p ]"
     echo "   restore [ -n ] [ <file name> ]"
     echo "   save [ <file name> ]"
@@ -591,15 +591,19 @@ case "$COMMAND" in
 	shift
 	start_command $@
 	;;
-    stop|reset|clear)
+    stop|clear)
 	[ $# -ne 1 ] && usage 1
 	verify_firewall_script
 	export NOROUTES
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
 	;;
+    reset)
+	verify_firewall_script
+	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $@
+	;;
     restart)
 	shift
-	restart_command $@
+	restart_command
 	;;
     show|list)
     	shift
diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm
index f09217b10..267179e78 100644
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@@ -424,7 +424,7 @@ sub initialize( $ ) {
 			 ULOG    => 'ULOG',
 			 NFLOG   => 'NFLOG');
     } else {
-	$globals{SHAREDIR} = '/usr/share/shorewall';
+	$globals{SHAREDIR} = '/usr/share/shorewall6';
 	$globals{CONFDIR} =  '/etc/shorewall6';
 	
 	%config =
diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm
index 345c13fa8..d5a1aa2f5 100644
--- a/Shorewall-perl/Shorewall/IPAddrs.pm
+++ b/Shorewall-perl/Shorewall/IPAddrs.pm
@@ -238,12 +238,12 @@ sub ip_range_explicit( $ ) {
 
     my ( $low, $high ) = split /-/, $range;
 
-    validate_address $low, 0;
+    validate_4address $low, 0;
 
     push @result, $low;
 
     if ( defined $high ) {
-	validate_faddress $high, 0;
+	validate_4address $high, 0;
 
 	my $first = decodeaddr $low;
 	my $last  = decodeaddr $high;
diff --git a/Shorewall-perl/compiler.pl b/Shorewall-perl/compiler.pl
index 472275cf7..bf5959c9c 100755
--- a/Shorewall-perl/compiler.pl
+++ b/Shorewall-perl/compiler.pl
@@ -35,7 +35,7 @@
 #         --refresh=<chainlist>       # Make the 'refresh' command refresh a comma-separated list of chains rather than 'blacklst'.
 #         --log=<filename>            # Log file
 #         --log_verbosity=<number>    # Log Verbosity range -1 to 2
-#         --family=<number>           # IP family; 1 = IPv4, 2 = IPv6
+#         --family=<number>           # IP family; 4 = IPv4, 6 = IPv6
 #
 use strict;
 use FindBin;
diff --git a/Shorewall-shell/compiler b/Shorewall-shell/compiler
index 4775c5763..e22a4abd9 100755
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@@ -1728,7 +1728,7 @@ add_a_rule() {
 
 	if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then
 	    match='--ctorigdst'
-	    if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+	    if [ -z "$OLD_CONNTRACK_MATCH" ]; then
 		case $adr in
 		    !*)
 			match='!--ctorigdst'
@@ -1951,7 +1951,7 @@ __EOF__
 			    else
 				for adr in $(separate_list $addr); do
 				    match='--ctorigdst'
-				    if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+				    if [ -z "$OLD_CONNTRACK_MATCH" ]; then
 					case $adr in
 					    !*)
 						match='!--ctorigdst'
@@ -2028,7 +2028,7 @@ __EOF__
 	if [ -n "$addr" ]; then
 	    for adr in $(separate_list $addr); do
 		match='--ctorigdst'
-		if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+		if [ -z "$OLD_CONNTRACK_MATCH" ]; then
 		    case $adr in
 			!*)
 			    match='!--ctorigdst'
@@ -3822,7 +3822,7 @@ __EOF__
 		    # We have connection tracking match -- match on the original destination
 		    #
 		    match='--ctorigdst'
-		    if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+		    if [ -z "$OLD_CONNTRACK_MATCH" ]; then
 			case $network in
 			    !*)
 				match='!--ctorigdst'
@@ -5148,6 +5148,7 @@ compile_firewall() # $1 = File Name
 	[ -d $outfile ] && fatal_error "$outfile is a Directory"
 	[ -h $outfile ] && fatal_error "$outfile is a Symbolic Link"
 	[ -f $outfile -a ! -x $outfile ] && fatal_error "$outfile exists and is not a restore file"
+	[ $(basename $1) = shorewall ] && fatal_error "A compiled script may not be named 'shorewall'"
 
 	DOING=Compiling
 	DONE=compiled
diff --git a/Shorewall-shell/prog.footer b/Shorewall-shell/prog.footer
index 1fd2e1024..f02f47799 100644
--- a/Shorewall-shell/prog.footer
+++ b/Shorewall-shell/prog.footer
@@ -55,16 +55,13 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
     esac
 done
 
-if [ $# -ne 1 ]; then
-    usage 2
-else
-    COMMAND="$1"
-fi
+COMMAND="$1"
 
 [ -n "${PRODUCT:=Shorewall}" ]
 
 case "$COMMAND" in
     start)
+	[ $# -ne 1 ] && usage 2
 	if shorewall_is_started; then
 	    error_message "$PRODUCT is already Running"
 	    status=0
@@ -80,6 +77,7 @@ case "$COMMAND" in
 	fi
 	;;
     stop)
+	[ $# -ne 1 ] && usage 2
 	progress_message3 "Stopping $PRODUCT...."
 	stop_firewall
 	status=0
@@ -90,16 +88,32 @@ case "$COMMAND" in
 	if ! shorewall_is_started ; then
 	    error_message "$PRODUCT is not running"
 	    status=2
-	else
+	elif [ $# -eq 1 ]; then
 	    $IPTABLES -Z
 	    $IPTABLES -t nat -Z
 	    $IPTABLES -t mangle -Z
 	    date > ${VARDIR}/restarted
 	    status=0
 	    progress_message3 "$PRODUCT Counters Reset"
+	else
+	    status=0
+	    for chain in $@; do
+		if chain_exists $chain; then
+		    if qt $IPTABLES -Z $chain; then
+			progress_message3 "Filter table $chain Counters Reset"
+		    else
+			error_message "ERROR: Reset of chain $chain failed"
+			status=2
+			break
+		    fi
+		else
+		    error_message "WARNING: Filter Chain $chain does not exist"
+		fi
+	    done
 	fi
 	;;
     restart)
+	[ $# -ne 1 ] && usage 2
 	if shorewall_is_started; then
 	    progress_message3 "Restarting $PRODUCT...."
 	else
@@ -120,6 +134,7 @@ case "$COMMAND" in
 	progress_message3 "done."
 	;;
     refresh)
+	[ $# -ne 1 ] && usage 2
 	if shorewall_is_started; then
 	    progress_message3 "Refreshing $PRODUCT...."
 	    refresh_firewall
@@ -131,6 +146,7 @@ case "$COMMAND" in
 	fi
 	;;
     restore)
+	[ $# -ne 1 ] && usage 2
 	restore_firewall
 	status=$?
 	if [ -n "$SUBSYSLOCK" ]; then
@@ -138,6 +154,7 @@ case "$COMMAND" in
         fi
 	;;
     clear)
+	[ $# -ne 1 ] && usage 2
 	progress_message3 "Clearing $PRODUCT...."
 	clear_firewall
 	status=0
@@ -145,6 +162,7 @@ case "$COMMAND" in
 	progress_message3 "done."
 	;;
     status)
+	[ $# -ne 1 ] && usage 2
 	echo "$PRODUCT-$VERSION Status at $HOSTNAME - $(date)"
 	echo
 	if shorewall_is_started; then
@@ -169,10 +187,12 @@ case "$COMMAND" in
 	echo
 	;;
     version)
+	[ $# -ne 1 ] && usage 2
 	echo $VERSION
 	status=0
 	;;
     help)
+	[ $# -ne 1 ] && usage 2
 	usage 0
 	;;
     *)