Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

Shorewall-core/lib.cli

@@ -1683,7 +1683,7 @@ restore_command() {
 
     if [ -z "$STARTUP_ENABLED" ]; then
 	error_message "ERROR: Startup is disabled"
-	exit 2
+	exit 6
     fi
 
     g_restorepath=${VARDIR}/$RESTOREFILE
@@ -3680,7 +3680,7 @@ start_command() {
 	else
 	    error_message "${VARDIR}/firewall is missing or is not executable"
 	    logger -p kern.err "ERROR:$g_product start failed"
-	    rc=2
+	    rc=6
 	fi
 
 	[ -n "$g_nolock" ] || mutex_off
@@ -3813,7 +3813,7 @@ restart_command() {
     else
 	error_message "${VARDIR}/firewall is missing or is not executable"
 	logger -p kern.err "ERROR:$g_product restart failed"
-	rc=2
+	rc=6
     fi
 
     [ -n "$g_nolock" ] || mutex_off

Shorewall-init/init.debian.sh

@@ -74,7 +74,9 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+    else
+	return 0
     fi
 }
 
@@ -103,21 +105,17 @@ shorewall_start () {
   echo -n "Initializing \"Shorewall-based firewalls\": "
 
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x ${STATEDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+              #
-          #
+	      # Run in a sub-shell to avoid name collisions
-	  # Run in a sub-shell to avoid name collisions
+	      #
-	  #
+	      (
-	  ( 
+		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+		      ${STATEDIR}/firewall ${OPTIONS} stop
-		  ${STATEDIR}/firewall ${OPTIONS} stop || echo_notdone
+		  fi
-	      else
+	      )
-		  echo_notdone
+	  fi
-	      fi
-	  )
-      else
-	  echo_notdone
       fi
   done
 
@@ -144,10 +142,10 @@ shorewall_stop () {
 
   echo -n "Clearing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x ${STATEDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  ${STATEDIR}/firewall ${OPTIONS} clear || echo_notdone
+	  fi
       fi
   done
 

Shorewall-init/init.sh

@@ -69,10 +69,10 @@ setstatedir() {
 
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
 
-    if [ ! -x $STATEDIR/firewall ]; then
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+    else
-	fi
+	return 0
     fi
 }
 
@@ -83,11 +83,11 @@ shorewall_start () {
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x ${STATEDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop
-	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
+	      fi
 	  fi
       fi
   done
@@ -106,10 +106,10 @@ shorewall_stop () {
 
   echo -n "Clearing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x ${STATEDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
+	  fi
       fi
   done
 

Shorewall-init/init.suse.sh

@@ -80,7 +80,9 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+    else
+	return 0
     fi
 }
 
@@ -91,14 +93,12 @@ shorewall_start () {
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x $STATEDIR/firewall ]; then
-      if [ -x $STATEDIR/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
-	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
+	      fi
 	  fi
-      else
-	  exit 6
       fi
   done
 
@@ -114,12 +114,10 @@ shorewall_stop () {
 
   echo -n "Clearing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if setstatedir; then
-
+	  if [ -x ${STATEDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
+	  fi
-      else
-	  exit 6
       fi
   done
 

Shorewall/lib.cli-std

@@ -169,7 +169,7 @@ get_config() {
 		*)
 		    if [ -n "$STARTUP_ENABLED" ]; then
 			fatal_error "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED"
-			exit 2
+			exit 6
 		    fi
 		    ;;
 	    esac

docs/Anatomy.xml

@@ -24,6 +24,8 @@
 
       <year>2012</year>
 
+      <year>2015</year>
+
       <holder>Thomas M. Eastep</holder>
     </copyright>
 
@@ -93,13 +95,16 @@
   <section id="Shorewall">
     <title>Shorewall</title>
 
-    <para>The Shorewall package includes a large number of files which are
+    <para>The Shorewall package includes a large number of files which were
-    installed in <filename class="directory">/sbin</filename>, <filename
+    traditionally installed in <filename class="directory">/sbin</filename>,
-    class="directory">/usr/share/shorewall</filename>, <filename
+    <filename class="directory">/usr/share/shorewall</filename>, <filename
     class="directory">/etc/shorewall</filename>,
     <filename>/etc/init.d</filename> and <filename
     class="directory">/var/lib/shorewall/</filename>. These are described in
-    the sub-sections that follow.</para>
+    the sub-sections that follow. Since Shorewall 4.5.2, each of these
+    directories is now relocatable using the <ulink
+    url="Install.htm#idp8774904608">configure scripts included with Shorewall
+    Core</ulink>.</para>
 
     <section id="sbin">
       <title>/sbin</title>
@@ -170,7 +175,8 @@
 
         <listitem>
           <para><filename>lib.*</filename> - Shell function libraries used by
-          the other shell programs.</para>
+          the other shell programs. Most of these are actually provided by
+          Shorewall-core.</para>
         </listitem>
 
         <listitem>
@@ -194,6 +200,12 @@
           containing the Shorewall Perl modules used by the compiler.</para>
         </listitem>
 
+        <listitem>
+          <para><filename>shorewallrc</filename> - A file that specifies where
+          all of the other installed components (from all packages) are
+          installed.</para>
+        </listitem>
+
         <listitem>
           <para><filename>version</filename> - A file containing the currently
           install version of Shorewall.</para>
@@ -504,8 +516,8 @@
     <section id="sbin-lite">
       <title>/sbin</title>
 
-      <para>The <filename>/sbin/shorewall-lite</filename> shell program is used
+      <para>The <filename>/sbin/shorewall-lite</filename> shell program is
-      to interact with Shorewall lite. See <ulink
+      used to interact with Shorewall lite. See <ulink
       url="manpages/shorewall-lite.html">shorewall-lite</ulink>(8).</para>
     </section>