Merge branch '4.5.2'

Conflicts:
	Shorewall/Perl/Shorewall/Compiler.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.cli

@@ -859,12 +859,14 @@ show_command() {
 		echo "VARDIR=$VARDIR"
 		echo "LIBEXEC=$g_libexec"
 		echo "SBINDIR=$g_sbindir"
-		[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
+		echo "CONFDIR=${CONFDIR}"
+		[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR=${VARDIR}"
 	    else
 		echo "Default CONFIG_PATH is $CONFIG_PATH"
 		echo "Default VARDIR is /var/lib/$g_program"
 		echo "LIBEXEC is $g_libexec"
 		echo "SBINDIR is $g_sbindir"
+		echo "CONFDIR is ${CONFDIR}"
 		[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
 	    fi
 	    ;;
@@ -1126,8 +1128,8 @@ do_dump_command() {
     echo "$g_product $SHOREWALL_VERSION Dump at $g_hostname - $(date)"
     echo
 
-    if [ $g_family -eq 6 ] && [ -f /usr/share/shorewall/version ]; then
+    if [ $g_family -eq 6 ] && [ -f ${SHAREDIR}/shorewall/version ]; then
-	echo "   Shorewall $(cat /usr/share/shorewall/version)"
+	echo "   Shorewall $(cat ${SHAREDIR}/shorewall/version)"
 	echo
     fi
     show_status

Shorewall-init/ifupdown.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+2#!/bin/sh
 #
 # ifupdown script for Shorewall-based products
 #
@@ -187,13 +187,19 @@ else
 fi
 
 for PRODUCT in $PRODUCTS; do
-    if [ -x $VARDIR/firewall ]; then
+    #
+    # For backward compatibility, lib.base appends the product name to VARDIR
+    # Save it here and restore it below
+    #
+    save_vardir=${VARDIR}
+    if [ -x $VARDIR/$PRODUCT/firewall ]; then
 	  ( . ${SHAREDIR}/shorewall/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
 	    mutex_off
 	  )
     fi
+    VARDIR=${save_vardir}
 done
 
 exit 0

Shorewall-init/init.debian.sh

@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #

Shorewall-init/init.sh

@@ -1,9 +1,9 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #

Shorewall-lite/init.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #

Shorewall-lite/shorewall-lite

@@ -33,10 +33,11 @@ g_program=shorewall-lite
 . /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
-g_sharedir="$SHAREDIR"
+g_sharedir="$SHAREDIR"/shorewall-lite
 g_sbindir="$SBINDIR"
+g_confdir="$CONFDIR"/shorewall-lite
 g_readrc=1
 
-. $g_sharedir/shorewall/lib.cli
+. ${SHAREDIR}/shorewall/lib.cli
 
 shorewall_cli $@

Shorewall/Perl/Shorewall/Chains.pm

@@ -6449,12 +6449,12 @@ sub ensure_ipset( $ ) {
 	if ( have_capability 'IPSET_V5' ) {
 	    emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
 		   qq(        error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") ,
-		   qq(        \$IPSET -N $set hash:ip family inet") ,
+		   qq(        \$IPSET -N $set hash:ip family inet) ,
 		   qq(    fi) );
 	} else {
 	    emit ( qq(    if ! qt \$IPSET -L $set -n; then) ,
 		   qq(        error_message "WARNING: ipset $set does not exist; creating it as an iphash set") ,
-		   qq(        \$IPSET -N $set iphash") ,
+		   qq(        \$IPSET -N $set iphash) ,
 		   qq(    fi) );
 	}
     } else {

Shorewall/Perl/Shorewall/Compiler.pm

@@ -172,14 +172,14 @@ sub generate_script_2() {
 		   'g_product="Shorewall Lite"',
 		   'g_program=shorewall-lite',
 		   'g_basedir=/usr/share/shorewall-lite',
-		   qq(VARDIR=$shorewallrc{VARDIR}/shorewall-lite),
+		   qq(CONFIG_PATH="$shorewallrc{CONFDIR}/shorewall-lite:$shorewallrc{SHAREDIR}/shorewall-lite") ,
 		 );
 	} else {
 	    emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall),
 		   'g_product=Shorewall',
 		   'g_program=shorewall',
 		   'g_basedir=/usr/share/shorewall',
-		   qq(VARDIR=$shorewallrc{VARDIR}/shorewall),
+		   qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
 		 );
 	}
     } else {
@@ -190,35 +190,31 @@ sub generate_script_2() {
 		   'g_product="Shorewall6 Lite"',
 		   'g_program=shorewall6-lite',
 		   'g_basedir=/usr/share/shorewall6',
-		   qq(VARDIR=$shorewallrc{VARDIR}/shorewall6-lite),
+		   qq(CONFIG_PATH="$shorewallrc{CONFDIR}/shorewall6-lite:$shorewallrc{SHAREDIR}/shorewall6-lite") ,
 		 );
 	} else {
 	    emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall6),
 		   'g_product=Shorewall6',
 		   'g_program=shorewall6',
-		   'g_basedir=/usr/share/shorewall'
+		   'g_basedir=/usr/share/shorewall',
-		   qq(VARDIR=$shorewallrc{VARDIR}/shorewall6}),
+		   qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
 		 );
 	}
     }
 
-    emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' );
+    emit( '[ -f ${g_confdir}/vardir ] && . ${g_confdir}/vardir' );
 
     if ( $family == F_IPV4 ) {
 	if ( $export ) {
-	    emit ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' ,
+	    emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall-lite}" ]' );
-		   '[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' );
 	} else {
-	    emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
+	    emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall}" ]' );
-		   '[ -n "${VARDIR:=/var/lib/shorewall}" ]' );
 	}
     } else {
 	if ( $export ) {
-	    emit ( 'CONFIG_PATH="/etc/shorewall6-lite:/usr/share/shorewall6-lite"' ,
+	    emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall6-lite}" ]' );
-		   '[ -n "${VARDIR:=/var/lib/shorewall6-lite}" ]' );
 	} else {
-	    emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
+	    emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall6}" ]' );
-		   '[ -n "${VARDIR:=/var/lib/shorewall6}" ]' );
 	}
     }
 

Shorewall/lib.cli-std

@@ -1308,6 +1308,8 @@ reload_command() # $* = original arguments less the command.
     root=root
     local libexec
     libexec=/usr/share
+    local confdir
+    confdir=/etc
 
     litedir=/var/lib/${g_program}-lite
 
@@ -1364,13 +1366,11 @@ reload_command() # $* = original arguments less the command.
 	    ;;
     esac
 
-    config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
+    temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
-
-    temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
 
     [ -n "$temp" ] && litedir="$temp"
 
-    temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
+    temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
 
     if [ -n "$temp" ]; then
 	case $temp in
@@ -1383,7 +1383,7 @@ reload_command() # $* = original arguments less the command.
 	esac
     fi
 
-    temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
+    temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^SBINDIR | sed 's/SBINDIR is //')
 
     if [ -n "$temp" ]; then
 	sbindir="$temp"
@@ -1391,6 +1391,10 @@ reload_command() # $* = original arguments less the command.
 	sbindir=/sbin
     fi
 
+    temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^CONFDIR | sed 's/CONFDIR is //')
+
+    [ -n "$temp" ] && confdir="$temp"
+
     if [ -z "$getcaps" ]; then
 	g_shorewalldir=$(resolve_file $directory)
 	ensure_config_path
@@ -1433,17 +1437,16 @@ reload_command() # $* = original arguments less the command.
 
 	[ -f $save ] && progress_message3 "Copying $save to ${system}:/etc/${g_program}-lite/" && rcp_command $save /etc/shorewall-lite/
 
-	progress_message3 "Copy complete"
 	if [ $COMMAND = reload ]; then
-	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
+	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
 	    progress_message3 "System $system reloaded" || saveit=
 	else
-	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
+	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
 	    progress_message3 "System $system loaded" || saveit=
 	fi
 
 	if [ -n "$saveit" ]; then
-	    rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
+	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
 	    progress_message3 "Configuration on system $system saved"
 	fi
     fi

Shorewall/shorewall

@@ -33,12 +33,12 @@ g_program=shorewall
 . /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
-g_sharedir="$SHAREDIR"
+g_sharedir="$SHAREDIR"/shorewall
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
-g_confdir="$CONFDIR"
+g_confdir="$CONFDIR"/shorewall
 g_readrc=1
 
-. $g_sharedir/shorewall/lib.cli
+. $g_sharedir/lib.cli
 
 shorewall_cli $@

Shorewall6-lite/init.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #

Shorewall6-lite/shorewall6-lite

@@ -33,12 +33,12 @@ g_program=shorewall6-lite
 . /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
-g_sharedir="$SHAREDIR"
+g_sharedir="$SHAREDIR"/shorewall6-lite
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
-g_confdir="$CONFDIR"
+g_confdir="$CONFDIR"/shorewall6-lite
 g_readrc=1
 
-. $g_sharedir/shorewall/lib.cli
+. ${SHAREDIR}/shorewall/lib.cli
 
 shorewall_cli $@

Shorewall6/init.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.2
+#     The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #

Shorewall6/shorewall6

@@ -33,12 +33,12 @@ g_program=shorewall6
 . /usr/share/shorewall/shorewallrc
 
 g_libexec="$LIBEXECDIR"
-g_sharedir="$SHAREDIR"
+g_sharedir="$SHAREDIR"/shorewall6
 g_sbindir="$SBINDIR"
 g_perllib="$PERLLIBDIR"
-g_confdir="$CONFDIR"
+g_confdir="$CONFDIR"/shorewall6
 g_readrc=1
 
-. $g_sharedir/shorewall/lib.cli
+. ${SHAREDIR}/shorewall/lib.cli
 
 shorewall_cli $@