From eb118e44436af4faa46220506f561cf4e546d33b Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 13:05:39 -0700
Subject: [PATCH 01/50] Add shorewallrc files.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh            | 187 +++---
 Shorewall-core/lib.base              |  42 +-
 Shorewall-core/lib.cli               |  26 +-
 Shorewall-core/shorewallrc.apple     |  18 +
 Shorewall-core/shorewallrc.archlinux |  18 +
 Shorewall-core/shorewallrc.cygwin    |  18 +
 Shorewall-core/shorewallrc.debian    |  20 +
 Shorewall-core/shorewallrc.default   |  19 +
 Shorewall-core/shorewallrc.redhat    |  18 +
 Shorewall-core/shorewallrc.slackware |  20 +
 Shorewall-core/shorewallrc.suse      |  19 +
 Shorewall-core/uninstall.sh          |   9 +-
 Shorewall-init/ifupdown.sh           |   4 +-
 Shorewall-init/init.debian.sh        |  13 +-
 Shorewall-init/init.sh               |  12 +-
 Shorewall-init/install.sh            | 180 +++---
 Shorewall-init/uninstall.sh          |  95 ++-
 Shorewall-lite/init.debian.sh        |  18 +-
 Shorewall-lite/init.sh               |  20 +-
 Shorewall-lite/install.sh            | 298 +++++----
 Shorewall-lite/shorewall-lite        |  18 +-
 Shorewall-lite/uninstall.sh          |  99 +--
 Shorewall/Perl/Shorewall/Compiler.pm |  16 +-
 Shorewall/Perl/Shorewall/Config.pm   |  46 +-
 Shorewall/Perl/Shorewall/Tc.pm       |   2 +-
 Shorewall/Perl/getparams             |  17 +-
 Shorewall/Perl/prog.footer           |   8 +
 Shorewall/init.debian.sh             |  13 +-
 Shorewall/init.sh                    |  22 +-
 Shorewall/install.sh                 | 898 +++++++++++++--------------
 Shorewall/lib.cli-std                |  20 +-
 Shorewall/shorewall                  |  20 +-
 Shorewall/uninstall.sh               | 126 ++--
 Shorewall6-lite/init.debian.sh       |   6 +
 Shorewall6-lite/init.sh              |  20 +-
 Shorewall6-lite/uninstall.sh         |  92 ++-
 Shorewall6/init.debian.sh            |  12 +-
 Shorewall6/init.sh                   |  14 +-
 Shorewall6/uninstall.sh              | 100 +--
 39 files changed, 1576 insertions(+), 1027 deletions(-)
 create mode 100644 Shorewall-core/shorewallrc.apple
 create mode 100644 Shorewall-core/shorewallrc.archlinux
 create mode 100644 Shorewall-core/shorewallrc.cygwin
 create mode 100644 Shorewall-core/shorewallrc.debian
 create mode 100644 Shorewall-core/shorewallrc.default
 create mode 100644 Shorewall-core/shorewallrc.redhat
 create mode 100644 Shorewall-core/shorewallrc.slackware
 create mode 100644 Shorewall-core/shorewallrc.suse

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 5441b8d4a..617a256c0 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <rcfile> ] "
     echo "       $ME -v"
     echo "       $ME -h"
     exit $1
 }
 
+fatal_error() 
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 split() {
     local ifs
     ifs=$IFS
@@ -85,43 +91,90 @@ install_file() # $1 = source $2 = target $3 = mode
     run_install $T $OWNERSHIP -m $3 $1 ${2}
 }
 
-cd "$(dirname $0)"
+require() 
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}
 
-#
-# Load packager's settings if any
-#
-[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
+cd "$(dirname $0)"
 
 [ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
 
 #
 # Parse the run line
 #
-# ARGS is "yes" if we've already parsed an argument
+finished=0
+
+while [ $finished -eq 0 ]; do
+    option=$1
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "Shorewall Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+
+local file
 #
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    #
+    # Load packager's settings if any
+    #
+    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
+	. ../shorewall-pkg.config || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
+    else
+	file=./shorewallrc.default
+	. $file
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
+    require $var
+done
+
+[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
+
 T="-T"
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-[ -n "${PERLLIB:=/usr/share/shorewall}" ]
-
-case "$LIBEXEC" in
-    /*)
-	;;
-    *)
-	echo "The LIBEXEC setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
-
-case "$PERLLIB" in
-    /*)
-	;;
-    *)
-	echo "The PERLLIB setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
-
 INSTALLD='-D'
 
 if [ -z "$BUILD" ]; then
@@ -180,41 +233,6 @@ esac
 
 OWNERSHIP="-o $OWNER -g $GROUP"
 
-finished=0
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-	    
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "Shorewall Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    [ -n "$option" ] && usage 1
-	    finished=1
-	    ;;
-    esac
-done
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
 #
 # Determine where to install the firewall script
 #
@@ -245,56 +263,47 @@ if [ -n "$DESTDIR" ]; then
     fi
 fi
 
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
 echo "Installing Shorewall Core Version $VERSION"
 
 #
 # Create /usr/share/shorewall
 #
-mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
-chmod 755 ${DESTDIR}${LIBEXEC}/shorewall
+mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
+chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
 
-if [ $LIBEXEC != /usr/shorewall/ ]; then
-    mkdir -p ${DESTDIR}/usr/share/shorewall
-    chmod 755 ${DESTDIR}/usr/share/shorewall
-fi
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
+chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
 #
 # Install wait4ifup
 #
-install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755
+install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
 
 echo
-echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup"
+echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
 
 #
 # Install the libraries
 #
 for f in lib.* ; do
-    install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644
-    echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f"
+    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
+    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
 done
 
-if [ $BUILD != apple ]; then
-    eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
-    eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
-else
-    eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
-    eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
-fi
-
 #
 # Symbolically link 'functions' to lib.base
 #
-ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion
-chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
+chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
+
+cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
+
+if [ -z "${DESTDIR}" ]; then
+    [ -f ~/.shorewallrc ] || cp $file ~/.shorewallrc
+fi
 #
 #  Report Success
 #
diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 0cd8ee22b..99b4a4e7b 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -32,41 +32,57 @@ SHOREWALL_CAPVERSION=40501
 
 [ -n "${g_program:=shorewall}" ]
 
+if [ -z "$g_readrc" ]; then
+    if [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+    else
+	SHAREDIR=/usr/share
+	CONFDIR=/etc
+	SBINDIR=/sbin
+	LIBEXECDIR=/usr/share
+    fi
+
+    g_libexec="$LIBEXECDIR"
+    g_sharedir="$SHAREDIR"
+    g_sbindir="$SBINDIR"
+    g_readrc=1
+fi
+
 case $g_program in
     shorewall)
-	SHAREDIR=/usr/share/shorewall
-	CONFDIR=/etc/shorewall
+	SHAREDIR=${SHAREDIR}/shorewall
+	CONFDIR=${CONFDIR}/shorewall
 	g_product="Shorewall"
 	g_family=4
 	g_tool=
-	g_basedir=/usr/share/shorewall
+	g_basedir=${SHAREDIR}/shorewall
 	g_lite=
 	;;
     shorewall6)
-	SHAREDIR=/usr/share/shorewall6
-	CONFDIR=/etc/shorewall6
+	SHAREDIR=${SHAREDIR}/shorewall6
+	CONFDIR=${CONFDIR}/shorewall6
 	g_product="Shorewall6"
 	g_family=6
 	g_tool=
-	g_basedir=/usr/share/shorewall
+	g_basedir=${SHAREDIR}/shorewall
 	g_lite=
 	;;
     shorewall-lite)
-	SHAREDIR=/usr/share/shorewall-lite
-	CONFDIR=/etc/shorewall-lite
+	SHAREDIR=${SHAREDIR}/shorewall-lite
+	CONFDIR=${CONFDIR}/shorewall-lite
 	g_product="Shorewall Lite"
 	g_family=4
 	g_tool=iptables
-	g_basedir=/usr/share/shorewall-lite
+	g_basedir=${SHAREDIR}/shorewall-lite
 	g_lite=Yes
 	;;
     shorewall6-lite)
-	SHAREDIR=/usr/share/shorewall6-lite
-	CONFDIR=/etc/shorewall6-lite
+	SHAREDIR=${SHAREDIR}/shorewall6-lite
+	CONFDIR=${CONFDIR}/shorewall6-lite
 	g_product="Shorewall6 Lite"
 	g_family=6
 	g_tool=ip6tables
-	g_basedir=/usr/share/shorewall6-lite
+	g_basedir=${SHAREDIR}/shorewall6-lite
 	g_lite=Yes
 	;;
 esac
@@ -186,7 +202,7 @@ mutex_off()
     rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
 
-[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common
+[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
 
 #
 # Validate an IP address
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index ef502e157..5e72707d0 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -23,7 +23,25 @@
 # This library contains the command processing code common to /sbin/shorewall[6] and
 # /sbin/shorewall[6]-lite.
 #
-. /usr/share/shorewall/lib.base
+
+if [ -z "$g_readrc" ]; then
+    if [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+    else
+	SHAREDIR=/usr/share
+	CONFDIR=${CONFDIR}
+	SBINDIR=/sbin
+	LIBEXECDIR=/usr/share
+    fi
+
+    g_libexec="$LIBEXECDIR"
+    g_sharedir="$SHAREDIR"
+    g_sbindir="$SBINDIR"
+    g_readrc=1
+fi
+
+. ${SHAREDIR}/shorewall/lib.base
+
 #
 # Fatal Error
 #
@@ -842,11 +860,13 @@ show_command() {
 		echo "CONFIG_PATH=$CONFIG_PATH"
 		echo "VARDIR=$VARDIR"
 		echo "LIBEXEC=$g_libexec"
+		echo "SBINDIR=$g_sbindir"
 		[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
 	    else
 		echo "Default CONFIG_PATH is $CONFIG_PATH"
 		echo "Default VARDIR is /var/lib/$g_program"
 		echo "LIBEXEC is $g_libexec"
+		echo "SBINDIR is $g_sbindir"
 		[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
 	    fi
 	    ;;
@@ -2950,14 +2970,12 @@ shorewall_cli() {
     g_annotate=
     g_recovering=
     g_timestamp=
-    g_libexec=/usr/share
-    g_perllib=/usr/share/shorewall
     g_shorewalldir=
 
     VERBOSE=
     VERBOSITY=
 
-    [ -n "$g_lite" ] || . /usr/share/shorewall/lib.cli-std
+    [ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
 
     finished=0
 
diff --git a/Shorewall-core/shorewallrc.apple b/Shorewall-core/shorewallrc.apple
new file mode 100644
index 000000000..7931f8a6e
--- /dev/null
+++ b/Shorewall-core/shorewallrc.apple
@@ -0,0 +1,18 @@
+#
+# Apple OS X Shorewall 4.5 rc file
+#
+BUILD=apple
+HOST=apple
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man
+INITDIR=
+INITFILE=none/
+INITSOURCE=
+ANNOTATED=
+SYSCONFDIR=
+SYSTEMD=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.archlinux b/Shorewall-core/shorewallrc.archlinux
new file mode 100644
index 000000000..5f6126490
--- /dev/null
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -0,0 +1,18 @@
+#
+# Archlinux Shorewall 4.5 rc file
+#
+BUILD=archlinux
+HOST=archlinux
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man
+INITDIR=/etc/rc.d
+INITFILE=$PRODUCT
+INITSOURCE=init.sh
+ANNOTATED=
+SYSCONFDIR=
+SYSTEMD=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.cygwin b/Shorewall-core/shorewallrc.cygwin
new file mode 100644
index 000000000..3da1c5434
--- /dev/null
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -0,0 +1,18 @@
+#
+# Cygwin Shorewall 4.5 rc file
+#
+BUILD=cygwin
+HOST=cygwin
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/bin
+MANDIR=/usr/share/man
+INITDIR=/etc/init.d
+INITFILE=
+INITSOURCE=
+ANNOTATED=
+SYSCONFDIR=
+SYSTEMD=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.debian b/Shorewall-core/shorewallrc.debian
new file mode 100644
index 000000000..4a6b10483
--- /dev/null
+++ b/Shorewall-core/shorewallrc.debian
@@ -0,0 +1,20 @@
+#
+# Debian Shorewall 4.5 rc file
+#
+BUILD=                                  #Default is to detect the build system
+HOST=debian
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man
+INITDIR=/etc/init.d
+INITFILE=$PRODUCT
+INITSOURCE=init.debian.sh
+ANNOTATED=
+SPARSE=Yes
+SYSCONFFILE=default.debian
+SYSCONFDIR=/etc/default
+SYSTEMD=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.default b/Shorewall-core/shorewallrc.default
new file mode 100644
index 000000000..aa4ee0a34
--- /dev/null
+++ b/Shorewall-core/shorewallrc.default
@@ -0,0 +1,19 @@
+#
+# Default Shorewall 4.5 rc file
+#
+HOST=                                   #Default is to detect the host system
+BUILD=                                  #Default is to detect the build system
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man
+INITDIR=/etc/init.d
+INITFILE=$PRODUCT
+INITSOURCE=init.sh
+ANNOTATED=
+SYSTEMD=
+SYSCONFDIR=
+SPARSE=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.redhat b/Shorewall-core/shorewallrc.redhat
new file mode 100644
index 000000000..40e82e832
--- /dev/null
+++ b/Shorewall-core/shorewallrc.redhat
@@ -0,0 +1,18 @@
+#
+# RedHat/FedoraShorewall 4.5 rc file
+#
+BUILD=                                  #Default is to detect the build system
+HOST=redhat
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man
+INITDIR=/etc/rc.d/init.d
+INITFILE=$PRODUCT
+INITSOURCE=init.fedora.sh
+ANNOTATED=
+SYSCONFDIR=/etc/sysconfig/
+SYSTEMD=/lib/systemd/system
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.slackware b/Shorewall-core/shorewallrc.slackware
new file mode 100644
index 000000000..e0d2281eb
--- /dev/null
+++ b/Shorewall-core/shorewallrc.slackware
@@ -0,0 +1,20 @@
+#
+# Slackware Shorewall 4.5 rc file
+#
+BUILD=slackware
+HOST=slackware
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/share
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/man
+INITDIR=/etc/rc.d
+INITSOURCE=init.slackware.firewall
+INITFILE=rc.firewall
+AUXINITSOURCE=init.slackware.$PRODUCT
+AUXINITFILE=rc.$PRODUCT
+SYSCONFDIR=
+ANNOTATED=
+SYSTEMD=
+VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
new file mode 100644
index 000000000..047ffc1f5
--- /dev/null
+++ b/Shorewall-core/shorewallrc.suse
@@ -0,0 +1,19 @@
+#
+# SuSE Shorewall 4.5 rc file
+#
+BUILD=                                  #Default is to detect the build system
+HOST=suse
+SHAREDIR=/usr/share
+LIBEXECDIR=/usr/libexec
+PERLLIBDIR=/usr/share/shorewall
+CONFDIR=/etc
+SBINDIR=/sbin
+MANDIR=/usr/share/man/
+INITDIR=/etc/init.d
+INITFILE=$PRODUCT
+INITSOURCE=init.sh
+ANNOTATED=
+SYSTEMD=
+SYSCONFDIR=/etc/sysconfig/
+SPARSE=
+VARDIR=/var/lib
diff --git a/Shorewall-core/uninstall.sh b/Shorewall-core/uninstall.sh
index f363fe591..3c45cd296 100755
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -60,6 +60,10 @@ remove_file() # $1 = file to restore
     fi
 }
 
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+fi
+
 if [ -f /usr/share/shorewall/coreversion ]; then
     INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
@@ -72,12 +76,9 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-[ -n "${PERLLIB:=/usr/share/shorewall}" ]
-
 echo "Uninstalling Shorewall Core $VERSION"
 
-rm -rf /usr/share/shorewall
+rm -rf ${SHAREDIR}/shorewall
 
 echo "Shorewall Core Uninstalled"
 
diff --git a/Shorewall-init/ifupdown.sh b/Shorewall-init/ifupdown.sh
index af942921e..c9ce4d091 100644
--- a/Shorewall-init/ifupdown.sh
+++ b/Shorewall-init/ifupdown.sh
@@ -182,10 +182,8 @@ else
 fi
 
 for PRODUCT in $PRODUCTS; do
-    VARDIR=/var/lib/$PRODUCT
-    [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
     if [ -x $VARDIR/firewall ]; then
-	  ( . /usr/share/$PRODUCT/lib.base
+	  ( . ${SHAREDIR}/shorewall/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
 	    mutex_off
diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh
index cfd027da7..9ae8f2ab2 100755
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -62,10 +62,19 @@ not_configured () {
 	exit 0
 }
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+    SRWL=${SBIN}/shorewall-init
+else
+    CONFDIR=/etc
+    SYSCONFDIR=/etc/default
+fi
+
 # check if shorewall-init is configured or not
-if [ -f "/etc/default/shorewall-init" ]
+if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-	. /etc/default/shorewall-init
+	. $SYSCONFDIR/shorewall-init
 	if [ -z "$PRODUCTS" ]
 	then
 		not_configured
diff --git a/Shorewall-init/init.sh b/Shorewall-init/init.sh
index 0538d1326..ee8d7bc8f 100755
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -53,6 +53,12 @@ else
 	exit 0
 fi
 
+if [ ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    VARDIR=/var/lib
+fi
+
 # Initialize the firewall
 shorewall_start () {
   local PRODUCT
@@ -60,10 +66,8 @@ shorewall_start () {
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      VARDIR=/var/lib/$PRODUCT
-      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
       if [ -x ${VARDIR}/firewall ]; then
-	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
       fi
@@ -83,8 +87,6 @@ shorewall_stop () {
 
   echo -n "Clearing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      VARDIR=/var/lib/$PRODUCT
-      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
       if [ -x ${VARDIR}/firewall ]; then
 	  ${VARDIR}/firewall clear || exit 1
       fi
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 4e688900d..56daf968d 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -34,6 +34,12 @@ usage() # $1 = exit status
     exit $1
 }
 
+fatal_error() 
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 split() {
     local ifs
     ifs=$IFS
@@ -76,9 +82,9 @@ cant_autostart()
     echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
 }
 
-delete_file() # $1 = file to delete
+require() 
 {
-    rm -f $1
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 
 install_file() # $1 = source $2 = target $3 = mode
@@ -88,44 +94,78 @@ install_file() # $1 = source $2 = target $3 = mode
 
 cd "$(dirname $0)"
 
-#
-# Load packager's settings if any
-#
-[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
+PRODUCT=shorewall-init
 
-[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
+#
+# Parse the run line
+#
+finished=0
 
-while [ $# -gt 0 ] ; do
+while [ $finished -eq 0 ] ; do
     case "$1" in
-	-h|help|?)
-	    usage 0
-	    ;;
-        -v)
-	    echo "Shorewall Init Installer Version $VERSION"
-	    exit 0
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "Shorewall-init Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
 	    ;;
 	*)
-	    usage 1
+	    finished=1
 	    ;;
     esac
-    shift
+done
+
+local file
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    #
+    # Load packager's settings if any
+    #
+    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
+	. ../shorewall-pkg.config || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
+    else
+	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
+    require $var
 done
 
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-
-case "$LIBEXEC" in
-    /*)
-	;;
-    *)
-	echo "The LIBEXEC setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
-
-INITFILE="shorewall-init"
-
 if [ -z "$BUILD" ]; then
     case $(uname) in
 	cygwin*)
@@ -174,11 +214,9 @@ OWNERSHIP="-o $OWNER -g $GROUP"
 case "$HOST" in
     debian)
 	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
 	;;
     redhat|redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
-	[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
 	;;
     slackware)
 	echo "Shorewall-init is currently not supported on Slackware" >&2
@@ -202,10 +240,6 @@ esac
 
 [ -z "$TARGET" ] && TARGET=$HOST
 
-if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
-    INITDIR="/etc/init.d"
-fi
-
 if [ -n "$DESTDIR" ]; then
     if [ `id -u` != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
@@ -215,57 +249,42 @@ if [ -n "$DESTDIR" ]; then
     install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 fi
 
-if [ -z "$DESTDIR" ]; then
-    if [ -d /lib/systemd/system ]; then
-	SYSTEMD=Yes
-	INITFILE=
-    fi
-elif [ -n "$SYSTEMD" ]; then
-    mkdir -p ${DESTDIR}/lib/systemd/system
-    INITFILE=
-fi
-
 echo "Installing Shorewall Init Version $VERSION"
 
 #
 # Check for /usr/share/shorewall-init/version
 #
-if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
+if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
     first_install=""
 else
     first_install="Yes"
 fi
 
+#
+# Install the Firewall Script
+#
 if [ -n "$INITFILE" ]; then
-    #
-    # Install the Init Script
-    #
-    case $TARGET in
-	debian)
-	    install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
-	    ;;
-	redhat)
-	    install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
-	    ;;
-	*)
-	    install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
-	    ;;
-    esac
+    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+    
+    if [ -n "${AUXINITSOURCE}" ]; then
+	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
+    fi
 
-    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
+    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
+
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
-    echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
     if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}/sbin/
-        chmod 755 ${DESTDIR}/sbin
+	mkdir -p ${DESTDIR}${SBINDIR}
+        chmod 755 ${DESTDIR}${SBINDIR}
     fi
-    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}/sbin/shorewall-init
-    echo "CLI installed as ${DESTDIR}/sbin/shorewall-init"
+    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
+    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
 
 #
@@ -285,7 +304,7 @@ chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
 #
 if [ -z "$DESTDIR" ]; then
     rm -f /usr/share/shorewall-init/init
-    ln -s ${INITDIR}/${INITFILE} /usr/share/shorewall-init/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
 fi
 
 if [ $HOST = debian ]; then
@@ -324,9 +343,9 @@ fi
 # Install the ifupdown script
 #
 
-mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init
+mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 
-install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544
+install_file ifupdown.sh ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
     install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
@@ -344,11 +363,11 @@ case $HOST in
 	fi
 	;;
     redhat)
-	if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
-	    echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 	elif [ -z "$DESTDIR" ]; then
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
+	    install_file ifupdown.sh ${DESTDIR}${SBINDIR}/ifup-local 0544
+	    install_file ifupdown.sh ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	fi
 	;;
 esac
@@ -365,20 +384,20 @@ if [ -z "$DESTDIR" ]; then
 		if systemctl enable shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
-	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
 		if insserv /etc/init.d/shorewall-init ; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
-	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
 		if chkconfig --add shorewall-init ; then
 		    echo "Shorewall Init will start automatically in run levels as follows:"
 		    chkconfig --list shorewall-init
 		else
 		    cant_autostart
 		fi
-	    elif [ -x /sbin/rc-update ]; then
+	    elif [ -x ${SBINDIR}/rc-update ]; then
 		if rc-update add shorewall-init default; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
@@ -387,7 +406,6 @@ if [ -z "$DESTDIR" ]; then
 	    else
 		cant_autostart
 	    fi
-
 	fi
     fi
 else
@@ -408,7 +426,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
 		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
+		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
 	    done
 	    ;;
 	redhat)
@@ -419,13 +437,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
 		    if fgrep -q Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
 			break
 		    fi
 		else
-		    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		fi
 	    done
 	    ;;
diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh
index 180645691..42910f4e3 100755
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -40,6 +40,27 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
 remove_file() # $1 = file to restore
 {
     if [ -f $1 -o -L $1 ] ; then
@@ -48,8 +69,31 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f /usr/share/shorewall-init/version ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)"
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+else
+    [ -n "${LIBEXEC:=/usr/share}" ]
+    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
+    [ -n "${CONFDIR:=/etc}" ]
+    
+    if [ -z "$SYSCONFDIR" ]; then
+	if [ -d /etc/default ]; then
+	    SYSCONFDIR=/etc/default
+	else
+	    SYSCONFDIR=/etc/sysconfig
+	fi
+    fi
+
+    [ -n "${SBINDIR:=/sbin}" ]
+    [ -n "${SHAREDIR:=/usr/share}" ]
+    [ -n "${VARDIR:=/var/lib}" ]
+    [ -n "${INITFILE:=shorewall}" ]
+    [ -n "${INITDIR:=/etc/init.d}" ]
+    [ -n "${MANDIR:=/usr/share/man}" ]
+fi
+
+if [ -f ${SHAREDIR}/shorewall-init/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -60,56 +104,55 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
+[ -n "${LIBEXEC:=${SHAREDIR}}" ]
 
 echo "Uninstalling Shorewall Init $VERSION"
 
-INITSCRIPT=/etc/init.d/shorewall-init
+INITSCRIPT=${CONFDIR}/init.d/shorewall-init
 
-if [ -n "$INITSCRIPT" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+if [ -f "$INITSCRIPT" ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall-init remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
         insserv -r $INITSCRIPT
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $INITSCRIPT)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall-init
-    else
-	rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
     fi
 
     remove_file $INITSCRIPT
 fi
 
-[ "$(readlink -m -q /sbin/ifup-local)"   = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local
-[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local
+[ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
+[ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
 
-remove_file /etc/default/shorewall-init
-remove_file /etc/sysconfig/shorewall-init
+remove_file ${CONFDIR}/default/shorewall-init
+remove_file ${CONFDIR}/sysconfig/shorewall-init
 
-remove_file /etc/NetworkManager/dispatcher.d/01-shorewall
+remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
 
-remove_file /etc/network/if-up.d/shorewall
-remove_file /etc/network/if-down.d/shorewall
+remove_file ${CONFDIR}/network/if-up.d/shorewall
+remove_file ${CONFDIR}/network/if-down.d/shorewall
 
-remove_file /etc/sysconfig/network/if-up.d/shorewall
-remove_file /etc/sysconfig/network/if-down.d/shorewall
-remove_file /lib/systemd/system/shorewall.service
+remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
+remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
 
-if [ -d /etc/ppp ]; then
+[ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
+
+if [ -d ${CONFDIR}/ppp ]; then
     for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-	remove_file /etc/ppp/$directory/shorewall
+	remove_file ${CONFDIR}/ppp/$directory/shorewall
     done
 
     for file in if-up.local if-down.local; do
-	if fgrep -q Shorewall-based /etc/ppp/$FILE; then
-	    remove_file /etc/ppp/$FILE
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
     done
 fi
 
-rm -rf /usr/share/shorewall-init
+rm -rf ${SHAREDIR}/shorewall-init
 rm -rf ${LIBEXEC}/shorewall-init
 
 echo "Shorewall Init Uninstalled"
diff --git a/Shorewall-lite/init.debian.sh b/Shorewall-lite/init.debian.sh
index f96319b3b..2f7b90441 100755
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -57,17 +57,27 @@ not_configured () {
 	exit 0
 }
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+    SRWL=${SBIN}/shorewall-lite
+else
+    CONFDIR=/etc
+    SYSCONFDIR=/etc/default
+fi
+
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
-if [ -f "/etc/shorewall-lite/params" ]
+
+if [ -f "$CONFDIR/shorewall-lite/params" ]
 then
-	. /etc/shorewall-lite/params
+	. $CONFDIR/shorewall-lite/params
 fi
 
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall-lite" ]
+if [ -f "$SYSCONFDIR/shorewall-lite" ]
 then
-	. /etc/default/shorewall-lite
+	. $SYSCONFDIR/shorewall-lite
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
diff --git a/Shorewall-lite/init.sh b/Shorewall-lite/init.sh
index 859f5affa..811720d70 100755
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -61,10 +61,16 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-if [ -f /etc/sysconfig/shorewall ]; then
-    . /etc/sysconfig/shorewall
-elif [ -f /etc/default/shorewall ] ; then
-    . /etc/default/shorewall
+
+if [ ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBIN=/sbin
+    SYSCONFDIR=/etc/sysconfig
+fi
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
 fi
 
 SHOREWALL_INIT_SCRIPT=1
@@ -76,13 +82,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBIN}/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBIN}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec /sbin/shorewall-lite $OPTIONS $command $@
+	exec ${SBIN}/shorewall-lite $OPTIONS $command $@
 	;;
     *)
 	usage
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 93afb190b..643009315 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -33,6 +33,12 @@ usage() # $1 = exit status
     exit $1
 }
 
+fatal_error() 
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 split() {
     local ifs
     ifs=$IFS
@@ -85,16 +91,16 @@ install_file() # $1 = source $2 = target $3 = mode
     run_install $T $OWNERSHIP -m $3 $1 ${2}
 }
 
+require() 
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}
+
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 
-#
-# Load packager's settings if any
-#
-[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
-
 if [ -f shorewall-lite ]; then
     PRODUCT=shorewall-lite
     Product="Shorewall Lite"
@@ -108,34 +114,72 @@ fi
 #
 # Parse the run line
 #
-while [ $# -gt 0 ] ; do
+finished=0
+
+while [ $finished -eq 0 ] ; do
     case "$1" in
-	-h|help|?)
-	    usage 0
-	    ;;
-        -v)
-	    echo "$Product Firewall Installer Version $VERSION"
-	    exit 0
+	-*)
+	    option=${option#-}
+	    
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "$Product Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
 	    ;;
 	*)
-	    usage 1
+	    finished=1
 	    ;;
     esac
-    shift
 done
 
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+local file
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    #
+    # Load packager's settings if any
+    #
+    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
+	. ../shorewall-pkg.config || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
+    else
+	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
 
-[ -n "${LIBEXEC:=/usr/share}" ]
+    . $file
+else
+    usage 1
+fi
 
-case "$LIBEXEC" in
-    /*)
-	;;
-    *)
-	echo "The LIBEXEC setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
+for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
+    require $var
+done
+
+PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 
 #
 # Determine where to install the firewall script
@@ -154,15 +198,15 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/debian_version ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
-	    elif [ -f /etc/redhat-release ]; then
+	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
-	    elif [ -f /etc/SuSE-release ]; then
+	    elif [ -f ${CONFDIR}/SuSE-release ]; then
 		BUILD=suse
-	    elif [ -f /etc/slackware-version ] ; then
+	    elif [ -f ${CONFDIR}/slackware-version ] ; then
 		BUILD=slackware
-	    elif [ -f /etc/arch-release ] ; then
+	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
 	    else
 		BUILD=linux
@@ -203,21 +247,15 @@ case "$HOST" in
 	;;
     debian)
 	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
 	;;
     redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR=/etc/rc.d/init.d
 	;;
     slackware)
 	echo "Installing Slackware-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
-	[ -n "$INITFILE" ] || INITFILE="rc.firewall"
-	[ -n "$MANDIR=" ]  || MANDIR=/usr/man
 	;;
     archlinux)
 	echo "Installing ArchLinux-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
 	;;
     linux|suse)
 	;;
@@ -227,7 +265,7 @@ case "$HOST" in
 	;;
 esac
 
-[ -z "$INITDIR" ] && INITDIR="/etc/init.d"
+[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
 
 if [ -n "$DESTDIR" ]; then
     if [ `id -u` != 0 ] ; then
@@ -235,8 +273,8 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
     fi
     
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${DESTFILE}
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 
     if [ -n "$SYSTEMD" ]; then
 	mkdir -p ${DESTDIR}/lib/systemd/system
@@ -257,27 +295,27 @@ fi
 echo "Installing $Product Version $VERSION"
 
 #
-# Check for /etc/$PRODUCT
+# Check for ${CONFDIR}/$PRODUCT
 #
-if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then
+if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
     if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
     fi
 
-    [ -f /etc/$PRODUCT/shorewall.conf ] && \
-	mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf
+    [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
+	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 else
-    rm -rf ${DESTDIR}/etc/$PRODUCT
+    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
     rm -rf ${DESTDIR}/usr/share/$PRODUCT
     rm -rf ${DESTDIR}/var/lib/$PRODUCT
-    [ "$LIBEXEC" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
+    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
 fi
 
 #
-# Check for /sbin/$PRODUCT
+# Check for ${SBINDIR}/$PRODUCT
 #
-if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
+if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
     first_install=""
 else
     first_install="Yes"
@@ -285,24 +323,24 @@ fi
 
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 
-install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544
+install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
 
-echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"
+echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 
 #
-# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
+# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
-mkdir -p ${DESTDIR}/etc/$PRODUCT
+mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
 mkdir -p ${DESTDIR}/usr/share/$PRODUCT
-mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
+mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
 mkdir -p ${DESTDIR}/var/lib/$PRODUCT
 
-chmod 755 ${DESTDIR}/etc/$PRODUCT
+chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
 chmod 755 ${DESTDIR}/usr/share/$PRODUCT
 
 if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}/etc/logrotate.d
-    chmod 755 ${DESTDIR}/etc/logrotate.d
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
+    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
     mkdir -p ${DESTDIR}${INITDIR}
     chmod 755 ${DESTDIR}${INITDIR}
 fi
@@ -329,74 +367,74 @@ fi
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
     echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
 
 #
 # Install the config file
 #
-if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
-   install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744
-   echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
+if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
+   install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
+   echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
 fi
 
 if [ $HOST = archlinux ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
+   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 
 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
-echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"
+run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
+echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 
 #
 # Install the default config path file
 #
-install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
-echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"
+install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
+echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
 
 #
 # Install the libraries
 #
 for f in lib.* ; do
     if [ -f $f ]; then
-	install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
     fi
 done
 
-ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
 
-echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions"
+echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 
 #
 # Install Shorecap
 #
 
-install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755
+install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
 
 echo
-echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap"
+echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
 
 #
 # Install the Modules files
 #
 
 if [ -f modules ]; then
-    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT
-    echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
+    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
+    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 
 if [ -f helpers ]; then
-    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT
-    echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
+    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
+    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
-    echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
 #
@@ -406,18 +444,18 @@ done
 if [ -d manpages ]; then
     cd manpages
 
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
 
     for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz"
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
     done
 
     for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz"
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
     done
 
     cd ..
@@ -425,73 +463,73 @@ if [ -d manpages ]; then
     echo "Man Pages Installed"
 fi
 
-if [ -d ${DESTDIR}/etc/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
-    echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
+if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
+    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
-chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #
 
 if [ -z "$DESTDIR" ]; then
-    rm -f /usr/share/$PRODUCT/init
-    ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init
+    rm -f ${SHAREDIR}/$PRODUCT/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
 
-delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common
-delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli
-delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
 
-if [ -z "$DESTDIR" ]; then
-    touch /var/log/$PRODUCT-init.log
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ ${DESTDIR} ]; then
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
+	chmod 755 ${DESTDIR}${SYSCONFDIR}
+    fi
 
-    if [ -n "$first_install" ]; then
-	if [ $HOST = debian ]; then
-	    run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
-
-	    update-rc.d $PRODUCT defaults
-
-	    if [ -x /sbin/insserv ]; then
-		insserv /etc/init.d/$PRODUCT
-	    else
-		ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
-	    fi
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+fi
 
+if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
+    if mywhich update-rc.d ; then
+	echo "$PRODUCT will start automatically at boot"
+	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
+	touch /var/log/$PRODUCT-init.log
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
+    elif [ -n "$SYSTEMD" ]; then
+	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"
-	else
-	    if [ -n "$SYSTEMD" ]; then
-		if systemctl enable $PRODUCT; then
-		    echo "$Product will start automatically at boot"
-		fi
-	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
-		if insserv /etc/init.d/$PRODUCT ; then
-		    echo "$Product will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
-		if chkconfig --add $PRODUCT ; then
-		    echo "$Product will start automatically in run levels as follows:"
-		    chkconfig --list $PRODUCT
-		else
-		    cant_autostart
-		fi
-	    elif [ -x /sbin/rc-update ]; then
-		if rc-update add $PRODUCT default; then
-		    echo "$Product will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif [ "$INITFILE" != rc.firewall ]; then #Slackware starts this automatically
-		cant_autostart
-	    fi
 	fi
+    elif mywhich insserv; then
+	if insserv ${INITDIR}/${INITFILE} ; then
+	    echo "$PRODUCT will start automatically at boot"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
+	else
+	    cant_autostart
+	fi
+    elif mywhich chkconfig; then
+	if chkconfig --add $PRODUCT ; then
+	    echo "$PRODUCT will start automatically in run levels as follows:"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
+	    chkconfig --list $PRODUCT
+	else
+	    cant_autostart
+	fi
+    elif mywhich rc-update ; then
+	if rc-update add $PRODUCT default; then
+	    echo "$PRODUCT will start automatically at boot"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	else
+	    cant_autostart
+	fi
+    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
+	cant_autostart
     fi
 fi
 
diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index d72a20968..698e698bd 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -27,6 +27,22 @@
 ################################################################################################
 g_program=shorewall-lite
 
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
+    CONFDIR=${CONFDIR}
+    SBINDIR=/sbin
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+
+fi
+
+g_libexec="$LIBEXECDIR"
+g_sharedir="$SHAREDIR"
+g_sbindir="$SBINDIR"
+g_readrc=1
+
+. $g_sharedir/shorewall/lib.cli
 
 shorewall_cli $@
diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh
index d49430e82..be600bc5f 100755
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -40,16 +40,25 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
-restore_file() # $1 = file to restore
-{
-    if [ -f ${1}-shorewall.bkout ]; then
-	if (mv -f ${1}-shorewall-lite.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    exit 1
-        fi
-    fi
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
 }
 
 remove_file() # $1 = file to restore
@@ -60,8 +69,31 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f /usr/share/shorewall-lite/version ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+else
+    [ -n "${LIBEXEC:=/usr/share}" ]
+    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
+    [ -n "${CONFDIR:=/etc}" ]
+    
+    if [ -z "$SYSCONFDIR" ]; then
+	if [ -d /etc/default ]; then
+	    SYSCONFDIR=/etc/default
+	else
+	    SYSCONFDIR=/etc/sysconfig
+	fi
+    fi
+
+    [ -n "${SBINDIR:=/sbin}" ]
+    [ -n "${SHAREDIR:=/usr/share}" ]
+    [ -n "${VARDIR:=/var/lib}" ]
+    [ -n "${INITFILE:=shorewall}" ]
+    [ -n "${INITDIR:=/etc/init.d}" ]
+    [ -n "${MANDIR:=/usr/share/man}" ]
+fi
+
+if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -72,49 +104,40 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-
 echo "Uninstalling Shorewall Lite $VERSION"
 
-if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
-   /sbin/shorewall-lite clear
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
+   shorewall-lite clear
 fi
 
-if [ -L /usr/share/shorewall-lite/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init)
-else
-    FIREWALL=/etc/init.d/shorewall-lite
+if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+elIF [ -n "$INITFILE" ]; then
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
 
-if [ -n "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+if [ -f "$FIREWALL" ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall-lite remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif if mywhich insserv ; then
         insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif [ mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall-lite
-    else
-	rm -f /etc/rc*.d/*$(basename $FIREWALL)
     fi
 
     remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
 fi
 
-rm -f /sbin/shorewall-lite
-rm -f /sbin/shorewall-lite-*.bkout
+rm -f ${SBINDIR}/shorewall-lite
 
-rm -rf /etc/shorewall-lite
-rm -rf /etc/shorewall-lite-*.bkout
-rm -rf /var/lib/shorewall-lite
-rm -rf /var/lib/shorewall-lite-*.bkout
-rm -rf /usr/share/shorewall-lite
+rm -rf ${SBINDIR}/shorewall-lite
+rm -rf ${VARDIR}/shorewall-lite
+rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXEC}/shorewall-lite
-rm -rf /usr/share/shorewall-lite-*.bkout
-rm -f  /etc/logrotate.d/shorewall-lite
-rm -f  /lib/systemd/system/shorewall-lite.service
+rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall-lite.service
 
 echo "Shorewall Lite Uninstalled"
 
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index ce15e946f..84bb7aac1 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -160,15 +160,17 @@ sub generate_script_2() {
 	emit( 'g_family=4' );
 
 	if ( $export ) {
-	    emit ( 'SHAREDIR=/usr/share/shorewall-lite',
-		   'CONFDIR=/etc/shorewall-lite',
+	    emit ( 'SHAREDIR=$SHARDIR/shorewall-lite',
+		   'CONFDIR=$CONFDIR/shorewall-lite',
+		   'VARDIR=$VARDIR/shorewall-lite',
 		   'g_product="Shorewall Lite"',
 		   'g_program=shorewall-lite',
 		   'g_basedir=/usr/share/shorewall-lite',
 		 );
 	} else {
-	    emit ( 'SHAREDIR=/usr/share/shorewall',
-		   'CONFDIR=/etc/shorewall',
+	    emit ( 'SHAREDIR=$SHARDIR/shorewall',
+		   'CONFDIR=$CONFDIR/shorewall',
+		   'VARDIR=$VARDIR/shorewall',
 		   'g_product=Shorewall',
 		   'g_program=shorewall',
 		   'g_basedir=/usr/share/shorewall',
@@ -178,8 +180,9 @@ sub generate_script_2() {
 	emit( 'g_family=6' );
 
 	if ( $export ) {
-	    emit ( 'SHAREDIR=/usr/share/shorewall6-lite',
-		   'CONFDIR=/etc/shorewall6-lite',
+	    emit ( 'SHAREDIR=/$SHARDIR/shorewall6-lite',
+		   'CONFDIR=$CONFDIR/shorewall6-lite',
+		   'VARDIR=$VARDIR/shorewall6-lite',
 		   'g_product="Shorewall6 Lite"',
 		   'g_program=shorewall6-lite',
 		   'g_basedir=/usr/share/shorewall6',
@@ -187,6 +190,7 @@ sub generate_script_2() {
 	} else {
 	    emit ( 'SHAREDIR=/usr/share/shorewall6',
 		   'CONFDIR=/etc/shorewall6',
+		   'VARDIR=$VARDIR/shorewall6',
 		   'g_product=Shorewall6',
 		   'g_program=shorewall6',
 		   'g_basedir=/usr/share/shorewall'
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 386b7aa13..198066c74 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -141,6 +141,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       %config
 				       %globals
 				       %config_files
+				       %shorewallrc
 
 				       @auditoptions
 
@@ -431,7 +432,12 @@ my %converted = ( WIDE_TC_MARKS => 1,
 my $omitting;
 my @ifstack;
 my $ifstack;
+#
+# From .shorewallrc
+#
+our %shorewallrc;
 
+sub process_shorewallrc();
 #
 # Rather than initializing globals in an INIT block or during declaration,
 # we initialize them in a function. This is done for two reasons:
@@ -472,9 +478,9 @@ sub initialize( $ ) {
     #
     # Misc Globals
     #
-    %globals  =   ( SHAREDIRPL => '/usr/share/shorewall/' ,
-		    CONFDIR    => '/etc/shorewall',     # Run-time configuration directory
-		    CONFIGDIR  => '',                  # Compile-time configuration directory (location of $product.conf)
+    %globals  =   ( SHAREDIRPL => '' ,
+		    CONFDIR    => '',         # Run-time configuration directory
+		    CONFIGDIR  => '',         # Compile-time configuration directory (location of $product.conf)
 		    LOGPARMS   => '',
 		    TC_SCRIPT  => '',
 		    EXPORT     => 0,
@@ -745,15 +751,24 @@ sub initialize( $ ) {
 
     @actparms = ();
 
+    %shorewallrc = (
+		    SHAREDIR => '/usr/share/',
+		    CONFDIR  => '/etc/',
+		    );
+
+    process_shorewallrc;
+
+    $globals{SHAREDIRPL} = "$shorewallrc{SHAREDIR}/shorewall/";
+
     if ( $family == F_IPV4 ) {
-	$globals{SHAREDIR}      = '/usr/share/shorewall';
-	$globals{CONFDIR}       = '/etc/shorewall';
+	$globals{SHAREDIR}      = "$shorewallrc{SHAREDIR}/shorewall";
+	$globals{CONFDIR}       = "$shorewallrc{CONFDIR}/shorewall";
 	$globals{PRODUCT}       = 'shorewall';
 	$config{IPTABLES}       = undef;
 	$validlevels{ULOG}      = 'ULOG';
     } else {
-	$globals{SHAREDIR}      = '/usr/share/shorewall6';
-	$globals{CONFDIR}       = '/etc/shorewall6';
+	$globals{SHAREDIR}      = "$shorewallrc{SHAREDIR}/shorewall6";
+	$globals{CONFDIR}       = "$shorewallrc{CONFDIR}/shorewall6";
 	$globals{PRODUCT}       = 'shorewall6';
 	$config{IP6TABLES}      = undef;
     }
@@ -2256,6 +2271,21 @@ sub read_a_line1() {
     }
 }
 
+sub process_shorewallrc() {
+    my $home = $ENV{HOME} || `echo ~`;
+
+    if ( $home && open_file "$home/.shorewallrc" ) {
+	while ( read_a_line1 ) {
+	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
+		my ($var, $val) = ($1, $2);
+		$shorewallrc{$var} = $val =~ /^\"([^\"]*)\"$/ ? $1 : $val;
+	    } else {
+		fatal_error "Unrecognized shorewallrc entry";
+	    }
+	}
+    }
+}
+
 #
 # Provide the passed default value for the passed configuration variable
 #
@@ -3183,7 +3213,7 @@ sub ensure_config_path() {
 
     my $f = "$globals{SHAREDIR}/configpath";
 
-    $globals{CONFDIR} = "/usr/share/$product/configfiles/" if $> != 0;
+    $globals{CONFDIR} = "$shorewallrc{SHAREDIR}/$product/configfiles/" if $> != 0;
 
     unless ( $config{CONFIG_PATH} ) {
 	fatal_error "$f does not exist" unless -f $f;
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 6b9daa54c..fdeb82f88 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1039,7 +1039,7 @@ sub validate_tc_class( ) {
 	fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
 	fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
 	fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent"             if $parentref->{flow};
-	fatal_error "The default class ($parentnum) may not have sub-classes"                        if $devref->{default} == $parentclass;
+	fatal_error "The default class ($parentnum) may not have sub-classes"                        if ( $devref->{default} || 0 ) == $parentclass;
 	$parentref->{leaf} = 0;
 	$ratemax  = $parentref->{rate};
 	$ratename = q(the parent class's RATE);
diff --git a/Shorewall/Perl/getparams b/Shorewall/Perl/getparams
index 3c9e7e315..38472af6a 100755
--- a/Shorewall/Perl/getparams
+++ b/Shorewall/Perl/getparams
@@ -33,7 +33,22 @@ else
     g_program=shorewall
 fi
 
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
+    CONFDIR=${CONFDIR}
+    SBINDIR=/sbin
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+fi
+
+g_libexec="$LIBEXECDIR"
+g_sharedir="$SHAREDIR"
+g_sbindir="$SBINDIR"
+g_readrc=1
+
+. $g_sharedir/shorewall/lib.cli
 
 CONFIG_PATH="$2"
 
diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index 780385b8f..ad67eb4ab 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -85,6 +85,14 @@ g_noroutes=$NOROUTES
 g_timestamp=$TIMESTAMP
 g_recovering=$RECOVERING
 
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    CONFDIR=/etc
+    SHAREDIR=/usr/share
+    VARDIR=/var/lib
+fi
+
 initialize
 
 if [ -n "$STARTUP_LOG" ]; then
diff --git a/Shorewall/init.debian.sh b/Shorewall/init.debian.sh
index 53b099139..8a78d09e9 100755
--- a/Shorewall/init.debian.sh
+++ b/Shorewall/init.debian.sh
@@ -11,7 +11,6 @@
 ### END INIT INFO
 
 
-
 SRWL=/sbin/shorewall
 SRWL_OPTS="-tvv"
 WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
@@ -54,10 +53,18 @@ not_configured () {
 	exit 0
 }
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+    SRWL=${SBIN}/shorewall
+else
+    SYSCONFDIR=/etc/default
+fi
+
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall" ]
+if [ -f "${SYSCONFDIR}/shorewall" ]
 then
-	. /etc/default/shorewall
+	. ${SYSCONFDIR}/shorewall
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
diff --git a/Shorewall/init.sh b/Shorewall/init.sh
index 9f4e02041..4d4cf2f7d 100755
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
 # Give Usage Information						       #
 ################################################################################
 usage() {
-    echo "Usage: $0 start|stop|reload|restart|status"
+    echo "Usage: $0 start|stop|reload|restart|status" > &2
     exit 1
 }
 
@@ -62,10 +62,16 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-v0"
-if [ -f /etc/sysconfig/shorewall ]; then
-    . /etc/sysconfig/shorewall
-elif [ -f /etc/default/shorewall ] ; then
-    . /etc/default/shorewall
+
+if [ ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBIN=/sbin
+    SYSCONFDIR=/etc/sysconfig
+fi
+
+if [ -f ${SYSCONFDIR}/shorewall ]; then
+    . ${SYSCONFDIR}/shorewall
 fi
 
 export SHOREWALL_INIT_SCRIPT=1
@@ -78,13 +84,13 @@ shift
 
 case "$command" in
     start)
-	exec /sbin/shorewall $OPTIONS start $STARTOPTIONS
+	exec $SBIN/shorewall $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS
+	exec $SBIN/shorewall $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec /sbin/shorewall $OPTIONS $command
+	exec $SBIN/shorewall $OPTIONS $command
 	;;
     *)
 	usage
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 7fc03f7fc..449d23c00 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -38,6 +38,12 @@ usage() # $1 = exit status
     exit $1
 }
 
+fatal_error() 
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 split() {
     local ifs
     ifs=$IFS
@@ -57,7 +63,6 @@ mywhich() {
 
     for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
-	    echo $dir/$1
 	    return 0
 	fi
     done
@@ -90,6 +95,11 @@ install_file() # $1 = source $2 = target $3 = mode
     run_install $T $OWNERSHIP -m $3 $1 ${2}
 }
 
+require() 
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}
+
 cd "$(dirname $0)"
 
 #
@@ -112,33 +122,87 @@ fi
 #
 #
 T="-T"
-
-ANNOTATED=
-MANDIR=${MANDIR:-"/usr/share/man"}
-SPARSE=
 INSTALLD='-D'
-INITFILE="$PRODUCT"
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-[ -n "${PERLLIB:=/usr/share/shorewall}" ]
+finished=0
 
-case "$LIBEXEC" in
-    /*)
-	;;
-    *)
-	echo "The LIBEXEC setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
+while [ $finished -eq 0 ]; do
+    option=$1
 
-case "$PERLLIB" in
-    /*)
-	;;
-    *)
-	echo "The PERLLIB setting must be an absolute path name" >&2
-	exit 1
-	;;
-esac
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "$Product Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    s*)
+			SPARSE=Yes
+			option=${option#s}
+			;;
+		    a*)
+			ANNOTATED=Yes
+			option=${option#a}
+			;;
+		    p*)
+			ANNOTATED=
+			option=${option#p}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    #
+    # Load packager's settings if any
+    #
+    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
+	. ../shorewall-pkg.config || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
+    else
+	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
+    require $var
+done
+
+[ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
 
 if [ -z "$BUILD" ]; then
     case $(uname) in
@@ -185,53 +249,6 @@ esac
 
 OWNERSHIP="-o $OWNER -g $GROUP"
 
-finished=0
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-	    
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    s*)
-			SPARSE=Yes
-			option=${option#s}
-			;;
-		    a*)
-			ANNOTATED=Yes
-			option=${option#a}
-			;;
-		    p*)
-			ANNOTATED=
-			option=${option#p}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    [ -n "$option" ] && usage 1
-	    finished=1
-	    ;;
-    esac
-done
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
 #
 # Determine where to install the firewall script
 #
@@ -241,44 +258,33 @@ if [ $PRODUCT = shorewall -a -z "${DESTDIR}" ]; then
     # Verify that Perl is installed
     #
     if ! perl -c Perl/compiler.pl; then
-	echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the $Product perl code" >&2
+	echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the $Product Perl code" >&2
 	echo "       Try perl -c $PWD/Perl/compiler.pl" >&2
 	exit 1
     fi
 fi
 
-[ -n "$HOST" ] || HOST=$BUILD
-
 case "$HOST" in
     cygwin)
 	echo "Installing Cygwin-specific configuration..."
-	INITFILE=
 	;;
     apple)
 	echo "Installing Mac-specific configuration...";
-	INITFILE=
 	;;
     debian)
 	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
 	;;
     redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d/init.d"
 	;;
     suse)
 	echo "Installing SuSE-specific configuration...";
 	;;
     slackware)
 	echo "Installing Slackware-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
-	[ -n "$MANDIR" ]   || MANDIR="/usr/man"
-	[ -n "$INITFILE" ] || INITFILE="rc.firewall"
 	;;
     archlinux)
 	echo "Installing ArchLinux-specific configuration..."
-	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
-	[ -n "$INITFILE" ] || INITFILE="$PRODUCT"
 	;;
     linux)
 	;;
@@ -288,110 +294,83 @@ case "$HOST" in
 	;;
 esac
 
-if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
-    INITDIR="/etc/init.d"
+if [ $BUILD != cygwin ]; then
+    if [ `id -u` != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
+    fi
 fi
 
-if [ -n "$DESTDIR" ]; then
-    if [ $BUILD != cygwin ]; then
-	if [ `id -u` != 0 ] ; then
-	    echo "Not setting file owner/group permissions, not running as root."
-	    OWNERSHIP=""
-	fi
-    fi
+install -d $OWNERSHIP -m 755 ${DESTDIR}${SBINDIR}
+[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
-elif [ $PRODUCT != shorewall ]; then
-    [ -x ${LIBEXEC}/shorewall/compiler.pl ] || \
+if [ -z "$DESTDIR" -a $PRODUCT != shorewall ]; then
+    [ -x ${LIBEXECDIR}/shorewall/compiler.pl ] || \
 	{ echo "   ERROR: Shorewall >= 4.5.0 is not installed" >&2; exit 1; }
 fi
 
-if [ -z "$DESTDIR" ]; then
-    if [ -f /lib/systemd/system ]; then
-	SYSTEMD=Yes
-	INITFILE=
-    fi
-elif [ -n "$SYSTEMD" ]; then
-    mkdir -p ${DESTDIR}/lib/systemd/system
-    INITFILE=
-fi
-
 echo "Installing $Product Version $VERSION"
 
 #
 # Check for /sbin/$PRODUCT
 #
-if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
+if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
     first_install=""
 else
     first_install="Yes"
 fi
 
-if [ -z "${DESTDIR}" -a $PRODUCT = shorewall -a ! -f /usr/share/$PRODUCT/coreversion ]; then
+if [ -z "${DESTDIR}" -a $PRODUCT = shorewall -a ! -f ${SHAREDIR}/$PRODUCT/coreversion ]; then
     echo "Shorewall $VERSION requires Shorewall Core which does not appear to be installed"
     exit 1
 fi
 
-if [ $HOST != cygwin ]; then
-   install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0755
-   echo "$PRODUCT control program installed in ${DESTDIR}/sbin/$PRODUCT"
-else
-   install_file $PRODUCT ${DESTDIR}/bin/$PRODUCT 0755
-   echo "$PRODUCT control program installed in ${DESTDIR}/bin/$PRODUCT"
-fi
+install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0755
+echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 
 #
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
-    case $HOST in
-	debian)
-	    install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
-	    ;;
-	redhat)
-	    install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
-	    ;;
-	slackware)
-            if [ $PRODUCT = shorewall ]; then
-		install_file init.slackware.firewall.sh ${DESTDIR}${DEST}/rc.firewall 0644
-		install_file init.slackware.$PRODUCT.sh ${DESTDIR}${DEST}/rc.$PRODUCT 0644
-	    fi
-	    ;;
-	*)
-	    install_file init.sh ${DESTDIR}${INITDIR}/$INITFILE 0544
-	    ;;
-    esac
+    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+    
+    if [ -n "${AUXINITSOURCE}" ]; then
+	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+    fi
 
     echo  "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 
 #
-# Create /etc/$PRODUCT and /var/lib/$PRODUCT if needed
+# Create /etc/$PRODUCT and other directories
 #
-mkdir -p ${DESTDIR}/etc/$PRODUCT
-mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
-mkdir -p ${DESTDIR}${PERLLIB}/Shorewall
-mkdir -p ${DESTDIR}/usr/share/$PRODUCT/configfiles
+mkdir -p ${DESTDIR}/${CONFDIR}/$PRODUCT
+mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
+mkdir -p ${DESTDIR}${PERLLIBDIR}/Shorewall
+mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 mkdir -p ${DESTDIR}/var/lib/$PRODUCT
 
-chmod 755 ${DESTDIR}/etc/$PRODUCT
-chmod 755 ${DESTDIR}/usr/share/$PRODUCT
-chmod 755 ${DESTDIR}/usr/share/$PRODUCT/configfiles
+chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
+chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
 if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}/etc/logrotate.d
-    chmod 755 ${DESTDIR}/etc/logrotate.d
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
+    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
 fi
 
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
-    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi
 
+#
+# These use absolute path names since the files that they are removing existed
+# prior to the use of directory variables
+#
 delete_file ${DESTDIR}/usr/share/$PRODUCT/compiler
 delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.accounting
 delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.actions
@@ -416,30 +395,30 @@ delete_file ${DESTDIR}/usr/share/$PRODUCT/prog.footer6
 #
 # Install the Modules file
 #
-run_install $OWNERSHIP -m 0644 modules ${DESTDIR}/usr/share/$PRODUCT/modules
-echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
+run_install $OWNERSHIP -m 0644 modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules
+echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
-    echo "Modules file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+    echo "Modules file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
 #
 # Install the Module Helpers file
 #
-run_install $OWNERSHIP -m 0644 helpers ${DESTDIR}/usr/share/$PRODUCT/helpers
-echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
+run_install $OWNERSHIP -m 0644 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers
+echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 
 #
 # Install the default config path file
 #
-install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
-echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"
+install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
+echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
 #
 # Install the Standard Actions file
 #
-install_file actions.std ${DESTDIR}/usr/share/$PRODUCT/actions.std 0644
-echo "Standard actions file installed as ${DESTDIR}/usr/shared/$PRODUCT/actions.std"
+install_file actions.std ${DESTDIR}${SHAREDIR}/$PRODUCT/actions.std 0644
+echo "Standard actions file installed as ${DESTDIR}${SHAREDIR}d/$PRODUCT/actions.std"
 
 cd configfiles
 
@@ -452,520 +431,521 @@ fi
 #
 # Install the config file
 #
-run_install $OWNERSHIP -m 0644 $PRODUCT.conf           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 $PRODUCT.conf.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 $PRODUCT.conf           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 $PRODUCT.conf.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
+if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
+    run_install $OWNERSHIP -m 0644 ${PRODUCT}.conf${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+    
+    if [ "$SHAREDIR" != /usr/share -o "$CONFDIR" != /etc ]; then
+	if [ $PRODUCT = shorewall ]; then
+	    perl -p -w -i -e "s|^CONFIG_PATH=.*|CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	else
+	    perl -p -w -i -e "s|^CONFIG_PATH=.*|CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	fi
+    fi
 
-if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
-   run_install $OWNERSHIP -m 0644 $PRODUCT.conf${suffix} ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
+    if [ $HOST = archlinux ] ; then
+	sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+    elif [ $HOST = debian ]; then
+	perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf${suffix}
+    fi
 
-   if [ $HOST = debian ] && mywhich perl; then
-       #
-       # Make a Debian-like $PRODUCT.conf
-       #
-       perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
-   fi
-
-   echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
-fi
-
-
-if [ $HOST = archlinux ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
+    echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
 fi
 
 #
 # Install the init file
 #
-run_install $OWNERSHIP -m 0644 init ${DESTDIR}/usr/share/$PRODUCT/configfiles/init
+run_install $OWNERSHIP -m 0644 init ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/init
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/init ]; then
-    run_install $OWNERSHIP -m 0600 init ${DESTDIR}/etc/$PRODUCT/init
-    echo "Init file installed as ${DESTDIR}/etc/$PRODUCT/init"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/init ]; then
+    run_install $OWNERSHIP -m 0600 init ${DESTDIR}${CONFDIR}/$PRODUCT/init
+    echo "Init file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/init"
 fi
 
 #
 # Install the zones file
 #
-run_install $OWNERSHIP -m 0644 zones           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 zones.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 zones           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 zones.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/zones ]; then
-    run_install $OWNERSHIP -m 0644 zones${suffix} ${DESTDIR}/etc/$PRODUCT/zones
-    echo "Zones file installed as ${DESTDIR}/etc/$PRODUCT/zones"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/zones ]; then
+    run_install $OWNERSHIP -m 0644 zones${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/zones
+    echo "Zones file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/zones"
 fi
 
 #
 # Install the policy file
 #
-run_install $OWNERSHIP -m 0644 policy           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 policy.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 policy           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 policy.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/policy ]; then
-    run_install $OWNERSHIP -m 0600 policy${suffix} ${DESTDIR}/etc/$PRODUCT/policy
-    echo "Policy file installed as ${DESTDIR}/etc/$PRODUCT/policy"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/policy ]; then
+    run_install $OWNERSHIP -m 0600 policy${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/policy
+    echo "Policy file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/policy"
 fi
 #
 # Install the interfaces file
 #
-run_install $OWNERSHIP -m 0644 interfaces           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 interfaces.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 interfaces           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 interfaces.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/interfaces ]; then
-    run_install $OWNERSHIP -m 0600 interfaces${suffix} ${DESTDIR}/etc/$PRODUCT/interfaces
-    echo "Interfaces file installed as ${DESTDIR}/etc/$PRODUCT/interfaces"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/interfaces ]; then
+    run_install $OWNERSHIP -m 0600 interfaces${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/interfaces
+    echo "Interfaces file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/interfaces"
 fi
 
 #
 # Install the hosts file
 #
-run_install $OWNERSHIP -m 0644 hosts           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 hosts.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 hosts           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 hosts.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/hosts ]; then
-    run_install $OWNERSHIP -m 0600 hosts${suffix} ${DESTDIR}/etc/$PRODUCT/hosts
-    echo "Hosts file installed as ${DESTDIR}/etc/$PRODUCT/hosts"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/hosts ]; then
+    run_install $OWNERSHIP -m 0600 hosts${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/hosts
+    echo "Hosts file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/hosts"
 fi
 #
 # Install the rules file
 #
-run_install $OWNERSHIP -m 0644 rules           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 rules.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 rules           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 rules.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/rules ]; then
-    run_install $OWNERSHIP -m 0600 rules${suffix} ${DESTDIR}/etc/$PRODUCT/rules
-    echo "Rules file installed as ${DESTDIR}/etc/$PRODUCT/rules"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/rules ]; then
+    run_install $OWNERSHIP -m 0600 rules${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/rules
+    echo "Rules file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/rules"
 fi
 
 if [ -f nat ]; then
     #
     # Install the NAT file
     #
-    run_install $OWNERSHIP -m 0644 nat           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-    run_install $OWNERSHIP -m 0644 nat.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 nat           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 nat.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/nat ]; then
-	run_install $OWNERSHIP -m 0600 nat${suffix} ${DESTDIR}/etc/$PRODUCT/nat
-	echo "NAT file installed as ${DESTDIR}/etc/$PRODUCT/nat"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/nat ]; then
+	run_install $OWNERSHIP -m 0600 nat${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/nat
+	echo "NAT file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/nat"
     fi
 fi
 
 #
 # Install the NETMAP file
 #
-run_install $OWNERSHIP -m 0644 netmap           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-run_install $OWNERSHIP -m 0644 netmap.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 netmap           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 netmap.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/netmap ]; then
-    run_install $OWNERSHIP -m 0600 netmap${suffix} ${DESTDIR}/etc/$PRODUCT/netmap
-    echo "NETMAP file installed as ${DESTDIR}/etc/$PRODUCT/netmap"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/netmap ]; then
+    run_install $OWNERSHIP -m 0600 netmap${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/netmap
+    echo "NETMAP file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/netmap"
 fi
 #
 # Install the Parameters file
 #
-run_install $OWNERSHIP -m 0644 params          ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 params.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 params          ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 params.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -f ${DESTDIR}/etc/$PRODUCT/params ]; then
-    chmod 0644 ${DESTDIR}/etc/$PRODUCT/params
+if [ -f ${DESTDIR}${CONFDIR}/$PRODUCT/params ]; then
+    chmod 0644 ${DESTDIR}${CONFDIR}/$PRODUCT/params
 else
-    run_install $OWNERSHIP -m 0644 params${suffix} ${DESTDIR}/etc/$PRODUCT/params
-    echo "Parameter file installed as ${DESTDIR}/etc/$PRODUCT/params"
+    run_install $OWNERSHIP -m 0644 params${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/params
+    echo "Parameter file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/params"
 fi
 
 if [ $PRODUCT = shorewall ]; then
     #
     # Install the proxy ARP file
     #
-    run_install $OWNERSHIP -m 0644 proxyarp           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-    run_install $OWNERSHIP -m 0644 proxyarp.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 proxyarp           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 proxyarp.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/proxyarp ]; then
-	run_install $OWNERSHIP -m 0600 proxyarp${suffix} ${DESTDIR}/etc/$PRODUCT/proxyarp
-	echo "Proxy ARP file installed as ${DESTDIR}/etc/$PRODUCT/proxyarp"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/proxyarp ]; then
+	run_install $OWNERSHIP -m 0600 proxyarp${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/proxyarp
+	echo "Proxy ARP file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/proxyarp"
     fi
 else
     #
     # Install the Proxyndp file
     #
-    run_install $OWNERSHIP -m 0644 proxyndp           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-    run_install $OWNERSHIP -m 0644 proxyndp.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+    run_install $OWNERSHIP -m 0644 proxyndp           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+    run_install $OWNERSHIP -m 0644 proxyndp.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/proxyndp ]; then
-	run_install $OWNERSHIP -m 0600 proxyndp${suffix} ${DESTDIR}/etc/$PRODUCT/proxyndp
-	echo "Proxyndp file installed as ${DESTDIR}/etc/$PRODUCT/proxyndp"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/proxyndp ]; then
+	run_install $OWNERSHIP -m 0600 proxyndp${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/proxyndp
+	echo "Proxyndp file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/proxyndp"
     fi
 fi
 #
 # Install the Stopped Routing file
 #
-run_install $OWNERSHIP -m 0644 routestopped           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 routestopped.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 routestopped           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 routestopped.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/routestopped ]; then
-    run_install $OWNERSHIP -m 0600 routestopped${suffix} ${DESTDIR}/etc/$PRODUCT/routestopped
-    echo "Stopped Routing file installed as ${DESTDIR}/etc/$PRODUCT/routestopped"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/routestopped ]; then
+    run_install $OWNERSHIP -m 0600 routestopped${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/routestopped
+    echo "Stopped Routing file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/routestopped"
 fi
 #
 # Install the Mac List file
 #
-run_install $OWNERSHIP -m 0644 maclist           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 maclist.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 maclist           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 maclist.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/maclist ]; then
-    run_install $OWNERSHIP -m 0600 maclist${suffix} ${DESTDIR}/etc/$PRODUCT/maclist
-    echo "mac list file installed as ${DESTDIR}/etc/$PRODUCT/maclist"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/maclist ]; then
+    run_install $OWNERSHIP -m 0600 maclist${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/maclist
+    echo "mac list file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/maclist"
 fi
 
 if [ -f masq ]; then
     #
     # Install the Masq file
     #
-    run_install $OWNERSHIP -m 0644 masq           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-    run_install $OWNERSHIP -m 0644 masq.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 masq           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 masq.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/masq ]; then
-	run_install $OWNERSHIP -m 0600 masq${suffix} ${DESTDIR}/etc/$PRODUCT/masq
-	echo "Masquerade file installed as ${DESTDIR}/etc/$PRODUCT/masq"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/masq ]; then
+	run_install $OWNERSHIP -m 0600 masq${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/masq
+	echo "Masquerade file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/masq"
     fi
 fi
 #
 # Install the Notrack file
 #
-run_install $OWNERSHIP -m 0644 notrack           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-run_install $OWNERSHIP -m 0644 notrack.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 notrack           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 notrack.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/notrack ]; then
-    run_install $OWNERSHIP -m 0600 notrack${suffix} ${DESTDIR}/etc/$PRODUCT/notrack
-    echo "Notrack file installed as ${DESTDIR}/etc/$PRODUCT/notrack"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/notrack ]; then
+    run_install $OWNERSHIP -m 0600 notrack${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/notrack
+    echo "Notrack file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/notrack"
 fi
 
 #
 # Install the TC Rules file
 #
-run_install $OWNERSHIP -m 0644 tcrules           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcrules.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcrules           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcrules.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcrules ]; then
-    run_install $OWNERSHIP -m 0600 tcrules${suffix} ${DESTDIR}/etc/$PRODUCT/tcrules
-    echo "TC Rules file installed as ${DESTDIR}/etc/$PRODUCT/tcrules"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcrules ]; then
+    run_install $OWNERSHIP -m 0600 tcrules${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcrules
+    echo "TC Rules file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcrules"
 fi
 
 #
 # Install the TC Interfaces file
 #
-run_install $OWNERSHIP -m 0644 tcinterfaces           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcinterfaces.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcinterfaces           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcinterfaces.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcinterfaces ]; then
-    run_install $OWNERSHIP -m 0600 tcinterfaces${suffix} ${DESTDIR}/etc/$PRODUCT/tcinterfaces
-    echo "TC Interfaces file installed as ${DESTDIR}/etc/$PRODUCT/tcinterfaces"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcinterfaces ]; then
+    run_install $OWNERSHIP -m 0600 tcinterfaces${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcinterfaces
+    echo "TC Interfaces file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcinterfaces"
 fi
 
 #
 # Install the TC Priority file
 #
-run_install $OWNERSHIP -m 0644 tcpri           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcpri.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcpri           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcpri.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcpri ]; then
-    run_install $OWNERSHIP -m 0600 tcpri${suffix} ${DESTDIR}/etc/$PRODUCT/tcpri
-    echo "TC Priority file installed as ${DESTDIR}/etc/$PRODUCT/tcpri"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcpri ]; then
+    run_install $OWNERSHIP -m 0600 tcpri${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcpri
+    echo "TC Priority file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcpri"
 fi
 
 #
 # Install the TOS file
 #
-run_install $OWNERSHIP -m 0644 tos           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tos.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tos           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tos.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tos ]; then
-    run_install $OWNERSHIP -m 0600 tos${suffix} ${DESTDIR}/etc/$PRODUCT/tos
-    echo "TOS file installed as ${DESTDIR}/etc/$PRODUCT/tos"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tos ]; then
+    run_install $OWNERSHIP -m 0600 tos${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tos
+    echo "TOS file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tos"
 fi
 #
 # Install the Tunnels file
 #
-run_install $OWNERSHIP -m 0644 tunnels           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tunnels.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tunnels           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tunnels.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tunnels ]; then
-    run_install $OWNERSHIP -m 0600 tunnels${suffix} ${DESTDIR}/etc/$PRODUCT/tunnels
-    echo "Tunnels file installed as ${DESTDIR}/etc/$PRODUCT/tunnels"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tunnels ]; then
+    run_install $OWNERSHIP -m 0600 tunnels${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tunnels
+    echo "Tunnels file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tunnels"
 fi
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/blacklist ]; then
-    run_install $OWNERSHIP -m 0600 blacklist${suffix} ${DESTDIR}/etc/$PRODUCT/blacklist
-    echo "Blacklist file installed as ${DESTDIR}/etc/$PRODUCT/blacklist"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/blacklist ]; then
+    run_install $OWNERSHIP -m 0600 blacklist${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/blacklist
+    echo "Blacklist file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/blacklist"
 fi
 #
 # Install the blacklist rules file
 #
-run_install $OWNERSHIP -m 0644 blrules           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 blrules.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 blrules           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 blrules.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/blrules ]; then
-    run_install $OWNERSHIP -m 0600 blrules${suffix} ${DESTDIR}/etc/$PRODUCT/blrules
-    echo "Blrules file installed as ${DESTDIR}/etc/$PRODUCT/blrules"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/blrules ]; then
+    run_install $OWNERSHIP -m 0600 blrules${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/blrules
+    echo "Blrules file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/blrules"
 fi
 
 if [ -f findgw ]; then
     #
     # Install the findgw file
     #
-    run_install $OWNERSHIP -m 0644 findgw ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 findgw ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/findgw ]; then
-	run_install $OWNERSHIP -m 0600 findgw ${DESTDIR}/etc/$PRODUCT
-	echo "Find GW file installed as ${DESTDIR}/etc/$PRODUCT/findgw"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/findgw ]; then
+	run_install $OWNERSHIP -m 0600 findgw ${DESTDIR}${CONFDIR}/$PRODUCT
+	echo "Find GW file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/findgw"
     fi
 fi
 
 #
 # Delete the Routes file
 #
-delete_file ${DESTDIR}/etc/$PRODUCT/routes
+delete_file ${DESTDIR}${CONFDIR}/$PRODUCT/routes
 #
 # Delete the tcstart file
 #
 
-delete_file ${DESTDIR}/usr/share/$PRODUCT/tcstart
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/tcstart
 
 #
 # Delete the Limits Files
 #
-delete_file ${DESTDIR}/usr/share/$PRODUCT/action.Limit
-delete_file ${DESTDIR}/usr/share/$PRODUCT/Limit
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/action.Limit
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/Limit
 #
 # Delete the xmodules file
 #
-delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/xmodules
 #
 # Install the Providers file
 #
-run_install $OWNERSHIP -m 0644 providers           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 providers.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 providers           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 providers.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/providers ]; then
-    run_install $OWNERSHIP -m 0600 providers${suffix} ${DESTDIR}/etc/$PRODUCT/providers
-    echo "Providers file installed as ${DESTDIR}/etc/$PRODUCT/providers"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/providers ]; then
+    run_install $OWNERSHIP -m 0600 providers${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/providers
+    echo "Providers file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/providers"
 fi
 
 #
 # Install the Route Rules file
 #
-run_install $OWNERSHIP -m 0644 rtrules           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 rtrules.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 rtrules           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 rtrules.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -f ${DESTDIR}/etc/$PRODUCT/route_rules -a ! ${DESTDIR}/etc/$PRODUCT/rtrules ]; then
-    mv -f ${DESTDIR}/etc/$PRODUCT/route_rules ${DESTDIR}/etc/$PRODUCT/rtrules
-    echo "${DESTDIR}/etc/$PRODUCT/route_rules has been renamed ${DESTDIR}/etc/$PRODUCT/rtrules"
-elif [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/rtrules ]; then
-    run_install $OWNERSHIP -m 0600 rtrules${suffix} ${DESTDIR}/etc/$PRODUCT/rtrules
-    echo "Routing rules file installed as ${DESTDIR}/etc/$PRODUCT/rtrules"
+if [ -f ${DESTDIR}${CONFDIR}/$PRODUCT/route_rules -a ! ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules ]; then
+    mv -f ${DESTDIR}${CONFDIR}/$PRODUCT/route_rules ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules
+    echo "${DESTDIR}${CONFDIR}/$PRODUCT/route_rules has been renamed ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules"
+elif [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules ]; then
+    run_install $OWNERSHIP -m 0600 rtrules${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules
+    echo "Routing rules file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/rtrules"
 fi
 
 #
 # Install the tcclasses file
 #
-run_install $OWNERSHIP -m 0644 tcclasses           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcclasses.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcclasses           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcclasses.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcclasses ]; then
-    run_install $OWNERSHIP -m 0600 tcclasses${suffix} ${DESTDIR}/etc/$PRODUCT/tcclasses
-    echo "TC Classes file installed as ${DESTDIR}/etc/$PRODUCT/tcclasses"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcclasses ]; then
+    run_install $OWNERSHIP -m 0600 tcclasses${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcclasses
+    echo "TC Classes file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcclasses"
 fi
 
 #
 # Install the tcdevices file
 #
-run_install $OWNERSHIP -m 0644 tcdevices           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcdevices.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcdevices           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcdevices.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcdevices ]; then
-    run_install $OWNERSHIP -m 0600 tcdevices${suffix} ${DESTDIR}/etc/$PRODUCT/tcdevices
-    echo "TC Devices file installed as ${DESTDIR}/etc/$PRODUCT/tcdevices"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcdevices ]; then
+    run_install $OWNERSHIP -m 0600 tcdevices${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcdevices
+    echo "TC Devices file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcdevices"
 fi
 
 #
 # Install the tcfilters file
 #
-run_install $OWNERSHIP -m 0644 tcfilters           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 tcfilters.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcfilters           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcfilters.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcfilters ]; then
-    run_install $OWNERSHIP -m 0600 tcfilters${suffix} ${DESTDIR}/etc/$PRODUCT/tcfilters
-    echo "TC Filters file installed as ${DESTDIR}/etc/$PRODUCT/tcfilters"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcfilters ]; then
+    run_install $OWNERSHIP -m 0600 tcfilters${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/tcfilters
+    echo "TC Filters file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcfilters"
 fi
 
 #
 # Install the secmarks file
 #
-run_install $OWNERSHIP -m 0644 secmarks           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-run_install $OWNERSHIP -m 0644 secmarks.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 secmarks           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 secmarks.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/secmarks ]; then
-    run_install $OWNERSHIP -m 0600 secmarks${suffix} ${DESTDIR}/etc/$PRODUCT/secmarks
-    echo "Secmarks file installed as ${DESTDIR}/etc/$PRODUCT/secmarks"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/secmarks ]; then
+    run_install $OWNERSHIP -m 0600 secmarks${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/secmarks
+    echo "Secmarks file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/secmarks"
 fi
 
 #
 # Install the init file
 #
-run_install $OWNERSHIP -m 0644 init ${DESTDIR}/usr/share/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 init ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/init ]; then
-    run_install $OWNERSHIP -m 0600 init ${DESTDIR}/etc/$PRODUCT
-    echo "Init file installed as ${DESTDIR}/etc/$PRODUCT/init"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/init ]; then
+    run_install $OWNERSHIP -m 0600 init ${DESTDIR}${CONFDIR}/$PRODUCT
+    echo "Init file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/init"
 fi
 
 if [ -f initdone ]; then
     #
     # Install the initdone file
     #
-    run_install $OWNERSHIP -m 0644 initdone ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 initdone ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/initdone ]; then
-	run_install $OWNERSHIP -m 0600 initdone ${DESTDIR}/etc/$PRODUCT
-	echo "Initdone file installed as ${DESTDIR}/etc/$PRODUCT/initdone"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/initdone ]; then
+	run_install $OWNERSHIP -m 0600 initdone ${DESTDIR}${CONFDIR}/$PRODUCT
+	echo "Initdone file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/initdone"
     fi
 fi
 #
 # Install the start file
 #
-run_install $OWNERSHIP -m 0644 start ${DESTDIR}/usr/share/$PRODUCT/configfiles/start
+run_install $OWNERSHIP -m 0644 start ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/start
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/start ]; then
-    run_install $OWNERSHIP -m 0600 start ${DESTDIR}/etc/$PRODUCT/start
-    echo "Start file installed as ${DESTDIR}/etc/$PRODUCT/start"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/start ]; then
+    run_install $OWNERSHIP -m 0600 start ${DESTDIR}${CONFDIR}/$PRODUCT/start
+    echo "Start file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/start"
 fi
 #
 # Install the stop file
 #
-run_install $OWNERSHIP -m 0644 stop ${DESTDIR}/usr/share/$PRODUCT/configfiles/stop
+run_install $OWNERSHIP -m 0644 stop ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/stop
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/stop ]; then
-    run_install $OWNERSHIP -m 0600 stop ${DESTDIR}/etc/$PRODUCT/stop
-    echo "Stop file installed as ${DESTDIR}/etc/$PRODUCT/stop"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/stop ]; then
+    run_install $OWNERSHIP -m 0600 stop ${DESTDIR}${CONFDIR}/$PRODUCT/stop
+    echo "Stop file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/stop"
 fi
 #
 # Install the stopped file
 #
-run_install $OWNERSHIP -m 0644 stopped ${DESTDIR}/usr/share/$PRODUCT/configfiles/stopped
+run_install $OWNERSHIP -m 0644 stopped ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/stopped
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/stopped ]; then
-    run_install $OWNERSHIP -m 0600 stopped ${DESTDIR}/etc/$PRODUCT/stopped
-    echo "Stopped file installed as ${DESTDIR}/etc/$PRODUCT/stopped"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/stopped ]; then
+    run_install $OWNERSHIP -m 0600 stopped ${DESTDIR}${CONFDIR}/$PRODUCT/stopped
+    echo "Stopped file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/stopped"
 fi
 
 if [ -f ecn ]; then
     #
     # Install the ECN file
     #
-    run_install $OWNERSHIP -m 0644 ecn           ${DESTDIR}/usr/share/$PRODUCT/configfiles
-    run_install $OWNERSHIP -m 0644 ecn.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 ecn           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
+    run_install $OWNERSHIP -m 0644 ecn.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-    if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/ecn ]; then
-	run_install $OWNERSHIP -m 0600 ecn${suffix} ${DESTDIR}/etc/$PRODUCT/ecn
-	echo "ECN file installed as ${DESTDIR}/etc/$PRODUCT/ecn"
+    if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/ecn ]; then
+	run_install $OWNERSHIP -m 0600 ecn${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/ecn
+	echo "ECN file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/ecn"
     fi
 fi
 #
 # Install the Accounting file
 #
-run_install $OWNERSHIP -m 0644 accounting           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 accounting.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 accounting           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 accounting.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/accounting ]; then
-    run_install $OWNERSHIP -m 0600 accounting${suffix} ${DESTDIR}/etc/$PRODUCT/accounting
-    echo "Accounting file installed as ${DESTDIR}/etc/$PRODUCT/accounting"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/accounting ]; then
+    run_install $OWNERSHIP -m 0600 accounting${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/accounting
+    echo "Accounting file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/accounting"
 fi
 #
 # Install the private library file
 #
-run_install $OWNERSHIP -m 0644 lib.private ${DESTDIR}/usr/share/$PRODUCT/configfiles
+run_install $OWNERSHIP -m 0644 lib.private ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/lib.private ]; then
-    run_install $OWNERSHIP -m 0600 lib.private ${DESTDIR}/etc/$PRODUCT
-    echo "Private library file installed as ${DESTDIR}/etc/$PRODUCT/lib.private"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/lib.private ]; then
+    run_install $OWNERSHIP -m 0600 lib.private ${DESTDIR}${CONFDIR}/$PRODUCT
+    echo "Private library file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/lib.private"
 fi
 #
 # Install the Started file
 #
-run_install $OWNERSHIP -m 0644 started ${DESTDIR}/usr/share/$PRODUCT/configfiles/started
+run_install $OWNERSHIP -m 0644 started ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/started
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/started ]; then
-    run_install $OWNERSHIP -m 0600 started ${DESTDIR}/etc/$PRODUCT/started
-    echo "Started file installed as ${DESTDIR}/etc/$PRODUCT/started"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/started ]; then
+    run_install $OWNERSHIP -m 0600 started ${DESTDIR}${CONFDIR}/$PRODUCT/started
+    echo "Started file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/started"
 fi
 #
 # Install the Restored file
 #
-run_install $OWNERSHIP -m 0644 restored ${DESTDIR}/usr/share/$PRODUCT/configfiles/restored
+run_install $OWNERSHIP -m 0644 restored ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/restored
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/restored ]; then
-    run_install $OWNERSHIP -m 0600 restored ${DESTDIR}/etc/$PRODUCT/restored
-    echo "Restored file installed as ${DESTDIR}/etc/$PRODUCT/restored"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/restored ]; then
+    run_install $OWNERSHIP -m 0600 restored ${DESTDIR}${CONFDIR}/$PRODUCT/restored
+    echo "Restored file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/restored"
 fi
 #
 # Install the Clear file
 #
-run_install $OWNERSHIP -m 0644 clear ${DESTDIR}/usr/share/$PRODUCT/configfiles/clear
+run_install $OWNERSHIP -m 0644 clear ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/clear
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/clear ]; then
-    run_install $OWNERSHIP -m 0600 clear ${DESTDIR}/etc/$PRODUCT/clear
-    echo "Clear file installed as ${DESTDIR}/etc/$PRODUCT/clear"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/clear ]; then
+    run_install $OWNERSHIP -m 0600 clear ${DESTDIR}${CONFDIR}/$PRODUCT/clear
+    echo "Clear file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/clear"
 fi
 #
 # Install the Isusable file
 #
-run_install $OWNERSHIP -m 0644 isusable ${DESTDIR}/usr/share/$PRODUCT/configfiles/isusable
+run_install $OWNERSHIP -m 0644 isusable ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/isusable
 #
 # Install the Refresh file
 #
-run_install $OWNERSHIP -m 0644 refresh ${DESTDIR}/usr/share/$PRODUCT/configfiles/refresh
+run_install $OWNERSHIP -m 0644 refresh ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/refresh
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/refresh ]; then
-    run_install $OWNERSHIP -m 0600 refresh ${DESTDIR}/etc/$PRODUCT/refresh
-    echo "Refresh file installed as ${DESTDIR}/etc/$PRODUCT/refresh"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/refresh ]; then
+    run_install $OWNERSHIP -m 0600 refresh ${DESTDIR}${CONFDIR}/$PRODUCT/refresh
+    echo "Refresh file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/refresh"
 fi
 #
 # Install the Refreshed file
 #
-run_install $OWNERSHIP -m 0644 refreshed ${DESTDIR}/usr/share/$PRODUCT/configfiles/refreshed
+run_install $OWNERSHIP -m 0644 refreshed ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/refreshed
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/refreshed ]; then
-    run_install $OWNERSHIP -m 0600 refreshed ${DESTDIR}/etc/$PRODUCT/refreshed
-    echo "Refreshed file installed as ${DESTDIR}/etc/$PRODUCT/refreshed"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/refreshed ]; then
+    run_install $OWNERSHIP -m 0600 refreshed ${DESTDIR}${CONFDIR}/$PRODUCT/refreshed
+    echo "Refreshed file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/refreshed"
 fi
 #
 # Install the Tcclear file
 #
-run_install $OWNERSHIP -m 0644 tcclear           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 tcclear           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/tcclear ]; then
-    run_install $OWNERSHIP -m 0600 tcclear ${DESTDIR}/etc/$PRODUCT/tcclear
-    echo "Tcclear file installed as ${DESTDIR}/etc/$PRODUCT/tcclear"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/tcclear ]; then
+    run_install $OWNERSHIP -m 0600 tcclear ${DESTDIR}${CONFDIR}/$PRODUCT/tcclear
+    echo "Tcclear file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/tcclear"
 fi
 #
 # Install the Scfilter file
 #
-run_install $OWNERSHIP -m 0644 scfilter ${DESTDIR}/usr/share/$PRODUCT/configfiles/scfilter
+run_install $OWNERSHIP -m 0644 scfilter ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/scfilter
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/scfilter ]; then
-    run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/$PRODUCT/scfilter
-    echo "Scfilter file installed as ${DESTDIR}/etc/$PRODUCT/scfilter"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/scfilter ]; then
+    run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}${CONFDIR}/$PRODUCT/scfilter
+    echo "Scfilter file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/scfilter"
 fi
 
 #
 # Install the Actions file
 #
-run_install $OWNERSHIP -m 0644 actions           ${DESTDIR}/usr/share/$PRODUCT/configfiles/
-run_install $OWNERSHIP -m 0644 actions.annotated ${DESTDIR}/usr/share/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 actions           ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
+run_install $OWNERSHIP -m 0644 actions.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/
 
-if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/actions ]; then
-    run_install $OWNERSHIP -m 0644 actions${suffix} ${DESTDIR}/etc/$PRODUCT/actions
-    echo "Actions file installed as ${DESTDIR}/etc/$PRODUCT/actions"
+if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/actions ]; then
+    run_install $OWNERSHIP -m 0644 actions${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/actions
+    echo "Actions file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/actions"
 fi
 
 cd ..
@@ -973,31 +953,31 @@ cd ..
 #
 # Install the Standard Actions file
 #
-install_file actions.std ${DESTDIR}/usr/share/$PRODUCT/actions.std 0644
-echo "Standard actions file installed as ${DESTDIR}/usr/shared/$PRODUCT/actions.std"
+install_file actions.std ${DESTDIR}${SHAREDIR}/$PRODUCT/actions.std 0644
+echo "Standard actions file installed as ${DESTDIR}${SHAREDIR}d/$PRODUCT/actions.std"
 
 #
 # Install the  Makefiles
 #
-run_install $OWNERSHIP -m 0644 Makefile-lite ${DESTDIR}/usr/share/$PRODUCT/configfiles/Makefile
+run_install $OWNERSHIP -m 0644 Makefile-lite ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/Makefile
 
 if [ -z "$SPARSE" ]; then
-    run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
-    echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"
+    run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
+    echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 fi
 #
 # Install the Action files
 #
 for f in action.* ; do
-    install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
-    echo "Action ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+    echo "Action ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
 cd Macros
 
 for f in macro.* ; do
-    install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
-    echo "Macro ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+    echo "Macro ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
 cd ..
@@ -1007,8 +987,8 @@ cd ..
 #
 for f in lib.* ; do
     if [ -f $f ]; then
-	install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
     fi
 done
 
@@ -1016,66 +996,66 @@ if [ $PRODUCT = shorewall6 ]; then
     #
     # Symbolically link 'functions' to lib.base
     #
-    ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions
+    ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
 fi
 
 if [ -d Perl ]; then
     #
-    # /usr/share/$PRODUCT/$Product if needed
+    # ${SHAREDIR}/$PRODUCT/$Product if needed
     #
-    mkdir -p ${DESTDIR}/usr/share/$PRODUCT/$Product
-    chmod 755 ${DESTDIR}/usr/share/$PRODUCT/$Product
+    mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT/$Product
+    chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT/$Product
     #
     # Install the Compiler
     #
     cd Perl
 
-    install_file compiler.pl ${DESTDIR}${LIBEXEC}/$PRODUCT/compiler.pl 0755
+    install_file compiler.pl ${DESTDIR}${LIBEXECDIR}/$PRODUCT/compiler.pl 0755
 
     echo
-    echo "Compiler installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/compiler.pl"
+    echo "Compiler installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/compiler.pl"
     #
     # Install the params file helper
     #
-    install_file getparams ${DESTDIR}${LIBEXEC}/$PRODUCT/getparams 0755
+    install_file getparams ${DESTDIR}${LIBEXECDIR}/$PRODUCT/getparams 0755
 
     echo
-    echo "Params file helper installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/getparams"
+    echo "Params file helper installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/getparams"
     #
     # Install the Perl modules
     #
     for f in $Product/*.pm ; do
-	install_file $f ${DESTDIR}${PERLLIB}/$f 0644
-	echo "Module ${f%.*} installed as ${DESTDIR}${PERLLIB}/$f"
+	install_file $f ${DESTDIR}${PERLLIBDIR}/$f 0644
+	echo "Module ${f%.*} installed as ${DESTDIR}${PERLLIBDIR}/$f"
     done
     #
     # Install the program skeleton files
     #
     for f in prog.* ; do
-        install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
-        echo "Program skeleton file ${f#*.} installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+        install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+        echo "Program skeleton file ${f#*.} installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
     done
 
     cd ..
 
     if [ -z "$DESTDIR" ]; then
-	rm -rf /usr/share/$PRODUCT-perl
-	rm -rf /usr/share/$PRODUCT-shell
-	[ "$PERLLIB" != /usr/share/$PRODUCT ] && rm -rf /usr/share/$PRODUCT/$Product
+	rm -rf ${SHAREDIR}/$PRODUCT-perl
+	rm -rf ${SHAREDIR}/$PRODUCT-shell
+	[ "$PERLLIBDIR" != ${SHAREDIR}/$PRODUCT ] && rm -rf ${SHAREDIR}/$PRODUCT/$Product
     fi
 fi
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
-chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #
 
 if [ -z "$DESTDIR" ]; then
-    rm -f /usr/share/$PRODUCT/init
-    ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init
+    rm -f ${SHAREDIR}/$PRODUCT/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
 
 #
@@ -1102,51 +1082,55 @@ cd ..
 
 echo "Man Pages Installed"
 
-if [ -d ${DESTDIR}/etc/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
-    echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
+if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
+    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
+fi
+
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ ${DESTDIR} ]; then
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
+	chmod 755 ${DESTDIR}${SYSCONFDIR}
+    fi
+
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/$PRODUCT
+    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ $HOST = debian ]; then
-	run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
-
-	update-rc.d $PRODUCT defaults
-
+    if mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
-	echo "Set startup=1 in /etc/default/$PRODUCT to enable"
+	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' /etc/$PRODUCT/$PRODUCT.conf
-    else
-	if [ -n "$SYSTEMD" ]; then
-	    if systemctl enable $PRODUCT; then
-		echo "$Product will start automatically at boot"
-	    fi
-	elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
-	    if insserv /etc/init.d/$PRODUCT ; then
-		echo "$PRODUCT will start automatically at boot"
-		echo "Set STARTUP_ENABLED=Yes in /etc/$PRODUCT/$PRODUCT.conf to enable"
-	    else
-		cant_autostart
-	    fi
-	elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
-	    if chkconfig --add $PRODUCT ; then
-		echo "$PRODUCT will start automatically in run levels as follows:"
-		echo "Set STARTUP_ENABLED=Yes in /etc/$PRODUCT/$PRODUCT.conf to enable"
-		chkconfig --list $PRODUCT
-	    else
-		cant_autostart
-	    fi
-	elif [ -x /sbin/rc-update ]; then
-	    if rc-update add $PRODUCT default; then
-		echo "$PRODUCT will start automatically at boot"
-		echo "Set STARTUP_ENABLED=Yes in /etc/$PRODUCT/$PRODUCT.conf to enable"
-	    else
-		cant_autostart
-	    fi
-	elif [ "$INITFILE" != rc.f ]; then #Slackware starts this automatically
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+    elif [ -n "$SYSTEMD" ]; then
+	if systemctl enable $PRODUCT; then
+	    echo "$Product will start automatically at boot"
+	fi
+    elif mywhich insserv; then
+	if insserv ${CONFDIR}/init.d/$PRODUCT ; then
+	    echo "$PRODUCT will start automatically at boot"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	else
 	    cant_autostart
 	fi
+    elif mywhich chkconfig; then
+	if chkconfig --add $PRODUCT ; then
+	    echo "$PRODUCT will start automatically in run levels as follows:"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	    chkconfig --list $PRODUCT
+	else
+	    cant_autostart
+	fi
+    elif mywhich rc-update ; then
+	if rc-update add $PRODUCT default; then
+	    echo "$PRODUCT will start automatically at boot"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	else
+	    cant_autostart
+	fi
+    elif [ "$INITFILE" != rc.f ]; then #Slackware starts this automatically
+	cant_autostart
     fi
 fi
 
diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index 83c4e0d1b..013a8b630 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -1353,11 +1353,13 @@ reload_command() # $* = original arguments less the command.
 	    ;;
     esac
 
-    temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
+    config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
+
+    temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
 
     [ -n "$temp" ] && litedir="$temp"
 
-    temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
+    temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
 
     if [ -n "$temp" ]; then
 	case $temp in
@@ -1370,6 +1372,14 @@ reload_command() # $* = original arguments less the command.
 	esac
     fi
 
+    temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
+
+    if [ -n "$temp" ]; then
+	sbindir="$temp"
+    else
+	sbindir=/sbin
+    fi
+
     if [ -z "$getcaps" ]; then
 	g_shorewalldir=$(resolve_file $directory)
 	ensure_config_path
@@ -1414,15 +1424,15 @@ reload_command() # $* = original arguments less the command.
 
 	progress_message3 "Copy complete"
 	if [ $COMMAND = reload ]; then
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
 	    progress_message3 "System $system reloaded" || saveit=
 	else
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp start" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
 	    progress_message3 "System $system loaded" || saveit=
 	fi
 
 	if [ -n "$saveit" ]; then
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp save" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
 	    progress_message3 "Configuration on system $system saved"
 	fi
     fi
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 95b58d9af..7cbca8e00 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -27,6 +27,24 @@
 ################################################################################################
 g_program=shorewall
 
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
+    CONFDIR=${CONFDIR}
+    SBINDIR=/sbin
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+    PERLLIBDIR=/usr/share/shorewall
+
+fi
+
+g_libexec="$LIBEXECDIR"
+g_sharedir="$SHAREDIR"
+g_sbindir="$SBINDIR"
+g_perllib="$PERLLIBDIR"
+g_readrc=1
+
+. $g_sharedir/shorewall/lib.cli
 
 shorewall_cli $@
diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh
index ec30002d2..86bcfbe9d 100755
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@@ -40,16 +40,25 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
-restore_file() # $1 = file to restore
-{
-    if [ -f ${1}-shorewall.bkout ]; then
-	if (mv -f ${1}-shorewall.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    exit 1
-        fi
-    fi
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
 }
 
 remove_file() # $1 = file to restore
@@ -60,8 +69,31 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f /usr/share/shorewall/version ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall/version)"
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+else
+    [ -n "${LIBEXEC:=/usr/share}" ]
+    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
+    [ -n "${CONFDIR:=/etc}" ]
+    
+    if [ -z "$SYSCONFDIR" ]; then
+	if [ -d /etc/default ]; then
+	    SYSCONFDIR=/etc/default
+	else
+	    SYSCONFDIR=/etc/sysconfig
+	fi
+    fi
+
+    [ -n "${SBINDIR:=/sbin}" ]
+    [ -n "${SHAREDIR:=/usr/share}" ]
+    [ -n "${VARDIR:=/var/lib}" ]
+    [ -n "${INITFILE:=shorewall}" ]
+    [ -n "${INITDIR:=/etc/init.d}" ]
+    [ -n "${MANDIR:=/usr/share/man}" ]
+fi
+
+if [ -f ${SHAREDIR}/shorewall/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -72,62 +104,54 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-[ -n "${PERLLIB:=/usr/share/shorewall}" ]
 
 echo "Uninstalling shorewall $VERSION"
 
-if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall-lite ]; then
-   /sbin/shorewall clear
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall-lite ]; then
+   shorewall clear
 fi
 
-if [ -L /usr/share/shorewall/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall/init)
-else
-    FIREWALL=/etc/init.d/shorewall
+if [ -L ${SHAREDIR}/shorewall/init ]; then
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init)
+elif [ -n "$INITFILE" ]; then
+    FIREWALL=/${INITDIR}/${INITFILE}
 fi
 
-if [ -n "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+if [ -f "$FIREWALL" ]; then
+    if mywhich updaterc.d; then
 	updaterc.d shorewall remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv; then
         insserv -r $FIREWALL
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl; then
 	systemctl disable shorewall
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig; then
 	chkconfig --del $(basename $FIREWALL)
-    else
-	rm -f /etc/rc*.d/*$(basename $FIREWALL)
     fi
 
     remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
+    [ -f "$AUXINITFILE" ] && remove_file ${INITDIR}/{$AUXINITFILE}
 fi
 
-rm -f /sbin/shorewall
-rm -f /sbin/shorewall-*.bkout
+rm -f ${SBINDIR}/shorewall
 
-rm -rf /usr/share/shorewall/version
-rm -rf /etc/shorewall
-rm -rf /etc/shorewall-*.bkout
-rm -rf /var/lib/shorewall
-rm -rf /var/lib/shorewall-*.bkout
+rm -rf ${SHAREDIR}/shorewall/version
+rm -rf ${CONFDIR}/shorewall
+rm -rf ${VARDIR}/shorewall
 rm -rf ${PERLLIB}/Shorewall/*
 rm -rf ${LIBEXEC}/shorewall
-rm -rf /usr/share/shorewall/configfiles/
-rm -rf /usr/share/shorewall/Samples/
-rm -rf /usr/share/shorewall/Shorewall/
-rm -f  /usr/share/shorewall/lib.cli-std
-rm -f  /usr/share/shorewall/lib.core
-rm -f  /usr/share/shorewall/compiler.pl
-rm -f  /usr/share/shorewall/prog.*
-rm -f  /usr/share/shorewall/module*
-rm -f  /usr/share/shorewall/helpers
-rm -f  /usr/share/shorewall/action*
-rm -f  /usr/share/shorewall/init
-rm -rf /usr/share/shorewall-*.bkout
+rm -rf ${SHAREDIR}/shorewall/configfiles/
+rm -rf ${SHAREDIR}/shorewall/Samples/
+rm -rf ${SHAREDIR}/shorewall/Shorewall/
+rm -f  ${SHAREDIR}/shorewall/lib.cli-std
+rm -f  ${SHAREDIR}/shorewall/lib.core
+rm -f  ${SHAREDIR}/shorewall/compiler.pl
+rm -f  ${SHAREDIR}/shorewall/prog.*
+rm -f  ${SHAREDIR}/shorewall/module*
+rm -f  ${SHAREDIR}/shorewall/helpers
+rm -f  ${SHAREDIR}/shorewall/action*
+rm -f  ${SHAREDIR}/shorewall/init
 
-for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
+for f in ${MANDIR}/man5/shorewall* ${MANDIR}/man8/shorewall*; do
     case $f in
 	shorewall6*|shorewall-lite*)
 	    ;;
@@ -137,8 +161,10 @@ for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
     esac
 done
 
-rm -f  /etc/logrotate.d/shorewall
-rm -f  /lib/systemd/system/shorewall.service
+rm -f  ${CONFDIR}/logrotate.d/shorewall
+
+if [ -n "$SYSTEMD" ]; THEN
+rm -f  ${SYSTEMD}/shorewall.service
 
 echo "Shorewall Uninstalled"
 
diff --git a/Shorewall6-lite/init.debian.sh b/Shorewall6-lite/init.debian.sh
index e387fc25d..e11aa3cda 100755
--- a/Shorewall6-lite/init.debian.sh
+++ b/Shorewall6-lite/init.debian.sh
@@ -78,6 +78,12 @@ else
 	not_configured
 fi
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+    [ -n "$SBIN" ] && SRWL=${SBIN}/shorewall6-lite
+fi
+
 # start the firewall
 shorewall6_start () {
   echo -n "Starting \"Shorewall6 Lite firewall\": "
diff --git a/Shorewall6-lite/init.sh b/Shorewall6-lite/init.sh
index b6005e8aa..61868d706 100755
--- a/Shorewall6-lite/init.sh
+++ b/Shorewall6-lite/init.sh
@@ -61,10 +61,16 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-if [ -f /etc/sysconfig/shorewall6-lite ]; then
-    . /etc/sysconfig/shorewall6-lite
-elif [ -f /etc/default/shorewall6-lite ] ; then
-    . /etc/default/shorewall6-lite
+
+if [ ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBIN=/sbin
+    SYSCONFDIR=/etc/sysconfig
+fi
+
+if [ -f ${SYSCONFDIR}/shorewall6-lite ]; then
+    . ${SYSCONFDIR}/shorewall6-lite
 fi
 
 export SHOREWALL_INIT_SCRIPT=1
@@ -76,13 +82,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBIN}/shorewall6-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBIN}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec /sbin/shorewall6-lite $OPTIONS $command $@
+	exec ${SBIN}/shorewall6-lite $OPTIONS $command $@
 	;;
     *)
 	usage
diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh
index 032dafdec..2adb1f7a5 100755
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@@ -40,6 +40,27 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
 remove_file() # $1 = file to restore
 {
     if [ -f $1 -o -L $1 ] ; then
@@ -48,8 +69,31 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f /usr/share/shorewall6-lite/version ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall6-lite/version)"
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+else
+    [ -n "${LIBEXEC:=/usr/share}" ]
+    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
+    [ -n "${CONFDIR:=/etc}" ]
+    
+    if [ -z "$SYSCONFDIR" ]; then
+	if [ -d /etc/default ]; then
+	    SYSCONFDIR=/etc/default
+	else
+	    SYSCONFDIR=/etc/sysconfig
+	fi
+    fi
+
+    [ -n "${SBINDIR:=/sbin}" ]
+    [ -n "${SHAREDIR:=/usr/share}" ]
+    [ -n "${VARDIR:=/var/lib}" ]
+    [ -n "${INITFILE:=shorewall}" ]
+    [ -n "${INITDIR:=/etc/init.d}" ]
+    [ -n "${MANDIR:=/usr/share/man}" ]
+fi
+
+if [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall6-lite/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -60,49 +104,39 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-
 echo "Uninstalling Shorewall Lite $VERSION"
 
-if qt ip6tables -L shorewall -n && [ ! -f /sbin/shorewall6 ]; then
-   /sbin/shorewall6-lite clear
+if qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR)/shorewall6 ]; then
+   ${SBINDIR}/shorewall6-lite clear
 fi
 
-if [ -L /usr/share/shorewall6-lite/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall6-lite/init)
-else
-    FIREWALL=/etc/init.d/shorewall6-lite
+if [ -l ${SHAREDIR}/shorewall6-lite/init ]; then
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
+elif [ -n "$INITFILE" ]; then
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
 
-if [ -n "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+if [ -f "$FIREWALL" ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall6-lite remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
         insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall6-lite
-    else
-	rm -f /etc/rc*.d/*$(basename $FIREWALL)
     fi
 
     remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
 fi
 
-rm -f /sbin/shorewall6-lite
-rm -f /sbin/shorewall6-lite-*.bkout
-
-rm -rf /etc/shorewall6-lite
-rm -rf /etc/shorewall6-lite-*.bkout
-rm -rf /var/lib/shorewall6-lite
-rm -rf /var/lib/shorewall6-lite-*.bkout
-rm -rf /usr/share/shorewall6-lite
+rm -f ${SBINDIR}/shorewall6-lite
+rm -rf ${CONFDIR}/shorewall6-lite
+rm -rf ${VARDIR}/shorewall6-lite
+rm -rf ${SHAREDIR}/shorewall6-lite
 rm -rf ${LIBEXEC}/shorewall6-lite
-rm -rf /usr/share/shorewall6-lite-*.bkout
-rm -f  /etc/logrotate.d/shorewall6-lite
-rm -f  /lib/systemd/system/shorewall6-lite.service
+rm -f  ${CONFDIR}/logrotate.d/shorewall6-lite
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall6-lite.service
 
 echo "Shorewall6 Lite Uninstalled"
 
diff --git a/Shorewall6/init.debian.sh b/Shorewall6/init.debian.sh
index dc8a0874c..3590d2670 100755
--- a/Shorewall6/init.debian.sh
+++ b/Shorewall6/init.debian.sh
@@ -54,10 +54,18 @@ not_configured () {
 	exit 0
 }
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+    [ -n "$SBIN" ] && SRWL=${SBIN}/shorewall6
+else
+    SYSCONFDIR=/etc/default
+fi
+
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall6" ]
+if [ -f "${SYSCONFDIR}/shorewall6" ]
 then
-	. /etc/default/shorewall6
+	. ${SYSCONFDIR}/shorewall6
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
diff --git a/Shorewall6/init.sh b/Shorewall6/init.sh
index a91b4c00b..4448854a6 100755
--- a/Shorewall6/init.sh
+++ b/Shorewall6/init.sh
@@ -62,6 +62,14 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-v0"
+
+if [ ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBIN=/sbin
+    SYSCONFDIR=/etc/sysconfig
+fi
+
 if [ -f /etc/sysconfig/shorewall6 ]; then
     . /etc/sysconfig/shorewall6
 elif [ -f /etc/default/shorewall6 ] ; then
@@ -77,13 +85,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS
+	exec ${SBIN}/shorewall6 $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBIN}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec /sbin/shorewall6 $OPTIONS $command $@
+	exec ${SBIN}/shorewall6 $OPTIONS $command $@
 	;;
     *)
 	usage
diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh
index 5b9b26658..420fef336 100755
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@@ -40,16 +40,25 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
-restore_file() # $1 = file to restore
-{
-    if [ -f ${1}-shorewall.bkout ]; then
-	if (mv -f ${1}-shorewall.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    exit 1
-        fi
-    fi
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
 }
 
 remove_file() # $1 = file to restore
@@ -60,7 +69,30 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f /usr/share/shorewall6/version ]; then
+if [ -f ~/.shorewallrc ]; then
+    . ~/shorewallrc || exit 1
+else
+    [ -n "${LIBEXEC:=/usr/share}" ]
+    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
+    [ -n "${CONFDIR:=/etc}" ]
+    
+    if [ -z "$SYSCONFDIR" ]; then
+	if [ -d /etc/default ]; then
+	    SYSCONFDIR=/etc/default
+	else
+	    SYSCONFDIR=/etc/sysconfig
+	fi
+    fi
+
+    [ -n "${SBINDIR:=/sbin}" ]
+    [ -n "${SHAREDIR:=/usr/share}" ]
+    [ -n "${VARDIR:=/var/lib}" ]
+    [ -n "${INITFILE:=shorewall}" ]
+    [ -n "${INITDIR:=/etc/init.d}" ]
+    [ -n "${MANDIR:=/usr/share/man}" ]
+fi
+
+if [ -f ${SHARDIR}/shorewall6/version ]; then
     INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed"
@@ -72,49 +104,39 @@ else
     VERSION=""
 fi
 
-[ -n "${LIBEXEC:=/usr/share}" ]
-
 echo "Uninstalling shorewall6 $VERSION"
 
-if qt ip6tables -L shorewall6 -n && [ ! -f /sbin/shorewall6-lite ]; then
-   /sbin/shorewall6 clear
+if qt ip6tables -L shorewall6 -n && [ ! -f ${SBINDIR}/shorewall6-lite ]; then
+   ${SBINDIR}/shorewall6 clear
 fi
 
-if [ -L /usr/share/shorewall6/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall6/init)
-else
-    FIREWALL=/etc/init.d/shorewall6
+if [ -L ${SHAREDIR}/shorewall6/init ]; then
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init)
+elif [ -n "$INITFILE" ]; then
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
 
-if [ -n "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+if [ -f "$FIREWALL" ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall6 remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
         insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall6
-    else
-	rm -f /etc/rc*.d/*$(basename $FIREWALL)
     fi
 
     remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
 fi
 
-rm -f /sbin/shorewall6
-rm -f /sbin/shorewall6-*.bkout
-
-rm -rf /etc/shorewall6
-rm -rf /etc/shorewall6-*.bkout
-rm -rf /var/lib/shorewall6
-rm -rf /var/lib/shorewall6-*.bkout
+rm -f ${SBINDIR}/shorewall6
+rm -rf ${CONFDIR}/shorewall6
+rm -rf ${VARDIR}/shorewall6
 rm -rf ${LIBEXEC}/shorewall6
-rm -rf /usr/share/shorewall6
-rm -rf /usr/share/shorewall6-*.bkout
+rm -rf ${SHAREDIR}/shorewall6
 
-for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
+for f in ${MANDIR}/man5/shorewall6* ${SHAREDIR}/man/man8/shorewall6*; do
     case $f in
 	shorewall6-lite*)
 	    ;;
@@ -123,8 +145,8 @@ for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
     esac
 done
 
-rm -f  /etc/logrotate.d/shorewall6
-rm -f  /lib/systemd/system/shorewall6.service
+rm -f  ${CONFDIR}/logrotate.d/shorewall6
+[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6.service
 
 echo "Shorewall6 Uninstalled"
 

From 217d5e636ce2e7e973fbb12dbc87505850008c20 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 19:29:27 -0700
Subject: [PATCH 02/50] Add BLACKLIST Macro

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli           |  6 +++---
 Shorewall/Macros/macro.BLACKLIST | 11 +++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 Shorewall/Macros/macro.BLACKLIST

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 5e72707d0..0b9ad9727 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -561,11 +561,11 @@ version_command() {
     [ $# -gt 0 ] && usage 1
 
     if [ -n "$all" ]; then
-	echo "shorewall-core: $(cat /usr/share/shorewall/coreversion)"
+	echo "shorewall-core: $(cat $g_sharedir/shorewall/coreversion)"
 
 	for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
-	    if [ -f /usr/share/$product/version ]; then
-		echo "$product: $(cat /usr/share/$product/version)"
+	    if [ -f $g_sharedir/$product/version ]; then
+		echo "$product: $(cat $g_sharedir/$product/version)"
 	    fi
 	done
     else
diff --git a/Shorewall/Macros/macro.BLACKLIST b/Shorewall/Macros/macro.BLACKLIST
new file mode 100644
index 000000000..47bfe97dc
--- /dev/null
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - blacklist Macro
+#
+# /usr/share/shorewall/macro.blacklist
+#
+#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+$BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL

From fc4aaa97c6bb304ebaae22e4eb04ff9b0d050008 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 21:26:20 -0700
Subject: [PATCH 03/50] Expand variables in shorewallrc

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 198066c74..2ed047850 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2096,7 +2096,7 @@ sub set_action_param( $$ ) {
 #
 # Expand Shell Variables in the passed buffer using %params and @actparms
 #
-sub expand_variables( \$ ) {
+sub expand_variables( \$;$ ) {
     my ( $lineref, $count ) = ( $_[0], 0 );
     #                    $1      $2   $3      -     $4
     while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
@@ -2110,6 +2110,8 @@ sub expand_variables( \$ ) {
 	    $val = $actparms[$var];
 	} elsif ( exists $params{$var} ) {
 	    $val = $params{$var};
+	} elsif ( $_[1] && exists $shorewallrc{$var} ) {
+	    $val = $shorewallrc{$var}
 	} else {
 	    fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
 	    $val = $config{$var};
@@ -2278,11 +2280,14 @@ sub process_shorewallrc() {
 	while ( read_a_line1 ) {
 	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
 		my ($var, $val) = ($1, $2);
-		$shorewallrc{$var} = $val =~ /^\"([^\"]*)\"$/ ? $1 : $val;
+		$val = $1 if $val =~ /^\"([^\"]*)\"$/;
+		expand_variables( $val, 1 ) if supplied $val;
+		$shorewallrc{$var} = $val;
 	    } else {
 		fatal_error "Unrecognized shorewallrc entry";
 	    }
 	}
+    
     }
 }
 

From 7390789b5e4b688c6a82e1c9ea321cffd40dc9b7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 21:33:57 -0700
Subject: [PATCH 04/50] Add BLACKLIST Macro

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/macro.BLACKLIST | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 Shorewall/Perl/macro.BLACKLIST

diff --git a/Shorewall/Perl/macro.BLACKLIST b/Shorewall/Perl/macro.BLACKLIST
new file mode 100644
index 000000000..47bfe97dc
--- /dev/null
+++ b/Shorewall/Perl/macro.BLACKLIST
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - blacklist Macro
+#
+# /usr/share/shorewall/macro.blacklist
+#
+#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+$BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL

From 173d29969d529b35b0b0b0f93ab799216e1ffe39 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 21:34:24 -0700
Subject: [PATCH 05/50] Improve shorewallrc variable expansion

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 2ed047850..44874639f 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2281,13 +2281,12 @@ sub process_shorewallrc() {
 	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
 		my ($var, $val) = ($1, $2);
 		$val = $1 if $val =~ /^\"([^\"]*)\"$/;
-		expand_variables( $val, 1 ) if supplied $val;
+		expand_variables( $val, 1 ) if supplied $val && $var ne 'PRODUCT';
 		$shorewallrc{$var} = $val;
 	    } else {
 		fatal_error "Unrecognized shorewallrc entry";
 	    }
 	}
-    
     }
 }
 

From 877796a7cae029736c6048d469f28b4ea928196a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 22:14:01 -0700
Subject: [PATCH 06/50] Add shorewallrc processing to other CLI programs

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/shorewall-init   | 10 ++++++++--
 Shorewall6-lite/shorewall6-lite | 20 +++++++++++++++++++-
 Shorewall6/shorewall6           | 20 +++++++++++++++++++-
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index 95c8d74fc..f34de5ee0 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -23,9 +23,15 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #########################################################################################
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    echo "ERROR: ./.shorewallrc not found" >&2
+fi
+
 # check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]; then
-    . /etc/sysconfig/shorewall-init
+if [ -f "$SYSCONFDIR/shorewall-init" ]; then
+    . $SYSCONFDIR/shorewall-init
     if [ -z "$PRODUCTS" ]; then
         echo "ERROR: No products configured" >&2
 	exit 1
diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite
index 7cca499cc..f38677915 100755
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@@ -27,6 +27,24 @@
 ################################################################################################
 g_program=shorewall6-lite
 
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
+    CONFDIR=${CONFDIR}
+    SBINDIR=/sbin
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+    PERLLIBDIR=/usr/share/shorewall
+
+fi
+
+g_libexec="$LIBEXECDIR"
+g_sharedir="$SHAREDIR"
+g_sbindir="$SBINDIR"
+g_perllib="$PERLLIBDIR"
+g_readrc=1
+
+. $g_sharedir/shorewall/lib.cli
 
 shorewall_cli $@
diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6
index d7e0d7a29..329f84f26 100755
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@@ -27,6 +27,24 @@
 ################################################################################################
 g_program=shorewall6
 
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
+    CONFDIR=${CONFDIR}
+    SBINDIR=/sbin
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+    PERLLIBDIR=/usr/share/shorewall
+
+fi
+
+g_libexec="$LIBEXECDIR"
+g_sharedir="$SHAREDIR"
+g_sbindir="$SBINDIR"
+g_perllib="$PERLLIBDIR"
+g_readrc=1
+
+. $g_sharedir/shorewall/lib.cli
 
 shorewall_cli $@

From 59aab485c3abc7cfd296cc646715036bca430335 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 24 Mar 2012 22:21:42 -0700
Subject: [PATCH 07/50] Handle 'PRODUCT' more gracefully

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 44874639f..84b9fb8fa 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2280,8 +2280,15 @@ sub process_shorewallrc() {
 	while ( read_a_line1 ) {
 	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
 		my ($var, $val) = ($1, $2);
+
 		$val = $1 if $val =~ /^\"([^\"]*)\"$/;
-		expand_variables( $val, 1 ) if supplied $val && $var ne 'PRODUCT';
+
+		if ( $var eq 'PRODUCT' ) {
+		    $val = $globals{PRODUCT};
+		} elsif ( supplied $val ) {
+		    expand_variables($val, 1 );
+		}
+
 		$shorewallrc{$var} = $val;
 	    } else {
 		fatal_error "Unrecognized shorewallrc entry";

From 294babcfbb06123cce79dcc7530a27fef4639cf8 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 07:20:40 -0700
Subject: [PATCH 08/50] Add USR to the rc files for easier modification

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/shorewallrc.apple     | 14 ++++++++------
 Shorewall-core/shorewallrc.archlinux |  9 +++++----
 Shorewall-core/shorewallrc.cygwin    | 12 +++++++-----
 Shorewall-core/shorewallrc.debian    | 11 ++++++-----
 Shorewall-core/shorewallrc.default   | 12 +++++++-----
 Shorewall-core/shorewallrc.redhat    | 11 +++++++----
 Shorewall-core/shorewallrc.slackware | 12 +++++++-----
 Shorewall-core/shorewallrc.suse      | 10 ++++++----
 8 files changed, 53 insertions(+), 38 deletions(-)

diff --git a/Shorewall-core/shorewallrc.apple b/Shorewall-core/shorewallrc.apple
index 7931f8a6e..b14fc183d 100644
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -3,16 +3,18 @@
 #
 BUILD=apple
 HOST=apple
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man
+MANDIR=${SHAREDIR}/man
 INITDIR=
-INITFILE=none/
+INITFILE=
 INITSOURCE=
 ANNOTATED=
-SYSCONFDIR=
 SYSTEMD=
+SYSCONFDIR=
+SPARSE=Yes
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.archlinux b/Shorewall-core/shorewallrc.archlinux
index 5f6126490..9e6f0741d 100644
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -3,12 +3,13 @@
 #
 BUILD=archlinux
 HOST=archlinux
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man
+MANDIR=${SHAREDIR}/man
 INITDIR=/etc/rc.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
diff --git a/Shorewall-core/shorewallrc.cygwin b/Shorewall-core/shorewallrc.cygwin
index 3da1c5434..63fed9c56 100644
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -3,16 +3,18 @@
 #
 BUILD=cygwin
 HOST=cygwin
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/bin
-MANDIR=/usr/share/man
+MANDIR=${SHAREDIR}/man
 INITDIR=/etc/init.d
 INITFILE=
 INITSOURCE=
 ANNOTATED=
-SYSCONFDIR=
 SYSTEMD=
+SYSCONFDIR=
+SPARSE=Yes
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.debian b/Shorewall-core/shorewallrc.debian
index 4a6b10483..5f113abcc 100644
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -3,18 +3,19 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man
+MANDIR=${USR}/man
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.debian.sh
 ANNOTATED=
-SPARSE=Yes
 SYSCONFFILE=default.debian
 SYSCONFDIR=/etc/default
 SYSTEMD=
+SPARSE=Yes
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.default b/Shorewall-core/shorewallrc.default
index aa4ee0a34..20ea342a4 100644
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -3,17 +3,19 @@
 #
 HOST=                                   #Default is to detect the host system
 BUILD=                                  #Default is to detect the build system
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man
-INITDIR=/etc/init.d
+MANDIR=${USR}/man
+INITDIR=etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
 ANNOTATED=
 SYSTEMD=
+SYSCONFFILE=
 SYSCONFDIR=
 SPARSE=
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.redhat b/Shorewall-core/shorewallrc.redhat
index 40e82e832..6a3b3015f 100644
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -3,16 +3,19 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
 PERLLIBDIR=/usr/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man
+MANDIR=${SHAREDIR}/man
 INITDIR=/etc/rc.d/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.fedora.sh
 ANNOTATED=
-SYSCONFDIR=/etc/sysconfig/
 SYSTEMD=/lib/systemd/system
+SYSCONFFILE=sysconfig
+SYSCONFDIR=/etc/sysconfig/
+SPARSE=
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.slackware b/Shorewall-core/shorewallrc.slackware
index e0d2281eb..459bcf98c 100644
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -3,18 +3,20 @@
 #
 BUILD=slackware
 HOST=slackware
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/share
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/share
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/man
+MANDIR=${USR}/man
 INITDIR=/etc/rc.d
 INITSOURCE=init.slackware.firewall
 INITFILE=rc.firewall
 AUXINITSOURCE=init.slackware.$PRODUCT
 AUXINITFILE=rc.$PRODUCT
+SYSTEMD=
+SYSCONFFILE=
 SYSCONFDIR=
 ANNOTATED=
-SYSTEMD=
 VARDIR=/var/lib
diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
index 047ffc1f5..22dc3687d 100644
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -3,17 +3,19 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=suse
-SHAREDIR=/usr/share
-LIBEXECDIR=/usr/libexec
-PERLLIBDIR=/usr/share/shorewall
+USR=/usr
+SHAREDIR=${USR}/share
+LIBEXECDIR=${USR}/libexec
+PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=/usr/share/man/
+MANDIR=${SHARDIR}/man/
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
 ANNOTATED=
 SYSTEMD=
+SYSCONFFILE=
 SYSCONFDIR=/etc/sysconfig/
 SPARSE=
 VARDIR=/var/lib

From 5aed14ffdc3ad3844ad0be2f5998949630a0fc41 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 07:25:15 -0700
Subject: [PATCH 09/50] Set PRODUCT before processing rc file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 84b9fb8fa..1485c4b6c 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2276,19 +2276,14 @@ sub read_a_line1() {
 sub process_shorewallrc() {
     my $home = $ENV{HOME} || `echo ~`;
 
+    $shorewallrc{PRODUCT} = $family == F_IPV4 ? 'shorewall' : 'shorewall6';
+
     if ( $home && open_file "$home/.shorewallrc" ) {
 	while ( read_a_line1 ) {
 	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
 		my ($var, $val) = ($1, $2);
-
 		$val = $1 if $val =~ /^\"([^\"]*)\"$/;
-
-		if ( $var eq 'PRODUCT' ) {
-		    $val = $globals{PRODUCT};
-		} elsif ( supplied $val ) {
-		    expand_variables($val, 1 );
-		}
-
+		expand_variables($val, 1 ) if supplied $val;
 		$shorewallrc{$var} = $val;
 	    } else {
 		fatal_error "Unrecognized shorewallrc entry";

From 8a18dac870bf749e17f988badde7b91f5441e3c5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 07:49:52 -0700
Subject: [PATCH 10/50] Installer tweaks

- Give instructions when Shorewall-core installer finds no rc file
- Update help

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 22 ++++++++++++++++++----
 Shorewall-init/install.sh |  4 ++--
 Shorewall-lite/install.sh |  4 ++--
 Shorewall/install.sh      |  5 +++--
 4 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 617a256c0..1b3ee963f 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -27,7 +27,7 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME [ <rcfile> ] "
+    echo "usage: $ME [ <configuration-file> ] "
     echo "       $ME -v"
     echo "       $ME -h"
     exit $1
@@ -148,9 +148,6 @@ if [ $# -eq 0 ]; then
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
-    else
-	file=./shorewallrc.default
-	. $file
     fi
 elif [ $# -eq 1 ]; then
     file=$1
@@ -254,6 +251,23 @@ case "$HOST" in
 	;;
 esac
 
+if [ -z "$file" ]; then
+    if $HOST = linux; then
+	file=shorewallrc.default
+    else
+	file=$shorewallrc.${HOST}
+    fi
+
+    echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
+    echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
+    echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
+    echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
+    echo "" >&2
+    echo "Example:" >&2
+    echo "" >&2
+    echo "   ./install.sh $file" &>2
+fi
+
 if [ -n "$DESTDIR" ]; then
     if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 56daf968d..27d1d0118 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -28,7 +28,7 @@ VERSION=xxx #The Build script inserts the actual version.
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
     echo "       $ME -v"
     echo "       $ME -h"
     exit $1
@@ -143,7 +143,7 @@ if [ $# -eq 0 ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
     else
-	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 643009315..ce098c477 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -27,7 +27,7 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
     echo "       $ME -v"
     echo "       $ME -h"
     exit $1
@@ -158,7 +158,7 @@ if [ $# -eq 0 ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
     else
-	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 449d23c00..cbb6a20bf 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -30,7 +30,7 @@ VERSION=xxx       #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
     echo "       $ME -v"
     echo "       $ME -h"
     echo "       $ME -s"
@@ -177,11 +177,12 @@ if [ $# -eq 0 ]; then
     #
     if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
 	. ../shorewall-pkg.config || exit 1
+	file = ../shorewall-pkg.config
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
     else
-	fatal_error "No rcfile specified and ~/.shorewallrc not found"
+	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1

From 9dd9ee614bb6ab22e671597472349c7ba8c31d5a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 08:27:28 -0700
Subject: [PATCH 11/50] Correct ipset creation and add a WARNING when creating
 an ipset

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index a55f8f26b..2b1e0b277 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6428,15 +6428,23 @@ sub ensure_ipset( $ ) {
 
     if ( $family == F_IPV4 ) {
 	if ( have_capability 'IPSET_V5' ) {
-	    emit ( "    qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet" );
+	    emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
+		   qq(        error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") ,
+		   qq(        \$IPSET -N $set hash:ip family inet") ,
+		   qq(    fi) );
 	} else {
-	    emit ( "    qt \$IPSET -L $set -n || \$IPSET -N $_ iphash" );
+	    emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
+		   qq(        error_message "WARNING: ipset $1 does not exist; creating it as an iphash set") ,
+		   qq(        \$IPSET -N $set iphash") ,
+		   qq(    fi) );
 	}
     } else {
-	emit ( "    qt \$IPSET -L $set -n || \$IPSET -N $_ hash:ip family inet6" );
+	emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
+	       qq(        error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") ,
+	       qq(        \$IPSET -N $set hash:ip family inet6) ,
+	       qq(    fi) );
     }
 }
-    
 
 sub load_ipsets() {
 
@@ -6496,7 +6504,7 @@ sub load_ipsets() {
 	} else {
 	    ensure_ipset( $_ ) for @ipsets;
 	}
-	
+
 	if ( @ipsets ) {
 	    emit ( 'elif [ "$COMMAND" = restart ]; then' );
 	    ensure_ipset( $_ ) for @ipsets;
@@ -6508,7 +6516,7 @@ sub load_ipsets() {
 	    ensure_ipset( $_ ) for @ipsets;
 	    emit( '' );
 	}
-	
+
 	if ( $family == F_IPV4 ) {
 	    emit ( '    if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
 		   '        #',

From 74c7760d9d3aed9bdda798097a22490c0ded7826 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 08:30:30 -0700
Subject: [PATCH 12/50] Correct typo in shorewallrc.suse

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/shorewallrc.suse | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
index 22dc3687d..7b389bf41 100644
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -9,7 +9,7 @@ LIBEXECDIR=${USR}/libexec
 PERLLIBDIR=${USR}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=${SHARDIR}/man/
+MANDIR=${SHAREDIR}/man/
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh

From 25e7555e803fa25f53e3207bf306b71de7639826 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 12:36:25 -0700
Subject: [PATCH 13/50] Correct typo in the compiler

---
 Shorewall-core/shorewallrc.suse      | 2 +-
 Shorewall/Perl/Shorewall/Compiler.pm | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
index 7b389bf41..89d29c242 100644
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -4,10 +4,10 @@
 BUILD=                                  #Default is to detect the build system
 HOST=suse
 USR=/usr
+CONFDIR=/etc
 SHAREDIR=${USR}/share
 LIBEXECDIR=${USR}/libexec
 PERLLIBDIR=${USR}/share/shorewall
-CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man/
 INITDIR=/etc/init.d
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 84bb7aac1..b94b707eb 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -160,7 +160,7 @@ sub generate_script_2() {
 	emit( 'g_family=4' );
 
 	if ( $export ) {
-	    emit ( 'SHAREDIR=$SHARDIR/shorewall-lite',
+	    emit ( 'SHAREDIR=$SHAREDIR/shorewall-lite',
 		   'CONFDIR=$CONFDIR/shorewall-lite',
 		   'VARDIR=$VARDIR/shorewall-lite',
 		   'g_product="Shorewall Lite"',
@@ -168,7 +168,7 @@ sub generate_script_2() {
 		   'g_basedir=/usr/share/shorewall-lite',
 		 );
 	} else {
-	    emit ( 'SHAREDIR=$SHARDIR/shorewall',
+	    emit ( 'SHAREDIR=$SHAREDIR/shorewall',
 		   'CONFDIR=$CONFDIR/shorewall',
 		   'VARDIR=$VARDIR/shorewall',
 		   'g_product=Shorewall',
@@ -180,7 +180,7 @@ sub generate_script_2() {
 	emit( 'g_family=6' );
 
 	if ( $export ) {
-	    emit ( 'SHAREDIR=/$SHARDIR/shorewall6-lite',
+	    emit ( 'SHAREDIR=/$SHAREDIR/shorewall6-lite',
 		   'CONFDIR=$CONFDIR/shorewall6-lite',
 		   'VARDIR=$VARDIR/shorewall6-lite',
 		   'g_product="Shorewall6 Lite"',

From ee15baf98c9fdf7c2940ab4512f1431179012443 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 12:48:57 -0700
Subject: [PATCH 14/50] Correct typo in Chains.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 2b1e0b277..fef8d8adc 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6434,7 +6434,7 @@ sub ensure_ipset( $ ) {
 		   qq(    fi) );
 	} else {
 	    emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
-		   qq(        error_message "WARNING: ipset $1 does not exist; creating it as an iphash set") ,
+		   qq(        error_message "WARNING: ipset $set does not exist; creating it as an iphash set") ,
 		   qq(        \$IPSET -N $set iphash") ,
 		   qq(    fi) );
 	}

From dee20c8d742a97919fc60b9e8dfd288e503c701f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Mar 2012 20:18:20 -0700
Subject: [PATCH 15/50] Add OWNER_NAME_MATCH to do_user

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.base            |  2 +-
 Shorewall-core/lib.cli             |  8 ++++++++
 Shorewall/Perl/Shorewall/Chains.pm | 29 ++++++++++++++++++++++++-----
 Shorewall/Perl/Shorewall/Config.pm | 14 +++++++++++++-
 4 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 99b4a4e7b..2ec014c1d 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -28,7 +28,7 @@
 #
 
 SHOREWALL_LIBVERSION=40500
-SHOREWALL_CAPVERSION=40501
+SHOREWALL_CAPVERSION=40502
 
 [ -n "${g_program:=shorewall}" ]
 
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 0b9ad9727..f532716ee 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1928,6 +1928,7 @@ determine_capabilities() {
     IPRANGE_MATCH=
     RECENT_MATCH=
     OWNER_MATCH=
+    OWNER_NAME_MATCH=
     IPSET_MATCH=
     OLD_IPSET_MATCH=
     IPSET_V5=
@@ -2066,6 +2067,11 @@ determine_capabilities() {
     qt $g_tool -A $chain -m recent --update -j ACCEPT     && RECENT_MATCH=Yes
     qt $g_tool -A $chain -m owner --uid-owner 0 -j ACCEPT && OWNER_MATCH=Yes
 
+    local name
+    name=$(id -un 2> /dev/null)
+
+    [ -n "$name" ] && qt $g_tool -A $chain -m owner --uid-owner $name -j ACCEPT && OWNER_NAME_MATCH=Yes
+
     if qt $g_tool -A $chain -m connmark --mark 2  -j ACCEPT; then
 	CONNMARK_MATCH=Yes
 	qt $g_tool -A $chain -m connmark --mark 2/0xFF -j ACCEPT && XCONNMARK_MATCH=Yes
@@ -2246,6 +2252,7 @@ report_capabilities() {
 	report_capability "IP range Match(IPRANGE_MATCH)" $IPRANGE_MATCH
 	report_capability "Recent Match (RECENT_MATCH)" $RECENT_MATCH
 	report_capability "Owner Match (OWNER_MATCH)" $OWNER_MATCH
+	report_capability "Owner Name Match (OWNER_NAME_MATCH)" $OWNER_NAME_MATCH
 	if [ -n "$IPSET_MATCH" ]; then
 	    report_capability "Ipset Match (IPSET_MATCH)" $IPSET_MATCH
 	    [ -n "$OLD_IPSET_MATCH" ] && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)" $OLD_IPSET_MATCH
@@ -2334,6 +2341,7 @@ report_capabilities1() {
     report_capability1 IPRANGE_MATCH
     report_capability1 RECENT_MATCH
     report_capability1 OWNER_MATCH
+    report_capability1 OWNER_NAME_MATCH
     report_capability1 IPSET_MATCH
     report_capability1 OLD_IPSET_MATCH
     report_capability1 CONNMARK
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index fef8d8adc..6d594df3a 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4066,6 +4066,21 @@ sub do_time( $ ) {
     $result;
 }
 
+sub resolve_id( $$ ) {
+    my ( $id, $type ) = @_;
+
+    if ( $globals{EXPORT} ) {
+	require_capability 'OWNER_NAME_MATCH', "Specifying a $type name", 's';
+    } else {
+	my $num = $type eq 'user' ? getpwnam( $id ) : getgrnam( $id );
+	fatal_error "Unknown $type ($id)" unless supplied $num;
+	$id = $num;
+    }
+
+    $id;
+}
+    
+
 #
 # Create a "-m owner" match for the passed USER/GROUP
 #
@@ -4075,6 +4090,8 @@ sub do_user( $ ) {
 
     return '' unless defined $user and $user ne '-';
 
+    require_capability 'OWNER_MATCH', 'A non-empty USER column', 's';
+
     if ( $user =~ /^(!)?(.*)\+(.*)$/ ) {
 	$rule .= "! --cmd-owner $2 " if supplied $2;
 	$user = "!$1";
@@ -4086,24 +4103,26 @@ sub do_user( $ ) {
     if ( $user =~ /^(!)?(.*):(.*)$/ ) {
 	my $invert = $1 ? '! ' : '';
 	my $group  = defined $3 ? $3 : '';
+
 	if ( supplied $2 ) {
-	    $user = $2;
-	    fatal_error "Unknown user ($user)" unless $user =~ /^\d+$/ || $globals{EXPORT} || defined getpwnam( $user );
+	    $user  = $2;
+	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
 	    $rule .= "${invert}--uid-owner $user ";
 	}
 
 	if ( $group ne '' ) {
-	    fatal_error "Unknown group ($group)" unless $group =~ /\d+$/ || $globals{EXPORT} || defined getgrnam( $group );
+	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+$/;
 	    $rule .= "${invert}--gid-owner $group ";
 	}
     } elsif ( $user =~ /^(!)?(.*)$/ ) {
 	my $invert = $1 ? '! ' : '';
 	$user   = $2;
+
 	fatal_error "Invalid USER/GROUP (!)" if $user eq '';
-	fatal_error "Unknown user ($user)" unless $user =~ /^\d+$/ || $globals{EXPORT} || defined getpwnam( $user );
+	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+$/;
 	$rule .= "${invert}--uid-owner $user ";
     } else {
-	fatal_error "Unknown user ($user)" unless $user =~ /^\d+$/ || $globals{EXPORT} || defined getpwnam( $user );
+	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
 	$rule .= "--uid-owner $user ";
     }
 
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 1485c4b6c..23e59f6b3 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -244,6 +244,8 @@ my  %capdesc = ( NAT_ENABLED     => 'NAT',
 		 IPRANGE_MATCH   => 'IP Range Match',
 		 RECENT_MATCH    => 'Recent Match',
 		 OWNER_MATCH     => 'Owner Match',
+		 OWNER_NAME_MATCH
+		                 => 'Owner Name Match',
 		 IPSET_MATCH     => 'Ipset Match',
 		 OLD_IPSET_MATCH => 'Old Ipset Match',
 		 IPSET_V5        => 'Version 5 ipsets',
@@ -488,7 +490,7 @@ sub initialize( $ ) {
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED  => 0,
 		    VERSION    => "4.4.22.1",
-		    CAPVERSION => 40501 ,
+		    CAPVERSION => 40502 ,
 		  );
     #
     # From shorewall.conf file
@@ -668,6 +670,7 @@ sub initialize( $ ) {
 	       IPRANGE_MATCH => undef,
 	       RECENT_MATCH => undef,
 	       OWNER_MATCH => undef,
+	       OWNER_NAME_MATCH => undef,
 	       IPSET_MATCH => undef,
 	       OLD_IPSET_MATCH => undef,
 	       IPSET_V5 => undef,
@@ -2715,6 +2718,12 @@ sub Owner_Match() {
     qt1( "$iptables -A $sillyname -m owner --uid-owner 0 -j ACCEPT" );
 }
 
+sub Owner_Name_Match() {
+    if ( my $name = `id -un 2> /dev/null` ) {
+	qt1( "$iptables -A $sillyname -m owner --uid-owner $name -j ACCEPT" );
+    }
+}
+
 sub Connmark_Match() {
     qt1( "$iptables -A $sillyname -m connmark --mark 2  -j ACCEPT" );
 }
@@ -3038,6 +3047,7 @@ our %detect_capability =
       OLD_HL_MATCH => \&Old_Hashlimit_Match,
       OLD_IPP2P_MATCH => \&Old_Ipp2p_Match,
       OWNER_MATCH => \&Owner_Match,
+      OWNER_NAME_MATCH => \&Owner_Name_Match,
       PERSISTENT_SNAT => \&Persistent_Snat,
       PHYSDEV_BRIDGE => \&Physdev_Bridge,
       PHYSDEV_MATCH => \&Physdev_Match,
@@ -3133,6 +3143,8 @@ sub determine_capabilities() {
 	$capabilities{IPRANGE_MATCH}   = detect_capability( 'IPRANGE_MATCH' );
 	$capabilities{RECENT_MATCH}    = detect_capability( 'RECENT_MATCH' );
 	$capabilities{OWNER_MATCH}     = detect_capability( 'OWNER_MATCH' );
+	$capabilities{OWNER_NAME_MATCH}
+                                       = detect_capability( 'OWNER_NAME_MATCH' );
 	$capabilities{CONNMARK_MATCH}  = detect_capability( 'CONNMARK_MATCH' );
 	$capabilities{XCONNMARK_MATCH} = detect_capability( 'XCONNMARK_MATCH' );
 	$capabilities{IPP2P_MATCH}     = detect_capability( 'IPP2P_MATCH' );

From c23deed3a7f97477f3274ad3ecb3a0b83553c95d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 07:04:21 -0700
Subject: [PATCH 16/50] Correct syntax error in init.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/init.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/init.sh b/Shorewall/init.sh
index 4d4cf2f7d..743033d90 100755
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
 # Give Usage Information						       #
 ################################################################################
 usage() {
-    echo "Usage: $0 start|stop|reload|restart|status" > &2
+    echo "Usage: $0 start|stop|reload|restart|status" >&2
     exit 1
 }
 

From 2518c653af1fbac41c0bc8c7b1d4a982c743e851 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 07:20:31 -0700
Subject: [PATCH 17/50] Modify RedHat/Fedora init scripts for shorewallrc.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/init.fedora.sh  | 21 +++++++++++++--------
 Shorewall-lite/init.fedora.sh  | 14 +++++++++++---
 Shorewall/init.fedora.sh       | 14 +++++++++++---
 Shorewall6-lite/init.fedora.sh | 14 +++++++++++---
 Shorewall6/init.fedora.sh      | 13 ++++++++++---
 5 files changed, 56 insertions(+), 20 deletions(-)

diff --git a/Shorewall-init/init.fedora.sh b/Shorewall-init/init.fedora.sh
index a9bd23565..6488a423e 100644
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -13,6 +13,15 @@
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.  
 ### END INIT INFO
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+    VARDIR=/var/lib
+fi
+
 prog="shorewall-init"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/shorewall-init"
@@ -44,10 +53,8 @@ start () {
 
     echo -n "Initializing \"Shorewall-based firewalls\": "
     for product in $PRODUCTS; do
-	vardir=/var/lib/$product
-	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
-	if [ -x ${vardir}/firewall ]; then
-	    ${vardir}/firewall stop 2>&1 | $logger
+	if [ -x ${VARDIR}/$product/firewall ]; then
+	    ${VARDIR}/$product/firewall stop 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ retval -ne 0 ] && break
 	fi
@@ -70,10 +77,8 @@ stop () {
 
     echo -n "Clearing \"Shorewall-based firewalls\": "
     for product in $PRODUCTS; do
-	vardir=/var/lib/$product
-	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
-	if [ -x ${vardir}/firewall ]; then
-	    ${vardir}/firewall clear 2>&1 | $logger
+	if [ -x ${VARDIR}/$product/firewall ]; then
+	    ${VARDIR}/$product/firewall clear 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ retval -ne 0 ] && break
 	fi
diff --git a/Shorewall-lite/init.fedora.sh b/Shorewall-lite/init.fedora.sh
index c18529976..c5b10a269 100644
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -20,16 +20,24 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+fi
+
 prog="shorewall-lite"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 
 # Get startup options (override default)
 OPTIONS=
 
-if [ -f /etc/sysconfig/$prog ]; then
-    . /etc/sysconfig/$prog
+if [ -f ${SYSCONFDIR}/$prog ]; then
+    . ${SYSCONFDIR}/$prog
 fi
 
 start() {
diff --git a/Shorewall/init.fedora.sh b/Shorewall/init.fedora.sh
index 14bf9830c..a6bd2b73c 100644
--- a/Shorewall/init.fedora.sh
+++ b/Shorewall/init.fedora.sh
@@ -20,16 +20,24 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+fi
+
 prog="shorewall"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 
 # Get startup options (override default)
 OPTIONS=
 
-if [ -f /etc/sysconfig/$prog ]; then
-    . /etc/sysconfig/$prog
+if [ -f ${SYSCONFDIR}/$prog ]; then
+    . ${SYSCONFDIR}/$prog
 fi
 
 start() {
diff --git a/Shorewall6-lite/init.fedora.sh b/Shorewall6-lite/init.fedora.sh
index 13a7019bb..c8912f730 100644
--- a/Shorewall6-lite/init.fedora.sh
+++ b/Shorewall6-lite/init.fedora.sh
@@ -20,16 +20,24 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+fi
+
 prog="shorewall6-lite"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 
 # Get startup options (override default)
 OPTIONS=
 
-if [ -f /etc/sysconfig/$prog ]; then
-    . /etc/sysconfig/$prog
+if [ -f ${SYSCONFDIR}/$prog ]; then
+    . ${SYSCONFDIR}/$prog
 fi
 
 start() {
diff --git a/Shorewall6/init.fedora.sh b/Shorewall6/init.fedora.sh
index cd5896f7b..5aa46aaaa 100644
--- a/Shorewall6/init.fedora.sh
+++ b/Shorewall6/init.fedora.sh
@@ -20,16 +20,23 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
+#determine where the files were installed
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+fi
 prog="shorewall6"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 
 # Get startup options (override default)
 OPTIONS=
 
-if [ -f /etc/sysconfig/$prog ]; then
-    . /etc/sysconfig/$prog
+if [ -f ${SYSCONFDIR}/$prog ]; then
+    . ${SYSCONFDIR}/$prog
 fi
 
 start() {

From fd828773122ef2b3db773e85d85ee2c4afc2836e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 07:49:49 -0700
Subject: [PATCH 18/50] Another fix for init.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-lite/init.sh  | 8 ++++----
 Shorewall/init.sh       | 8 ++++----
 Shorewall6-lite/init.sh | 8 ++++----
 Shorewall6/init.sh      | 8 ++++----
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/Shorewall-lite/init.sh b/Shorewall-lite/init.sh
index 811720d70..3d342cc14 100755
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -65,7 +65,7 @@ OPTIONS=
 if [ ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
 else
-    SBIN=/sbin
+    SBINDIR=/sbin
     SYSCONFDIR=/etc/sysconfig
 fi
 
@@ -82,13 +82,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec ${SBIN}/shorewall-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec ${SBIN}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec ${SBIN}/shorewall-lite $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 	;;
     *)
 	usage
diff --git a/Shorewall/init.sh b/Shorewall/init.sh
index 743033d90..b96c7319c 100755
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@@ -66,7 +66,7 @@ OPTIONS="-v0"
 if [ ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
 else
-    SBIN=/sbin
+    SBINDIR=/sbin
     SYSCONFDIR=/etc/sysconfig
 fi
 
@@ -84,13 +84,13 @@ shift
 
 case "$command" in
     start)
-	exec $SBIN/shorewall $OPTIONS start $STARTOPTIONS
+	exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec $SBIN/shorewall $OPTIONS restart $RESTARTOPTIONS
+	exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec $SBIN/shorewall $OPTIONS $command
+	exec $SBINDIR/shorewall $OPTIONS $command
 	;;
     *)
 	usage
diff --git a/Shorewall6-lite/init.sh b/Shorewall6-lite/init.sh
index 61868d706..6de96a233 100755
--- a/Shorewall6-lite/init.sh
+++ b/Shorewall6-lite/init.sh
@@ -65,7 +65,7 @@ OPTIONS=
 if [ ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
 else
-    SBIN=/sbin
+    SBINDIR=/sbin
     SYSCONFDIR=/etc/sysconfig
 fi
 
@@ -82,13 +82,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec ${SBIN}/shorewall6-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec ${SBIN}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec ${SBIN}/shorewall6-lite $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
 	;;
     *)
 	usage
diff --git a/Shorewall6/init.sh b/Shorewall6/init.sh
index 4448854a6..5d08a5065 100755
--- a/Shorewall6/init.sh
+++ b/Shorewall6/init.sh
@@ -66,7 +66,7 @@ OPTIONS="-v0"
 if [ ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
 else
-    SBIN=/sbin
+    SBINDIR=/sbin
     SYSCONFDIR=/etc/sysconfig
 fi
 
@@ -85,13 +85,13 @@ command="$1"
 
 case "$command" in
     start)
-	exec ${SBIN}/shorewall6 $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall6 $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec ${SBIN}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec ${SBIN}/shorewall6 $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall6 $OPTIONS $command $@
 	;;
     *)
 	usage

From 7b9c1d43cd20acd9095297416e7a3052789fe530 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 15:00:43 -0700
Subject: [PATCH 19/50] Look in additional places for .shorewallrc

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh     |  4 ++--
 Shorewall-core/lib.base       | 17 +++++++++++++----
 Shorewall-core/lib.cli        | 10 +++++++++-
 Shorewall-init/shorewall-init | 16 ++++++++++++----
 Shorewall-lite/shorewall-lite | 10 +++++++++-
 Shorewall/shorewall           | 11 +++++++++--
 6 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 1b3ee963f..b04548868 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -315,8 +315,8 @@ chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 
 cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 
-if [ -z "${DESTDIR}" ]; then
-    [ -f ~/.shorewallrc ] || cp $file ~/.shorewallrc
+if [ -z "${DESTDIR}" -n ${HOME} ]; then
+    [ -f ${HOME}/.shorewallrc ] || cp $file ${HOME}/.shorewallrc
 fi
 #
 #  Report Success
diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 2ec014c1d..76aeeb94f 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -33,8 +33,17 @@ SHOREWALL_CAPVERSION=40502
 [ -n "${g_program:=shorewall}" ]
 
 if [ -z "$g_readrc" ]; then
-    if [ -f ~/.shorewallrc ]; then
+  
+    if [ -f ./.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+    elif [ -r /.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+    elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+	. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
     else
 	SHAREDIR=/usr/share
 	CONFDIR=/etc
@@ -471,14 +480,14 @@ mktempfile() {
     else
 	case "$MKTEMP" in
 	    BSD)
-		mktemp /tmp/shorewall.XXXXXX
+		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
 		;;
 	    STD)
 		mktemp -t shorewall.XXXXXX
 		;;
 	    None)
-		rm -f /tmp/shorewall-$$
-		> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
+		rm -f ${TMPDIR:-/tmp}/shorewall-$$
+		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
 		;;
 	    *)
 		error_message "ERROR:Internal error in mktempfile"
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index f532716ee..d44cf111b 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -25,8 +25,16 @@
 #
 
 if [ -z "$g_readrc" ]; then
-    if [ -f ~/.shorewallrc ]; then
+    if [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+    elif [ -r /.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+    elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+	. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
     else
 	SHAREDIR=/usr/share
 	CONFDIR=${CONFDIR}
diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index f34de5ee0..4a190899c 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -23,10 +23,20 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #########################################################################################
-if [ -f ~/.shorewallrc ]; then
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
 else
-    echo "ERROR: ./.shorewallrc not found" >&2
+    VARDIR=/var/lib
+    LIBEXECDIR=/usr/share
+    SYSCONFDIR=/etc/sysconfig
 fi
 
 # check if shorewall-init is configured or not
@@ -48,8 +58,6 @@ shorewall_start () {
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
   for PRODUCT in $PRODUCTS; do
-      VARDIR=/var/lib/$PRODUCT
-      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
       if [ -x ${VARDIR}/firewall ]; then
 	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
 	      ${VARDIR}/firewall stop || exit 1
diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index 698e698bd..bbad1fbde 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -27,8 +27,16 @@
 ################################################################################################
 g_program=shorewall-lite
 
-if [ -f ~/.shorewallrc ]; then
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
     CONFDIR=${CONFDIR}
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 7cbca8e00..5bcc979bc 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -27,8 +27,16 @@
 ################################################################################################
 g_program=shorewall
 
-if [ -f ~/.shorewallrc ]; then
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
     CONFDIR=${CONFDIR}
@@ -36,7 +44,6 @@ else
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share
     PERLLIBDIR=/usr/share/shorewall
-
 fi
 
 g_libexec="$LIBEXECDIR"

From 8a164adf9833dddb57d4efa700a940600964783d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 15:43:04 -0700
Subject: [PATCH 20/50] Export TMPDIR	if it exists in the .shorewallrc file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/prog.footer | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index ad67eb4ab..9ebff0aa5 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -85,14 +85,24 @@ g_noroutes=$NOROUTES
 g_timestamp=$TIMESTAMP
 g_recovering=$RECOVERING
 
-if [ -f ~/.shorewallrc ]; then
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
 else
     CONFDIR=/etc
     SHAREDIR=/usr/share
     VARDIR=/var/lib
 fi
 
+[ -n "$TMPDIR" ] && export TMPDIR
+
 initialize
 
 if [ -n "$STARTUP_LOG" ]; then

From e641bf7ac2be1f6111ffea9064f8647b8ba4e87a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 16:01:35 -0700
Subject: [PATCH 21/50] Correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.base         |  4 ++--
 Shorewall-core/lib.cli          |  4 ++--
 Shorewall-init/shorewall-init   |  4 ++--
 Shorewall-lite/shorewall-lite   |  4 ++--
 Shorewall/Perl/prog.footer      |  5 ++++-
 Shorewall/shorewall             |  2 +-
 Shorewall6-lite/shorewall6-lite | 10 +++++++++-
 7 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 76aeeb94f..ab6e2947e 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -42,8 +42,8 @@ if [ -z "$g_readrc" ]; then
 	. /root/.shorewallrc || exit 1
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
-    elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-	. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
     else
 	SHAREDIR=/usr/share
 	CONFDIR=/etc
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index d44cf111b..2d6366e76 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -33,8 +33,8 @@ if [ -z "$g_readrc" ]; then
 	. /root/.shorewallrc || exit 1
     elif [ -r /.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
-    elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-	. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
     else
 	SHAREDIR=/usr/share
 	CONFDIR=${CONFDIR}
diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index 4a190899c..5ea9a304e 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -31,8 +31,8 @@ elif [ -r /root/.shorewallrc ]; then
     . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
     . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
+elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share
diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index bbad1fbde..399bcc22d 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -35,8 +35,8 @@ elif [ -r /root/.shorewallrc ]; then
     . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
     . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
+elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
     CONFDIR=${CONFDIR}
diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index 9ebff0aa5..71dab33df 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -101,7 +101,10 @@ else
     VARDIR=/var/lib
 fi
 
-[ -n "$TMPDIR" ] && export TMPDIR
+if [ -n "$TEMPDIR" ]; then
+    TMPDIR="$TEMPDIR"
+    export TMPDIR
+fi
 
 initialize
 
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 5bcc979bc..808b4b731 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -36,7 +36,7 @@ elif [ -r /root/.shorewallrc ]; then
 elif [ -r /.shorewallrc ]; then
     . /root/.shorewallrc || exit 1
 elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
     CONFDIR=${CONFDIR}
diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite
index f38677915..76cb4085e 100755
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@@ -27,8 +27,16 @@
 ################################################################################################
 g_program=shorewall6-lite
 
-if [ -f ~/.shorewallrc ]; then
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
     CONFDIR=${CONFDIR}

From b31f656d63f78d6e9921f57cc314aec6a526002d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 16:19:40 -0700
Subject: [PATCH 22/50] Update uninstall scripts for multiple .shorewallrc
 locations.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/uninstall.sh  | 18 ++++++++++++++----
 Shorewall-init/uninstall.sh  | 12 ++++++++++--
 Shorewall-lite/uninstall.sh  | 12 ++++++++++--
 Shorewall/uninstall.sh       | 12 ++++++++++--
 Shorewall6-lite/uninstall.sh | 12 ++++++++++--
 Shorewall6/uninstall.sh      | 12 ++++++++++--
 6 files changed, 64 insertions(+), 14 deletions(-)

diff --git a/Shorewall-core/uninstall.sh b/Shorewall-core/uninstall.sh
index 3c45cd296..6fc6af188 100755
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -60,12 +60,22 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+else
+    SHAREDIR=/usr/share
 fi
 
-if [ -f /usr/share/shorewall/coreversion ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
+if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh
index 42910f4e3..78ff5e754 100755
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -69,8 +69,16 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     [ -n "${LIBEXEC:=/usr/share}" ]
     [ -n "${PERLLIB:=/usr/share/shorewall}" ]
diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh
index be600bc5f..8454ce55c 100755
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -69,8 +69,16 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     [ -n "${LIBEXEC:=/usr/share}" ]
     [ -n "${PERLLIB:=/usr/share/shorewall}" ]
diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh
index 86bcfbe9d..7f96d4a07 100755
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@@ -69,8 +69,16 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     [ -n "${LIBEXEC:=/usr/share}" ]
     [ -n "${PERLLIB:=/usr/share/shorewall}" ]
diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh
index 2adb1f7a5..eda69b81c 100755
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@@ -69,8 +69,16 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     [ -n "${LIBEXEC:=/usr/share}" ]
     [ -n "${PERLLIB:=/usr/share/shorewall}" ]
diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh
index 420fef336..6ebe23283 100755
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@@ -69,8 +69,16 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ~/.shorewallrc ]; then
-    . ~/shorewallrc || exit 1
+if [ -f ./.shorewallrc ]; then
+    . ./.shorewallrc || exit 1
+elif [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+elif [ -r /root/.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif [ -r /.shorewallrc ]; then
+    . /root/.shorewallrc || exit 1
+elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
+    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     [ -n "${LIBEXEC:=/usr/share}" ]
     [ -n "${PERLLIB:=/usr/share/shorewall}" ]

From f2311f198769ecb1a544eb1ce10bc013733ce877 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Mar 2012 17:01:55 -0700
Subject: [PATCH 23/50] Update install scripts to look for .shorewallrc in many
 places

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 16 +++++++++++++---
 Shorewall-core/lib.base   |  2 +-
 Shorewall-init/install.sh | 14 ++++++++++++--
 Shorewall-lite/install.sh | 14 ++++++++++++--
 Shorewall/install.sh      | 17 +++++++++++++----
 5 files changed, 51 insertions(+), 12 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index b04548868..de7539658 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -143,11 +143,21 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
-	. ../shorewall-pkg.config || exit 1
+    if [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+	file=/root/.shoreallrc
+    elif [ -r /.shorewallrc ]; then
+	. /.shorewallrc || exit 1
+	file =/.shoreallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+	file=${SHOREWALLRC_HOME}/.shorewallrc
     fi
 elif [ $# -eq 1 ]; then
     file=$1
@@ -155,7 +165,7 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file
+	    file=./$file || 1
 	    ;;
     esac
 
diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index ab6e2947e..568ffe07b 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -35,7 +35,7 @@ SHOREWALL_CAPVERSION=40502
 if [ -z "$g_readrc" ]; then
   
     if [ -f ./.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
+	. ./.shorewallrc || exit 1
     elif [ -r /root/.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
     elif [ -r /.shorewallrc ]; then
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 27d1d0118..f96f57800 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -137,11 +137,21 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
-	. ../shorewall-pkg.config || exit 1
+    if [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+	file=/root/.shoreallrc
+    elif [ -r /.shorewallrc ]; then
+	. /.shorewallrc || exit 1
+	file =/.shoreallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+	file=${SHOREWALLRC_HOME}/.shorewallrc
     else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index ce098c477..5b482a3bb 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -152,11 +152,21 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
-	. ../shorewall-pkg.config || exit 1
+    if [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+	file=/root/.shoreallrc
+    elif [ -r /.shorewallrc ]; then
+	. /.shorewallrc || exit 1
+	file =/.shoreallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+	file=${SHOREWALLRC_HOME}/.shorewallrc
     else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index cbb6a20bf..ce68dfef2 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -175,14 +175,23 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -n "${DESTDIR}" -a -f ../shorewall-pkg.config ]; then
-	. ../shorewall-pkg.config || exit 1
-	file = ../shorewall-pkg.config
+    if [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -r /root/.shorewallrc ]; then
+	. /root/.shorewallrc || exit 1
+	file=/root/.shoreallrc
+    elif [ -r /.shorewallrc ]; then
+	. /.shorewallrc || exit 1
+	file =/.shoreallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
+    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
+	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+	file=${SHOREWALLRC_HOME}/.shorewallrc
     else
-	fatal_error "No configuration file specified and ~/.shorewallrc not found"
+	fatal_error "No configuration file specified and .shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1

From e09457cdf98ae8682953143ad99e450a268b078a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 27 Mar 2012 07:46:53 -0700
Subject: [PATCH 24/50] Correct Typo in setup_null_routing()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Providers.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 0851a5b9c..14b8831aa 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1021,7 +1021,7 @@ sub add_a_route( ) {
 
 sub setup_null_routing() {
     save_progress_message "Null Routing the RFC 1918 subnets";
-    emit "> \${VARDIR}undo_rfc1918_routing\n";
+    emit "> \${VARDIR}/undo_rfc1918_routing\n";
     for ( rfc1918_networks ) {
 	emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then),
 	      qq(    run_ip route replace unreachable $_),

From e1e48552118df231a36ff2aab648a905bccd3df1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 27 Mar 2012 07:47:22 -0700
Subject: [PATCH 25/50] Rename USR to PREFIX

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh            |  2 --
 Shorewall-core/shorewallrc.apple     |  8 ++++----
 Shorewall-core/shorewallrc.archlinux |  8 ++++----
 Shorewall-core/shorewallrc.cygwin    |  8 ++++----
 Shorewall-core/shorewallrc.debian    | 10 +++++-----
 Shorewall-core/shorewallrc.default   | 10 +++++-----
 Shorewall-core/shorewallrc.redhat    |  6 +++---
 Shorewall-core/shorewallrc.slackware | 10 +++++-----
 Shorewall-core/shorewallrc.suse      |  8 ++++----
 Shorewall-lite/install.sh            |  2 --
 Shorewall/install.sh                 |  2 --
 11 files changed, 34 insertions(+), 40 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index de7539658..6dc350304 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -98,8 +98,6 @@ require()
 
 cd "$(dirname $0)"
 
-[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
-
 #
 # Parse the run line
 #
diff --git a/Shorewall-core/shorewallrc.apple b/Shorewall-core/shorewallrc.apple
index b14fc183d..0818929ea 100644
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -3,10 +3,10 @@
 #
 BUILD=apple
 HOST=apple
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man
diff --git a/Shorewall-core/shorewallrc.archlinux b/Shorewall-core/shorewallrc.archlinux
index 9e6f0741d..fe3d30f8d 100644
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -3,10 +3,10 @@
 #
 BUILD=archlinux
 HOST=archlinux
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man
diff --git a/Shorewall-core/shorewallrc.cygwin b/Shorewall-core/shorewallrc.cygwin
index 63fed9c56..f8cfd5bbd 100644
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -3,10 +3,10 @@
 #
 BUILD=cygwin
 HOST=cygwin
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/bin
 MANDIR=${SHAREDIR}/man
diff --git a/Shorewall-core/shorewallrc.debian b/Shorewall-core/shorewallrc.debian
index 5f113abcc..6d588fcba 100644
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -3,13 +3,13 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=${USR}/man
+MANDIR=${PREFIX}/man
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.debian.sh
diff --git a/Shorewall-core/shorewallrc.default b/Shorewall-core/shorewallrc.default
index 20ea342a4..318d96bc3 100644
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -3,13 +3,13 @@
 #
 HOST=                                   #Default is to detect the host system
 BUILD=                                  #Default is to detect the build system
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=${USR}/man
+MANDIR=${PREFIX}/man
 INITDIR=etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
diff --git a/Shorewall-core/shorewallrc.redhat b/Shorewall-core/shorewallrc.redhat
index 6a3b3015f..f172ad06b 100644
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -3,9 +3,9 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=/usr/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
diff --git a/Shorewall-core/shorewallrc.slackware b/Shorewall-core/shorewallrc.slackware
index 459bcf98c..e0adbfc19 100644
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -3,13 +3,13 @@
 #
 BUILD=slackware
 HOST=slackware
-USR=/usr
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/share
-PERLLIBDIR=${USR}/share/shorewall
+PREFIX=/usr
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
-MANDIR=${USR}/man
+MANDIR=${PREFIX}/man
 INITDIR=/etc/rc.d
 INITSOURCE=init.slackware.firewall
 INITFILE=rc.firewall
diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
index 89d29c242..316e67d73 100644
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -3,11 +3,11 @@
 #
 BUILD=                                  #Default is to detect the build system
 HOST=suse
-USR=/usr
+PREFIX=/usr
 CONFDIR=/etc
-SHAREDIR=${USR}/share
-LIBEXECDIR=${USR}/libexec
-PERLLIBDIR=${USR}/share/shorewall
+SHAREDIR=${PREFIX}/share
+LIBEXECDIR=${PREFIX}/share
+PERLLIBDIR=${PREFIX}/share/shorewall
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man/
 INITDIR=/etc/init.d
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 5b482a3bb..f287cd28c 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -109,8 +109,6 @@ else
     Product="Shorewall6 Lite"
 fi
 
-[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
-
 #
 # Parse the run line
 #
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index ce68dfef2..ffe147fcb 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -115,8 +115,6 @@ else
     Product=Shorewall6
 fi
 
-[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
-
 #
 # Parse the run line
 #

From 7ded1df94bd66ddd1958d823bb929b3915878976 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 27 Mar 2012 14:33:49 -0700
Subject: [PATCH 26/50] Add a configure script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure  | 106 ++++++++++++++++++++++++++++++++++++++
 Shorewall-core/install.sh |  14 +++--
 2 files changed, 116 insertions(+), 4 deletions(-)
 create mode 100755 Shorewall-core/configure

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
new file mode 100755
index 000000000..a6cbeb7d8
--- /dev/null
+++ b/Shorewall-core/configure
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
+#
+#	Shorewall documentation is available at http://www.shorewall.net
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#       Usage: ./configure <vendor> [ <option>=<setting> ] ...
+#
+#
+################################################################################################
+declare -A params
+declare -A options
+declare -u pn
+
+if [ $# -eq 0 ]; then
+    echo "Usage: $0 <var>=<val> ..." >&2
+    exit 1
+fi
+
+getfileparams() {
+    while read option; do
+	case $option in
+	    \#*)
+		;;
+	    *)
+		on=${option%=*}
+		ov=${option#*=}
+		ov=${ov%#*}
+		[ -n "$on" ] && options[${on}]="${ov}"
+		;;
+	esac
+
+    done
+    
+    return 0
+}
+
+for p in $@; do
+  p=${p#--}
+  [ -n "${p}" ] && {
+    pn=${p%=*}
+    pv=${p#*=}
+    [ -n ${pn} ] && params[${pn}]="${pv}"
+  }
+done
+
+vendor=${params[VENDOR]}
+if [ -z "$vendor" ]; then
+    rcfile=shorewallrc.default
+    vendor=linux
+else
+    rcfile=shorewallrc.$vendor
+fi
+
+getfileparams < $rcfile || exit 1
+
+for p in ${!params[@]}; do
+    options[${p}]="${params[${p}]}"
+    options[${p}]="${params[${p}]}"
+done
+
+echo "HOST=$vendor" > shorewallrc
+
+for on in \
+    PREFIX \
+    SHAREDIR \
+    LIBEXECDIR \
+    PERLLIBDIR \
+    CONFDIR \
+    SBINDIR \
+    MANDIR \
+    INITDIR \
+    INITSOURCE \
+    INITFILE \
+    AUXINITSOURCE \
+    AUXINITFILE \
+    SYSTEMD \
+    SYSCONFILE \
+    SYSCONFDIR \
+    ANNOTATED \
+    VARDIR
+do
+    echo "$on=${options[${on}]}" >> shorewallrc
+done
+
+cat shorewallrc
+
+
+    
diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 6dc350304..aa06beffd 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -138,9 +138,6 @@ local file
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    #
-    # Load packager's settings if any
-    #
     if [ -f ./.shorewallrc ]; then
 	. ./.shorewallrc || exit 1
 	file=./.shorewallrc
@@ -163,11 +160,20 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || 1
+	    file=./$file || exit 1
 	    ;;
     esac
 
     . $file
+
+    if [ -n "$RPM" -a -f config ]; then
+	. $config || exit 1
+	> shorewallrc
+	for var in HOST SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR MANDIR INITDIR INITSOURCE INITFILE AUXINITSOURCE AUXINITFILE SYSTEMD SYSCONFFILE SYSCONFDIR ANNOTATED VARDIR; do
+	    eval echo $var=\$$var >> shorewallrc
+	done
+	file=shorewallrc
+    fi	
 else
     usage 1
 fi

From c2fa5ae78f0eb1e61ae9d1cecc2c50f3f025d921 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 27 Mar 2012 20:19:06 -0700
Subject: [PATCH 27/50] Correct typo in install.sh files

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 4 ++--
 Shorewall-init/install.sh | 4 ++--
 Shorewall-lite/install.sh | 4 ++--
 Shorewall/install.sh      | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index aa06beffd..939209c9e 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -143,10 +143,10 @@ if [ $# -eq 0 ]; then
 	file=./.shorewallrc
     elif [ -r /root/.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
-	file=/root/.shoreallrc
+	file=/root/.shorewallrc
     elif [ -r /.shorewallrc ]; then
 	. /.shorewallrc || exit 1
-	file =/.shoreallrc 
+	file =/.shorewallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index f96f57800..d0eeae874 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -142,10 +142,10 @@ if [ $# -eq 0 ]; then
 	file=./.shorewallrc
     elif [ -r /root/.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
-	file=/root/.shoreallrc
+	file=/root/.shorewallrc
     elif [ -r /.shorewallrc ]; then
 	. /.shorewallrc || exit 1
-	file =/.shoreallrc 
+	file =/.shorewallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index f287cd28c..3966626b9 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -155,10 +155,10 @@ if [ $# -eq 0 ]; then
 	file=./.shorewallrc
     elif [ -r /root/.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
-	file=/root/.shoreallrc
+	file=/root/.shorewallrc
     elif [ -r /.shorewallrc ]; then
 	. /.shorewallrc || exit 1
-	file =/.shoreallrc 
+	file =/.shorewallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index ffe147fcb..e56a2b5e1 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -178,10 +178,10 @@ if [ $# -eq 0 ]; then
 	file=./.shorewallrc
     elif [ -r /root/.shorewallrc ]; then
 	. /root/.shorewallrc || exit 1
-	file=/root/.shoreallrc
+	file=/root/.shorewallrc
     elif [ -r /.shorewallrc ]; then
 	. /.shorewallrc || exit 1
-	file =/.shoreallrc 
+	file =/.shorewallrc 
     elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc

From 62f37e6b23fd6e62edcc06ed8a1028ee4ace7283 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 27 Mar 2012 20:30:26 -0700
Subject: [PATCH 28/50] Correct type on Shorewall-core install script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 939209c9e..957683696 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -329,7 +329,7 @@ chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 
 cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 
-if [ -z "${DESTDIR}" -n ${HOME} ]; then
+if [ -z "${DESTDIR}" -a -n ${HOME} ]; then
     [ -f ${HOME}/.shorewallrc ] || cp $file ${HOME}/.shorewallrc
 fi
 #

From 416f854311259a8886f18fa32c5aaebc58251d7c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 28 Mar 2012 06:13:10 -0700
Subject: [PATCH 29/50] Rename vendor -> host

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index a6cbeb7d8..2ac88aa27 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -61,7 +61,7 @@ for p in $@; do
   }
 done
 
-vendor=${params[VENDOR]}
+vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
     rcfile=shorewallrc.default
     vendor=linux

From 0d19c99699ea7d6285066cbffa94063e391bfcaf Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 28 Mar 2012 06:28:53 -0700
Subject: [PATCH 30/50] Correct default setting of CONFDIR when .shorewallrc is
 not found

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-lite/shorewall-lite   | 2 +-
 Shorewall/shorewall             | 2 +-
 Shorewall6-lite/shorewall6-lite | 2 +-
 Shorewall6/shorewall6           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index 399bcc22d..7b824a320 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -39,7 +39,7 @@ elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
     . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
-    CONFDIR=${CONFDIR}
+    CONFDIR=/etc
     SBINDIR=/sbin
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 808b4b731..b7bc7b810 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -39,7 +39,7 @@ elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
     . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
-    CONFDIR=${CONFDIR}
+    CONFDIR=/etc
     SBINDIR=/sbin
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share
diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite
index 76cb4085e..a1291267d 100755
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@@ -39,7 +39,7 @@ elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
     . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
-    CONFDIR=${CONFDIR}
+    CONFDIR=/etc
     SBINDIR=/sbin
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share
diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6
index 329f84f26..a1e3e50d0 100755
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@@ -31,7 +31,7 @@ if [ -f ~/.shorewallrc ]; then
     . ~/.shorewallrc || exit 1
 else
     SHAREDIR=/usr/share
-    CONFDIR=${CONFDIR}
+    CONFDIR=/etc
     SBINDIR=/sbin
     VARDIR=/var/lib
     LIBEXECDIR=/usr/share

From 9713fe358b971a2bc2ddaac498bd0cfd738d5f00 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 28 Mar 2012 17:01:43 -0700
Subject: [PATCH 31/50] Add aliases for certain parameters.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index 2ac88aa27..c5368f425 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -27,12 +27,6 @@
 ################################################################################################
 declare -A params
 declare -A options
-declare -u pn
-
-if [ $# -eq 0 ]; then
-    echo "Usage: $0 <var>=<val> ..." >&2
-    exit 1
-fi
 
 getfileparams() {
     while read option; do
@@ -52,16 +46,35 @@ getfileparams() {
     return 0
 }
 
+if [ $# -eq 0 ]; then
+    echo "Usage: $0 <var>=<val> ..." >&2
+    exit 1
+fi
+
 for p in $@; do
   p=${p#--}
   [ -n "${p}" ] && {
     pn=${p%=*}
     pv=${p#*=}
-    [ -n ${pn} ] && params[${pn}]="${pv}"
+    if [ -n ${pn} ]; then
+	case ${pn} in
+	    VENDOR)
+		pn=HOST
+		;;
+	    SHAREDSTATEDIR)
+		pn=VARDIR
+		;;
+	    DATADIR)
+		pn=SHAREDIR
+		;;
+	esac
+	    
+	params[${pn}]="${pv}"
   }
 done
 
 vendor=${params[HOST]}
+
 if [ -z "$vendor" ]; then
     rcfile=shorewallrc.default
     vendor=linux

From 2d841269ee4a98601bbe08d673695eef14db61de Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 28 Mar 2012 17:01:56 -0700
Subject: [PATCH 32/50] Remove 'local file'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 1 -
 Shorewall-init/install.sh | 1 -
 Shorewall-lite/install.sh | 1 -
 3 files changed, 3 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 957683696..d7b544647 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -133,7 +133,6 @@ while [ $finished -eq 0 ]; do
     esac
 done
 
-local file
 #
 # Read the RC file
 #
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index d0eeae874..5679e5b2d 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -129,7 +129,6 @@ while [ $finished -eq 0 ] ; do
     esac
 done
 
-local file
 #
 # Read the RC file
 #
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 3966626b9..d7d386024 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -142,7 +142,6 @@ while [ $finished -eq 0 ] ; do
     esac
 done
 
-local file
 #
 # Read the RC file
 #

From 279fbe45431883032b7a247548db515a603b8465 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 07:40:15 -0700
Subject: [PATCH 33/50] Add additional param mapping and eliminate syntax error
 in configure script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index c5368f425..5325f4016 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -53,9 +53,11 @@ fi
 
 for p in $@; do
   p=${p#--}
+
   [ -n "${p}" ] && {
     pn=${p%=*}
     pv=${p#*=}
+
     if [ -n ${pn} ]; then
 	case ${pn} in
 	    VENDOR)
@@ -67,10 +69,13 @@ for p in $@; do
 	    DATADIR)
 		pn=SHAREDIR
 		;;
+	    SYSCONFDIR)
+		pn=CONFDIR
+		;;
 	esac
 	    
 	params[${pn}]="${pv}"
-  }
+    fi
 done
 
 vendor=${params[HOST]}

From c4afe0922ed87274c27e045702650099a1ee2429 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 08:38:52 -0700
Subject: [PATCH 34/50] Update shorewallrc.suse per Togan Muftuoglu

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/shorewallrc.suse | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall-core/shorewallrc.suse b/Shorewall-core/shorewallrc.suse
index 316e67d73..5cf1b53f2 100644
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -6,8 +6,8 @@ HOST=suse
 PREFIX=/usr
 CONFDIR=/etc
 SHAREDIR=${PREFIX}/share
-LIBEXECDIR=${PREFIX}/share
-PERLLIBDIR=${PREFIX}/share/shorewall
+LIBEXECDIR=${PREFIX}/lib
+PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man/
 INITDIR=/etc/init.d

From 82e7bc707d0f8277f9bb70d081a0750a593fa5fb Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 18:22:11 -0700
Subject: [PATCH 35/50] Correct syntax error in configure

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index 5325f4016..82a26ec40 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -54,7 +54,7 @@ fi
 for p in $@; do
   p=${p#--}
 
-  [ -n "${p}" ] && {
+  if [ -n "${p}" ]; then
     pn=${p%=*}
     pv=${p#*=}
 

From 74ca7b52696284fa6dd3a86ab846a333045f7af0 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 18:50:53 -0700
Subject: [PATCH 36/50] Correct syntax error in configure

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index 82a26ec40..38e8ab8dc 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -58,7 +58,7 @@ for p in $@; do
     pn=${p%=*}
     pv=${p#*=}
 
-    if [ -n ${pn} ]; then
+    if [ -n "${pn}" ]; then
 	case ${pn} in
 	    VENDOR)
 		pn=HOST
@@ -73,7 +73,7 @@ for p in $@; do
 		pn=CONFDIR
 		;;
 	esac
-	    
+    
 	params[${pn}]="${pv}"
     fi
 done

From 8a695b4073955b03d79f29ff85f940407c0deae9 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 18:53:21 -0700
Subject: [PATCH 37/50] Correct syntax error in configure

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 41 ++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index 38e8ab8dc..5a2915a9d 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -52,29 +52,30 @@ if [ $# -eq 0 ]; then
 fi
 
 for p in $@; do
-  p=${p#--}
+    p=${p#--}
 
-  if [ -n "${p}" ]; then
-    pn=${p%=*}
-    pv=${p#*=}
+    if [ -n "${p}" ]; then
+	pn=${p%=*}
+	pv=${p#*=}
 
-    if [ -n "${pn}" ]; then
-	case ${pn} in
-	    VENDOR)
-		pn=HOST
-		;;
-	    SHAREDSTATEDIR)
-		pn=VARDIR
-		;;
-	    DATADIR)
-		pn=SHAREDIR
-		;;
-	    SYSCONFDIR)
-		pn=CONFDIR
-		;;
-	esac
+	if [ -n "${pn}" ]; then
+	    case ${pn} in
+		VENDOR)
+		    pn=HOST
+		    ;;
+		SHAREDSTATEDIR)
+		    pn=VARDIR
+		    ;;
+		DATADIR)
+		    pn=SHAREDIR
+		    ;;
+		SYSCONFDIR)
+		    pn=CONFDIR
+		    ;;
+	    esac
     
-	params[${pn}]="${pv}"
+	    params[${pn}]="${pv}"
+	fi
     fi
 done
 

From 4c2cdd5a07728bd0f6bcac97003f15adb79c90e4 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 29 Mar 2012 19:05:17 -0700
Subject: [PATCH 38/50] Redeclare pn

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/configure | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Shorewall-core/configure b/Shorewall-core/configure
index 5a2915a9d..8218398eb 100755
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -55,6 +55,8 @@ for p in $@; do
     p=${p#--}
 
     if [ -n "${p}" ]; then
+	declare -u pn
+
 	pn=${p%=*}
 	pv=${p#*=}
 

From 15335f861597f0c04c5bfe886cbf2906609bb74e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 12:02:25 -0700
Subject: [PATCH 39/50] Modify CLIs and libs to know where shorewallrc is.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh     | 33 +++++++++++++-------------
 Shorewall-core/lib.base       | 21 ++++-------------
 Shorewall-core/lib.cli        | 20 ++++------------
 Shorewall-core/uninstall.sh   | 27 +++++++++++----------
 Shorewall-init/install.sh     | 16 +++----------
 Shorewall-init/shorewall-init | 19 ++++-----------
 Shorewall-init/uninstall.sh   | 44 ++++++++++++-----------------------
 Shorewall-lite/install.sh     | 29 ++++++++---------------
 Shorewall-lite/shorewall-lite | 22 ++++--------------
 Shorewall-lite/uninstall.sh   | 40 ++++++++++---------------------
 Shorewall/install.sh          | 26 ++++-----------------
 Shorewall/shorewall           | 22 ++++--------------
 12 files changed, 96 insertions(+), 223 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index d7b544647..67984e659 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -137,21 +137,12 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-	file=/root/.shorewallrc
-    elif [ -r /.shorewallrc ]; then
-	. /.shorewallrc || exit 1
-	file =/.shorewallrc 
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-	file=${SHOREWALLRC_HOME}/.shorewallrc
+    if [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1
@@ -328,8 +319,16 @@ chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 
 cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 
-if [ -z "${DESTDIR}" -a -n ${HOME} ]; then
-    [ -f ${HOME}/.shorewallrc ] || cp $file ${HOME}/.shorewallrc
+[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
+
+if [ ${SHAREDIR} != /usr/share ]; then
+    for f in lib.*; do
+	if [ $BUILD != apple ]; then
+	    eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/$f
+	else
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/$f
+	fi
+    done
 fi
 #
 #  Report Success
diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 568ffe07b..153ee8dd7 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -33,23 +33,10 @@ SHOREWALL_CAPVERSION=40502
 [ -n "${g_program:=shorewall}" ]
 
 if [ -z "$g_readrc" ]; then
-  
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-    elif [ -r /.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-    else
-	SHAREDIR=/usr/share
-	CONFDIR=/etc
-	SBINDIR=/sbin
-	LIBEXECDIR=/usr/share
-    fi
+    #
+    # This is modified by the installer when ${SHAREDIR} <> /usr/share
+    #
+    . /usr/share/shorewall/shorewallrc
 
     g_libexec="$LIBEXECDIR"
     g_sharedir="$SHAREDIR"
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 2d6366e76..62215723b 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -25,22 +25,10 @@
 #
 
 if [ -z "$g_readrc" ]; then
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-    elif [ -r /.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-    else
-	SHAREDIR=/usr/share
-	CONFDIR=${CONFDIR}
-	SBINDIR=/sbin
-	LIBEXECDIR=/usr/share
-    fi
+    #
+    # This is modified by the installer when ${SHAREDIR} <> /usr/share
+    #
+    . /usr/share/shorewall/shorewallrc
 
     g_libexec="$LIBEXECDIR"
     g_sharedir="$SHAREDIR"
diff --git a/Shorewall-core/uninstall.sh b/Shorewall-core/uninstall.sh
index 6fc6af188..0f1e4eebd 100755
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
     exit $1
 }
 
@@ -60,20 +60,23 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+if [ $# -eq 0 ]; then
+    file=/usr/share/shorewall/shorewallrc
+elif [ $# -eq 1 ]; then
+    file=$1
 else
-    SHAREDIR=/usr/share
+    usage 1
 fi
 
+if [ -f "$file" ]; then
+    . "$file"
+else
+    echo "File $file not found" >&2
+    exit 1
+fi
+
+. $file || exit 1
+
 if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
     INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 5679e5b2d..3e14a0b01 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -136,21 +136,9 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-	file=/root/.shorewallrc
-    elif [ -r /.shorewallrc ]; then
-	. /.shorewallrc || exit 1
-	file =/.shorewallrc 
-    elif [ -f ~/.shorewallrc ]; then
+    if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-	file=${SHOREWALLRC_HOME}/.shorewallrc
     else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
@@ -430,6 +418,8 @@ else
     fi
 fi
 
+[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
+
 if [ -f ${DESTDIR}/etc/ppp ]; then
     case $HOST in
 	debian|suse)
diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index 5ea9a304e..1be5d0804 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -23,21 +23,10 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #########################################################################################
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-else
-    VARDIR=/var/lib
-    LIBEXECDIR=/usr/share
-    SYSCONFDIR=/etc/sysconfig
-fi
+#
+# This is modified by the installer when ${SHAREDIR} <> /usr/share
+#
+. /usr/share/shorewall/shorewallrc
 
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]; then
diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh
index 78ff5e754..222f0ddb1 100755
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -31,7 +31,7 @@ VERSION=xxx  #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
     exit $1
 }
 
@@ -69,37 +69,23 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+if [ $# -eq 0 ]; then
+    file=/usr/share/shorewall/shorewallrc
+elif [ $# -eq 1 ]; then
+    file=$1
 else
-    [ -n "${LIBEXEC:=/usr/share}" ]
-    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
-    [ -n "${CONFDIR:=/etc}" ]
-    
-    if [ -z "$SYSCONFDIR" ]; then
-	if [ -d /etc/default ]; then
-	    SYSCONFDIR=/etc/default
-	else
-	    SYSCONFDIR=/etc/sysconfig
-	fi
-    fi
-
-    [ -n "${SBINDIR:=/sbin}" ]
-    [ -n "${SHAREDIR:=/usr/share}" ]
-    [ -n "${VARDIR:=/var/lib}" ]
-    [ -n "${INITFILE:=shorewall}" ]
-    [ -n "${INITDIR:=/etc/init.d}" ]
-    [ -n "${MANDIR:=/usr/share/man}" ]
+    usage 1
 fi
 
+if [ -f "$file" ]; then
+    . "$file"
+else
+    echo "File $file not found" >&2
+    exit 1
+fi
+
+. $file || exit 1
+
 if [ -f ${SHAREDIR}/shorewall-init/version ]; then
     INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
     if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index d7d386024..a4b901763 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -146,26 +146,12 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    #
-    # Load packager's settings if any
-    #
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-	file=/root/.shorewallrc
-    elif [ -r /.shorewallrc ]; then
-	. /.shorewallrc || exit 1
-	file =/.shorewallrc 
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-	file=${SHOREWALLRC_HOME}/.shorewallrc
+    if [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
     else
-	fatal_error "No configuration file specified and ~/.shorewallrc not found"
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1
@@ -503,6 +489,11 @@ if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
     echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 
+if [ ${SHAREDIR} != /usr/share ]; then
+    [ $PRODUCT = shorewall ] && eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/lib.base
+    sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
+fi
+
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
     if mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite
index 7b824a320..779b8fbc1 100755
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -27,24 +27,10 @@
 ################################################################################################
 g_program=shorewall-lite
 
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-else
-    SHAREDIR=/usr/share
-    CONFDIR=/etc
-    SBINDIR=/sbin
-    VARDIR=/var/lib
-    LIBEXECDIR=/usr/share
-
-fi
+#
+# This is modified by the installer when ${SHAREDIR} <> /usr/share
+#
+. /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh
index 8454ce55c..615821e76 100755
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -31,7 +31,7 @@ VERSION=xxx  #The Build script inserts the actual version
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
     exit $1
 }
 
@@ -69,35 +69,19 @@ remove_file() # $1 = file to restore
     fi
 }
 
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
+if [ $# -eq 0 ]; then
+    file=/usr/share/shorewall/shorewallrc
+elif [ $# -eq 1 ]; then
+    file=$1
 else
-    [ -n "${LIBEXEC:=/usr/share}" ]
-    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
-    [ -n "${CONFDIR:=/etc}" ]
-    
-    if [ -z "$SYSCONFDIR" ]; then
-	if [ -d /etc/default ]; then
-	    SYSCONFDIR=/etc/default
-	else
-	    SYSCONFDIR=/etc/sysconfig
-	fi
-    fi
+    usage 1
+fi
 
-    [ -n "${SBINDIR:=/sbin}" ]
-    [ -n "${SHAREDIR:=/usr/share}" ]
-    [ -n "${VARDIR:=/var/lib}" ]
-    [ -n "${INITFILE:=shorewall}" ]
-    [ -n "${INITDIR:=/etc/init.d}" ]
-    [ -n "${MANDIR:=/usr/share/man}" ]
+if [ -f "$file" ]; then
+    . "$file"
+else
+    echo "File $file not found" >&2
+    exit 1
 fi
 
 if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index e56a2b5e1..7dc111d77 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -105,8 +105,6 @@ cd "$(dirname $0)"
 #
 # Load packager's settings if any
 #
-[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
-
 if [ -f shorewall ]; then
     PRODUCT=shorewall
     Product=Shorewall
@@ -170,26 +168,12 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    #
-    # Load packager's settings if any
-    #
-    if [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -r /root/.shorewallrc ]; then
-	. /root/.shorewallrc || exit 1
-	file=/root/.shorewallrc
-    elif [ -r /.shorewallrc ]; then
-	. /.shorewallrc || exit 1
-	file =/.shorewallrc 
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
-	. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-	file=${SHOREWALLRC_HOME}/.shorewallrc
+    if [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
     else
-	fatal_error "No configuration file specified and .shorewallrc not found"
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
     file=$1
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index b7bc7b810..5492a42d1 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -27,24 +27,10 @@
 ################################################################################################
 g_program=shorewall
 
-if [ -f ./.shorewallrc ]; then
-    . ./.shorewallrc || exit 1
-elif [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-elif [ -r /root/.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif [ -r /.shorewallrc ]; then
-    . /root/.shorewallrc || exit 1
-elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
-    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
-else
-    SHAREDIR=/usr/share
-    CONFDIR=/etc
-    SBINDIR=/sbin
-    VARDIR=/var/lib
-    LIBEXECDIR=/usr/share
-    PERLLIBDIR=/usr/share/shorewall
-fi
+#
+# This is modified by the installer when ${SHAREDIR} <> /usr/share
+#
+. /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"

From f5414d0fd1fdb9b374df46a7e037ba2653b4b1ad Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 13:56:59 -0700
Subject: [PATCH 40/50] Create ${SYSTEMD} if needed.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/install.sh | 1 +
 Shorewall/install.sh      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 3e14a0b01..d63ffb5ad 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -274,6 +274,7 @@ fi
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
+    mkdir -p ${DESTDIR}${SYSTEMD}
     run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
     echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
     if [ -n "$DESTDIR" ]; then
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 7dc111d77..10cdb0ad7 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -355,6 +355,7 @@ fi
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
+    mkdir -p ${DESTDIR}${SYSTEMD}
     run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}${SYSTEMD}/$PRODUCT.service
     echo "Service file installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi

From 7c0a0d81f869fe851812178959024a650a1ee700 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 14:49:10 -0700
Subject: [PATCH 41/50] Correct include of lib.base from lib.cli

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 62215723b..a498ea53d 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -36,7 +36,7 @@ if [ -z "$g_readrc" ]; then
     g_readrc=1
 fi
 
-. ${SHAREDIR}/shorewall/lib.base
+. ${g_shardir}/shorewall/lib.base
 
 #
 # Fatal Error

From 6a2f907ee1fbe98688281e01e2aa6d43596cbc69 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 15:01:34 -0700
Subject: [PATCH 42/50] Append product name to ${vardir}

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.base | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base
index 153ee8dd7..5656d9566 100644
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -41,6 +41,7 @@ if [ -z "$g_readrc" ]; then
     g_libexec="$LIBEXECDIR"
     g_sharedir="$SHAREDIR"
     g_sbindir="$SBINDIR"
+    g_vardir="$VARDIR"
     g_readrc=1
 fi
 
@@ -83,6 +84,8 @@ case $g_program in
 	;;
 esac
 
+VARDIR=${VARDIR}/${g_program}
+
 #
 # Conditionally produce message
 #

From 9ca82d8bf61a51b271a4e9947ca5b3e14712f01e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 15:22:06 -0700
Subject: [PATCH 43/50] More relocation bugs fixed

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh | 15 ++++-----------
 Shorewall-core/lib.cli    |  2 +-
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 67984e659..e5a6fb5b6 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -139,8 +139,10 @@ done
 if [ $# -eq 0 ]; then
     if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
+	file=~/.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
+	file=/usr/share/shorewall/shorewallrc
     else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
     fi
@@ -155,15 +157,6 @@ elif [ $# -eq 1 ]; then
     esac
 
     . $file
-
-    if [ -n "$RPM" -a -f config ]; then
-	. $config || exit 1
-	> shorewallrc
-	for var in HOST SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR MANDIR INITDIR INITSOURCE INITFILE AUXINITSOURCE AUXINITFILE SYSTEMD SYSCONFFILE SYSCONFDIR ANNOTATED VARDIR; do
-	    eval echo $var=\$$var >> shorewallrc
-	done
-	file=shorewallrc
-    fi	
 else
     usage 1
 fi
@@ -259,7 +252,7 @@ if [ -z "$file" ]; then
     if $HOST = linux; then
 	file=shorewallrc.default
     else
-	file=$shorewallrc.${HOST}
+	file=shorewallrc.${HOST}
     fi
 
     echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
@@ -317,7 +310,7 @@ ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 
-cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
+[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index a498ea53d..6f8dc4769 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -36,7 +36,7 @@ if [ -z "$g_readrc" ]; then
     g_readrc=1
 fi
 
-. ${g_shardir}/shorewall/lib.base
+. ${g_sharedir}/shorewall/lib.base
 
 #
 # Fatal Error

From 98f4a1c545f6c2f0d1e36b58f5ac3cec11a0fff6 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 15:30:04 -0700
Subject: [PATCH 44/50] Replace lib.base with symbolic link

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-lite/install.sh | 12 ++++--------
 Shorewall/install.sh      | 14 +++++++++-----
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index a4b901763..b5ee045af 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -389,16 +389,12 @@ install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
 echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
 
 #
-# Install the libraries
+# Install the library symlinks
 #
-for f in lib.* ; do
-    if [ -f $f ]; then
-	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
-    fi
-done
 
-ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
+for f in functions lib.base; do
+    ln -sf ../shorewall/lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+done
 
 echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 10cdb0ad7..2b2b96b22 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -978,11 +978,15 @@ cd ..
 #
 # Install the libraries
 #
-for f in lib.* ; do
-    if [ -f $f ]; then
-	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
-    fi
+if [ $PRODUCT = shorewall ]; then
+    for f in lib.* ; do
+	if [ -f $f ]; then
+	    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
+	    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
+	fi
+    done
+else
+    ln -sf ../shorewall/lib.base ${DESTDIR}${SHAREDIR}/lib.base
 done
 
 if [ $PRODUCT = shorewall6 ]; then

From fead683f18d9859f5df301876be35083a8602c51 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 30 Mar 2012 16:21:37 -0700
Subject: [PATCH 45/50] Modify init scripts if ${SHAREDIR} is non-standard

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/ifupdown.sh     |  5 +++++
 Shorewall-init/init.debian.sh  | 12 ++++--------
 Shorewall-init/init.sh         |  9 ++++-----
 Shorewall-init/install.sh      |  1 +
 Shorewall-lite/init.debian.sh  | 12 ++++--------
 Shorewall-lite/init.fedora.sh  | 11 ++++-------
 Shorewall-lite/init.sh         | 10 ++++------
 Shorewall-lite/install.sh      | 13 +++++++++----
 Shorewall/init.debian.sh       | 11 ++++-------
 Shorewall/init.fedora.sh       | 11 ++++-------
 Shorewall/init.sh              | 10 ++++------
 Shorewall/install.sh           |  4 ++--
 Shorewall6-lite/init.debian.sh |  9 ++++-----
 Shorewall6-lite/init.fedora.sh | 11 ++++-------
 Shorewall6-lite/init.sh        | 14 ++++----------
 Shorewall6/init.debian.sh      | 11 ++++-------
 Shorewall6/init.fedora.sh      | 12 +++++-------
 Shorewall6/init.sh             | 16 ++++------------
 18 files changed, 74 insertions(+), 108 deletions(-)

diff --git a/Shorewall-init/ifupdown.sh b/Shorewall-init/ifupdown.sh
index c9ce4d091..cf99eb67a 100644
--- a/Shorewall-init/ifupdown.sh
+++ b/Shorewall-init/ifupdown.sh
@@ -71,6 +71,11 @@ Debian_SuSE_ppp() {
 IFUPDOWN=0
 PRODUCTS=
 
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
 if [ -f /etc/default/shorewall-init ]; then
     . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh
index 9ae8f2ab2..032575e8e 100755
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -62,14 +62,10 @@ not_configured () {
 	exit 0
 }
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-    SRWL=${SBIN}/shorewall-init
-else
-    CONFDIR=/etc
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
diff --git a/Shorewall-init/init.sh b/Shorewall-init/init.sh
index ee8d7bc8f..86932e974 100755
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -53,11 +53,10 @@ else
 	exit 0
 fi
 
-if [ ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    VARDIR=/var/lib
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # Initialize the firewall
 shorewall_start () {
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index d63ffb5ad..f6d43a90f 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -262,6 +262,7 @@ fi
 #
 if [ -n "$INITFILE" ]; then
     install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
     
     if [ -n "${AUXINITSOURCE}" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
diff --git a/Shorewall-lite/init.debian.sh b/Shorewall-lite/init.debian.sh
index 2f7b90441..883ef70d1 100755
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -57,14 +57,10 @@ not_configured () {
 	exit 0
 }
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-    SRWL=${SBIN}/shorewall-lite
-else
-    CONFDIR=/etc
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
diff --git a/Shorewall-lite/init.fedora.sh b/Shorewall-lite/init.fedora.sh
index c5b10a269..a8a1cccd5 100644
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -20,13 +20,10 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 prog="shorewall-lite"
 shorewall="${SBINDIR}/$prog"
diff --git a/Shorewall-lite/init.sh b/Shorewall-lite/init.sh
index 3d342cc14..b1284e273 100755
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -62,12 +62,10 @@ usage() {
 ################################################################################
 OPTIONS=
 
-if [ ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/sysconfig
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
     . ${SYSCONFDIR}/shorewall-lite
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index b5ee045af..0e8cc4833 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -339,21 +339,26 @@ if [ -n "$DESTDIR" ]; then
 fi
 
 if [ -n "$INITFILE" ]; then
+
+    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
+
     case $TARGET in
 	debian)
-	    install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.debian.sh "$initfile" 0544
 	    ;;
 	redhat)
-	    install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.fedora.sh "$initfile" 0544
 	    ;;
 	archlinux)
-	    install_file init.archlinux.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.archlinux.sh "$initfile" 0544
 	    ;;
 	*)
-	    install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.sh "$initfile" 0544
 	    ;;
     esac
 
+    [ "${SHAREDIR} = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
+
     echo  "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
 fi
 #
diff --git a/Shorewall/init.debian.sh b/Shorewall/init.debian.sh
index 8a78d09e9..6950e84d1 100755
--- a/Shorewall/init.debian.sh
+++ b/Shorewall/init.debian.sh
@@ -53,13 +53,10 @@ not_configured () {
 	exit 0
 }
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-    SRWL=${SBIN}/shorewall
-else
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # check if shorewall is configured or not
 if [ -f "${SYSCONFDIR}/shorewall" ]
diff --git a/Shorewall/init.fedora.sh b/Shorewall/init.fedora.sh
index a6bd2b73c..bd8072750 100644
--- a/Shorewall/init.fedora.sh
+++ b/Shorewall/init.fedora.sh
@@ -20,13 +20,10 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 prog="shorewall"
 shorewall="${SBINDIR}/$prog"
diff --git a/Shorewall/init.sh b/Shorewall/init.sh
index b96c7319c..152663232 100755
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@@ -63,12 +63,10 @@ usage() {
 ################################################################################
 OPTIONS="-v0"
 
-if [ ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/sysconfig
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 if [ -f ${SYSCONFDIR}/shorewall ]; then
     . ${SYSCONFDIR}/shorewall
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 2b2b96b22..337213b3d 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -295,7 +295,6 @@ fi
 
 install -d $OWNERSHIP -m 755 ${DESTDIR}${SBINDIR}
 [ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
-
 if [ -z "$DESTDIR" -a $PRODUCT != shorewall ]; then
     [ -x ${LIBEXECDIR}/shorewall/compiler.pl ] || \
 	{ echo "   ERROR: Shorewall >= 4.5.0 is not installed" >&2; exit 1; }
@@ -325,7 +324,8 @@ echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 #
 if [ -n "$INITFILE" ]; then
     install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
-    
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
+  
     if [ -n "${AUXINITSOURCE}" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
     fi
diff --git a/Shorewall6-lite/init.debian.sh b/Shorewall6-lite/init.debian.sh
index e11aa3cda..59caf6efd 100755
--- a/Shorewall6-lite/init.debian.sh
+++ b/Shorewall6-lite/init.debian.sh
@@ -78,11 +78,10 @@ else
 	not_configured
 fi
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-    [ -n "$SBIN" ] && SRWL=${SBIN}/shorewall6-lite
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # start the firewall
 shorewall6_start () {
diff --git a/Shorewall6-lite/init.fedora.sh b/Shorewall6-lite/init.fedora.sh
index c8912f730..6d2e6bd86 100644
--- a/Shorewall6-lite/init.fedora.sh
+++ b/Shorewall6-lite/init.fedora.sh
@@ -20,13 +20,10 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 prog="shorewall6-lite"
 shorewall="${SBINDIR}/$prog"
diff --git a/Shorewall6-lite/init.sh b/Shorewall6-lite/init.sh
index 6de96a233..9e681b4eb 100755
--- a/Shorewall6-lite/init.sh
+++ b/Shorewall6-lite/init.sh
@@ -62,16 +62,10 @@ usage() {
 ################################################################################
 OPTIONS=
 
-if [ ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/sysconfig
-fi
-
-if [ -f ${SYSCONFDIR}/shorewall6-lite ]; then
-    . ${SYSCONFDIR}/shorewall6-lite
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 export SHOREWALL_INIT_SCRIPT=1
 
diff --git a/Shorewall6/init.debian.sh b/Shorewall6/init.debian.sh
index 3590d2670..a6538d950 100755
--- a/Shorewall6/init.debian.sh
+++ b/Shorewall6/init.debian.sh
@@ -54,13 +54,10 @@ not_configured () {
 	exit 0
 }
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-    [ -n "$SBIN" ] && SRWL=${SBIN}/shorewall6
-else
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 # check if shorewall is configured or not
 if [ -f "${SYSCONFDIR}/shorewall6" ]
diff --git a/Shorewall6/init.fedora.sh b/Shorewall6/init.fedora.sh
index 5aa46aaaa..3a4e4619f 100644
--- a/Shorewall6/init.fedora.sh
+++ b/Shorewall6/init.fedora.sh
@@ -20,13 +20,11 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-#determine where the files were installed
-if [ -f ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/default
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
 prog="shorewall6"
 shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
diff --git a/Shorewall6/init.sh b/Shorewall6/init.sh
index 5d08a5065..93d36ede8 100755
--- a/Shorewall6/init.sh
+++ b/Shorewall6/init.sh
@@ -63,18 +63,10 @@ usage() {
 ################################################################################
 OPTIONS="-v0"
 
-if [ ~/.shorewallrc ]; then
-    . ~/.shorewallrc || exit 1
-else
-    SBINDIR=/sbin
-    SYSCONFDIR=/etc/sysconfig
-fi
-
-if [ -f /etc/sysconfig/shorewall6 ]; then
-    . /etc/sysconfig/shorewall6
-elif [ -f /etc/default/shorewall6 ] ; then
-    . /etc/default/shorewall6
-fi
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
 
 export SHOREWALL_INIT_SCRIPT=1
 

From 75b57b926ab80958a1054e89cca2b279c34853b0 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 31 Mar 2012 12:57:38 -0700
Subject: [PATCH 46/50] Revert "Replace lib.base with symbolic link"

This reverts commit 98f4a1c545f6c2f0d1e36b58f5ac3cec11a0fff6.
---
 Shorewall-lite/install.sh | 12 ++++++++----
 Shorewall/install.sh      | 14 +++++---------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 0e8cc4833..3e88036f6 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -394,13 +394,17 @@ install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
 echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
 
 #
-# Install the library symlinks
+# Install the libraries
 #
-
-for f in functions lib.base; do
-    ln -sf ../shorewall/lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+for f in lib.* ; do
+    if [ -f $f ]; then
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
+    fi
 done
 
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
+
 echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 
 #
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 337213b3d..34e4ec9c4 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -978,15 +978,11 @@ cd ..
 #
 # Install the libraries
 #
-if [ $PRODUCT = shorewall ]; then
-    for f in lib.* ; do
-	if [ -f $f ]; then
-	    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
-	    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
-	fi
-    done
-else
-    ln -sf ../shorewall/lib.base ${DESTDIR}${SHAREDIR}/lib.base
+for f in lib.* ; do
+    if [ -f $f ]; then
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+    fi
 done
 
 if [ $PRODUCT = shorewall6 ]; then

From 766370e22a7c058a8b4e5f429c528b2908ca2e41 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 31 Mar 2012 14:42:01 -0700
Subject: [PATCH 47/50] More work on installers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh |  3 +++
 Shorewall-init/install.sh | 39 +++++++++++++++++++++++----------------
 Shorewall-lite/install.sh |  3 +++
 Shorewall/install.sh      |  3 +++
 4 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index e5a6fb5b6..4cb67e648 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -140,6 +140,9 @@ if [ $# -eq 0 ]; then
     if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
 	file=~/.shorewallrc
+    elif [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
 	file=/usr/share/shorewall/shorewallrc
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index f6d43a90f..6178d2991 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -139,7 +139,10 @@ if [ $# -eq 0 ]; then
     if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
-    else
+    elif [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
+     else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
     fi
 elif [ $# -eq 1 ]; then
@@ -321,20 +324,20 @@ if [ $HOST = debian ]; then
     fi
 else
     if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}/etc/sysconfig
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
 
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
     fi
 
-    if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
-	install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
     fi 
 fi
 
@@ -342,31 +345,35 @@ fi
 # Install the ifupdown script
 #
 
+cp ifupdown.sh ifupdown
+
+d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ifupdown
+
 mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 
-install_file ifupdown.sh ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
+install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
+    install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
 
 case $HOST in
     debian)
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	;;
     suse)
 	if [ -z "$RPM" ]; then
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
 	fi
 	;;
     redhat)
 	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
 	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 	elif [ -z "$DESTDIR" ]; then
-	    install_file ifupdown.sh ${DESTDIR}${SBINDIR}/ifup-local 0544
-	    install_file ifupdown.sh ${DESTDIR}${SBINDIR}/ifdown-local 0544
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	fi
 	;;
 esac
@@ -384,7 +391,7 @@ if [ -z "$DESTDIR" ]; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
-		if insserv /etc/init.d/shorewall-init ; then
+		if insserv ${INITDIR}/shorewall-init ; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
@@ -414,7 +421,7 @@ else
 		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi
 
-	    ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
+	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
 	    echo "Shorewall Init will start automatically at boot"
 	fi
     fi
@@ -427,7 +434,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
 		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
+		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
 	    done
 	    ;;
 	redhat)
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 3e88036f6..fe9551402 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -148,6 +148,9 @@ done
 if [ $# -eq 0 ]; then
     if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
+    elif [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
     else
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 34e4ec9c4..f4f6e4fa5 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -170,6 +170,9 @@ done
 if [ $# -eq 0 ]; then
     if [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
+    elif [ -f ./.shorewallrc ]; then
+	. ./.shorewallrc || exit 1
+	file=./.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
     else

From d4f93688b51c3f511261731b49b6d61e998c8228 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 31 Mar 2012 15:25:18 -0700
Subject: [PATCH 48/50] Correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-lite/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index fe9551402..0a3327fe5 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -360,7 +360,7 @@ if [ -n "$INITFILE" ]; then
 	    ;;
     esac
 
-    [ "${SHAREDIR} = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
 
     echo  "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
 fi

From 02a68aa436be8872b53d352e1077323681c51765 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 31 Mar 2012 17:40:18 -0700
Subject: [PATCH 49/50] Look for ./shorewallrc first

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/install.sh |  8 ++++----
 Shorewall-init/install.sh |  8 ++++----
 Shorewall-lite/install.sh | 10 +++++-----
 Shorewall/install.sh      |  8 ++++----
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh
index 4cb67e648..2a8ded99b 100755
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -137,12 +137,12 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    if [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
 	file=~/.shorewallrc
     elif [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
 	file=/usr/share/shorewall/shorewallrc
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 6178d2991..f0e7f781f 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -136,11 +136,11 @@ if [ $# -eq 0 ]; then
     #
     # Load packager's settings if any
     #
-    if [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc || exit 1
 	file=~/.shorewallrc
-    elif [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
 	file=./.shorewallrc
      else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index 0a3327fe5..ff504e544 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -146,11 +146,11 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    if [ -f ~/.shorewallrc ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc || exit 1
+	file=./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
-    elif [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
-	file=./.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
     else
@@ -362,7 +362,7 @@ if [ -n "$INITFILE" ]; then
 
     [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
 
-    echo  "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
+    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index f4f6e4fa5..c4e5c46b0 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -168,10 +168,10 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
-    if [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc
-    elif [ -f ./.shorewallrc ]; then
-	. ./.shorewallrc || exit 1
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
 	file=./.shorewallrc
     elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc

From c26f6d45dd11fcf5475f5fb9cb5d5445ef029fd4 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 31 Mar 2012 20:02:03 -0700
Subject: [PATCH 50/50] Document install changes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/Install.xml | 1189 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 842 insertions(+), 347 deletions(-)

diff --git a/docs/Install.xml b/docs/Install.xml
index a19018246..81831765c 100644
--- a/docs/Install.xml
+++ b/docs/Install.xml
@@ -137,455 +137,950 @@
   <section id="Install_Tarball">
     <title>Install using tarball</title>
 
-    <para>Beginning with Shorewall-4.5.0, the Shorewall packages depend on
-    Shorewall-core. So the first step is to install that package:</para>
-
-    <orderedlist>
-      <listitem>
-        <para>unpack the tarballs:<programlisting><command>tar -jxf shorewall-core-4.5.0.tar.bz2</command></programlisting></para>
-      </listitem>
-
-      <listitem>
-        <para>cd to the shorewall directory (the version is encoded in the
-        directory name as in <quote>shorewall-core-4.5.0</quote>).</para>
-      </listitem>
-
-      <listitem>
-        <para>Type:</para>
-
-        <programlisting><command>./install.sh </command></programlisting>
-      </listitem>
-    </orderedlist>
-
-    <para>To install Shorewall using the tarball and install script:</para>
-
-    <orderedlist>
-      <listitem>
-        <para>unpack the tarballs:<programlisting><command>tar -jxf shorewall-4.5.0.tar.bz2</command></programlisting></para>
-      </listitem>
-
-      <listitem>
-        <para>cd to the shorewall directory (the version is encoded in the
-        directory name as in <quote>shorewall-4.3.5</quote>).</para>
-      </listitem>
-
-      <listitem>
-        <para>Type:</para>
-
-        <programlisting><command>./install.sh </command></programlisting>
-
-        <para>or if you are installing Shorewall or Shorewall6 version 4.4.8
-        or later, you may type:</para>
-
-        <programlisting><command>./install.sh -s</command></programlisting>
-
-        <para>The <emphasis role="bold">-s</emphasis> option supresses
-        installation of all files in <filename
-        class="directory">/etc/shorewall</filename> except
-        <filename>shorewall.conf</filename>. You can copy any other files you
-        need from one of the <ulink url="GettingStarted.html">Samples</ulink>
-        or from <filename
-        class="directory">/usr/share/shorewall/configfiles/</filename>.</para>
-      </listitem>
-
-      <listitem>
-        <para>If the install script was unable to configure Shorewall to be
-        started automatically at boot, see <ulink
-        url="starting_and_stopping_shorewall.htm">these
-        instructions</ulink>.</para>
-      </listitem>
-    </orderedlist>
-
-    <para>Beginning with shorewall 4.4.20.1, the installer also supports a
-    <option>-a</option> (annotated) option. Beginning with that release, the
-    standard configuration files (including samples) may be annotated with the
-    contents of the associated manpage. The <option>-a</option> option enables
-    that behavior. The default remains that the configuration files do not
-    include documentation.</para>
-
     <section>
-      <title>Executables in /usr and Perl Modules</title>
+      <title>Versions 4.5.2 and Later</title>
 
-      <para>Distributions have different philosophies about the proper file
-      hierarchy. Two issures are particularly contentious:</para>
+      <para>Shorewall 4.5.2 introduced a change in the philosopy used by the
+      Shorewall installers. 4.5.2 introduced the concept of
+      <firstterm>shorewallrc files</firstterm>. These files define the
+      parameters to the install process. During the first installation using
+      <emphasis role="bold">Shorewall-core</emphasis> 4.5.2 or later, a
+      shorewallrc file named ${HOME}/.shorewallrc will be installed. That file
+      will provide the default parameters for installing other Shorewall
+      components of the same or later verion.</para>
+
+      <para>Note that <emphasis role="bold">you must install Shorewall-core
+      before installing any other Shorewall package</emphasis>.</para>
+
+      <para>Each of the Shorewall packages contains a set of
+      distribution-specific shorewallrc files:</para>
 
       <itemizedlist>
         <listitem>
-          <para>Executable files in
-          <filename>/usr/share/shorewall*</filename>. These include;</para>
-
-          <itemizedlist>
-            <listitem>
-              <para>getparams</para>
-            </listitem>
-
-            <listitem>
-              <para>compiler.pl</para>
-            </listitem>
-
-            <listitem>
-              <para>wait4ifup</para>
-            </listitem>
-
-            <listitem>
-              <para>shorecap</para>
-            </listitem>
-
-            <listitem>
-              <para>ifupdown</para>
-            </listitem>
-          </itemizedlist>
+          <para>shorewallrc.apple (OS X)</para>
         </listitem>
 
         <listitem>
-          <para>Perl Modules in
-          <filename>/usr/share/shorewall/Shorewall</filename>.</para>
+          <para>shorewallrc.archlinux</para>
+        </listitem>
+
+        <listitem>
+          <para>shorewallrc.cygwin (Cygwin running on Windows)</para>
+        </listitem>
+
+        <listitem>
+          <para>shorewallrc.debian (Debian and derivatives)</para>
+        </listitem>
+
+        <listitem>
+          <para>shoreallrc.default (Generic Linux)</para>
+        </listitem>
+
+        <listitem>
+          <para>shorewallrc.redhat (Fedora, RHEL and derivatives)</para>
+        </listitem>
+
+        <listitem>
+          <para>shorewallrc.slackware</para>
+        </listitem>
+
+        <listitem>
+          <para>shorewallrc.suse (SLES and OpenSuSE)</para>
         </listitem>
       </itemizedlist>
 
-      <para>To allow distributions to designate alternate locations for these
-      files, the installers (install.sh) from 4.4.19 onward support the
-      following environmental variables:</para>
+      <para>When installing 4.5.2 or later for the first time, a special
+      procedure must be followed:</para>
 
-      <variablelist>
-        <varlistentry>
-          <term>LIBEXEC</term>
+      <orderedlist>
+        <listitem>
+          <para>Select the shorewallrc file that is closest to your
+          needs.</para>
+        </listitem>
 
-          <listitem>
-            <para>Determines where in /usr getparams, compiler.pl, wait4ifup,
-            shorecap and ifupdown are installed. Shorewall and Shorewall6 must
-            be installed with the same value of LIBEXEC. The listed
-            executables are installed in
-            <filename>/usr/${LIBEXEC}/shorewall*</filename>. The default value
-            of LIBEXEC is 'share'. LIBEXEC is recognized by all installers and
-            uninstallers.</para>
+        <listitem>
+          <para>Review the settings in the file.</para>
+        </listitem>
 
-            <para>Beginning with Shorewall 4.4.20, you can specify an absolute
-            path name for LIBEXEC, in which case the listed executables will
-            be installed in ${LIBEXEC}/shorewall*.</para>
+        <listitem>
+          <para>If you want to change something then you have two
+          choices:</para>
 
-            <para>Beginning with Shorewall 4.5.1, you must specify an absolute
-            pathname for LIBEXEC.</para>
-          </listitem>
-        </varlistentry>
+          <orderedlist numeration="loweralpha">
+            <listitem>
+              <para>Copy the file to shorewallrc and edit the copy to meet
+              your needs; or</para>
+            </listitem>
 
-        <varlistentry>
-          <term>PERLLIB</term>
+            <listitem>
+              <para>If the system has bash (/bin/bash) installed, you can run
+              ./configure (see below)</para>
+            </listitem>
 
-          <listitem>
-            <para>Determines where in <filename>/usr </filename>the Shorewall
-            Perl modules are installed. Shorewall and Shorewall6 must be
-            installed with the same value of PERLLIB. The modules are
-            installed in <filename>/usr/${PERLLIB}/Shorewall</filename>. The
-            default value of PERLLIB is 'share/shorewall'. PERLLIB is only
-            recognized by the Shorewall and Shorewall6 installers.</para>
+            <listitem>
+              <para>./install.sh</para>
+            </listitem>
+          </orderedlist>
+        </listitem>
 
-            <para>Beginning with Shorewall 4.4.20, you can specify an absolute
-            path name for PERLLIB, in which case the Shorewall Perl modules
-            will be installed in ${PERLLIB}/Shorewall/.</para>
+        <listitem>
+          <para>If you don't need to change the file, then simply:</para>
 
-            <para>Beginning with Shorewall 4.5.1, you must specify an absolute
-            pathname for PERLLIB.</para>
-          </listitem>
-        </varlistentry>
+          <simplelist>
+            <member>./install.sh
+            <replaceable>shorewallrcfile-that-meets-your-needs</replaceable></member>
 
-        <varlistentry>
-          <term>MANDIR</term>
+            <member></member>
 
-          <listitem>
-            <para>Determines where the man pages are installed. Default is
-            distribution-dependent as shown below.</para>
-          </listitem>
-        </varlistentry>
-      </variablelist>
+            <member>Example: <command>./install
+            shorewallrc.debian</command></member>
+          </simplelist>
+        </listitem>
+      </orderedlist>
+
+      <para>The shorewall-core install.sh script will store the shorewallrc
+      file in ~/.shorewallrc where it will provide the defaults for future
+      installations of all Shorewall products. Other packages/versions can be
+      installed by simply typing</para>
+
+      <simplelist>
+        <member><command>./install.sh</command></member>
+      </simplelist>
+
+      <section>
+        <title>Settings in a shorewallrc file</title>
+
+        <para>A shorewallrc file contains a number of lines of the form
+        <replaceable>option</replaceable>=<replaceable>value.</replaceable>
+        Because some of the installers are shared between Shorewall products,
+        the files assume the definition of the symbol PRODUCT. $PRODUCT will
+        contain the name of a Shorewall product (shorewall-core, shorewall,
+        shorewall6, shorewall-lite, shorewall6-lite or shorewall-init).</para>
+
+        <para>Valid values for <replaceable>option</replaceable> are:</para>
+
+        <variablelist>
+          <varlistentry>
+            <term>HOST</term>
+
+            <listitem>
+              <para>Selects the shorewallrc file to use for default settings.
+              Valid values are:</para>
+
+              <variablelist>
+                <varlistentry>
+                  <term>apple</term>
+
+                  <listitem>
+                    <para>OS X</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>archlinux</term>
+
+                  <listitem>
+                    <para>Archlinux</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>cygwin</term>
+
+                  <listitem>
+                    <para>Cygwin running under Windows</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>debian</term>
+
+                  <listitem>
+                    <para>Debian and derivatives (Ubuntu, Kbuntu, etc)</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>default</term>
+
+                  <listitem>
+                    <para>Generic Linux</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>redhat</term>
+
+                  <listitem>
+                    <para>Fedora, RHEL and derivatives (CentOS, Foobar,
+                    etc)</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>slackware</term>
+
+                  <listitem>
+                    <para>Slackware Linux</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>suse</term>
+
+                  <listitem>
+                    <para>SLES and OpenSuSe</para>
+                  </listitem>
+                </varlistentry>
+              </variablelist>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>PREFIX</term>
+
+            <listitem>
+              <para>Top-level directory under which most Shorewall components
+              are installed. All standard shorewallrc files define this as
+              <emphasis role="bold">\usr</emphasis>. </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SHAREDIR</term>
+
+            <listitem>
+              <para>The directory where most Shorewall components are
+              installed. In all of the standard shorewallrc file, this option
+              has the value <emphasis
+              role="bold">${PREFIX}/share</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>LIBEXECDIR</term>
+
+            <listitem>
+              <para>Directory where internal executables are stored. In the
+              standard shorewallrc files, the default is either <emphasis
+              role="bold">${PREFIX}/share</emphasis> or <emphasis
+              role="bold">${PREFIX}/libexec</emphasis></para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>PERLLIBDIR</term>
+
+            <listitem>
+              <para>Directory where the Shorewall Perl modules are installed.
+              Then will be installed in this directory under the sub-directory
+              Shorewall. Default is distribution-specific.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>CONFDIR</term>
+
+            <listitem>
+              <para>Directory where subsystem configuration data is stored.
+              Default is <emphasis role="bold">/etc</emphasis> in all
+              shorewallrc file.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SBINDIR</term>
+
+            <listitem>
+              <para>Directory where CLI programs will be installed. Default in
+              all shorewallrc files is /<emphasis
+              role="bold">sbin</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>MANDIR</term>
+
+            <listitem>
+              <para>Directory under which manpages are to be installed.
+              Default is distribution dependent.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>INITDIR</term>
+
+            <listitem>
+              <para>Directory under which SysV init scripts are installed.
+              Default is distribution dependent.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>INITSOURCE</term>
+
+            <listitem>
+              <para>File in the package that is to be installed as the SysV
+              init script for the product.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>INITFILE</term>
+
+            <listitem>
+              <para>The name of the SysV init script when installed under
+              $INITDIR. May be empty, in which case no SysV init script will
+              be installed. This is usually the case on systems that run
+              systemd and on systems like Cygwin or OS X where Shorewall can't
+              act as a firewall.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>AUXINITSOURCE and AUXINITFILE</term>
+
+            <listitem>
+              <para>Analogs of INITSOURCE and INITFILE for distributions, like
+              Slackware, that have a master SysV init script and multiple
+              subordinate scripts.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SYSTEMD</term>
+
+            <listitem>
+              <para>The directory under which the product's .service file is
+              to be installed. Should only be specified on systems running
+              systemd.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SYSCONFDIR</term>
+
+            <listitem>
+              <para>The directory where package SysV init configuration files
+              are to be installed. <emphasis
+              role="bold">/etc/default</emphasis> on Debian and derivatives
+              and <emphasis role="bold">/etc/sysconfig</emphasis>
+              otherwise</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SYSCONFFILE</term>
+
+            <listitem>
+              <para>The file in the Shorewall package that should be installed
+              as ${SYSCONFDIR}/$PRODUCT</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>ANNOTATED</term>
+
+            <listitem>
+              <para>Value is either empty or non-empty. Non-empty indicates
+              that files in ${CONFDIR}/${PRODUCT} should be annotated with
+              manpage documentation.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>SPARSE</term>
+
+            <listitem>
+              <para>Value is either empty or non-empty. When non-empty, only
+              ${PRODUCT}.conf will be installed in
+              ${CONFDIR}/${PRODUCT}</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>VARDIR</term>
+
+            <listitem>
+              <para>Directory where subsystem state data is to be stored.
+              Default is <emphasis role="bold">/var/lib</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </section>
+
+      <section>
+        <title>configure Script</title>
+
+        <para>The configure script creates a file named
+        <filename>shorewallrc</filename> in the current working directory.
+        This file is the default input file to the
+        i<command>nstall.sh</command> scripts. It is run as follows:</para>
+
+        <simplelist>
+          <member><command>./configure</command> [
+          <replaceable>option</replaceable>=<replaceable>value</replaceable> ]
+          ...</member>
+        </simplelist>
+
+        <para>The possible values for option are the same as those shone above
+        in the shorewallrc file. They may be specified in either upper or
+        lower case and may optionally be prefixed by '--'. To facilitate use
+        with the rpm %configure script, the following options are
+        supported:</para>
+
+        <variablelist>
+          <varlistentry>
+            <term>vendor</term>
+
+            <listitem>
+              <para>Alias for <emphasis role="bold">host</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>sharedstatedir</term>
+
+            <listitem>
+              <para>Alias for <emphasis role="bold">vardir</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>datadir</term>
+
+            <listitem>
+              <para>Alias for <emphasis
+              role="bold">sharedir</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>sysconfdir</term>
+
+            <listitem>
+              <para>Alias for <emphasis role="bold">confdir</emphasis>.</para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+
+        <para>Note that %configure may dsgenerate option/value pairs that are
+        incompatible with the <command>configure</command> script. The current
+        %configure macro is:</para>
+
+        <programlisting>%configure \
+  CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \
+  CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS ; \
+  FFLAGS="${FFLAGS:-%optflags}" ; export FFLAGS ; \
+  ./configure --host=%{_host} --build=%{_build} \\\
+        --target=%{_target_platform} \\\
+        --program-prefix=%{?_program_prefix} \\\
+        --prefix=%{_prefix} \\\
+        --exec-prefix=%{_exec_prefix} \\\
+        --bindir=%{_bindir} \\\
+        --sbindir=%{_sbindir} \\\
+        --sysconfdir=%{_sysconfdir} \\\
+        --datadir=%{_datadir} \\\
+        --includedir=%{_includedir} \\\
+        --libdir=%{_libdir} \\\
+        --libexecdir=%{_libexecdir} \\\
+        --localstatedir=%{_localstatedir} \\\
+        --sharedstatedir=%{_sharedstatedir} \\\
+        --mandir=%{_mandir} \\\
+        --infodir=%{_infodir}
+</programlisting>
+
+        <para>On Fedora 16, this expands to:</para>
+
+        <programlisting>  CFLAGS="${CFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CFLAGS ; 
+  CXXFLAGS="${CXXFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CXXFLAGS ; 
+  FFLAGS="${FFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export FFLAGS ; 
+  ./configure <emphasis role="bold">--host=i686-pc-linux-gnu</emphasis> --build=i686-pc-linux-gnu \
+        --program-prefix= \
+        --prefix=/usr \
+        --exec-prefix=/usr \
+        --bindir=/usr/bin \
+        --sbindir=/usr/sbin \
+        --sysconfdir=/etc \
+        --datadir=/usr/share \
+        --includedir=/usr/include \
+        --libdir=/usr/lib \
+        --libexecdir=/usr/libexec \
+        --localstatedir=/var \
+        --sharedstatedir=/var/lib \
+        --mandir=/usr/share/man \
+        --infodir=/usr/share/info
+</programlisting>
+
+        <para>The value of <emphasis role="bold">--host </emphasis>does not
+        map to any of the valid HOST values in shorewallrc. So to use
+        %configure on a Fedora system, you want to invoke it as
+        follows:</para>
+
+        <programlisting><command>%configure --vendor=redhat</command></programlisting>
+
+        <para>To reset the value of a setting in shorewallrc.$host, give it a
+        null value. For example, if you are installing on a RHEL derivative
+        that doesn't run systemd, use this command:</para>
+
+        <programlisting><command>./configure --vendor=redhat --systemd=</command></programlisting>
+      </section>
     </section>
 
-    <section id="Locations">
-      <title>Default Install Locations</title>
+    <section>
+      <title>Versions 4.5.1 and Earlier</title>
 
-      <para>The default install locations are distribution dependent as shown
-      in the following sections. These are the locations that are chosen by
-      the install.sh scripts.</para>
+      <para>Beginning with Shorewall-4.5.0, the Shorewall packages depend on
+      Shorewall-core. So the first step is to install that package:</para>
+
+      <orderedlist>
+        <listitem>
+          <para>unpack the tarballs:<programlisting><command>tar -jxf shorewall-core-4.5.0.tar.bz2</command></programlisting></para>
+        </listitem>
+
+        <listitem>
+          <para>cd to the shorewall directory (the version is encoded in the
+          directory name as in <quote>shorewall-core-4.5.0</quote>).</para>
+        </listitem>
+
+        <listitem>
+          <para>Type:</para>
+
+          <programlisting><command>./install.sh </command></programlisting>
+        </listitem>
+      </orderedlist>
+
+      <para>To install Shorewall using the tarball and install script:</para>
+
+      <orderedlist>
+        <listitem>
+          <para>unpack the tarballs:<programlisting><command>tar -jxf shorewall-4.5.0.tar.bz2</command></programlisting></para>
+        </listitem>
+
+        <listitem>
+          <para>cd to the shorewall directory (the version is encoded in the
+          directory name as in <quote>shorewall-4.3.5</quote>).</para>
+        </listitem>
+
+        <listitem>
+          <para>Type:</para>
+
+          <programlisting><command>./install.sh </command></programlisting>
+
+          <para>or if you are installing Shorewall or Shorewall6 version 4.4.8
+          or later, you may type:</para>
+
+          <programlisting><command>./install.sh -s</command></programlisting>
+
+          <para>The <emphasis role="bold">-s</emphasis> option supresses
+          installation of all files in <filename
+          class="directory">/etc/shorewall</filename> except
+          <filename>shorewall.conf</filename>. You can copy any other files
+          you need from one of the <ulink
+          url="GettingStarted.html">Samples</ulink> or from <filename
+          class="directory">/usr/share/shorewall/configfiles/</filename>.</para>
+        </listitem>
+
+        <listitem>
+          <para>If the install script was unable to configure Shorewall to be
+          started automatically at boot, see <ulink
+          url="starting_and_stopping_shorewall.htm">these
+          instructions</ulink>.</para>
+        </listitem>
+      </orderedlist>
+
+      <para>Beginning with shorewall 4.4.20.1, the installer also supports a
+      <option>-a</option> (annotated) option. Beginning with that release, the
+      standard configuration files (including samples) may be annotated with
+      the contents of the associated manpage. The <option>-a</option> option
+      enables that behavior. The default remains that the configuration files
+      do not include documentation.</para>
 
       <section>
-        <title>All Distributions</title>
+        <title>Executables in /usr and Perl Modules</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+        <para>Distributions have different philosophies about the proper file
+        hierarchy. Two issures are particularly contentious:</para>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+        <itemizedlist>
+          <listitem>
+            <para>Executable files in
+            <filename>/usr/share/shorewall*</filename>. These include;</para>
 
-              <row>
-                <entry>man pages</entry>
+            <itemizedlist>
+              <listitem>
+                <para>getparams</para>
+              </listitem>
 
-                <entry>/usr/share/man/ (may ve overridden using
-                MANDIR)</entry>
-              </row>
+              <listitem>
+                <para>compiler.pl</para>
+              </listitem>
 
-              <row>
-                <entry>Shorewall Perl Modules</entry>
+              <listitem>
+                <para>wait4ifup</para>
+              </listitem>
 
-                <entry>/usr/share/shorewall/ (may be overridden using
-                PERLLIB)</entry>
-              </row>
+              <listitem>
+                <para>shorecap</para>
+              </listitem>
 
-              <row>
-                <entry>Executable helper scripts (compiler.pl, getparams,
-                wait4ifup)</entry>
+              <listitem>
+                <para>ifupdown</para>
+              </listitem>
+            </itemizedlist>
+          </listitem>
 
-                <entry>/usr/share/shorewall/ (may be overridden using
-                LIBEXEC)</entry>
-              </row>
+          <listitem>
+            <para>Perl Modules in
+            <filename>/usr/share/shorewall/Shorewall</filename>.</para>
+          </listitem>
+        </itemizedlist>
 
-              <row>
-                <entry>ifupdown.sh (from Shorewall-init)</entry>
+        <para>To allow distributions to designate alternate locations for
+        these files, the installers (install.sh) from 4.4.19 onward support
+        the following environmental variables:</para>
 
-                <entry>/usr/share/shorewall-init/ (may be overridden using
-                LIBEXEC)</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
+        <variablelist>
+          <varlistentry>
+            <term>LIBEXEC</term>
+
+            <listitem>
+              <para>Determines where in /usr getparams, compiler.pl,
+              wait4ifup, shorecap and ifupdown are installed. Shorewall and
+              Shorewall6 must be installed with the same value of LIBEXEC. The
+              listed executables are installed in
+              <filename>/usr/${LIBEXEC}/shorewall*</filename>. The default
+              value of LIBEXEC is 'share'. LIBEXEC is recognized by all
+              installers and uninstallers.</para>
+
+              <para>Beginning with Shorewall 4.4.20, you can specify an
+              absolute path name for LIBEXEC, in which case the listed
+              executables will be installed in ${LIBEXEC}/shorewall*.</para>
+
+              <para>Beginning with Shorewall 4.5.1, you must specify an
+              absolute pathname for LIBEXEC.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>PERLLIB</term>
+
+            <listitem>
+              <para>Determines where in <filename>/usr </filename>the
+              Shorewall Perl modules are installed. Shorewall and Shorewall6
+              must be installed with the same value of PERLLIB. The modules
+              are installed in <filename>/usr/${PERLLIB}/Shorewall</filename>.
+              The default value of PERLLIB is 'share/shorewall'. PERLLIB is
+              only recognized by the Shorewall and Shorewall6
+              installers.</para>
+
+              <para>Beginning with Shorewall 4.4.20, you can specify an
+              absolute path name for PERLLIB, in which case the Shorewall Perl
+              modules will be installed in ${PERLLIB}/Shorewall/.</para>
+
+              <para>Beginning with Shorewall 4.5.1, you must specify an
+              absolute pathname for PERLLIB.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>MANDIR</term>
+
+            <listitem>
+              <para>Determines where the man pages are installed. Default is
+              distribution-dependent as shown below.</para>
+            </listitem>
+          </varlistentry>
+        </variablelist>
       </section>
 
-      <section>
-        <title>Debian</title>
+      <section id="Locations">
+        <title>Default Install Locations</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+        <para>The default install locations are distribution dependent as
+        shown in the following sections. These are the locations that are
+        chosen by the install.sh scripts.</para>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+        <section>
+          <title>All Distributions</title>
 
-              <row>
-                <entry>CLI programs</entry>
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
 
-                <entry>/sbin/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
 
-              <row>
-                <entry>Distribution-specific configuration file</entry>
+                <row>
+                  <entry>man pages</entry>
 
-                <entry>/etc/default/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/usr/share/man/ (may ve overridden using
+                  MANDIR)</entry>
+                </row>
 
-              <row>
-                <entry>Init Scripts</entry>
+                <row>
+                  <entry>Shorewall Perl Modules</entry>
 
-                <entry>/etc/init.d/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/usr/share/shorewall/ (may be overridden using
+                  PERLLIB)</entry>
+                </row>
 
-              <row>
-                <entry>ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>Executable helper scripts (compiler.pl, getparams,
+                  wait4ifup)</entry>
 
-                <entry>/etc/network/if-up.d/shorewall,
-                /etc/network/if-post-down.d/shorewall</entry>
-              </row>
+                  <entry>/usr/share/shorewall/ (may be overridden using
+                  LIBEXEC)</entry>
+                </row>
 
-              <row>
-                <entry>ppp ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ifupdown.sh (from Shorewall-init)</entry>
 
-                <entry>/etc/ppp/ip-up.d/shorewall,
-                /etc/ppp/ip-down.d/shorewall /etc/ppp/ipv6-up.d/shorewall
-                /etc/ppp/ipv6-down.d/shorewall</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-      </section>
+                  <entry>/usr/share/shorewall-init/ (may be overridden using
+                  LIBEXEC)</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
 
-      <section>
-        <title>Redhat and Derivatives</title>
+        <section>
+          <title>Debian</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
 
-              <row>
-                <entry>CLI programs</entry>
+                <row>
+                  <entry>CLI programs</entry>
 
-                <entry>/sbin/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/sbin/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Distribution-specific configuration file</entry>
+                <row>
+                  <entry>Distribution-specific configuration file</entry>
 
-                <entry>/etc/sysconfig/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/etc/default/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Init Scripts</entry>
+                <row>
+                  <entry>Init Scripts</entry>
 
-                <entry>/etc/rc.d/init.d/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/etc/init.d/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ifupdown scripts from Shorewall-init</entry>
 
-                <entry>/sbin/ifup-local, /sbin/ifdown-local</entry>
-              </row>
+                  <entry>/etc/network/if-up.d/shorewall,
+                  /etc/network/if-post-down.d/shorewall</entry>
+                </row>
 
-              <row>
-                <entry>ppp ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ppp ifupdown scripts from Shorewall-init</entry>
 
-                <entry>/etc/ppp/ip-up.local, /etc/ppp/ip-down.local</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-      </section>
+                  <entry>/etc/ppp/ip-up.d/shorewall,
+                  /etc/ppp/ip-down.d/shorewall /etc/ppp/ipv6-up.d/shorewall
+                  /etc/ppp/ipv6-down.d/shorewall</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
 
-      <section>
-        <title>SuSE</title>
+        <section>
+          <title>Redhat and Derivatives</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
 
-              <row>
-                <entry>CLI programs</entry>
+                <row>
+                  <entry>CLI programs</entry>
 
-                <entry>/sbin/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/sbin/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Distribution-specific configuration file</entry>
+                <row>
+                  <entry>Distribution-specific configuration file</entry>
 
-                <entry>/etc/sysconfig/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/etc/sysconfig/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Init Scripts</entry>
+                <row>
+                  <entry>Init Scripts</entry>
 
-                <entry>/etc/init.d/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/etc/rc.d/init.d/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ifupdown scripts from Shorewall-init</entry>
 
-                <entry>/etc/sysconfig/network/if-up.d/shorewall,
-                /etc/sysconfig/network/if-down.d/shorewall</entry>
-              </row>
+                  <entry>/sbin/ifup-local, /sbin/ifdown-local</entry>
+                </row>
 
-              <row>
-                <entry>ppp ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ppp ifupdown scripts from Shorewall-init</entry>
 
-                <entry>/etc/ppp/ip-up.d/shorewall,
-                /etc/ppp/ip-down.d/shorewall /etc/ppp/ipv6-up.d/shorewall
-                /etc/ppp/ipv6-down.d/shorewall</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-      </section>
+                  <entry>/etc/ppp/ip-up.local, /etc/ppp/ip-down.local</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
 
-      <section>
-        <title>Cygwin</title>
+        <section>
+          <title>SuSE</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
 
-              <row>
-                <entry>CLI programs</entry>
+                <row>
+                  <entry>CLI programs</entry>
 
-                <entry>/bin/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/sbin/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Distribution-specific configuration file</entry>
+                <row>
+                  <entry>Distribution-specific configuration file</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>/etc/sysconfig/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Init Scripts</entry>
+                <row>
+                  <entry>Init Scripts</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>/etc/init.d/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ifupdown scripts from Shorewall-init</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>/etc/sysconfig/network/if-up.d/shorewall,
+                  /etc/sysconfig/network/if-down.d/shorewall</entry>
+                </row>
 
-              <row>
-                <entry>ppp ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ppp ifupdown scripts from Shorewall-init</entry>
 
-                <entry>N/A</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-      </section>
+                  <entry>/etc/ppp/ip-up.d/shorewall,
+                  /etc/ppp/ip-down.d/shorewall /etc/ppp/ipv6-up.d/shorewall
+                  /etc/ppp/ipv6-down.d/shorewall</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
 
-      <section>
-        <title>OS X</title>
+        <section>
+          <title>Cygwin</title>
 
-        <informaltable>
-          <tgroup cols="2">
-            <tbody>
-              <row>
-                <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
 
-                <entry><emphasis role="bold">LOCATION</emphasis></entry>
-              </row>
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
 
-              <row>
-                <entry>CLI programs</entry>
+                <row>
+                  <entry>CLI programs</entry>
 
-                <entry>/sbin/<replaceable>product</replaceable></entry>
-              </row>
+                  <entry>/bin/<replaceable>product</replaceable></entry>
+                </row>
 
-              <row>
-                <entry>Distribution-specific configuration file</entry>
+                <row>
+                  <entry>Distribution-specific configuration file</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>N/A</entry>
+                </row>
 
-              <row>
-                <entry>Init Scripts</entry>
+                <row>
+                  <entry>Init Scripts</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>N/A</entry>
+                </row>
 
-              <row>
-                <entry>ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ifupdown scripts from Shorewall-init</entry>
 
-                <entry>N/A</entry>
-              </row>
+                  <entry>N/A</entry>
+                </row>
 
-              <row>
-                <entry>ppp ifupdown scripts from Shorewall-init</entry>
+                <row>
+                  <entry>ppp ifupdown scripts from Shorewall-init</entry>
 
-                <entry>N/A</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
+                  <entry>N/A</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
+
+        <section>
+          <title>OS X</title>
+
+          <informaltable>
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry><emphasis role="bold">COMPONENT</emphasis></entry>
+
+                  <entry><emphasis role="bold">LOCATION</emphasis></entry>
+                </row>
+
+                <row>
+                  <entry>CLI programs</entry>
+
+                  <entry>/sbin/<replaceable>product</replaceable></entry>
+                </row>
+
+                <row>
+                  <entry>Distribution-specific configuration file</entry>
+
+                  <entry>N/A</entry>
+                </row>
+
+                <row>
+                  <entry>Init Scripts</entry>
+
+                  <entry>N/A</entry>
+                </row>
+
+                <row>
+                  <entry>ifupdown scripts from Shorewall-init</entry>
+
+                  <entry>N/A</entry>
+                </row>
+
+                <row>
+                  <entry>ppp ifupdown scripts from Shorewall-init</entry>
+
+                  <entry>N/A</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </informaltable>
+        </section>
       </section>
     </section>
   </section>