Document Universal Configuration and allow for empty LOGFILE

Samples/Universal/policy

@@ -10,4 +10,4 @@
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
 $FW	net	ACCEPT
-net	all	DROP		info
+net	all	DROP

Samples/Universal/shorewall.conf

@@ -21,7 +21,7 @@ VERBOSITY=1
 #			       L O G G I N G
 ###############################################################################
 
-LOGFILE=/var/log/messages
+LOGFILE=
 
 STARTUP_LOG=/var/log/shorewall-init.log
 

Samples6/Universal/shorewall6.conf

@@ -22,7 +22,7 @@ VERBOSITY=1
 #			       L O G G I N G
 ###############################################################################
 
-LOGFILE=/var/log/messages
+LOGFILE=
 
 STARTUP_LOG=/var/log/shorewall6-init.log
 

Shorewall/lib.cli

@@ -1,4 +1,4 @@
-#!/bin/sh
+ss_#!/bin/sh
 #
 # Shorewall 4.4 -- /usr/share/shorewall/lib.cli.
 #
@@ -226,6 +226,18 @@ show_classifiers() {
 logwatch() # $1 = timeout -- if negative, prompt each time that
 	   #		     an 'interesting' packet count changes
 {
+    if [ -z "$LOGFILE" ]; then
+	LOGFILE=/var/log/messages
+
+	if [ -n "$(syslog_circular_buffer)" ]; then
+	    g_logread="logread | tac"
+	elif [ -r $LOGFILE ]; then
+	    g_logread="tac $LOGFILE"
+	else
+	    echo "LOGFILE ($LOGFILE) does not exist!" >&2
+	    exit 2
+	fi
+    fi
 
     host=$(echo $g_hostname | sed 's/\..*$//')
     oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
@@ -541,6 +553,20 @@ show_command() {
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
+
+	    if [ -z "$LOGFILE" ]; then
+		LOGFILE=/var/log/messages
+		
+		if [ -n "$(syslog_circular_buffer)" ]; then
+		    g_logread="logread | tac"
+		elif [ -r $LOGFILE ]; then
+		    g_logread="tac $LOGFILE"
+		else
+		    echo "LOGFILE ($LOGFILE) does not exist!" >&2
+		    exit 2
+		fi
+	    fi
+
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
 	    show_reset
@@ -781,6 +807,17 @@ dump_command() {
 	esac
     done
 
+    if [ -z "$LOGFILE" ]; then
+	if [ -n "$(syslog_circular_buffer)" ]; then
+	    g_logread="logread | tac"
+	elif [ -r $LOGFILE ]; then
+	    g_logread="tac $LOGFILE"
+	else
+	    echo "LOGFILE ($LOGFILE) does not exist!" >&2
+	    exit 2
+	fi
+    fi
+
     g_ipt_options="$g_ipt_options $g_ipt_options1"
 
     [ $VERBOSITY -lt 2 ] && VERBOSITY=2

Shorewall/shorewall

@@ -67,15 +67,15 @@ get_config() {
 	# This block is avoided for compile for export and when the user isn't root
 	#
 	if [ "$3" = Yes ]; then
-	    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
+	    if [ -n "$LOGFILE" ]; then
-
+		if [ -n "$(syslog_circular_buffer)" ]; then
-	    if [ -n "$(syslog_circular_buffer)" ]; then
+		    g_logread="logread | tac"
-		g_logread="logread | tac"
+		elif [ -r $LOGFILE ]; then
-	    elif [ -r $LOGFILE ]; then
+		    g_logread="tac $LOGFILE"
-		g_logread="tac $LOGFILE"
+		else
-	    else
+		    echo "LOGFILE ($LOGFILE) does not exist!" >&2
-		echo "LOGFILE ($LOGFILE) does not exist!" >&2
+		    exit 2
-		exit 2
+		fi
 	    fi
 	fi
 

docs/GettingStarted.xml

@@ -22,6 +22,8 @@
 
       <year>2007</year>
 
+      <year>2010</year>
+
       <holder>Thomas M. Eastep</holder>
     </copyright>
 
@@ -48,6 +50,16 @@
   <para>Next, read the QuickStart Guide that is appropriate for your
   configuration:</para>
 
+  <para><emphasis role="bold">If you just want to protect a system: (Requires
+  Shorewall 4.4.12-Beta3 or later)</emphasis></para>
+
+  <itemizedlist>
+    <listitem>
+      <para><ulink url="Universal.html">Universal</ulink> configuration --
+      requires no configuration to protect a single system.</para>
+    </listitem>
+  </itemizedlist>
+
   <para><emphasis role="bold">If you have only one public IP
   address:</emphasis></para>
 

docs/template.xml

@@ -18,7 +18,7 @@
     <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
 
     <copyright>
-      <year>2009</year>
+      <year>2010</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>