Merge branch '5.0.0' of ssh://server.shorewall.net/home/teastep/shorewall/code into 5.0.0

Shorewall/Perl/Shorewall/Config.pm

@@ -4930,7 +4930,8 @@ EOF
 	    exit 0 unless ( $directives ||
 			    -f find_file 'blacklist'    ||
 			    -f find_file 'tcrules'      ||
-			    -f find_file 'routestopped'
+			    -f find_file 'routestopped' ||
+			    -f find_file 'notrack'
 			  );
 	}
     } else {

Shorewall/Perl/Shorewall/Misc.pm

@@ -254,16 +254,12 @@ sub convert_blacklist() {
     my $zones1 = find_zones_by_option 'blacklist', 'out';
     my ( $level, $disposition ) = @config{'BLACKLIST_LOG_LEVEL', 'BLACKLIST_DISPOSITION' };
     my $audit       = $disposition =~ /^A_/;
-    my $target      = $disposition eq 'REJECT' ? 'reject' : $disposition;
+    my $target      = $disposition;
     my $orig_target = $target;
     my @rules;
 
     if ( @$zones || @$zones1 ) {
-	if ( supplied $level ) {
+	$target = "$target:$level" if supplied $level;
-	    $target = 'blacklog';
-	} elsif ( $audit ) {
-	    $target = verify_audit( $disposition );
-	}
 
 	my $fn = open_file( 'blacklist' );
 
@@ -313,8 +309,6 @@ sub convert_blacklist() {
 		} else {
 		    warning_message "Duplicate 'audit' option ignored" if $auditone > 1;
 		}
-
-		$tgt = verify_audit( 'A_' . $target, $orig_target, $target );
 	    }
 
 	    for ( @options ) {
@@ -438,6 +432,7 @@ sub convert_routestopped() {
 	my ( @allhosts, %source, %dest , %notrack, @rule );
 
 	my $seq  = 0;
+	my $date = localtime;
 
 	my ( $stoppedrules, $fn1 );
 
@@ -463,6 +458,11 @@ sub convert_routestopped() {
 EOF
 	}
 
+	print( $stoppedrules
+	       "#\n" ,
+	       "# Rules generated from routestopped file $fn by Shorewall $globals{VERSION} - $date\n" ,
+	       "#\n" );
+
 	first_entry "$doing $fn...";
 
 	while ( read_a_line ( NORMAL_READ ) ) {

Shorewall/Perl/Shorewall/Raw.pm

@@ -363,6 +363,7 @@ sub setup_conntrack($) {
     if ( $convert ) {
 	my $conntrack;
 	my $empty  = 1;
+	my $date = localtime;
 
 	if ( $fn ) {
 	    open $conntrack, '>>', $fn or fatal_error "Unable to open $fn for notrack conversion: $!";
@@ -385,6 +386,11 @@ EOF
 EOF
 	}
 
+	print( $conntrack
+	       "#\n" ,
+	       "# Rules generated from notrack file $fn by Shorewall $globals{VERSION} - $date\n" ,
+	       "#\n" );
+
 	$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
 
 	while ( read_a_line( PLAIN_READ ) ) {

Shorewall/Perl/Shorewall/Tc.pm

@@ -3226,14 +3226,19 @@ sub setup_tc( $ ) {
 		    }
 		}
 
+		close $mangle, directive_callback( 0 ) if $tcrules;
+
+	    } elsif ( $tcrules ) {
 		close $mangle, directive_callback( 0 );
-	    } elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
+
+		if ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
 		    if ( unlink $fn ) {
 			warning_message "Empty tcrules file ($fn) removed";
 		    } else {
 			warning_message "Unable to remove empty tcrules file $fn: $!";
 		    }
 		}
+	    }
 	} elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
 	    warning_message "The tcrules file is no longer supported -- use the '$product update -t' to convert $fn to an equivalent 'mangle' file";
 	}