Merge branch 'master' into 4.5.2

2025-03-07 19:11:51 +01:00 · 2012-03-31 20:03:57 -07:00 · 2012-03-31 20:03:57 -07:00 · c616e203df
commit c616e203df
parent 6b698759ca c26f6d45dd
50 changed files with 2738 additions and 1442 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@ -0,0 +1,127 @@
 #!/bin/bash
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
 #	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure <vendor> [ <option>=<setting> ] ...
 #
 #
 ################################################################################################
 declare -A params
 declare -A options
 getfileparams() {
    while read option; do
 	case $option in
 	    \#*)
 		;;
 	    *)
 		on=${option%=*}
 		ov=${option#*=}
 		ov=${ov%#*}
 		[ -n "$on" ] && options[${on}]="${ov}"
 		;;
 	esac
    done
    return 0
 }
 if [ $# -eq 0 ]; then
    echo "Usage: $0 <var>=<val> ..." >&2
    exit 1
 fi
 for p in $@; do
    p=${p#--}
    if [ -n "${p}" ]; then
 	declare -u pn
 	pn=${p%=*}
 	pv=${p#*=}
 	if [ -n "${pn}" ]; then
 	    case ${pn} in
 		VENDOR)
 		    pn=HOST
 		    ;;
 		SHAREDSTATEDIR)
 		    pn=VARDIR
 		    ;;
 		DATADIR)
 		    pn=SHAREDIR
 		    ;;
 		SYSCONFDIR)
 		    pn=CONFDIR
 		    ;;
 	    esac
 	    params[${pn}]="${pv}"
 	fi
    fi
 done
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
    rcfile=shorewallrc.default
    vendor=linux
 else
    rcfile=shorewallrc.$vendor
 fi
 getfileparams < $rcfile || exit 1
 for p in ${!params[@]}; do
    options[${p}]="${params[${p}]}"
    options[${p}]="${params[${p}]}"
 done
 echo "HOST=$vendor" > shorewallrc
 for on in \
    PREFIX \
    SHAREDIR \
    LIBEXECDIR \
    PERLLIBDIR \
    CONFDIR \
    SBINDIR \
    MANDIR \
    INITDIR \
    INITSOURCE \
    INITFILE \
    AUXINITSOURCE \
    AUXINITFILE \
    SYSTEMD \
    SYSCONFILE \
    SYSCONFDIR \
    ANNOTATED \
    VARDIR
 do
    echo "$on=${options[${on}]}" >> shorewallrc
 done
 cat shorewallrc
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ] "
    echo "       $ME -v"
    echo "       $ME -h"
    exit $1
 }
 fatal_error() 
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
@ -85,43 +91,87 @@ install_file() # $1 = source $2 = target $3 = mode
    run_install $T $OWNERSHIP -m $3 $1 ${2}
 }
 require() 
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 cd "$(dirname $0)"
 #
 # Load packager's settings if any
 #
 [ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
 [ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
 #
 # Parse the run line
 #
-# ARGS is "yes" if we've already parsed an argument
+finished=0
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "Shorewall Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc
 	file=~/.shorewallrc
    elif [ -f ./.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
 	file=/usr/share/shorewall/shorewallrc
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
 elif [ $# -eq 1 ]; then
    file=$1
    case $file in
 	/*|.*)
 	    ;;
 	*)
 	    file=./$file || exit 1
 	    ;;
    esac
    . $file
 else
    usage 1
 fi
 for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
    require $var
 done
 [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
 T="-T"
 [ -n "${LIBEXEC:=/usr/share}" ]
 [ -n "${PERLLIB:=/usr/share/shorewall}" ]
 case "$LIBEXEC" in
    /*)
 	;;
    *)
 	echo "The LIBEXEC setting must be an absolute path name" >&2
 	exit 1
 	;;
 esac
 case "$PERLLIB" in
    /*)
 	;;
    *)
 	echo "The PERLLIB setting must be an absolute path name" >&2
 	exit 1
 	;;
 esac
 INSTALLD='-D'
 if [ -z "$BUILD" ]; then
@ -180,41 +230,6 @@ esac
 OWNERSHIP="-o $OWNER -g $GROUP"
 finished=0
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "Shorewall Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    [ -n "$option" ] && usage 1
 	    finished=1
 	    ;;
    esac
 done
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 #
 # Determine where to install the firewall script
 #
@ -236,6 +251,23 @@ case "$HOST" in
 	;;
 esac
 if [ -z "$file" ]; then
    if $HOST = linux; then
 	file=shorewallrc.default
    else
 	file=shorewallrc.${HOST}
    fi
    echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
    echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
    echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
    echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
    echo "" >&2
    echo "Example:" >&2
    echo "" >&2
    echo "   ./install.sh $file" &>2
 fi
 if [ -n "$DESTDIR" ]; then
    if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
@ -245,56 +277,55 @@ if [ -n "$DESTDIR" ]; then
    fi
 fi
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 echo "Installing Shorewall Core Version $VERSION"
 #
 # Create /usr/share/shorewall
 #
-mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
+mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
-chmod 755 ${DESTDIR}${LIBEXEC}/shorewall
+chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
-if [ $LIBEXEC != /usr/shorewall/ ]; then
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
-    mkdir -p ${DESTDIR}/usr/share/shorewall
+chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
    chmod 755 ${DESTDIR}/usr/share/shorewall
 fi
 #
 # Install wait4ifup
 #
-install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755
+install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
 echo
-echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup"
+echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
 #
 # Install the libraries
 #
 for f in lib.* ; do
-    install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644
+    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
-    echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f"
+    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
 done
 if [ $BUILD != apple ]; then
    eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
    eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
 else
    eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
    eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
 fi
 #
 # Symbolically link 'functions' to lib.base
 #
-ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion
+chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 [ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
 	if [ $BUILD != apple ]; then
 	    eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/$f
 	else
 	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/$f
 	fi
    done
 fi
 #
 #  Report Success
 #
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@ -32,45 +32,60 @@ SHOREWALL_CAPVERSION=40502
 [ -n "${g_program:=shorewall}" ]
 if [ -z "$g_readrc" ]; then
    #
    # This is modified by the installer when ${SHAREDIR} <> /usr/share
    #
    . /usr/share/shorewall/shorewallrc
    g_libexec="$LIBEXECDIR"
    g_sharedir="$SHAREDIR"
    g_sbindir="$SBINDIR"
    g_vardir="$VARDIR"
    g_readrc=1
 fi
 case $g_program in
    shorewall)
-	SHAREDIR=/usr/share/shorewall
+	SHAREDIR=${SHAREDIR}/shorewall
-	CONFDIR=/etc/shorewall
+	CONFDIR=${CONFDIR}/shorewall
 	g_product="Shorewall"
 	g_family=4
 	g_tool=
-	g_basedir=/usr/share/shorewall
+	g_basedir=${SHAREDIR}/shorewall
 	g_lite=
 	;;
    shorewall6)
-	SHAREDIR=/usr/share/shorewall6
+	SHAREDIR=${SHAREDIR}/shorewall6
-	CONFDIR=/etc/shorewall6
+	CONFDIR=${CONFDIR}/shorewall6
 	g_product="Shorewall6"
 	g_family=6
 	g_tool=
-	g_basedir=/usr/share/shorewall
+	g_basedir=${SHAREDIR}/shorewall
 	g_lite=
 	;;
    shorewall-lite)
-	SHAREDIR=/usr/share/shorewall-lite
+	SHAREDIR=${SHAREDIR}/shorewall-lite
-	CONFDIR=/etc/shorewall-lite
+	CONFDIR=${CONFDIR}/shorewall-lite
 	g_product="Shorewall Lite"
 	g_family=4
 	g_tool=iptables
-	g_basedir=/usr/share/shorewall-lite
+	g_basedir=${SHAREDIR}/shorewall-lite
 	g_lite=Yes
 	;;
    shorewall6-lite)
-	SHAREDIR=/usr/share/shorewall6-lite
+	SHAREDIR=${SHAREDIR}/shorewall6-lite
-	CONFDIR=/etc/shorewall6-lite
+	CONFDIR=${CONFDIR}/shorewall6-lite
 	g_product="Shorewall6 Lite"
 	g_family=6
 	g_tool=ip6tables
-	g_basedir=/usr/share/shorewall6-lite
+	g_basedir=${SHAREDIR}/shorewall6-lite
 	g_lite=Yes
 	;;
 esac
 VARDIR=${VARDIR}/${g_program}
 #
 # Conditionally produce message
 #
@ -186,7 +201,7 @@ mutex_off()
    rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
-[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common
+[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
 #
 # Validate an IP address
@ -455,14 +470,14 @@ mktempfile() {
    else
 	case "$MKTEMP" in
 	    BSD)
-		mktemp /tmp/shorewall.XXXXXX
+		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
 		;;
 	    STD)
 		mktemp -t shorewall.XXXXXX
 		;;
 	    None)
-		rm -f /tmp/shorewall-$$
+		rm -f ${TMPDIR:-/tmp}/shorewall-$$
-		> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
+		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
 		;;
 	    *)
 		error_message "ERROR:Internal error in mktempfile"
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -23,7 +23,21 @@
 # This library contains the command processing code common to /sbin/shorewall[6] and
 # /sbin/shorewall[6]-lite.
 #
-. /usr/share/shorewall/lib.base
+
 if [ -z "$g_readrc" ]; then
    #
    # This is modified by the installer when ${SHAREDIR} <> /usr/share
    #
    . /usr/share/shorewall/shorewallrc
    g_libexec="$LIBEXECDIR"
    g_sharedir="$SHAREDIR"
    g_sbindir="$SBINDIR"
    g_readrc=1
 fi
 . ${g_sharedir}/shorewall/lib.base
 #
 # Fatal Error
 #
@ -842,11 +856,13 @@ show_command() {
 		echo "CONFIG_PATH=$CONFIG_PATH"
 		echo "VARDIR=$VARDIR"
 		echo "LIBEXEC=$g_libexec"
 		echo "SBINDIR=$g_sbindir"
 		[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
 	    else
 		echo "Default CONFIG_PATH is $CONFIG_PATH"
 		echo "Default VARDIR is /var/lib/$g_program"
 		echo "LIBEXEC is $g_libexec"
 		echo "SBINDIR is $g_sbindir"
 		[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
 	    fi
 	    ;;
@ -2958,14 +2974,12 @@ shorewall_cli() {
    g_annotate=
    g_recovering=
    g_timestamp=
    g_libexec=/usr/share
    g_perllib=/usr/share/shorewall
    g_shorewalldir=
    VERBOSE=
    VERBOSITY=
-    [ -n "$g_lite" ] || . /usr/share/shorewall/lib.cli-std
+    [ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
    finished=0
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@ -0,0 +1,20 @@
 #
 # Apple OS X Shorewall 4.5 rc file
 #
 BUILD=apple
 HOST=apple
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man
 INITDIR=
 INITFILE=
 INITSOURCE=
 ANNOTATED=
 SYSTEMD=
 SYSCONFDIR=
 SPARSE=Yes
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@ -0,0 +1,19 @@
 #
 # Archlinux Shorewall 4.5 rc file
 #
 BUILD=archlinux
 HOST=archlinux
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man
 INITDIR=/etc/rc.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
 ANNOTATED=
 SYSCONFDIR=
 SYSTEMD=
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@ -0,0 +1,20 @@
 #
 # Cygwin Shorewall 4.5 rc file
 #
 BUILD=cygwin
 HOST=cygwin
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/bin
 MANDIR=${SHAREDIR}/man
 INITDIR=/etc/init.d
 INITFILE=
 INITSOURCE=
 ANNOTATED=
 SYSTEMD=
 SYSCONFDIR=
 SPARSE=Yes
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@ -0,0 +1,21 @@
 #
 # Debian Shorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${PREFIX}/man
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.debian.sh
 ANNOTATED=
 SYSCONFFILE=default.debian
 SYSCONFDIR=/etc/default
 SYSTEMD=
 SPARSE=Yes
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@ -0,0 +1,21 @@
 #
 # Default Shorewall 4.5 rc file
 #
 HOST=                                   #Default is to detect the host system
 BUILD=                                  #Default is to detect the build system
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${PREFIX}/man
 INITDIR=etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
 ANNOTATED=
 SYSTEMD=
 SYSCONFFILE=
 SYSCONFDIR=
 SPARSE=
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@ -0,0 +1,21 @@
 #
 # RedHat/FedoraShorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=/usr/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man
 INITDIR=/etc/rc.d/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.fedora.sh
 ANNOTATED=
 SYSTEMD=/lib/systemd/system
 SYSCONFFILE=sysconfig
 SYSCONFDIR=/etc/sysconfig/
 SPARSE=
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@ -0,0 +1,22 @@
 #
 # Slackware Shorewall 4.5 rc file
 #
 BUILD=slackware
 HOST=slackware
 PREFIX=/usr
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/share
 PERLLIBDIR=${PREFIX}/share/shorewall
 CONFDIR=/etc
 SBINDIR=/sbin
 MANDIR=${PREFIX}/man
 INITDIR=/etc/rc.d
 INITSOURCE=init.slackware.firewall
 INITFILE=rc.firewall
 AUXINITSOURCE=init.slackware.$PRODUCT
 AUXINITFILE=rc.$PRODUCT
 SYSTEMD=
 SYSCONFFILE=
 SYSCONFDIR=
 ANNOTATED=
 VARDIR=/var/lib
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@ -0,0 +1,21 @@
 #
 # SuSE Shorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=suse
 PREFIX=/usr
 CONFDIR=/etc
 SHAREDIR=${PREFIX}/share
 LIBEXECDIR=${PREFIX}/lib
 PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2
 SBINDIR=/sbin
 MANDIR=${SHAREDIR}/man/
 INITDIR=/etc/init.d
 INITFILE=$PRODUCT
 INITSOURCE=init.sh
 ANNOTATED=
 SYSTEMD=
 SYSCONFFILE=
 SYSCONFDIR=/etc/sysconfig/
 SPARSE=
 VARDIR=/var/lib
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
    exit $1
 }
@ -60,8 +60,25 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall/coreversion ]; then
+if [ $# -eq 0 ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
+    file=/usr/share/shorewall/shorewallrc
 elif [ $# -eq 1 ]; then
    file=$1
 else
    usage 1
 fi
 if [ -f "$file" ]; then
    . "$file"
 else
    echo "File $file not found" >&2
    exit 1
 fi
 . $file || exit 1
 if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@ -72,12 +89,9 @@ else
    VERSION=""
 fi
 [ -n "${LIBEXEC:=/usr/share}" ]
 [ -n "${PERLLIB:=/usr/share/shorewall}" ]
 echo "Uninstalling Shorewall Core $VERSION"
-rm -rf /usr/share/shorewall
+rm -rf ${SHAREDIR}/shorewall
 echo "Shorewall Core Uninstalled"
--- a/Shorewall-init/ifupdown.sh
+++ b/Shorewall-init/ifupdown.sh
@ -71,6 +71,11 @@ Debian_SuSE_ppp() {
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
@ -182,10 +187,8 @@ else
 fi
 for PRODUCT in $PRODUCTS; do
    VARDIR=/var/lib/$PRODUCT
    [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
    if [ -x $VARDIR/firewall ]; then
-	  ( . /usr/share/$PRODUCT/lib.base
+	  ( . ${SHAREDIR}/shorewall/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
 	    mutex_off
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@ -62,10 +62,15 @@ not_configured () {
 	exit 0
 }
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # check if shorewall-init is configured or not
-if [ -f "/etc/default/shorewall-init" ]
+if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-	. /etc/default/shorewall-init
+	. $SYSCONFDIR/shorewall-init
 	if [ -z "$PRODUCTS" ]
 	then
 		not_configured
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@ -13,6 +13,15 @@
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #determine where the files were installed
 if [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 else
    SBINDIR=/sbin
    SYSCONFDIR=/etc/default
    VARDIR=/var/lib
 fi
 prog="shorewall-init"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/shorewall-init"
@ -44,10 +53,8 @@ start () {
    echo -n "Initializing \"Shorewall-based firewalls\": "
    for product in $PRODUCTS; do
-	vardir=/var/lib/$product
+	if [ -x ${VARDIR}/$product/firewall ]; then
-	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+	    ${VARDIR}/$product/firewall stop 2>&1 | $logger
 	if [ -x ${vardir}/firewall ]; then
 	    ${vardir}/firewall stop 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ retval -ne 0 ] && break
 	fi
@ -70,10 +77,8 @@ stop () {
    echo -n "Clearing \"Shorewall-based firewalls\": "
    for product in $PRODUCTS; do
-	vardir=/var/lib/$product
+	if [ -x ${VARDIR}/$product/firewall ]; then
-	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+	    ${VARDIR}/$product/firewall clear 2>&1 | $logger
 	if [ -x ${vardir}/firewall ]; then
 	    ${vardir}/firewall clear 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ retval -ne 0 ] && break
 	fi
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@ -53,6 +53,11 @@ else
 	exit 0
 fi
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
@ -60,10 +65,8 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      VARDIR=/var/lib/$PRODUCT
      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
      if [ -x ${VARDIR}/firewall ]; then
-	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
      fi
@ -83,8 +86,6 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      VARDIR=/var/lib/$PRODUCT
      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
      if [ -x ${VARDIR}/firewall ]; then
 	  ${VARDIR}/firewall clear || exit 1
      fi
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@ -28,12 +28,18 @@ VERSION=xxx #The Build script inserts the actual version.
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    exit $1
 }
 fatal_error() 
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
@ -76,9 +82,9 @@ cant_autostart()
    echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
 }
-delete_file() # $1 = file to delete
+require() 
 {
-    rm -f $1
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 install_file() # $1 = source $2 = target $3 = mode
@ -88,44 +94,78 @@ install_file() # $1 = source $2 = target $3 = mode
 cd "$(dirname $0)"
-#
+PRODUCT=shorewall-init
 # Load packager's settings if any
 #
 [ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
-[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
+#
 # Parse the run line
 #
 finished=0
-while [ $# -gt 0 ] ; do
+while [ $finished -eq 0 ] ; do
    case "$1" in
-	-h|help|?)
+	-*)
-	    usage 0
+	    option=${option#-}
-	    ;;
+
-        -v)
+	    while [ -n "$option" ]; do
-	    echo "Shorewall Init Installer Version $VERSION"
+		case $option in
-	    exit 0
+		    h)
 			usage 0
 			;;
 		    v)
 			echo "Shorewall-init Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
-	    usage 1
+	    finished=1
 	    ;;
    esac
-    shift
+done
 #
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    #
    # Load packager's settings if any
    #
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc || exit 1
 	file=~/.shorewallrc
    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=./.shorewallrc
     else
 	fatal_error "No configuration file specified and ~/.shorewallrc not found"
    fi
 elif [ $# -eq 1 ]; then
    file=$1
    case $file in
 	/*|.*)
 	    ;;
 	*)
 	    file=./$file
 	    ;;
    esac
    . $file
 else
    usage 1
 fi
 for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
    require $var
 done
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 [ -n "${LIBEXEC:=/usr/share}" ]
 case "$LIBEXEC" in
    /*)
 	;;
    *)
 	echo "The LIBEXEC setting must be an absolute path name" >&2
 	exit 1
 	;;
 esac
 INITFILE="shorewall-init"
 if [ -z "$BUILD" ]; then
    case $(uname) in
 	cygwin*)
@ -174,11 +214,9 @@ OWNERSHIP="-o $OWNER -g $GROUP"
 case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	SPARSE=yes
 	;;
    redhat|redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
 	;;
    slackware)
 	echo "Shorewall-init is currently not supported on Slackware" >&2
@ -202,10 +240,6 @@ esac
 [ -z "$TARGET" ] && TARGET=$HOST
 if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
    INITDIR="/etc/init.d"
 fi
 if [ -n "$DESTDIR" ]; then
    if [ `id -u` != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
@ -215,57 +249,44 @@ if [ -n "$DESTDIR" ]; then
    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 fi
 if [ -z "$DESTDIR" ]; then
    if [ -d /lib/systemd/system ]; then
 	SYSTEMD=Yes
 	INITFILE=
    fi
 elif [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}/lib/systemd/system
    INITFILE=
 fi
 echo "Installing Shorewall Init Version $VERSION"
 #
 # Check for /usr/share/shorewall-init/version
 #
-if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
+if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
    first_install=""
 else
    first_install="Yes"
 fi
 #
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
-    #
+    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
-    # Install the Init Script
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
    #
    case $TARGET in
 	debian)
 	    install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
 	    ;;
 	redhat)
 	    install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
 	    ;;
 	*)
 	    install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
 	    ;;
    esac
-    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
+    if [ -n "${AUXINITSOURCE}" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
    fi
    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
+    mkdir -p ${DESTDIR}${SYSTEMD}
-    echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
    if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}/sbin/
+	mkdir -p ${DESTDIR}${SBINDIR}
-        chmod 755 ${DESTDIR}/sbin
+        chmod 755 ${DESTDIR}${SBINDIR}
    fi
-    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}/sbin/shorewall-init
+    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
-    echo "CLI installed as ${DESTDIR}/sbin/shorewall-init"
+    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
 #
@ -285,7 +306,7 @@ chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
 #
 if [ -z "$DESTDIR" ]; then
    rm -f /usr/share/shorewall-init/init
-    ln -s ${INITDIR}/${INITFILE} /usr/share/shorewall-init/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
 fi
 if [ $HOST = debian ]; then
@ -303,20 +324,20 @@ if [ $HOST = debian ]; then
    fi
 else
    if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}/etc/sysconfig
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
-    if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
-	install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
    fi 
 fi
@ -324,31 +345,35 @@ fi
 # Install the ifupdown script
 #
-mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init
+cp ifupdown.sh ifupdown
-install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544
+d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ifupdown
 mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
+    install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
 case $HOST in
    debian)
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	;;
    suse)
 	if [ -z "$RPM" ]; then
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
 	fi
 	;;
    redhat)
-	if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
-	    echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 	elif [ -z "$DESTDIR" ]; then
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	fi
 	;;
 esac
@ -365,20 +390,20 @@ if [ -z "$DESTDIR" ]; then
 		if systemctl enable shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
-	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
-		if insserv /etc/init.d/shorewall-init ; then
+		if insserv ${INITDIR}/shorewall-init ; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
-	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
 		if chkconfig --add shorewall-init ; then
 		    echo "Shorewall Init will start automatically in run levels as follows:"
 		    chkconfig --list shorewall-init
 		else
 		    cant_autostart
 		fi
-	    elif [ -x /sbin/rc-update ]; then
+	    elif [ -x ${SBINDIR}/rc-update ]; then
 		if rc-update add shorewall-init default; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
@ -387,7 +412,6 @@ if [ -z "$DESTDIR" ]; then
 	    else
 		cant_autostart
 	    fi
 	fi
    fi
 else
@ -397,18 +421,20 @@ else
 		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi
-	    ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
+	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
 	    echo "Shorewall Init will start automatically at boot"
 	fi
    fi
 fi
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
 if [ -f ${DESTDIR}/etc/ppp ]; then
    case $HOST in
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
 		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
+		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
 	    done
 	    ;;
 	redhat)
@ -419,13 +445,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
 		    if fgrep -q Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
 			break
 		    fi
 		else
-		    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		fi
 	    done
 	    ;;
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@ -23,9 +23,14 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #########################################################################################
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
 . /usr/share/shorewall/shorewallrc
 # check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]; then
+if [ -f "$SYSCONFDIR/shorewall-init" ]; then
-    . /etc/sysconfig/shorewall-init
+    . $SYSCONFDIR/shorewall-init
    if [ -z "$PRODUCTS" ]; then
        echo "ERROR: No products configured" >&2
 	exit 1
@ -42,8 +47,6 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      VARDIR=/var/lib/$PRODUCT
      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
      if [ -x ${VARDIR}/firewall ]; then
 	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
 	      ${VARDIR}/firewall stop || exit 1
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@ -31,7 +31,7 @@ VERSION=xxx  #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
    exit $1
 }
@ -40,6 +40,27 @@ qt()
    "$@" >/dev/null 2>&1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,25 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall-init/version ]; then
+if [ $# -eq 0 ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)"
+    file=/usr/share/shorewall/shorewallrc
 elif [ $# -eq 1 ]; then
    file=$1
 else
    usage 1
 fi
 if [ -f "$file" ]; then
    . "$file"
 else
    echo "File $file not found" >&2
    exit 1
 fi
 . $file || exit 1
 if [ -f ${SHAREDIR}/shorewall-init/version ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@ -60,56 +98,55 @@ else
    VERSION=""
 fi
-[ -n "${LIBEXEC:=/usr/share}" ]
+[ -n "${LIBEXEC:=${SHAREDIR}}" ]
 echo "Uninstalling Shorewall Init $VERSION"
-INITSCRIPT=/etc/init.d/shorewall-init
+INITSCRIPT=${CONFDIR}/init.d/shorewall-init
-if [ -n "$INITSCRIPT" ]; then
+if [ -f "$INITSCRIPT" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall-init remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
        insserv -r $INITSCRIPT
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $INITSCRIPT)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall-init
    else
 	rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
    fi
    remove_file $INITSCRIPT
 fi
-[ "$(readlink -m -q /sbin/ifup-local)"   = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local
+[ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local
+[ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
-remove_file /etc/default/shorewall-init
+remove_file ${CONFDIR}/default/shorewall-init
-remove_file /etc/sysconfig/shorewall-init
+remove_file ${CONFDIR}/sysconfig/shorewall-init
-remove_file /etc/NetworkManager/dispatcher.d/01-shorewall
+remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
-remove_file /etc/network/if-up.d/shorewall
+remove_file ${CONFDIR}/network/if-up.d/shorewall
-remove_file /etc/network/if-down.d/shorewall
+remove_file ${CONFDIR}/network/if-down.d/shorewall
-remove_file /etc/sysconfig/network/if-up.d/shorewall
+remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
-remove_file /etc/sysconfig/network/if-down.d/shorewall
+remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
 remove_file /lib/systemd/system/shorewall.service
-if [ -d /etc/ppp ]; then
+[ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
 if [ -d ${CONFDIR}/ppp ]; then
    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-	remove_file /etc/ppp/$directory/shorewall
+	remove_file ${CONFDIR}/ppp/$directory/shorewall
    done
    for file in if-up.local if-down.local; do
-	if fgrep -q Shorewall-based /etc/ppp/$FILE; then
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
-	    remove_file /etc/ppp/$FILE
+	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
    done
 fi
-rm -rf /usr/share/shorewall-init
+rm -rf ${SHAREDIR}/shorewall-init
 rm -rf ${LIBEXEC}/shorewall-init
 echo "Shorewall Init Uninstalled"
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@ -57,17 +57,23 @@ not_configured () {
 	exit 0
 }
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
-if [ -f "/etc/shorewall-lite/params" ]
+
 if [ -f "$CONFDIR/shorewall-lite/params" ]
 then
-	. /etc/shorewall-lite/params
+	. $CONFDIR/shorewall-lite/params
 fi
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall-lite" ]
+if [ -f "$SYSCONFDIR/shorewall-lite" ]
 then
-	. /etc/default/shorewall-lite
+	. $SYSCONFDIR/shorewall-lite
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@ -20,16 +20,21 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 prog="shorewall-lite"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 # Get startup options (override default)
 OPTIONS=
-if [ -f /etc/sysconfig/$prog ]; then
+if [ -f ${SYSCONFDIR}/$prog ]; then
-    . /etc/sysconfig/$prog
+    . ${SYSCONFDIR}/$prog
 fi
 start() {
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@ -61,10 +61,14 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-if [ -f /etc/sysconfig/shorewall ]; then
+
-    . /etc/sysconfig/shorewall
+#
-elif [ -f /etc/default/shorewall ] ; then
+# The installer may alter this
-    . /etc/default/shorewall
+#
 . /usr/share/shorewall/shorewallrc
 if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
    . ${SYSCONFDIR}/shorewall-lite
 fi
 SHOREWALL_INIT_SCRIPT=1
@ -76,13 +80,13 @@ command="$1"
 case "$command" in
    start)
-	exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
-	exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
-	exec /sbin/shorewall-lite $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 	;;
    *)
 	usage
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    exit $1
 }
 fatal_error() 
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
@ -85,16 +91,16 @@ install_file() # $1 = source $2 = target $3 = mode
    run_install $T $OWNERSHIP -m $3 $1 ${2}
 }
 require() 
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 #
 # Load packager's settings if any
 #
 [ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
 if [ -f shorewall-lite ]; then
    PRODUCT=shorewall-lite
    Product="Shorewall Lite"
@ -103,39 +109,73 @@ else
    Product="Shorewall6 Lite"
 fi
 [ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
 #
 # Parse the run line
 #
-while [ $# -gt 0 ] ; do
+finished=0
 while [ $finished -eq 0 ] ; do
    case "$1" in
-	-h|help|?)
+	-*)
-	    usage 0
+	    option=${option#-}
-	    ;;
+	    
-        -v)
+	    while [ -n "$option" ]; do
-	    echo "$Product Firewall Installer Version $VERSION"
+		case $option in
-	    exit 0
+		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
-	    usage 1
+	    finished=1
 	    ;;
    esac
    shift
 done
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+#
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc || exit 1
 	file=./shorewallrc
    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
 elif [ $# -eq 1 ]; then
    file=$1
    case $file in
 	/*|.*)
 	    ;;
 	*)
 	    file=./$file
 	    ;;
    esac
-[ -n "${LIBEXEC:=/usr/share}" ]
+    . $file
 else
    usage 1
 fi
-case "$LIBEXEC" in
+for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
-    /*)
+    require $var
-	;;
+done
-    *)
+
-	echo "The LIBEXEC setting must be an absolute path name" >&2
+PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 	exit 1
 	;;
 esac
 #
 # Determine where to install the firewall script
@ -154,15 +194,15 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/debian_version ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
-	    elif [ -f /etc/redhat-release ]; then
+	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
-	    elif [ -f /etc/SuSE-release ]; then
+	    elif [ -f ${CONFDIR}/SuSE-release ]; then
 		BUILD=suse
-	    elif [ -f /etc/slackware-version ] ; then
+	    elif [ -f ${CONFDIR}/slackware-version ] ; then
 		BUILD=slackware
-	    elif [ -f /etc/arch-release ] ; then
+	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
 	    else
 		BUILD=linux
@ -203,21 +243,15 @@ case "$HOST" in
 	;;
    debian)
 	echo "Installing Debian-specific configuration..."
 	SPARSE=yes
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	[ -n "$INITDIR" ]  || INITDIR=/etc/rc.d/init.d
 	;;
    slackware)
 	echo "Installing Slackware-specific configuration..."
 	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
 	[ -n "$INITFILE" ] || INITFILE="rc.firewall"
 	[ -n "$MANDIR=" ]  || MANDIR=/usr/man
 	;;
    archlinux)
 	echo "Installing ArchLinux-specific configuration..."
 	[ -n "$INITDIR" ]  || INITDIR="/etc/rc.d"
 	;;
    linux|suse)
 	;;
@ -227,7 +261,7 @@ case "$HOST" in
 	;;
 esac
-[ -z "$INITDIR" ] && INITDIR="/etc/init.d"
+[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
 if [ -n "$DESTDIR" ]; then
    if [ `id -u` != 0 ] ; then
@ -235,8 +269,8 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
    fi
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${DESTFILE}
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
    if [ -n "$SYSTEMD" ]; then
 	mkdir -p ${DESTDIR}/lib/systemd/system
@ -257,27 +291,27 @@ fi
 echo "Installing $Product Version $VERSION"
 #
-# Check for /etc/$PRODUCT
+# Check for ${CONFDIR}/$PRODUCT
 #
-if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then
+if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
-    [ -f /etc/$PRODUCT/shorewall.conf ] && \
+    [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
-	mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf
+	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 else
-    rm -rf ${DESTDIR}/etc/$PRODUCT
+    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
    rm -rf ${DESTDIR}/usr/share/$PRODUCT
    rm -rf ${DESTDIR}/var/lib/$PRODUCT
-    [ "$LIBEXEC" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
+    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
 fi
 #
-# Check for /sbin/$PRODUCT
+# Check for ${SBINDIR}/$PRODUCT
 #
-if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
+if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
    first_install=""
 else
    first_install="Yes"
@ -285,118 +319,123 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
-install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544
+install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
-echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"
+echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 #
-# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
+# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
-mkdir -p ${DESTDIR}/etc/$PRODUCT
+mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
 mkdir -p ${DESTDIR}/usr/share/$PRODUCT
-mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
+mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
 mkdir -p ${DESTDIR}/var/lib/$PRODUCT
-chmod 755 ${DESTDIR}/etc/$PRODUCT
+chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
 chmod 755 ${DESTDIR}/usr/share/$PRODUCT
 if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}/etc/logrotate.d
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 755 ${DESTDIR}/etc/logrotate.d
+    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
    mkdir -p ${DESTDIR}${INITDIR}
    chmod 755 ${DESTDIR}${INITDIR}
 fi
 if [ -n "$INITFILE" ]; then
    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
    case $TARGET in
 	debian)
-	    install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.debian.sh "$initfile" 0544
 	    ;;
 	redhat)
-	    install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.fedora.sh "$initfile" 0544
 	    ;;
 	archlinux)
-	    install_file init.archlinux.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.archlinux.sh "$initfile" 0544
 	    ;;
 	*)
-	    install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
+	    install_file init.sh "$initfile" 0544
 	    ;;
    esac
-    echo  "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
 #
 # Install the config file
 #
-if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
+if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
-   install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744
+   install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
-   echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
+   echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
 fi
 if [ $HOST = archlinux ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
+   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
+run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
-echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"
+echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 #
 # Install the default config path file
 #
-install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
+install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
-echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"
+echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
 #
 # Install the libraries
 #
 for f in lib.* ; do
    if [ -f $f ]; then
-	install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
    fi
 done
-ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
-echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions"
+echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 # Install Shorecap
 #
-install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755
+install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
 echo
-echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap"
+echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
 #
 # Install the Modules files
 #
 if [ -f modules ]; then
-    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT
+    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
-    echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
+    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 if [ -f helpers ]; then
-    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT
+    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
-    echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
+    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
-    echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
+    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 #
@ -406,18 +445,18 @@ done
 if [ -d manpages ]; then
    cd manpages
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
    done
    for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
    done
    cd ..
@ -425,73 +464,78 @@ if [ -d manpages ]; then
    echo "Man Pages Installed"
 fi
-if [ -d ${DESTDIR}/etc/logrotate.d ]; then
+if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
+    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
-    echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
+    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
-chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
+chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #
 if [ -z "$DESTDIR" ]; then
-    rm -f /usr/share/$PRODUCT/init
+    rm -f ${SHAREDIR}/$PRODUCT/init
-    ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
-delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
-delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
-delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
-if [ -z "$DESTDIR" ]; then
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-    touch /var/log/$PRODUCT-init.log
+    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    if [ -n "$first_install" ]; then
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
-	if [ $HOST = debian ]; then
+    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-	    run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
+fi
-	    update-rc.d $PRODUCT defaults
+if [ ${SHAREDIR} != /usr/share ]; then
-
+    [ $PRODUCT = shorewall ] && eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/lib.base
-	    if [ -x /sbin/insserv ]; then
+    sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
-		insserv /etc/init.d/$PRODUCT
+fi
 	    else
 		ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
 	    fi
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
    if mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
    elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"
 	else
 	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable $PRODUCT; then
 		    echo "$Product will start automatically at boot"
 		fi
 	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
 		if insserv /etc/init.d/$PRODUCT ; then
 		    echo "$Product will start automatically at boot"
 		else
 		    cant_autostart
 		fi
 	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
 		if chkconfig --add $PRODUCT ; then
 		    echo "$Product will start automatically in run levels as follows:"
 		    chkconfig --list $PRODUCT
 		else
 		    cant_autostart
 		fi
 	    elif [ -x /sbin/rc-update ]; then
 		if rc-update add $PRODUCT default; then
 		    echo "$Product will start automatically at boot"
 		else
 		    cant_autostart
 		fi
 	    elif [ "$INITFILE" != rc.firewall ]; then #Slackware starts this automatically
 		cant_autostart
 	    fi
 	fi
    elif mywhich insserv; then
 	if insserv ${INITDIR}/${INITFILE} ; then
 	    echo "$PRODUCT will start automatically at boot"
 	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 	else
 	    cant_autostart
 	fi
    elif mywhich chkconfig; then
 	if chkconfig --add $PRODUCT ; then
 	    echo "$PRODUCT will start automatically in run levels as follows:"
 	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 	    chkconfig --list $PRODUCT
 	else
 	    cant_autostart
 	fi
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
 	    echo "$PRODUCT will start automatically at boot"
 	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	else
 	    cant_autostart
 	fi
    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
 	cant_autostart
    fi
 fi
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -27,6 +27,16 @@
 ################################################################################################
 g_program=shorewall-lite
-. /usr/share/shorewall/lib.cli
+#
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
 . /usr/share/shorewall/shorewallrc
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
 g_sbindir="$SBINDIR"
 g_readrc=1
 . $g_sharedir/shorewall/lib.cli
 shorewall_cli $@
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -31,7 +31,7 @@ VERSION=xxx  #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <shorewallrc file> ]"
    exit $1
 }
@ -40,16 +40,25 @@ qt()
    "$@" >/dev/null 2>&1
 }
-restore_file() # $1 = file to restore
+split() {
-{
+    local ifs
-    if [ -f ${1}-shorewall.bkout ]; then
+    ifs=$IFS
-	if (mv -f ${1}-shorewall-lite.bkout $1); then
+    IFS=:
-	    echo
+    set -- $1
-	    echo "$1 restored"
+    echo $*
-        else
+    IFS=$ifs
-	    exit 1
+}
-        fi
+
-    fi
+mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
@ -60,8 +69,23 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall-lite/version ]; then
+if [ $# -eq 0 ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
+    file=/usr/share/shorewall/shorewallrc
 elif [ $# -eq 1 ]; then
    file=$1
 else
    usage 1
 fi
 if [ -f "$file" ]; then
    . "$file"
 else
    echo "File $file not found" >&2
    exit 1
 fi
 if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@ -72,49 +96,40 @@ else
    VERSION=""
 fi
 [ -n "${LIBEXEC:=/usr/share}" ]
 echo "Uninstalling Shorewall Lite $VERSION"
-if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-   /sbin/shorewall-lite clear
+   shorewall-lite clear
 fi
-if [ -L /usr/share/shorewall-lite/init ]; then
+if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init)
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-else
+elIF [ -n "$INITFILE" ]; then
-    FIREWALL=/etc/init.d/shorewall-lite
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
-if [ -n "$FIREWALL" ]; then
+if [ -f "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall-lite remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif if mywhich insserv ; then
        insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif [ mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall-lite
    else
 	rm -f /etc/rc*.d/*$(basename $FIREWALL)
    fi
    remove_file $FIREWALL
    rm -f ${FIREWALL}-*.bkout
 fi
-rm -f /sbin/shorewall-lite
+rm -f ${SBINDIR}/shorewall-lite
 rm -f /sbin/shorewall-lite-*.bkout
-rm -rf /etc/shorewall-lite
+rm -rf ${SBINDIR}/shorewall-lite
-rm -rf /etc/shorewall-lite-*.bkout
+rm -rf ${VARDIR}/shorewall-lite
-rm -rf /var/lib/shorewall-lite
+rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf /var/lib/shorewall-lite-*.bkout
 rm -rf /usr/share/shorewall-lite
 rm -rf ${LIBEXEC}/shorewall-lite
-rm -rf /usr/share/shorewall-lite-*.bkout
+rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
-rm -f  /etc/logrotate.d/shorewall-lite
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall-lite.service
 rm -f  /lib/systemd/system/shorewall-lite.service
 echo "Shorewall Lite Uninstalled"
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -160,15 +160,17 @@ sub generate_script_2() {
 	emit( 'g_family=4' );
 	if ( $export ) {
-	    emit ( 'SHAREDIR=/usr/share/shorewall-lite',
+	    emit ( 'SHAREDIR=$SHAREDIR/shorewall-lite',
-		   'CONFDIR=/etc/shorewall-lite',
+		   'CONFDIR=$CONFDIR/shorewall-lite',
 		   'VARDIR=$VARDIR/shorewall-lite',
 		   'g_product="Shorewall Lite"',
 		   'g_program=shorewall-lite',
 		   'g_basedir=/usr/share/shorewall-lite',
 		 );
 	} else {
-	    emit ( 'SHAREDIR=/usr/share/shorewall',
+	    emit ( 'SHAREDIR=$SHAREDIR/shorewall',
-		   'CONFDIR=/etc/shorewall',
+		   'CONFDIR=$CONFDIR/shorewall',
 		   'VARDIR=$VARDIR/shorewall',
 		   'g_product=Shorewall',
 		   'g_program=shorewall',
 		   'g_basedir=/usr/share/shorewall',
@ -178,8 +180,9 @@ sub generate_script_2() {
 	emit( 'g_family=6' );
 	if ( $export ) {
-	    emit ( 'SHAREDIR=/usr/share/shorewall6-lite',
+	    emit ( 'SHAREDIR=/$SHAREDIR/shorewall6-lite',
-		   'CONFDIR=/etc/shorewall6-lite',
+		   'CONFDIR=$CONFDIR/shorewall6-lite',
 		   'VARDIR=$VARDIR/shorewall6-lite',
 		   'g_product="Shorewall6 Lite"',
 		   'g_program=shorewall6-lite',
 		   'g_basedir=/usr/share/shorewall6',
@ -187,6 +190,7 @@ sub generate_script_2() {
 	} else {
 	    emit ( 'SHAREDIR=/usr/share/shorewall6',
 		   'CONFDIR=/etc/shorewall6',
 		   'VARDIR=$VARDIR/shorewall6',
 		   'g_product=Shorewall6',
 		   'g_program=shorewall6',
 		   'g_basedir=/usr/share/shorewall'
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -141,6 +141,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       %config
 				       %globals
 				       %config_files
 				       %shorewallrc
 				       @auditoptions
@ -433,7 +434,12 @@ my %converted = ( WIDE_TC_MARKS => 1,
 my $omitting;
 my @ifstack;
 my $ifstack;
 #
 # From .shorewallrc
 #
 our %shorewallrc;
 sub process_shorewallrc();
 #
 # Rather than initializing globals in an INIT block or during declaration,
 # we initialize them in a function. This is done for two reasons:
@ -474,9 +480,9 @@ sub initialize( $ ) {
    #
    # Misc Globals
    #
-    %globals  =   ( SHAREDIRPL => '/usr/share/shorewall/' ,
+    %globals  =   ( SHAREDIRPL => '' ,
-		    CONFDIR    => '/etc/shorewall',     # Run-time configuration directory
+		    CONFDIR    => '',         # Run-time configuration directory
-		    CONFIGDIR  => '',                  # Compile-time configuration directory (location of $product.conf)
+		    CONFIGDIR  => '',         # Compile-time configuration directory (location of $product.conf)
 		    LOGPARMS   => '',
 		    TC_SCRIPT  => '',
 		    EXPORT     => 0,
@ -748,15 +754,24 @@ sub initialize( $ ) {
    @actparms = ();
    %shorewallrc = (
 		    SHAREDIR => '/usr/share/',
 		    CONFDIR  => '/etc/',
 		    );
    process_shorewallrc;
    $globals{SHAREDIRPL} = "$shorewallrc{SHAREDIR}/shorewall/";
    if ( $family == F_IPV4 ) {
-	$globals{SHAREDIR}      = '/usr/share/shorewall';
+	$globals{SHAREDIR}      = "$shorewallrc{SHAREDIR}/shorewall";
-	$globals{CONFDIR}       = '/etc/shorewall';
+	$globals{CONFDIR}       = "$shorewallrc{CONFDIR}/shorewall";
 	$globals{PRODUCT}       = 'shorewall';
 	$config{IPTABLES}       = undef;
 	$validlevels{ULOG}      = 'ULOG';
    } else {
-	$globals{SHAREDIR}      = '/usr/share/shorewall6';
+	$globals{SHAREDIR}      = "$shorewallrc{SHAREDIR}/shorewall6";
-	$globals{CONFDIR}       = '/etc/shorewall6';
+	$globals{CONFDIR}       = "$shorewallrc{CONFDIR}/shorewall6";
 	$globals{PRODUCT}       = 'shorewall6';
 	$config{IP6TABLES}      = undef;
    }
@ -2084,7 +2099,7 @@ sub set_action_param( $$ ) {
 #
 # Expand Shell Variables in the passed buffer using %params and @actparms
 #
-sub expand_variables( \$ ) {
+sub expand_variables( \$;$ ) {
    my ( $lineref, $count ) = ( $_[0], 0 );
    #                    $1      $2   $3      -     $4
    while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
@ -2098,6 +2113,8 @@ sub expand_variables( \$ ) {
 	    $val = $actparms[$var];
 	} elsif ( exists $params{$var} ) {
 	    $val = $params{$var};
 	} elsif ( $_[1] && exists $shorewallrc{$var} ) {
 	    $val = $shorewallrc{$var}
 	} else {
 	    fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
 	    $val = $config{$var};
@ -2259,6 +2276,25 @@ sub read_a_line1() {
    }
 }
 sub process_shorewallrc() {
    my $home = $ENV{HOME} || `echo ~`;
    $shorewallrc{PRODUCT} = $family == F_IPV4 ? 'shorewall' : 'shorewall6';
    if ( $home && open_file "$home/.shorewallrc" ) {
 	while ( read_a_line1 ) {
 	    if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
 		my ($var, $val) = ($1, $2);
 		$val = $1 if $val =~ /^\"([^\"]*)\"$/;
 		expand_variables($val, 1 ) if supplied $val;
 		$shorewallrc{$var} = $val;
 	    } else {
 		fatal_error "Unrecognized shorewallrc entry";
 	    }
 	}
    }
 }
 #
 # Provide the passed default value for the passed configuration variable
 #
@ -3195,7 +3231,7 @@ sub ensure_config_path() {
    my $f = "$globals{SHAREDIR}/configpath";
-    $globals{CONFDIR} = "/usr/share/$product/configfiles/" if $> != 0;
+    $globals{CONFDIR} = "$shorewallrc{SHAREDIR}/$product/configfiles/" if $> != 0;
    unless ( $config{CONFIG_PATH} ) {
 	fatal_error "$f does not exist" unless -f $f;
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -1039,7 +1039,7 @@ sub validate_tc_class( ) {
 	fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
 	fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
 	fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent"             if $parentref->{flow};
-	fatal_error "The default class ($parentnum) may not have sub-classes"                        if $devref->{default} == $parentclass;
+	fatal_error "The default class ($parentnum) may not have sub-classes"                        if ( $devref->{default} || 0 ) == $parentclass;
 	$parentref->{leaf} = 0;
 	$ratemax  = $parentref->{rate};
 	$ratename = q(the parent class's RATE);
--- a/Shorewall/Perl/getparams
+++ b/Shorewall/Perl/getparams
@ -33,7 +33,22 @@ else
    g_program=shorewall
 fi
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 else
    SHAREDIR=/usr/share
    CONFDIR=${CONFDIR}
    SBINDIR=/sbin
    VARDIR=/var/lib
    LIBEXECDIR=/usr/share
 fi
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
 g_sbindir="$SBINDIR"
 g_readrc=1
 . $g_sharedir/shorewall/lib.cli
 CONFIG_PATH="$2"
--- a/Shorewall/Perl/macro.BLACKLIST
+++ b/Shorewall/Perl/macro.BLACKLIST
@ -0,0 +1,11 @@
 #
 # Shorewall version 4 - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 $BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@ -85,6 +85,27 @@ g_noroutes=$NOROUTES
 g_timestamp=$TIMESTAMP
 g_recovering=$RECOVERING
 if [ -f ./.shorewallrc ]; then
    . ./.shorewallrc || exit 1
 elif [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 elif [ -r /root/.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
    . ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
 else
    CONFDIR=/etc
    SHAREDIR=/usr/share
    VARDIR=/var/lib
 fi
 if [ -n "$TEMPDIR" ]; then
    TMPDIR="$TEMPDIR"
    export TMPDIR
 fi
 initialize
 if [ -n "$STARTUP_LOG" ]; then
--- a/Shorewall/init.debian.sh
+++ b/Shorewall/init.debian.sh
@ -11,7 +11,6 @@
 ### END INIT INFO
 SRWL=/sbin/shorewall
 SRWL_OPTS="-tvv"
 WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
@ -54,10 +53,15 @@ not_configured () {
 	exit 0
 }
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall" ]
+if [ -f "${SYSCONFDIR}/shorewall" ]
 then
-	. /etc/default/shorewall
+	. ${SYSCONFDIR}/shorewall
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
--- a/Shorewall/init.fedora.sh
+++ b/Shorewall/init.fedora.sh
@ -20,16 +20,21 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 prog="shorewall"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 # Get startup options (override default)
 OPTIONS=
-if [ -f /etc/sysconfig/$prog ]; then
+if [ -f ${SYSCONFDIR}/$prog ]; then
-    . /etc/sysconfig/$prog
+    . ${SYSCONFDIR}/$prog
 fi
 start() {
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
 # Give Usage Information						       #
 ################################################################################
 usage() {
-    echo "Usage: $0 start|stop|reload|restart|status"
+    echo "Usage: $0 start|stop|reload|restart|status" >&2
    exit 1
 }
@ -62,10 +62,14 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-v0"
-if [ -f /etc/sysconfig/shorewall ]; then
+
-    . /etc/sysconfig/shorewall
+#
-elif [ -f /etc/default/shorewall ] ; then
+# The installer may alter this
-    . /etc/default/shorewall
+#
 . /usr/share/shorewall/shorewallrc
 if [ -f ${SYSCONFDIR}/shorewall ]; then
    . ${SYSCONFDIR}/shorewall
 fi
 export SHOREWALL_INIT_SCRIPT=1
@ -78,13 +82,13 @@ shift
 case "$command" in
    start)
-	exec /sbin/shorewall $OPTIONS start $STARTOPTIONS
+	exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
-	exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS
+	exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
-	exec /sbin/shorewall $OPTIONS $command
+	exec $SBINDIR/shorewall $OPTIONS $command
 	;;
    *)
 	usage
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@ -1353,11 +1353,13 @@ reload_command() # $* = original arguments less the command.
 	    ;;
    esac
-    temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
+    config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
    temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
    [ -n "$temp" ] && litedir="$temp"
-    temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
+    temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
    if [ -n "$temp" ]; then
 	case $temp in
@ -1370,6 +1372,14 @@ reload_command() # $* = original arguments less the command.
 	esac
    fi
    temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
    if [ -n "$temp" ]; then
 	sbindir="$temp"
    else
 	sbindir=/sbin
    fi
    if [ -z "$getcaps" ]; then
 	g_shorewalldir=$(resolve_file $directory)
 	ensure_config_path
@ -1414,15 +1424,15 @@ reload_command() # $* = original arguments less the command.
 	progress_message3 "Copy complete"
 	if [ $COMMAND = reload ]; then
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
 	    progress_message3 "System $system reloaded" || saveit=
 	else
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp start" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
 	    progress_message3 "System $system loaded" || saveit=
 	fi
 	if [ -n "$saveit" ]; then
-	    rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp save" && \
+	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
 	    progress_message3 "Configuration on system $system saved"
 	fi
    fi
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -27,6 +27,17 @@
 ################################################################################################
 g_program=shorewall
-. /usr/share/shorewall/lib.cli
+#
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
 . /usr/share/shorewall/shorewallrc
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
 g_readrc=1
 . $g_sharedir/shorewall/lib.cli
 shorewall_cli $@
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -40,16 +40,25 @@ qt()
    "$@" >/dev/null 2>&1
 }
-restore_file() # $1 = file to restore
+split() {
-{
+    local ifs
-    if [ -f ${1}-shorewall.bkout ]; then
+    ifs=$IFS
-	if (mv -f ${1}-shorewall.bkout $1); then
+    IFS=:
-	    echo
+    set -- $1
-	    echo "$1 restored"
+    echo $*
-        else
+    IFS=$ifs
-	    exit 1
+}
-        fi
+
-    fi
+mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
@ -60,8 +69,39 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall/version ]; then
+if [ -f ./.shorewallrc ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall/version)"
+    . ./.shorewallrc || exit 1
 elif [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 elif [ -r /root/.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
    [ -n "${LIBEXEC:=/usr/share}" ]
    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
    [ -n "${CONFDIR:=/etc}" ]
    if [ -z "$SYSCONFDIR" ]; then
 	if [ -d /etc/default ]; then
 	    SYSCONFDIR=/etc/default
 	else
 	    SYSCONFDIR=/etc/sysconfig
 	fi
    fi
    [ -n "${SBINDIR:=/sbin}" ]
    [ -n "${SHAREDIR:=/usr/share}" ]
    [ -n "${VARDIR:=/var/lib}" ]
    [ -n "${INITFILE:=shorewall}" ]
    [ -n "${INITDIR:=/etc/init.d}" ]
    [ -n "${MANDIR:=/usr/share/man}" ]
 fi
 if [ -f ${SHAREDIR}/shorewall/version ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@ -72,62 +112,54 @@ else
    VERSION=""
 fi
 [ -n "${LIBEXEC:=/usr/share}" ]
 [ -n "${PERLLIB:=/usr/share/shorewall}" ]
 echo "Uninstalling shorewall $VERSION"
-if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall-lite ]; then
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall-lite ]; then
-   /sbin/shorewall clear
+   shorewall clear
 fi
-if [ -L /usr/share/shorewall/init ]; then
+if [ -L ${SHAREDIR}/shorewall/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall/init)
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init)
-else
+elif [ -n "$INITFILE" ]; then
-    FIREWALL=/etc/init.d/shorewall
+    FIREWALL=/${INITDIR}/${INITFILE}
 fi
-if [ -n "$FIREWALL" ]; then
+if [ -f "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+    if mywhich updaterc.d; then
 	updaterc.d shorewall remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv; then
        insserv -r $FIREWALL
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl; then
 	systemctl disable shorewall
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig; then
 	chkconfig --del $(basename $FIREWALL)
    else
 	rm -f /etc/rc*.d/*$(basename $FIREWALL)
    fi
    remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
+    [ -f "$AUXINITFILE" ] && remove_file ${INITDIR}/{$AUXINITFILE}
 fi
-rm -f /sbin/shorewall
+rm -f ${SBINDIR}/shorewall
 rm -f /sbin/shorewall-*.bkout
-rm -rf /usr/share/shorewall/version
+rm -rf ${SHAREDIR}/shorewall/version
-rm -rf /etc/shorewall
+rm -rf ${CONFDIR}/shorewall
-rm -rf /etc/shorewall-*.bkout
+rm -rf ${VARDIR}/shorewall
 rm -rf /var/lib/shorewall
 rm -rf /var/lib/shorewall-*.bkout
 rm -rf ${PERLLIB}/Shorewall/*
 rm -rf ${LIBEXEC}/shorewall
-rm -rf /usr/share/shorewall/configfiles/
+rm -rf ${SHAREDIR}/shorewall/configfiles/
-rm -rf /usr/share/shorewall/Samples/
+rm -rf ${SHAREDIR}/shorewall/Samples/
-rm -rf /usr/share/shorewall/Shorewall/
+rm -rf ${SHAREDIR}/shorewall/Shorewall/
-rm -f  /usr/share/shorewall/lib.cli-std
+rm -f  ${SHAREDIR}/shorewall/lib.cli-std
-rm -f  /usr/share/shorewall/lib.core
+rm -f  ${SHAREDIR}/shorewall/lib.core
-rm -f  /usr/share/shorewall/compiler.pl
+rm -f  ${SHAREDIR}/shorewall/compiler.pl
-rm -f  /usr/share/shorewall/prog.*
+rm -f  ${SHAREDIR}/shorewall/prog.*
-rm -f  /usr/share/shorewall/module*
+rm -f  ${SHAREDIR}/shorewall/module*
-rm -f  /usr/share/shorewall/helpers
+rm -f  ${SHAREDIR}/shorewall/helpers
-rm -f  /usr/share/shorewall/action*
+rm -f  ${SHAREDIR}/shorewall/action*
-rm -f  /usr/share/shorewall/init
+rm -f  ${SHAREDIR}/shorewall/init
 rm -rf /usr/share/shorewall-*.bkout
-for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
+for f in ${MANDIR}/man5/shorewall* ${MANDIR}/man8/shorewall*; do
    case $f in
 	shorewall6*|shorewall-lite*)
 	    ;;
@ -137,8 +169,10 @@ for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
    esac
 done
-rm -f  /etc/logrotate.d/shorewall
+rm -f  ${CONFDIR}/logrotate.d/shorewall
-rm -f  /lib/systemd/system/shorewall.service
+
 if [ -n "$SYSTEMD" ]; THEN
 rm -f  ${SYSTEMD}/shorewall.service
 echo "Shorewall Uninstalled"
--- a/Shorewall6-lite/init.debian.sh
+++ b/Shorewall6-lite/init.debian.sh
@ -78,6 +78,11 @@ else
 	not_configured
 fi
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # start the firewall
 shorewall6_start () {
  echo -n "Starting \"Shorewall6 Lite firewall\": "
--- a/Shorewall6-lite/init.fedora.sh
+++ b/Shorewall6-lite/init.fedora.sh
@ -20,16 +20,21 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 prog="shorewall6-lite"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 # Get startup options (override default)
 OPTIONS=
-if [ -f /etc/sysconfig/$prog ]; then
+if [ -f ${SYSCONFDIR}/$prog ]; then
-    . /etc/sysconfig/$prog
+    . ${SYSCONFDIR}/$prog
 fi
 start() {
--- a/Shorewall6-lite/init.sh
+++ b/Shorewall6-lite/init.sh
@ -61,11 +61,11 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-if [ -f /etc/sysconfig/shorewall6-lite ]; then
+
-    . /etc/sysconfig/shorewall6-lite
+#
-elif [ -f /etc/default/shorewall6-lite ] ; then
+# The installer may alter this
-    . /etc/default/shorewall6-lite
+#
-fi
+. /usr/share/shorewall/shorewallrc
 export SHOREWALL_INIT_SCRIPT=1
@ -76,13 +76,13 @@ command="$1"
 case "$command" in
    start)
-	exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
-	exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
-	exec /sbin/shorewall6-lite $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
 	;;
    *)
 	usage
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@ -27,6 +27,32 @@
 ################################################################################################
 g_program=shorewall6-lite
-. /usr/share/shorewall/lib.cli
+if [ -f ./.shorewallrc ]; then
    . ./.shorewallrc || exit 1
 elif [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 elif [ -r /root/.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
    SHAREDIR=/usr/share
    CONFDIR=/etc
    SBINDIR=/sbin
    VARDIR=/var/lib
    LIBEXECDIR=/usr/share
    PERLLIBDIR=/usr/share/shorewall
 fi
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
 g_readrc=1
 . $g_sharedir/shorewall/lib.cli
 shorewall_cli $@
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -40,6 +40,27 @@ qt()
    "$@" >/dev/null 2>&1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,39 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall6-lite/version ]; then
+if [ -f ./.shorewallrc ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall6-lite/version)"
+    . ./.shorewallrc || exit 1
 elif [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 elif [ -r /root/.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
    [ -n "${LIBEXEC:=/usr/share}" ]
    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
    [ -n "${CONFDIR:=/etc}" ]
    if [ -z "$SYSCONFDIR" ]; then
 	if [ -d /etc/default ]; then
 	    SYSCONFDIR=/etc/default
 	else
 	    SYSCONFDIR=/etc/sysconfig
 	fi
    fi
    [ -n "${SBINDIR:=/sbin}" ]
    [ -n "${SHAREDIR:=/usr/share}" ]
    [ -n "${VARDIR:=/var/lib}" ]
    [ -n "${INITFILE:=shorewall}" ]
    [ -n "${INITDIR:=/etc/init.d}" ]
    [ -n "${MANDIR:=/usr/share/man}" ]
 fi
 if [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall6-lite/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@ -60,49 +112,39 @@ else
    VERSION=""
 fi
 [ -n "${LIBEXEC:=/usr/share}" ]
 echo "Uninstalling Shorewall Lite $VERSION"
-if qt ip6tables -L shorewall -n && [ ! -f /sbin/shorewall6 ]; then
+if qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR)/shorewall6 ]; then
-   /sbin/shorewall6-lite clear
+   ${SBINDIR}/shorewall6-lite clear
 fi
-if [ -L /usr/share/shorewall6-lite/init ]; then
+if [ -l ${SHAREDIR}/shorewall6-lite/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall6-lite/init)
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
-else
+elif [ -n "$INITFILE" ]; then
-    FIREWALL=/etc/init.d/shorewall6-lite
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
-if [ -n "$FIREWALL" ]; then
+if [ -f "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall6-lite remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
        insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall6-lite
    else
 	rm -f /etc/rc*.d/*$(basename $FIREWALL)
    fi
    remove_file $FIREWALL
    rm -f ${FIREWALL}-*.bkout
 fi
-rm -f /sbin/shorewall6-lite
+rm -f ${SBINDIR}/shorewall6-lite
-rm -f /sbin/shorewall6-lite-*.bkout
+rm -rf ${CONFDIR}/shorewall6-lite
-
+rm -rf ${VARDIR}/shorewall6-lite
-rm -rf /etc/shorewall6-lite
+rm -rf ${SHAREDIR}/shorewall6-lite
 rm -rf /etc/shorewall6-lite-*.bkout
 rm -rf /var/lib/shorewall6-lite
 rm -rf /var/lib/shorewall6-lite-*.bkout
 rm -rf /usr/share/shorewall6-lite
 rm -rf ${LIBEXEC}/shorewall6-lite
-rm -rf /usr/share/shorewall6-lite-*.bkout
+rm -f  ${CONFDIR}/logrotate.d/shorewall6-lite
-rm -f  /etc/logrotate.d/shorewall6-lite
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall6-lite.service
 rm -f  /lib/systemd/system/shorewall6-lite.service
 echo "Shorewall6 Lite Uninstalled"
--- a/Shorewall6/init.debian.sh
+++ b/Shorewall6/init.debian.sh
@ -54,10 +54,15 @@ not_configured () {
 	exit 0
 }
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall6" ]
+if [ -f "${SYSCONFDIR}/shorewall6" ]
 then
-	. /etc/default/shorewall6
+	. ${SYSCONFDIR}/shorewall6
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
--- a/Shorewall6/init.fedora.sh
+++ b/Shorewall6/init.fedora.sh
@ -20,16 +20,21 @@
 # Source function library.
 . /etc/rc.d/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 prog="shorewall6"
-shorewall="/sbin/$prog"
+shorewall="${SBINDIR}/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"
 # Get startup options (override default)
 OPTIONS=
-if [ -f /etc/sysconfig/$prog ]; then
+if [ -f ${SYSCONFDIR}/$prog ]; then
-    . /etc/sysconfig/$prog
+    . ${SYSCONFDIR}/$prog
 fi
 start() {
--- a/Shorewall6/init.sh
+++ b/Shorewall6/init.sh
@ -62,11 +62,11 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-v0"
-if [ -f /etc/sysconfig/shorewall6 ]; then
+
-    . /etc/sysconfig/shorewall6
+#
-elif [ -f /etc/default/shorewall6 ] ; then
+# The installer may alter this
-    . /etc/default/shorewall6
+#
-fi
+. /usr/share/shorewall/shorewallrc
 export SHOREWALL_INIT_SCRIPT=1
@ -77,13 +77,13 @@ command="$1"
 case "$command" in
    start)
-	exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS
+	exec ${SBINDIR}/shorewall6 $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
-	exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS
+	exec ${SBINDIR}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
-	exec /sbin/shorewall6 $OPTIONS $command $@
+	exec ${SBINDIR}/shorewall6 $OPTIONS $command $@
 	;;
    *)
 	usage
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -27,6 +27,24 @@
 ################################################################################################
 g_program=shorewall6
-. /usr/share/shorewall/lib.cli
+if [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 else
    SHAREDIR=/usr/share
    CONFDIR=/etc
    SBINDIR=/sbin
    VARDIR=/var/lib
    LIBEXECDIR=/usr/share
    PERLLIBDIR=/usr/share/shorewall
 fi
 g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
 g_readrc=1
 . $g_sharedir/shorewall/lib.cli
 shorewall_cli $@
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -40,16 +40,25 @@ qt()
    "$@" >/dev/null 2>&1
 }
-restore_file() # $1 = file to restore
+split() {
-{
+    local ifs
-    if [ -f ${1}-shorewall.bkout ]; then
+    ifs=$IFS
-	if (mv -f ${1}-shorewall.bkout $1); then
+    IFS=:
-	    echo
+    set -- $1
-	    echo "$1 restored"
+    echo $*
-        else
+    IFS=$ifs
-	    exit 1
+}
-        fi
+
-    fi
+mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
@ -60,7 +69,38 @@ remove_file() # $1 = file to restore
    fi
 }
-if [ -f /usr/share/shorewall6/version ]; then
+if [ -f ./.shorewallrc ]; then
    . ./.shorewallrc || exit 1
 elif [ -f ~/.shorewallrc ]; then
    . ~/.shorewallrc || exit 1
 elif [ -r /root/.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif [ -r /.shorewallrc ]; then
    . /root/.shorewallrc || exit 1
 elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
    . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
 else
    [ -n "${LIBEXEC:=/usr/share}" ]
    [ -n "${PERLLIB:=/usr/share/shorewall}" ]
    [ -n "${CONFDIR:=/etc}" ]
    if [ -z "$SYSCONFDIR" ]; then
 	if [ -d /etc/default ]; then
 	    SYSCONFDIR=/etc/default
 	else
 	    SYSCONFDIR=/etc/sysconfig
 	fi
    fi
    [ -n "${SBINDIR:=/sbin}" ]
    [ -n "${SHAREDIR:=/usr/share}" ]
    [ -n "${VARDIR:=/var/lib}" ]
    [ -n "${INITFILE:=shorewall}" ]
    [ -n "${INITDIR:=/etc/init.d}" ]
    [ -n "${MANDIR:=/usr/share/man}" ]
 fi
 if [ -f ${SHARDIR}/shorewall6/version ]; then
    INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed"
@ -72,49 +112,39 @@ else
    VERSION=""
 fi
 [ -n "${LIBEXEC:=/usr/share}" ]
 echo "Uninstalling shorewall6 $VERSION"
-if qt ip6tables -L shorewall6 -n && [ ! -f /sbin/shorewall6-lite ]; then
+if qt ip6tables -L shorewall6 -n && [ ! -f ${SBINDIR}/shorewall6-lite ]; then
-   /sbin/shorewall6 clear
+   ${SBINDIR}/shorewall6 clear
 fi
-if [ -L /usr/share/shorewall6/init ]; then
+if [ -L ${SHAREDIR}/shorewall6/init ]; then
-    FIREWALL=$(readlink -m -q /usr/share/shorewall6/init)
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init)
-else
+elif [ -n "$INITFILE" ]; then
-    FIREWALL=/etc/init.d/shorewall6
+    FIREWALL=${INITDIR}/${INITFILE}
 fi
-if [ -n "$FIREWALL" ]; then
+if [ -f "$FIREWALL" ]; then
-    if [ -x /usr/sbin/updaterc.d ]; then
+    if mywhich updaterc.d ; then
 	updaterc.d shorewall6 remove
-    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+    elif mywhich insserv ; then
        insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+    elif mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
-    elif [ -x /sbin/systemctl ]; then
+    elif mywhich systemctl ; then
 	systemctl disable shorewall6
    else
 	rm -f /etc/rc*.d/*$(basename $FIREWALL)
    fi
    remove_file $FIREWALL
    rm -f ${FIREWALL}-*.bkout
 fi
-rm -f /sbin/shorewall6
+rm -f ${SBINDIR}/shorewall6
-rm -f /sbin/shorewall6-*.bkout
+rm -rf ${CONFDIR}/shorewall6
-
+rm -rf ${VARDIR}/shorewall6
 rm -rf /etc/shorewall6
 rm -rf /etc/shorewall6-*.bkout
 rm -rf /var/lib/shorewall6
 rm -rf /var/lib/shorewall6-*.bkout
 rm -rf ${LIBEXEC}/shorewall6
-rm -rf /usr/share/shorewall6
+rm -rf ${SHAREDIR}/shorewall6
 rm -rf /usr/share/shorewall6-*.bkout
-for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
+for f in ${MANDIR}/man5/shorewall6* ${SHAREDIR}/man/man8/shorewall6*; do
    case $f in
 	shorewall6-lite*)
 	    ;;
@ -123,8 +153,8 @@ for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
    esac
 done
-rm -f  /etc/logrotate.d/shorewall6
+rm -f  ${CONFDIR}/logrotate.d/shorewall6
-rm -f  /lib/systemd/system/shorewall6.service
+[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6.service
 echo "Shorewall6 Uninstalled"
--- a/docs/Install.xml
+++ b/docs/Install.xml