Rename to Shorewall4

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5663 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

New/Shorewall/Accounting.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Accounting.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Accounting.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Actions.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Actions.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Actions.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Chains.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Chains.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Chains.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Common.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Common.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Common.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Config.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Config.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Config.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #
@@ -374,7 +374,13 @@ sub get_configuration() {
     default_yes_no 'LOGTAGONLY'                 , '';
     default_yes_no 'RFC1918_STRICT'             , '';
     default_yes_no 'SAVE_IPSETS'                , '';
+
+    warning_message 'SAVE_IPSETS=Yes is not supported by Shorewall4 ' . VERSION if $config{SAVE_IPSETS};
+
     default_yes_no 'MAPOLDACTIONS'              , '';
+
+    warning_message 'MAPOLDACTIONS=Yes is not supported by Shorewall4 ' . VERSION if $config{MAPOLDACTIONS};
+
     default_yes_no 'FASTACCEPT'                 , '';
     default_yes_no 'IMPLICIT_CONTINUE'          , '';
     default_yes_no 'HIGH_ROUTE_MARKS'           , '';
@@ -564,11 +570,7 @@ sub generate_aux_config() {
 
     create_temp_aux_config;
 
-    my $date = localtime;
-
-    emit "#
-# Shorewall auxiliary configuration file created by Shorewall version $ENV{VERSION} - $date
-#";
+    emit( "#\n# Shorewall auxiliary configuration file created by Shorewall4 version " . VERSION . ' - ' . localtime . "\n#" );
     
     for my $option qw(VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE SAVE_IPSETS) {
 	conditionally_add_option $option;

New/Shorewall/Hosts.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Hosts.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Hosts.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/IPAddrs.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/IPAddrs.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/IPAddrs.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Interfaces.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Interfaces.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Interfaces.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Macros.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Macros.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Macros.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Nat.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Nat.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Nat.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Policy.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Policy.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Policy.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Providers.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Providers.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Providers.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Proxyarp.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Proxyarp.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Proxyarp.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Rules.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Rules.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Rules.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Tc.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Tc.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Tc.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Tunnels.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Tunnels.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Tunnels.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/Shorewall/Zones.pm

@@ -1,5 +1,5 @@
 #
-# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Zones.pm
+# Shorewall4 3.9 -- /usr/share/shorewall4/Shorewall/Zones.pm
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #

New/compiler.pl

@@ -1,6 +1,6 @@
 #! /usr/bin/perl -w
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall Compiler - V3.9
+#     The Shoreline Firewall4 (Shorewall4) Packet Filtering Firewall Compiler - V3.9
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #
@@ -595,11 +595,11 @@ sub compile_firewall( $ ) {
 
     report_capabilities if $ENV{VERBOSE} > 1;
 
-    fatal_error( 'Shorewall ' . VERSION . ' requires Conntrack Match Support' )
+    fatal_error( 'Shorewall4 ' . VERSION . ' requires Conntrack Match Support' )
 	unless $capabilities{CONNTRACK_MATCH};
-    fatal_error( 'Shorewall ' . VERSION . ' requires Extended Multi-port Match Support' )
+    fatal_error( 'Shorewall4 ' . VERSION . ' requires Extended Multi-port Match Support' )
 	unless $capabilities{XMULTIPORT};
-    fatal_error( 'Shorewall ' . VERSION . ' requires Address Type Match Support' )
+    fatal_error( 'Shorewall4 ' . VERSION . ' requires Address Type Match Support' )
 	unless $capabilities{ADDRTYPE};
     fatal_error 'BRIDGING=Yes is not supported by the ' . VERSION . ' Perl-based compiler'
 	if $config{BRIDGING};

New/releasenotes.txt

@@ -1,6 +1,8 @@
-Shorewall 3.9.0
+Shorewall4 3.9.0
+
+This companion product to Shorewall 3.4.2 and later includes a complete
+rewrite of the compiler in Perl.
 
-This release includes a complete rewrite of the compiler in Perl. 
 
 The good news:
 
@@ -9,15 +11,15 @@ b) The compiler is very fast.
 c) The compiler generates a firewall script that uses iptables-restore;
 so the script is very fast.
 d) Use of the perl compiler is optional! The old slow clunky
-   Bourne-shell compiler is still there.
+   Bourne-shell compiler is still available.
 
 The bad news:
 
-There are a number of incompatibilities between 3.9.0 using the
-Perl-based compiler and earlier versions.
+There are a number of incompatibilities between the Perl-based compiler
+and the Bourne-shell one.
 
-a) This version requires the following capabilities in your kernel
-   and iptables. 
+a) The Perl-based compiler requires the following capabilities in your
+   kernel and iptables. 
 
    - addrtype match
    - conntrack match
@@ -33,7 +35,7 @@ c) The BROADCAST column in the interfaces file is essentailly unused;
    receive a warning.
 
 d) Because the compiler is now written in Perl, your compile-time
-   extension scripts for earlier version will no longer work.
+   extension scripts from earlier versions will no longer work.
 
 e) The 'refresh' command is now synonamous with 'restart'.
 
@@ -63,10 +65,44 @@ g) Currently, support for ipsets is untested. That will change with
 	iii) If you specify ipsets in your routestopped file then
 	     Shorewall must be cleared in order to reload your ipsets.
 
+   As a consequence, scripts generated by the Perl-based compiler will
+   ignore /etc/shorewall/ipsets and will issue a warning if you set
+   SAVE_IPSETS=Yes in shorewall.conf.
 
+Installation
+------------
 
+1) Unpack the tarball.
 
+   $ tar -jxf shorewall4-3.9.0-1.tar.bz2
+   $ pwd
+   /home/teastep/shorewall/
+   $ ls
+   shorewall4-3.9.0/
+   $
 
+2) As root, create a symbolic link to the directory containing the unpacked
+   files.
 
+   $ ln -sf /home/teastep/shorewall/ /usr/share/shorewall4
 
-   
+Using the New compiler
+----------------------
+
+By default, the old Bourne-shell based compiler will be used. 
+
+There is one change in Shorewall operation that is triggered when
+/usr/share/shorewall4 exists and is either a directory or a symbolic
+link that points to a directory: Your params file will be processed
+with the shell's '-a' option set which will automatically export any
+variables that you set or create.
+
+To actually use the new compiler, add this to shorewall.conf:
+
+   SHOREWALL4=Yes
+
+If you add this setting to /etc/shorewall/shorewall.conf then by
+default, the new compiler will be used on the system. If you add it to
+shorewall.conf in a separate directory (such as a Shorewall-lite export
+directory) then the new compiler will only be used when you compile
+from that directory.