Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

Shorewall/Perl/Shorewall/Compiler.pm

@@ -529,14 +529,12 @@ EOF
     emit( '    run_refreshed_exit',
 	  '    do_iptables -N shorewall' );
 
-    emit ( '    do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
+    emit( '    do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
 
-    emit(
+    emit( "    set_state Started $config_dir",
-	"    set_state Started $config_dir",
+	  '    [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
-	'    [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
+	  'else',
-        'else',
+	  '    setup_netfilter'	);
-	'    setup_netfilter'
-	);
 
     push_indent;
     emit 'setup_arptables' if $have_arptables;
@@ -604,12 +602,12 @@ sub compiler {
     sub validate_boolean( $ ) {
 	 my $val = numeric_value( shift );
 	 defined($val) && ($val >= 0) && ($val < 2);
-     }
+    }
 
     sub validate_verbosity( $ ) {
 	 my $val = numeric_value( shift );
 	 defined($val) && ($val >= MIN_VERBOSITY) && ($val <= MAX_VERBOSITY);
-     }
+    }
 
     sub validate_family( $ ) {
 	my $val = numeric_value( shift );
@@ -852,7 +850,7 @@ sub compiler {
     #
     setup_tunnels;
     #
-    # Clear the current filename
+    # Clear the current filename so that the last one processed doesn't appear in error and warning messages
     #
     clear_currentfilename;
     #

docs/GettingStarted.xml

@@ -67,6 +67,12 @@
     <listitem>
       <para><ulink url="Universal.html">Universal</ulink> configuration --
       requires no configuration to protect a single system.</para>
+
+      <caution>
+        <para>This configuration places all interfaces in the net zone. If you
+        add another interface or VPN, you will want to select a different
+        QuickStart Guide.</para>
+      </caution>
     </listitem>
   </itemizedlist>
 
@@ -182,7 +188,7 @@
                     url="configuration_file_basics.htm#Ranges">Port
                     Ranges</ulink></entry>
 
-                    <entry></entry>
+                    <entry/>
                   </row>
                 </tbody>
               </tgroup>

docs/Introduction.xml

@@ -16,7 +16,7 @@
     <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
 
     <copyright>
-      <year>2003-2014</year>
+      <year>2003-2015</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -145,18 +145,8 @@
     setups, you will only need to deal with a few of them.</para>
 
     <para>Shorewall views the network where it is running as being composed of
-    a set of <firstterm>zones</firstterm>. In the <ulink
+    a set of <firstterm>zones</firstterm>. Zones are declared and given a type
-    url="three-interface.htm">three-interface sample configuration</ulink> for
+    in the <ulink url="manpages/shorewall-zones.html"><filename
-    example, the following zone names are used:</para>
-
-    <programlisting>#NAME                  DESCRIPTION
-fw                     The firewall itself
-net                    The Internet
-loc                    Your Local Network
-dmz                    Demilitarized Zone</programlisting>
-
-    <para>Zones are declared and given a type in the <ulink
-    url="manpages/shorewall-zones.html"><filename
     class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
     file.Here is the <ulink url="manpages/shorewall-zones.html"><filename
     class="directory">/etc/shorewall/</filename><filename>zones</filename></ulink>
@@ -433,8 +423,8 @@ ACCEPT     net           $FW       tcp        22</programlisting>
       <listitem>
         <para><emphasis role="bold">Shorewall-init</emphasis>. May be
         installed with any of the other firewall packages. Allows the firewall
-        to be close prior to bringing up network interfaces. It can also react
+        to be closed prior to bringing up network interfaces. It can also
-        to interface up/down events.</para>
+        react to interface up/down events.</para>
       </listitem>
     </orderedlist>
   </section>

docs/Shorewall-4.xml

@@ -22,6 +22,8 @@
 
       <year>2009</year>
 
+      <year>2015</year>
+
       <holder>Thomas M. Eastep</holder>
     </copyright>
 
@@ -97,11 +99,12 @@
   <section id="Install">
     <title>Shorewall 4.4</title>
 
-    <para>Shorewall 4.4 discontinues the availability of the legacy
+    <para>Shorewall 4.4 discontinued the availability of the legacy
     shell-based compiler. All users must migrate to the perl-based compiler
-    before or during an upgrade to Shorewall version 4.4. We highly recommend
+    before or during an upgrade to Shorewall version 4.4 or later. We highly
-    that current users of the shell-based compiler migrate before upgrading to
+    recommend that current users of the shell-based compiler migrate before
-    4.4 so that both compilers are available during the migration.</para>
+    upgrading to 4.4 or later so that both compilers are available during the
+    migration.</para>
 
     <para>Shorewall 4.4 contains five packages:</para>
 
@@ -161,11 +164,12 @@
 
     <itemizedlist>
       <listitem>
-        <para>Perl (I use Perl 5.8.10 but other 5.8 versions should work
+        <para>Perl (I use Perl 5.14.2 but other 5.8 or later versions should
-        fine). <note>
+        work fine). <note>
             <para>If you want to be able to use DNS names in your Shorewall6
-            configuration files, then Perl 5.10 is required together with the
+            configuration files, then Perl 5.10 or later is required together
-            Perl <emphasis role="bold">Socket6</emphasis> module.</para>
+            with the Perl <emphasis role="bold">Socket6</emphasis>
+            module.</para>
           </note></para>
       </listitem>