Complete elimination of globals that are not .conf options

Documentation to follow

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-lite/shorewall-lite

@@ -216,7 +216,7 @@ start_command() {
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -290,12 +290,12 @@ restart_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -402,9 +402,9 @@ g_ipt_options="-nv"
 g_fast=
 g_verbose_offset=0
 g_use_verbosity=
-NOROUTES=
+g_noroutes=
-TIMESTAMP=
+g_timestamp=
-RECOVERING=
+g_recovering=
 
 finished=0
 
@@ -460,11 +460,11 @@ while [ $finished -eq 0 ]; do
 			esac
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;
 		    -)

Shorewall/Perl/Shorewall/Compiler.pm

@@ -41,7 +41,7 @@ use Shorewall::IPAddrs;
 use Shorewall::Raw;
 
 our @ISA = qw(Exporter);
-our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG );
+our @EXPORT = qw( compiler );
 our @EXPORT_OK = qw( $export );
 our $VERSION = '4.4_8';
 
@@ -377,7 +377,7 @@ sub generate_script_3($) {
 		   '        $IPSET -X' ,
 		   '        $IPSET -R < ${VARDIR}/ipsets.save' ,
 		   '    fi' ,
-		   'elif [ "$COMMAND" = restore -a -z "$RECOVERING" ]; then' ,
+		   'elif [ "$COMMAND" = restore -a -z "$g_recovering" ]; then' ,
 		   '    if [ -f $(my_pathname)-ipsets ]; then' ,
 		   '        if chain_exists shorewall; then' ,
 		   '            startup_error "Cannot restore $(my_pathname)-ipsets with Shorewall running"' ,

Shorewall/Perl/Shorewall/Proc.pm

@@ -138,7 +138,7 @@ sub setup_route_filtering() {
 
 	emit "echo $val > /proc/sys/net/ipv4/conf/default/rp_filter" if $val ne '';
 
-	emit "[ -n \"\$NOROUTES\" ] || \$IP -4 route flush cache";
+	emit "[ -n \"\$g_noroutes\" ] || \$IP -4 route flush cache";
     }
 }
 

Shorewall/Perl/Shorewall/Providers.pm

@@ -759,7 +759,7 @@ sub setup_providers() {
 
     first_entry sub() {
 	progress_message2 "$doing $fn...";
-	emit "\nif [ -z \"\$NOROUTES\" ]; then";
+	emit "\nif [ -z \"\$g_noroutes\" ]; then";
 	push_indent;
 	start_providers; };
 
@@ -792,7 +792,7 @@ sub setup_providers() {
 
 	setup_route_marking if @routemarked_interfaces;
     } else {
-	emit "\nif [ -z \"\$NOROUTES\" ]; then";
+	emit "\nif [ -z \"\$g_noroutes\" ]; then";
 
 	push_indent;
 

Shorewall/Perl/Shorewall/Proxyarp.pm

@@ -76,7 +76,7 @@ sub setup_one_proxy_arp( $$$$$ ) {
     }
 
     unless ( $haveroute ) {
-	emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
+	emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $interface";
 	$haveroute = 1 if $persistent;
     }
 

Shorewall/Perl/Shorewall/Rules.pm

@@ -2265,7 +2265,7 @@ EOF
 	        if [ -x $g_restorepath ]; then
 		    echo Restoring ${g_product:=Shorewall}...
                     
-                    RECOVERING=Yes
+                    g_recovering=Yes
 
 		    if run_it $g_restorepath restore; then
 		        echo "$g_product restored from $g_restorepath"
@@ -2312,7 +2312,7 @@ EOF
     if [ -f ${VARDIR}/proxyarp ]; then
 	while read address interface external haveroute; do
 	    qt arp -i $external -d $address pub
-	    [ -z "${haveroute}${NOROUTES}" ] && qt $IP -4 route del $address dev $interface
+	    [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address dev $interface
 	    f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
 	    [ -f $f ] && echo 0 > $f
 	done < ${VARDIR}/proxyarp

Shorewall/Perl/prog.footer

@@ -27,6 +27,13 @@ fi
 # Map VERBOSE to VERBOSITY for compatibility with old Shorewall-lite installations
 #
 [ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
+#
+# Map other old exported variables
+#
+g_purge=$PURGE
+g_noroutes=$NOROUTES
+g_timestamp=$TIMESTAMP
+g_recovering=$RECOVERING
 
 initialize
 
@@ -63,19 +70,19 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
 			option=${option#q}
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;			
 		    p*)
-			PURGE=Yes
+			g_noroutes=Yes
 			option=${option#p}
 			;;
 		    r*)
-			RECOVERING=Yes
+			g_recovering=Yes
 			option=${option#r}
 			;;
 		    V*)

Shorewall/Perl/prog.footer6

@@ -27,6 +27,13 @@ fi
 # Map VERBOSE to VERBOSITY for compatibility with old Shorewall6-lite installations
 #
 [ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
+#
+# Map other old exported variables
+#
+g_purge=$PURGE
+g_noroutes=$NOROUTES
+g_timestamp=$TIMESTAMP
+g_recovering=$RECOVERING
 
 initialize
 
@@ -63,19 +70,19 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
 			option=${option#q}
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;			
 		    p*)
-			PURGE=Yes
+			g_purge=Yes
 			option=${option#p}
 			;;
 		    r*)
-			RECOVERING=Yes
+			g_recovering=Yes
 			option=${option#r}
 			;;
 		    V*)

Shorewall/Perl/prog.header

@@ -39,7 +39,7 @@ progress_message() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 1 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -55,7 +55,7 @@ progress_message2() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -71,7 +71,7 @@ progress_message3() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -ge 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -951,7 +951,7 @@ get_device_mtu1() # $1 = device
 #
 undo_routing() {
 
-    if [ -z "$NOROUTES"  ]; then
+    if [ -z "$g_noroutes"  ]; then
 	#
 	# Restore rt_tables database
 	#
@@ -975,7 +975,7 @@ undo_routing() {
 # Restore the default route that was in place before the initial 'shorewall start'
 #
 restore_default_route() {
-    if [ -z "$NOROUTES" -a -f ${VARDIR}/default_route ]; then
+    if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then
 	local default_route
 	default_route=
 	local route
@@ -1059,11 +1059,11 @@ find_mac() # $1 = IP address, $2 = interface
 }
 
 #
-# Flush the conntrack table if $PURGE is non-empty
+# Flush the conntrack table if $g_purge is non-empty
 #
 conditionally_flush_conntrack() {
 
-    if [ -n "$PURGE" ]; then
+    if [ -n "$g_purge" ]; then
 	if [ -n $(mywhich conntrack) ]; then
             conntrack -F
 	else
@@ -1079,7 +1079,7 @@ delete_proxyarp() {
     if [ -f ${VARDIR}/proxyarp ]; then
 	while read address interface external haveroute; do
 	    qt arp -i $external -d $address pub
-	    [ -z "${haveroute}${NOROUTES}" ] && qt $IP -4 route del $address dev $interface
+	    [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address dev $interface
 	    f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
 	    [ -f $f ] && echo 0 > $f
 	done < ${VARDIR}/proxyarp
@@ -1219,10 +1219,10 @@ run_it() {
 	#
 	export RESTOREFILE
 	export VERBOSITY
-	export NOROUTES
+	export NOROUTES=$g_noroutes
-	export PURGE
+	export PURGE=$g_purge
-	export TIMESTAMP
+	export TIMESTAMP=$g_timestamp
-	export RECOVERING
+	export RECOVERING=$g_recovering
  
 	if [ "$g_product" != Shorewall ]; then
 	    #
@@ -1237,10 +1237,10 @@ run_it() {
 	#
 	options='-'
 
-	[ -n "$NOROUTES" ]  && options=${options}n
+	[ -n "$g_noroutes" ]   && options=${options}n
-	[ -n "$TIMESTAMP" ] && options=${options}t
+	[ -n "$g_timestamp" ]  && options=${options}t
-	[ -n "$PURGE" ]     && options=${options}p
+	[ -n "$g_purge" ]      && options=${options}p
-	[ -n "$RECOVERING" ] && options=${options}r
+	[ -n "$g_recovering" ] && options=${options}r
 
 	options="${options}V $VERBOSITY"
 

Shorewall/Perl/prog.header6

@@ -39,7 +39,7 @@ progress_message() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 1 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -55,7 +55,7 @@ progress_message2() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -71,7 +71,7 @@ progress_message3() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -ge 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 
@@ -847,7 +847,7 @@ get_device_mtu1() # $1 = device
 #
 undo_routing() {
 
-    if [ -z "$NOROUTES"  ]; then
+    if [ -z "$g_noroutes"  ]; then
 	#
 	# Restore rt_tables database
 	#
@@ -871,7 +871,7 @@ undo_routing() {
 # Restore the default route that was in place before the initial 'shorewall start'
 #
 restore_default_route() {
-    if [ -z "$NOROUTES" -a -f ${VARDIR}/default_route ]; then
+    if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then
 	local default_route
 	default_route=
 	local route
@@ -934,11 +934,11 @@ find_echo() {
 }
 
 #
-# Flush the conntrack table if $PURGE is non-empty
+# Flush the conntrack table if $g_purge is non-empty
 #
 conditionally_flush_conntrack() {
 
-    if [ -n "$PURGE" ]; then
+    if [ -n "$g_purge" ]; then
 	if [ -n $(which conntrack) ]; then
             conntrack -F
 	else
@@ -1066,14 +1066,14 @@ run_it() {
 
     if [ $version -lt 040408 ]; then
 	#
-	# Old script that doesn't understand 4.4.8 script options
+	# Old script that doesn't understand 4.4.8 options
 	#
 	export RESTOREFILE
 	export VERBOSITY
-	export NOROUTES
+	export NOROUTES=$g_noroutes
-	export PURGE
+	export PURGE=$g_purge
-	export TIMESTAMP
+	export TIMESTAMP=$g_timestamp
-	export RECOVERING
+	export RECOVERING=$g_recovering
  
 	if [ "$g_product" != Shorewall6 ]; then
 	    #
@@ -1088,10 +1088,10 @@ run_it() {
 	#
 	options='-'
 
-	[ -n "$NOROUTES" ]  && options=${options}n
+	[ -n "$g_noroutes" ]   && options=${options}n
-	[ -n "$TIMESTAMP" ] && options=${options}t
+	[ -n "$g_timesamp" ]   && options=${options}t
-	[ -n "$PURGE" ]     && options=${options}p
+	[ -n "$g_purge" ]      && options=${options}p
-	[ -n "$RECOVERING" ] && options=${options}r
+	[ -n "$g_recovering" ] && options=${options}r
 
 	options="${options}V $VERBOSITY"
 

Shorewall/lib.base

@@ -53,7 +53,7 @@ progress_message() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 1 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }
@@ -64,7 +64,7 @@ progress_message2() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }
@@ -75,7 +75,7 @@ progress_message3() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -ge 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }

Shorewall/lib.cli

@@ -80,10 +80,10 @@ run_it() {
 	#
 	export RESTOREFILE
 	export VERBOSITY
-	export NOROUTES
+	export NOROUTES=$g_noroutes
-	export PURGE
+	export PURGE=$g_purge
-	export TIMESTAMP
+	export TIMESTAMP=$g_timestamp
-	export RECOVERING
+	export RECOVERING=$g_recovering
  
 	if [ "$g_product" != Shorewall ]; then
 	    #
@@ -98,10 +98,10 @@ run_it() {
 	#
 	options='-'
 
-	[ -n "$NOROUTES" ]  && options=${options}n
+	[ -n "$g_noroutes" ]   && options=${options}n
-	[ -n "$TIMESTAMP" ] && options=${options}t
+	[ -n "$g_timestamp" ]  && options=${options}t
-	[ -n "$PURGE" ]     && options=${options}p
+	[ -n "$g_purge" ]      && options=${options}p
-	[ -n "$RECOVERING" ] && options=${options}r
+	[ -n "$g_recovering" ] && options=${options}r
 
 	options="${options}V $VERBOSITY"
 
@@ -959,7 +959,7 @@ restore_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -994,14 +994,12 @@ restore_command() {
 
     g_restorepath=${VARDIR}/$RESTOREFILE
 
-    export NOROUTES
-
     [ -n "$nolock" ] || mutex_on
 
     if [ -x $g_restorepath ]; then
 	progress_message3 "Restoring Shorewall..."
 
-	$SHOREWALL_SHELL $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
+	run_it $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
 
 	[ -n "$nolock" ] || mutex_off
     else

Shorewall/shorewall

@@ -343,7 +343,7 @@ compiler() {
     [ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY";
     [ -n "$g_export" ] && options="$options --export"
     [ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR"
-    [ -n "$TIMESTAMP" ] && options="$options --timestamp"
+    [ -n "$g_timestamp" ] && options="$options --timestamp"
     [ -n "$g_test" ] && options="$options --test"
     [ -n "$g_preview" ] && options="$options --preview"
     [ "$g_debugging" = trace ] && options="$options --debug"
@@ -421,7 +421,7 @@ start_command() {
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -692,12 +692,12 @@ restart_command() {
 			    option=${option#f}
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -861,7 +861,7 @@ safe_commands() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -1002,7 +1002,7 @@ try_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -1211,7 +1211,7 @@ reload_command() # $* = original arguments less the command.
 
     file=$(resolve_file $directory/firewall)
 
-    [ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp=
+    [ -n "$g_timestamp" ] && timestamp='-t' || timestamp=
 
     if shorewall $g_debugging $verbose $timestamp compile -e $directory $directory/firewall && \
 	progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
@@ -1393,8 +1393,8 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 fi
 
 SHOREWALL_DIR=
-NOROUTES=
+g_noroutes=
-PURGE=
+g_purge=
 
 g_ipt_options="-nv"
 g_fast=
@@ -1475,11 +1475,11 @@ while [ $finished -eq 0 ]; do
 			esac
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;
 		    -)
@@ -1550,8 +1550,8 @@ MUTEX_TIMEOUT=
 SHAREDIR=/usr/share/shorewall
 CONFDIR=/etc/shorewall
 g_product="Shorewall"
-RECOVERING=
+g_recovering=
-TIMESTAMP=
+g_timestamp=
 
 [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir
 

Shorewall6-lite/shorewall6-lite

@@ -216,7 +216,7 @@ start_command() {
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -289,12 +289,12 @@ restart_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -386,10 +386,10 @@ g_ipt_options="-nv"
 g_fast=
 g_verbose_offset=0
 g_use_verbosity=
-NOROUTES=
+g_noroutes=
-TIMESTAMP=
+g_timestamp=
-RECOVERING=
+g_recovering=
-PURGE=
+g_purge=
 
 finished=0
 
@@ -445,11 +445,11 @@ while [ $finished -eq 0 ]; do
 			esac
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;
 		    -)

Shorewall6/lib.base

@@ -57,7 +57,7 @@ progress_message() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 1 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }
@@ -68,7 +68,7 @@ progress_message2() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -gt 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }
@@ -79,7 +79,7 @@ progress_message3() # $* = Message
     timestamp=
 
     if [ $VERBOSITY -ge 0 ]; then
-	[ -n "$TIMESTAMP" ] && timestamp="$(date +%H:%M:%S) "
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
 	echo "${timestamp}$@"
     fi
 }
@@ -1102,7 +1102,7 @@ get_device_mtu1() # $1 = device
 #
 undo_routing() {
 
-    if [ -z "$NOROUTES"  ]; then
+    if [ -z "$g_noroutes"  ]; then
 	#
 	# Restore rt_tables database
 	#
@@ -1123,7 +1123,7 @@ undo_routing() {
 }
 
 restore_default_route() {
-    if [ -z "$NOROUTES" -a -f ${VARDIR}/default_route ]; then
+    if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then
 	local default_route
 	default_route=
 	local route

Shorewall6/lib.cli

@@ -78,13 +78,13 @@ run_it() {
 	#
 	# Old script that doesn't understand 4.4.8 script options
 	#
-	export RESTOREFILE
+	export RESTOREFILE=
 	export VERBOSITY
-	export NOROUTES
+	export NOROUTES=$g_noroutes
-	export PURGE
+	export PURGE=$g_purge
-	export TIMESTAMP
+	export TIMESTAMP=$g_timestamp
-	export RECOVERING
+	export RECOVERING=$g_recovering
- 
+
 	if [ "$g_product" != Shorewall6 ]; then
 	    #
 	    # Shorewall6 Lite
@@ -98,10 +98,10 @@ run_it() {
 	#
 	options='-'
 
-	[ -n "$NOROUTES" ]  && options=${options}n
+	[ -n "$g_noroutes" ]   && options=${options}n
-	[ -n "$TIMESTAMP" ] && options=${options}t
+	[ -n "$g_timestamp" ]  && options=${options}t
-	[ -n "$PURGE" ]     && options=${options}p
+	[ -n "$g_purge" ]      && options=${options}p
-	[ -n "$RECOVERING" ] && options=${options}r
+	[ -n "$g_recovering" ] && options=${options}r
 
 	options="${options}V $VERBOSITY"
 
@@ -835,7 +835,7 @@ restore_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -870,8 +870,6 @@ restore_command() {
 
     g_restorepath=${VARDIR}/$RESTOREFILE
 
-    export NOROUTES
-
     [ -n "$nolock" ] || mutex_on
 
     if [ -x $g_restorepath ]; then
@@ -884,7 +882,7 @@ restore_command() {
 
 	progress_message3 "Restoring Shorewall6..."
 
-	$SHOREWALL_SHELL $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
+	run_it $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
 
 	[ -n "$nolock" ] || mutex_off
     else

Shorewall6/shorewall6

@@ -280,7 +280,7 @@ compiler() {
     [ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY";
     [ -n "$g_export" ] && options="$options --export"
     [ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR"
-    [ -n "$TIMESTAMP" ] && options="$options --timestamp"
+    [ -n "$g_timestamp" ] && options="$options --timestamp"
     [ -n "$g_test" ] && options="$options --test"
     [ -n "$g_preview" ] && options="$options --preview"
     [ "$g_debugging" = trace ] && options="$options --debug"
@@ -626,12 +626,12 @@ restart_command() {
 			    option=${option#f}
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
+			    g_purge=Yes
 			    option=${option%p}
 			    ;;
 			*)
@@ -794,7 +794,7 @@ safe_commands() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -935,7 +935,7 @@ try_command() {
 			    option=
 			    ;;
 			n*)
-			    NOROUTES=Yes
+			    g_noroutes=Yes
 			    option=${option#n}
 			    ;;
 			*)
@@ -1144,7 +1144,7 @@ reload_command() # $* = original arguments less the command.
 
     file=$(resolve_file $directory/firewall)
 
-    [ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp=
+    [ -n "$g_timestamp" ] && timestamp='-t' || timestamp=
 
     if shorewall6 $g_debugging $verbose $timestamp compile -e $compiler $directory $directory/firewall && \
 	progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
@@ -1315,9 +1315,9 @@ g_use_verbosity=
 g_debug=
 g_export=
 
-NOROUTES=
+g_noroutes=
-PURGE=
+g_purge=
-TIMESTAMP=
+g_timestamp=
 
 finished=0
 
@@ -1390,11 +1390,11 @@ while [ $finished -eq 0 ]; do
 			esac
 			;;
 		    n*)
-			NOROUTES=Yes
+			g_noroutes=Yes
 			option=${option#n}
 			;;
 		    t*)
-			TIMESTAMP=Yes
+			g_timestamp=Yes
 			option=${option#t}
 			;;
 		    -)
@@ -1470,7 +1470,7 @@ MUTEX_TIMEOUT=
 SHAREDIR=/usr/share/shorewall6
 CONFDIR=/etc/shorewall6
 g_product="Shorewall6"
-RECOVERING=
+g_recovering=
 
 [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir