Merge branch 'master' into 5.2.4

# Conflicts:
#	docs/SharedConfig.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Macros/macro.BitcoinRegtest

@@ -0,0 +1,8 @@
+#
+# Shorewall --/usr/share/shorewall/macro.BitcoinRegtest
+#
+# Macro for handling Bitcoin P2P traffic (Regtest mode)
+#
+##############################################################################################################################################################
+#ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
+PARAM       -           -           tcp     18444

Shorewall/Macros/macro.BitcoinTestnet

@@ -0,0 +1,8 @@
+#
+# Shorewall --/usr/share/shorewall/macro.BitcoinTestnet
+#
+# Macro for handling Bitcoin P2P traffic (Testnet mode)
+#
+##############################################################################################################################################################
+#ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
+PARAM       -           -           tcp     18333

Shorewall/Macros/macro.BitcoinTestnetRPC

@@ -0,0 +1,8 @@
+#
+# Shorewall --/usr/share/shorewall/macro.BitcoinTestnetRPC
+#
+# Macro for handling Bitcoin RPC traffic (Testnet and Regtest mode)
+#
+##############################################################################################################################################################
+#ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
+PARAM       -           -           tcp     18332

Shorewall/Perl/Shorewall/Chains.pm

@@ -697,7 +697,7 @@ use constant { UNIQUE      => 1,       # Simple header matches - only allowed on
 	       CONTROL     => 16,      # Unsed internally by the compiler - does not contribute to the iptables rule
 	       COMPLEX     => 32,      # Currently means 'contrack --cstate'
 	       NFACCT      => 64,      # nfacct match
-	       EXPENSIVE   => 128,     # Has high rule-processing cost in the kernel
+	       EXPENSIVE   => 128,     # Has high match-processing cost in the kernel
 	       RECENT      => 256,     # recent match
 	   };
 
@@ -1239,8 +1239,8 @@ sub transform_rule( $;\$ ) {
 	    $option = $2;
 	} elsif ( $input =~ s/^(!\s+)?--([^\s]+)\s*// ) {
 	    $invert = '!' if $1;
-	    my $opt = $option = $2;
+	    my $opt = $2;
-	    fatal_error "Unrecognized iptables option ($opt}" unless $option = $aliases{$option};
+	    fatal_error "Unrecognized iptables option ($opt}" unless $option = $aliases{$opt};
 	} else {
 	    fatal_error "Unrecognized iptables option string ($input)";
 	}

Shorewall/manpages/shorewall-files.xml

@@ -720,9 +720,9 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
   <refsect1>
     <title>Time Columns</title>
 
-    <para>Several of the files include a TIME column that allows you to specify
+    <para>Several of the files include a TIME column that allows you to
-    times when the rule is to be applied. Contents of this column is a list of
+    specify times when the rule is to be applied. Contents of this column is a
-    <replaceable>timeelement</replaceable>s separated by apersands
+    list of <replaceable>timeelement</replaceable>s separated by apersands
     (&amp;).</para>
 
     <para>Each <replaceable>timeelement</replaceable> is one of the
@@ -930,7 +930,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
     role="bold">on</emphasis>. If you precede the switch name with ! (e.g.,
     !switch1), then the rule is enabled only when the switch is <emphasis
     role="bold">off</emphasis>. Switch settings are retained over
-    <command>shorewall restart</command>.</para>
+    <command>shorewall reload</command>.</para>
 
     <para>Shorewall requires that switch names:</para>
 

Shorewall/manpages/shorewall-mangle.xml

@@ -1583,7 +1583,7 @@ Normal-Service       =&gt; 0x00</programlisting>
 
         <listitem>
           <para>Added in Shorewall 5.1.0 and allows enabling and disabling the
-          rule without requiring <command>shorewall restart</command>.</para>
+          rule without requiring <command>shorewall reload</command>.</para>
 
           <para>The rule is enabled if the value stored in
           <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
@@ -1614,7 +1614,7 @@ Normal-Service       =&gt; 0x00</programlisting>
           </simplelist>
 
           <para>Switch settings are retained over <command>shorewall
-          restart</command>.</para>
+          reload</command>.</para>
 
           <para>When the <replaceable>switch-name</replaceable> is followed by
           <option>=0</option> or <option>=1</option>, then the switch is

Shorewall/manpages/shorewall-rules.xml

@@ -2342,7 +2342,7 @@
         <listitem>
           <para>Added in Shorewall 4.4.24 and allows enabling and disabling
           the rule without requiring <command>shorewall
-          restart</command>.</para>
+          reload</command>.</para>
 
           <para>The rule is enabled if the value stored in
           <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
@@ -2373,7 +2373,7 @@
           </simplelist>
 
           <para>Switch settings are retained over <command>shorewall
-          restart</command>.</para>
+          reload</command>.</para>
 
           <para>Beginning with Shorewall 4.5.10, when the
           <replaceable>switch-name</replaceable> is followed by

docs/Shorewall-Lite.xml

@@ -248,10 +248,10 @@
 
             <listitem>
               <programlisting><command>cd &lt;export directory&gt;</command>
-<command>/sbin/shorewall load firewall</command></programlisting>
+<command>/sbin/shorewall remote-start firewall</command></programlisting>
 
               <para>The <ulink
-              url="starting_and_stopping_shorewall.htm#Load"><command>load</command></ulink>
+              url="starting_and_stopping_shorewall.htm#Load"><command>remote-start</command></ulink>
               command compiles a firewall script from the configuration files
               in the current working directory (using <command>shorewall
               compile -e</command>), copies that file to the remote system via
@@ -260,7 +260,8 @@
 
               <para>Example (firewall's DNS name is 'gateway'):</para>
 
-              <para><command>/sbin/shorewall load gateway</command><note>
+              <para><command>/sbin/shorewall remote-start
+              gateway</command><note>
                   <para>Although scp and ssh are used by default, you can use
                   other utilities by setting RSH_COMMAND and RCP_COMMAND in
                   <filename>/etc/shorewall/shorewall.conf</filename>.</para>
@@ -283,15 +284,15 @@
           then:</para>
 
           <programlisting><command>cd &lt;export directory&gt;</command>
-<command>/sbin/shorewall reload firewall</command></programlisting>
+<command>/sbin/shorewall remote-reload firewall</command></programlisting>
 
           <para>The <ulink
-          url="manpages/shorewall.html"><command>reload</command></ulink>
+          url="manpages/shorewall.html"><command>remote-reload</command></ulink>
           command compiles a firewall script from the configuration files in
           the current working directory (using <command>shorewall compile
           -e</command>), copies that file to the remote system via scp and
-          restarts Shorewall Lite on the remote system via ssh. The <emphasis
+          reloads Shorewall Lite on the remote system via ssh. The <emphasis
-          role="bold">reload</emphasis> command also supports the '-c'
+          role="bold">remote-reload</emphasis> command also supports the '-c'
           option.</para>
         </listitem>
       </orderedlist>
@@ -491,17 +492,18 @@
 
             <blockquote>
               <programlisting><command>cd &lt;export directory&gt;</command>
-<command>/sbin/shorewall load &lt;firewall system&gt;</command>
+<command>/sbin/shorewall remote-start &lt;firewall system&gt;</command>
 </programlisting>
 
               <para>Example (firewall's DNS name is 'gateway'):</para>
 
-              <para><command>/sbin/shorewall load gateway</command></para>
+              <para><command>/sbin/shorewall remote-start
+              gateway</command></para>
             </blockquote>
 
-            <para>The first time that you issue a <command>load</command>
+            <para>The first time that you issue a
-            command, Shorewall will use ssh to run
+            <command>remote-start</command> command, Shorewall will use ssh to
-            <filename>/usr/share/shorewall-lite/shorecap</filename> on the
+            run <filename>/usr/share/shorewall-lite/shorecap</filename> on the
             remote firewall to create a capabilities file in the firewall's
             administrative direction. See <link
             linkend="Shorecap">below</link>.</para>
@@ -521,7 +523,7 @@
             then:</para>
 
             <programlisting><command>cd &lt;export directory&gt;</command>
-<command>/sbin/shorewall reload firewall</command></programlisting>
+<command>/sbin/shorewall remote-reload firewall</command></programlisting>
 
             <para>The <ulink
             url="starting_and_stopping_shorewall.htm#Reload"><command>reload</command></ulink>
@@ -542,8 +544,8 @@
 <command>scp capabilities &lt;admin system&gt;:&lt;this system's config dir&gt;</command></programlisting>
 
             <para>Or simply use the -c option the next time that you use the
-            <command>reload</command> command (e.g., <command>shorewall reload
+            <command>remote-reload</command> command (e.g., <command>shorewall
-            -c gateway</command>).</para>
+            remote-reload -c gateway</command>).</para>
           </listitem>
         </orderedlist>
       </section>