From ed90360b4c8a22427479d965f725ff39d164ea01 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 31 Aug 2015 14:21:41 -0700
Subject: [PATCH] Remove all of the update-specific options from the update
 command

Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli               |   5 -
 Shorewall/Perl/Shorewall/Compiler.pm |  25 ++--
 Shorewall/Perl/Shorewall/Config.pm   |  26 ++--
 Shorewall/Perl/Shorewall/Misc.pm     |  14 +--
 Shorewall/Perl/compiler.pl           |  22 +---
 Shorewall/lib.cli-std                |  30 -----
 Shorewall/manpages/shorewall.xml     | 168 ++++++++++++--------------
 Shorewall6/manpages/shorewall6.xml   | 173 ++++++++++++---------------
 8 files changed, 183 insertions(+), 280 deletions(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index cbc16deee..62685ab39 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -3969,7 +3969,6 @@ shorewall_cli() {
     g_refreshchains=:none:
     g_confess=
     g_update=
-    g_convert=
     g_annotate=
     g_recovering=
     g_timestamp=
@@ -3978,14 +3977,10 @@ shorewall_cli() {
     g_conditional=
     g_file=
     g_doing="Compiling"
-    g_directives=
     g_inline=
-    g_tcrules=
     g_counters=
     g_loopback=
     g_compiled=
-    g_routestopped=
-    g_notrack=
 
     VERBOSE=
     VERBOSITY=1
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 357dc0d12..2734d7fcb 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -592,8 +592,8 @@ EOF
 #
 sub compiler {
 
-    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc                      , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped , $notrack ) =
-       ( '',              '',         -1,          '',          0,      '',       '',   -1,             0,        0,         0,        0,        , 0       , ''          , '/usr/share/shorewall/shorewallrc', ''            , 0 ,          0 ,      0 ,       0 ,             0 );
+    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $config_path, $shorewallrc                      , $shorewallrc1 , $inline ) =
+       ( '',              '',         -1,          '',          0,      '',       '',   -1,             0,        0,         0,        0,        , ''          , '/usr/share/shorewall/shorewallrc', ''            , 0 );
 
     $export         = 0;
     $test           = 0;
@@ -629,13 +629,8 @@ sub compiler {
 		  preview       => { store => \$preview,       validate=> \&validate_boolean    } ,
 		  confess       => { store => \$confess,       validate=> \&validate_boolean    } ,
 		  update        => { store => \$update,        validate=> \&validate_boolean    } ,
-		  convert       => { store => \$convert,       validate=> \&validate_boolean    } ,
 		  annotate      => { store => \$annotate,      validate=> \&validate_boolean    } ,
 		  inline        => { store => \$inline,        validate=> \&validate_boolean    } ,
-		  directives    => { store => \$directives,    validate=> \&validate_boolean    } ,
-		  tcrules       => { store => \$tcrules,       validate=> \&validate_boolean    } ,
-		  routestopped  => { store => \$routestopped,  validate=> \&validate_boolean    } ,
-		  notrack       => { store => \$notrack,       validate=> \&validate_boolean    } ,
 		  config_path   => { store => \$config_path } ,
 		  shorewallrc   => { store => \$shorewallrc } ,
 		  shorewallrc1  => { store => \$shorewallrc1 } ,
@@ -671,7 +666,7 @@ sub compiler {
     #
     #                      S H O R E W A L L . C O N F  A N D  C A P A B I L I T I E S
     #
-    get_configuration( $export , $update , $annotate , $directives , $inline );
+    get_configuration( $export , $update , $annotate , $inline );
     #
     # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
     # now when shorewall.conf has been processed and the capabilities have been determined.
@@ -739,7 +734,7 @@ sub compiler {
     #
     # Do all of the zone-independent stuff (mostly /proc)
     #
-    add_common_rules( $convert, $tcrules , $routestopped );
+    add_common_rules( $update );
     #
     # More /proc
     #
@@ -804,7 +799,7 @@ sub compiler {
     #
     # TCRules and Traffic Shaping
     #
-    setup_tc( $tcrules );
+    setup_tc( $update );
 
     if ( $scriptfilename || $debug ) {
 	pop_indent;
@@ -842,11 +837,11 @@ sub compiler {
     #
     # Process the rules file.
     #
-    process_rules( $convert );
+    process_rules( $update );
     #
     # Process the conntrack file
     #
-    setup_conntrack( $notrack );
+    setup_conntrack( $update );
     #
     # Add Tunnel rules.
     #
@@ -913,7 +908,7 @@ sub compiler {
 	#                           S T O P _ F I R E W A L L
 	#         (Writes the stop_firewall() function to the compiled script)
 	#
-	compile_stop_firewall( $test, $export , $have_arptables, $routestopped );
+	compile_stop_firewall( $test, $export , $have_arptables, $update );
 	#
 	#                               U P D O W N
 	#               (Writes the updown() function to the compiled script)
@@ -978,14 +973,14 @@ sub compiler {
 	initialize_chain_table(0);
 
 	if ( $debug ) {
-	    compile_stop_firewall( $test, $export, $have_arptables, $routestopped );
+	    compile_stop_firewall( $test, $export, $have_arptables, $update );
 	    disable_script;
 	} else {
 	    #
 	    # compile_stop_firewall() also validates the stoppedrules file. Since we don't
 	    # call that function during normal 'check', we must validate stoppedrules here.
 	    #
-	    convert_routestopped if $routestopped;
+	    convert_routestopped if $update;
 	    process_stoppedrules;
 	}
 	#
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index d2b0c44ea..07c2dbba6 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -4772,8 +4772,8 @@ sub update_default($$) {
     $config{$var} = $val unless defined $config{$var};
 }
 
-sub update_config_file( $$ ) {
-    my ( $annotate, $directives ) = @_;
+sub update_config_file( $ ) {
+    my ( $annotate ) = @_;
 
     sub is_set( $ ) {
 	my $value = $_[0];
@@ -4926,14 +4926,6 @@ EOF
 		warning_message "Unable to rename $configfile.bak to $configfile";
 		progress_message3 "No update required to configuration file $configfile";
 	    }
-
-	    exit 0 unless ( $directives ||
-			    -f find_file 'blacklist'    ||
-			    -f find_file 'tcrules'      ||
-			    -f find_file 'routestopped' ||
-			    -f find_file 'notrack'      ||
-			    -f find_file 'tos'
-			  );
 	}
     } else {
 	fatal_error "$fn does not exist";
@@ -4943,8 +4935,8 @@ EOF
 #
 # Small functions called by get_configuration. We separate them so profiling is more useful
 #
-sub process_shorewall_conf( $$$ ) {
-    my ( $update, $annotate, $directives ) = @_;
+sub process_shorewall_conf( $$ ) {
+    my ( $update, $annotate ) = @_;
     my $file   = find_file "$product.conf";
 
     if ( -f $file ) {
@@ -4996,7 +4988,7 @@ sub process_shorewall_conf( $$$ ) {
     #
     # Now update the config file if asked
     #
-    update_config_file( $annotate, $directives ) if $update;
+    update_config_file( $annotate ) if $update;
     #
     # Config file update requires that the option values not have
     # Shell variables expanded. We do that now.
@@ -5385,9 +5377,9 @@ EOF
 # - Read the capabilities file, if any
 # - establish global hashes %params, %config , %globals and %capabilities
 #
-sub get_configuration( $$$$$ ) {
+sub get_configuration( $$$$ ) {
 
-    ( my ( $export, $update, $annotate, $directives ) , $checkinline ) = @_;
+    ( my ( $export, $update, $annotate ) , $checkinline ) = @_;
 
     $globals{EXPORT} = $export;
 
@@ -5431,7 +5423,7 @@ sub get_configuration( $$$$$ ) {
 
     get_params( $export );
 
-    process_shorewall_conf( $update, $annotate, $directives );
+    process_shorewall_conf( $update, $annotate );
 
     ensure_config_path;
 
@@ -6099,7 +6091,7 @@ sub get_configuration( $$$$$ ) {
 	$variables{$var} = $config{$val};
     }
 
-    convert_to_directives if $directives;
+    convert_to_directives if $update;
 
     cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY};
 }
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index f85c33ced..9c00af82f 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -617,8 +617,8 @@ sub process_stoppedrules() {
 
 sub setup_mss();
 
-sub add_common_rules ( $$$ ) {
-    my ( $upgrade_blacklist, $upgrade_tcrules , $upgrade_routestopped ) = @_;
+sub add_common_rules ( $ ) {
+    my ( $upgrade ) = @_;
     my $interface;
     my $chainref;
     my $target;
@@ -788,8 +788,8 @@ sub add_common_rules ( $$$ ) {
 	    
     run_user_exit1 'initdone';
 
-    if ( $upgrade_blacklist ) {
-	exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped;
+    if ( $upgrade ) {
+	convert_blacklist;
     } elsif ( -f ( my $fn = find_file 'blacklist' ) ) {
 	warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
     }
@@ -2252,7 +2252,7 @@ sub setup_mss( ) {
 # Compile the stop_firewall() function
 #
 sub compile_stop_firewall( $$$$ ) {
-    my ( $test, $export, $have_arptables, $routestopped ) = @_;
+    my ( $test, $export, $have_arptables, $convert ) = @_;
 
     my $input   = $filter_table->{INPUT};
     my $output  = $filter_table->{OUTPUT};
@@ -2430,10 +2430,10 @@ EOF
 	}
     }
 
-    if ( $routestopped ) {
+    if ( $convert ) {
 	convert_routestopped;
     } elsif ( -f ( my $fn = find_file 'routestopped' ) ) {
-	warning_message "The routestopped file is no longer supported - use '$product update -s' to convert $fn to an equivalent 'stoppedrules' file";
+	warning_message "The routestopped file is no longer supported - use '$product update' to convert $fn to an equivalent 'stoppedrules' file";
     }
     
     process_stoppedrules;
diff --git a/Shorewall/Perl/compiler.pl b/Shorewall/Perl/compiler.pl
index 067d6730c..35ec7ff6a 100755
--- a/Shorewall/Perl/compiler.pl
+++ b/Shorewall/Perl/compiler.pl
@@ -41,6 +41,7 @@
 #         --shorewallrc1=<path>       # Path to export shorewallrc file.
 #         --config_path=<path-list>   # Search path for config files
 #         --inline                    # Update alternative column specifications
+#         --update                    # Update configuration to this release
 #         --tcrules                   # Create mangle from tcrules
 #         --routestopped              # Create stoppedrules from routestopped
 #         --notrack                   # Create conntrack from notrack
@@ -72,15 +73,10 @@ usage: compiler.pl [ <option> ... ] [ <filename> ]
     [ --family={4|6} ]
     [ --annotate ]
     [ --update ]
-    [ --convert ]
-    [ --directives ]
     [ --shorewallrc=<pathname> ]
     [ --shorewallrc1=<pathname> ]
     [ --config_path=<path-list> ]
     [ --inline ]
-    [ --tcrules ]
-    [ --routestopped ]
-    [ --notrack ]
 _EOF_
 
 exit shift @_;
@@ -104,15 +100,10 @@ my $family        = 4; # F_IPV4
 my $preview       = 0;
 my $annotate      = 0;
 my $update        = 0;
-my $convert       = 0;
-my $directives    = 0;
 my $config_path   = '';
 my $shorewallrc   = '';
 my $shorewallrc1  = '';
 my $inline        = 0;
-my $tcrules       = 0;
-my $routestopped  = 0;
-my $notrack       = 0;
 
 Getopt::Long::Configure ('bundling');
 
@@ -140,15 +131,9 @@ my $result = GetOptions('h'               => \$help,
 			'confess'         => \$confess,
 			'a'               => \$annotate,
 			'annotate'        => \$annotate,
-			'directives'      => \$directives,
-			'D'               => \$directives,
 			'u'               => \$update,
 			'update'          => \$update,
-			'convert'         => \$convert,
 			'inline'          => \$inline,
-			'tcrules'         => \$tcrules,
-			'routestopped'    => \$routestopped,
-			'notrack'         => \$notrack,
 			'config_path=s'   => \$config_path,
 			'shorewallrc=s'   => \$shorewallrc,
 			'shorewallrc1=s'  => \$shorewallrc1,
@@ -171,14 +156,9 @@ compiler( script          => $ARGV[0] || '',
 	  family          => $family,
 	  confess         => $confess,
 	  update          => $update,
-	  convert         => $convert,
 	  annotate        => $annotate,
-	  directives      => $directives,
 	  config_path     => $config_path,
 	  shorewallrc     => $shorewallrc,
 	  shorewallrc1    => $shorewallrc1,
 	  inline          => $inline,
-	  tcrules         => $tcrules,
-	  routestopped    => $routestopped,
-	  notrack         => $notrack
 	);
diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index d4221199a..cfc0a7d0e 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -433,13 +433,8 @@ compiler() {
     [ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
     [ -n "$g_confess" ] && options="$options --confess"
     [ -n "$g_update" ] && options="$options --update"
-    [ -n "$g_convert" ] && options="$options --convert"
     [ -n "$g_annotate" ] && options="$options --annotate"
-    [ -n "$g_directives" ] && options="$options --directives"
-    [ -n "$g_tcrules" ] && options="$options --tcrules"
     [ -n "$g_inline" ] && options="$options --inline"
-    [ -n "$g_routestopped" ] && options="$options --routestopped"
-    [ -n "$g_notrack" ] && options="$options --notrack"
 
     if [ -n "$PERL" ]; then
 	if [ ! -x "$PERL" ]; then
@@ -834,33 +829,8 @@ update_command() {
 			    g_annotate=Yes
 			    option=${option#a}
 			    ;;
-			b*)
-			    g_convert=Yes
-			    option=${option#b}
-			    ;;
-			D*)
-			    g_directives=Yes
-			    option=${option#D}
-			    ;;
-			t*)
-			    g_tcrules=Yes
-			    option=${option#t}
-			    ;;
-			s*)
-			    g_routestopped=Yes
-			    option=${option#s}
-			    ;;
-			n*)
-			    g_notrack=Yes
-			    option=${option#n}
-			    ;;
 			A*)
 			    g_inline=Yes
-			    g_convert=Yes
-			    g_directives=Yes
-			    g_tcrules=Yes
-			    g_routestopped=Yes
-			    g_notrack=Yes
 			    option=${option#A}
 			    ;;
 			*)
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index 171010034..f1b83a8dd 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -843,16 +843,8 @@
 
       <arg><option>-a</option></arg>
 
-      <arg><option>-D</option></arg>
-
       <arg><option>-i</option></arg>
 
-      <arg><option>-t</option></arg>
-
-      <arg><option>-r</option></arg>
-
-      <arg><option>-n</option></arg>
-
       <arg><option>-A</option></arg>
 
       <arg><replaceable>directory</replaceable></arg>
@@ -2456,10 +2448,9 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">update </emphasis> [-<option>b</option>]
-        [-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
-        [-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
-        [-<option>t</option>] [-r] [-n][-<option>A</option>] [
+        <term><emphasis role="bold">update </emphasis> [-<option>d</option>]
+        [-<option>r</option>] [-<option>T</option>] [-<option>a</option>]
+        [-<option>i</option>] [-<option>A</option>] [
         <replaceable>directory</replaceable> ]</term>
 
         <listitem>
@@ -2472,30 +2463,81 @@
           <filename>shorewall.conf</filename> file is renamed
           <filename>shorewall.conf.bak.</filename></para>
 
+          <para><filename>The command was extended over the years with a set
+          of options that caused additional configuration
+          updates.</filename></para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Convert an existing <filename>blacklist</filename> file
+              into an equivalent <filename>blrules</filename> file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert an existing <filename>routestopped</filename> file
+              into an equivalent <filename>stoppedrules</filename>
+              file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert existing <filename>tcrules</filename> and
+              <filename>tos</filename> files into an equivalent mangle
+              file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert an existing <filename>notrack</filename> file into
+              an equivalent <filename>conntrack</filename> file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert FORMAT, SECTION and COMMENT entries into ?FORMAT,
+              ?SECTION and ?COMMENT directives.</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>In each case, the old file is renamed with a .bak
+          suffix.</para>
+
+          <para>In Shorewall 5.0.0, the options were eliminated and the
+          <command>update</command> command performs all of the updates
+          described above.</para>
+
+          <important>
+            <para>There are some notable restrictions with the
+            <command>update</command> command:</para>
+
+            <orderedlist>
+              <listitem>
+                <para>Converted rules will be appended to the existing file;
+                if there is no existing file in the CONFIG_PATH, one will be
+                created in the directory specified in the command or in the
+                first entry in the CONFIG_PATH (normally <filename
+                class="directory">/etc/shorewall</filename>) otherwise.</para>
+              </listitem>
+
+              <listitem>
+                <para>Existing comments in the file being converted will not
+                be transferred to the output file.</para>
+              </listitem>
+
+              <listitem>
+                <para>INCLUDEd files will be expanded inline in the output
+                file.</para>
+              </listitem>
+
+              <listitem>
+                <para>Columns in the output file will be separated by a single
+                tab character; there is no attempt made to otherwise align the
+                columns.</para>
+              </listitem>
+            </orderedlist>
+          </important>
+
           <para>The <option>-a</option> option causes the updated
           <filename>shorewall.conf</filename> file to be annotated with
           documentation.</para>
 
-          <para>The <option>-b</option> option was added in Shorewall 4.4.26
-          and causes legacy blacklisting rules (<ulink
-          url="/manpages/shorewall-blacklist.html">shorewall-blacklist</ulink>
-          (5) ) to be converted to entries in the blrules file (<ulink
-          url="/manpages/shorewall-blrules.html">shorewall-blrules</ulink> (5)
-          ). The blacklist keyword is removed from <ulink
-          url="/manpages/shorewall-zones.html">shorewall-zones</ulink> (5),
-          <ulink
-          url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
-          (5) and <ulink
-          url="/manpages/shorewall-hosts.html">shorewall-hosts</ulink> (5).
-          The unmodified files are saved with a .bak suffix.</para>
-
-          <para>The <option>-D</option> option was added in Shorewall 4.5.11.
-          When this option is specified, the compiler will walk through the
-          directories in the CONFIG_PATH replacing FORMAT and COMMENT entries
-          to compiler directives (e.g., ?FORMAT and ?COMMENT. When a file is
-          updated, the original is saved in a .bak file in the same
-          directory.</para>
-
           <para>The <option>-i</option> option was added in Shorewall 4.6.0
           and causes a warning message to be issued if the current line
           contains alternative input specifications following a semicolon
@@ -2503,65 +2545,9 @@
           set to Yes in <ulink
           url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
 
-          <para>The <option>-t</option> option was added in Shorewall 4.6.0.
-          When specified, <option>-t</option> causes the <emphasis
-          role="bold">tcrules</emphasis> file to be converted to <ulink
-          url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old
-          file is renamed with a .bak suffix. Beginning with Shorewall
-          4.6.12.2, this option also causes the <emphasis
-          role="bold">tos</emphasis> file to be converted to <ulink
-          url="shorewall-mangle.html">shorewall-mangle(5)</ulink>.</para>
-
-          <important>
-            <para>There are some notable restrictions with the
-            <option>-t</option> option:</para>
-
-            <orderedlist>
-              <listitem>
-                <para>Converted rules will be appended to the existing
-                <filename>mangle</filename> file; if there is no
-                <filename>mangle</filename> file in the CONFIG_PATH, one will
-                be created in <filename
-                class="directory">/etc/shorewall</filename>.</para>
-              </listitem>
-
-              <listitem>
-                <para>Existing comments in the <filename>tcrules</filename>
-                file will not be transferred to the
-                <filename>mangle</filename> file.</para>
-              </listitem>
-
-              <listitem>
-                <para>INCLUDEd files will be expanded inline in the
-                <filename>mangle</filename> file.</para>
-              </listitem>
-
-              <listitem>
-                <para>Columns in the <filename>mangle</filename> file will be
-                separated by a single tab character; there is no attempt made
-                to otherwise align the columns.</para>
-              </listitem>
-            </orderedlist>
-          </important>
-
-          <para>The <option>-r</option> option was added in Shorewall 4.6.12.
-          When specified, <option>-r</option> causes <ulink
-          url="manpages/shorewall-routestopped.html">shorewall-routestopped(5)</ulink>
-          to be converted to <ulink
-          url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules(5)</ulink>.
-          The old file is renamed with a .bak suffix.</para>
-
-          <para>The <option>-n</option> option was added in Shorewall 4.6.12.
-          When specified, <option>-n</option> causes <ulink
-          url="manpages/shorewall-routestopped.html">shorewall-notrack(5)</ulink>
-          to be converted to <ulink
-          url="manpages/shorewall-conntrack.html">shorewall-conntrack(5)</ulink>.
-          The old file is renamed with a .bak suffix.</para>
-
-          <para>The <option>-A</option> option was added in Shorewall 4.6.0
-          and is equivalent to specifying the <option>-b</option>,
-          <option>-D</option>, <option>-t,</option> <option>-r</option> and
-          the <option>-n</option> options.</para>
+          <para>The <option>-A</option> option is included for compatibility
+          with Shorewall 4.6 and is equivalent to specifying the
+          <option>-i</option> option.</para>
 
           <para>For a description of the other options, see the <emphasis
           role="bold">check</emphasis> command above.</para>
diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml
index cd4a1ebbc..20f2380db 100644
--- a/Shorewall6/manpages/shorewall6.xml
+++ b/Shorewall6/manpages/shorewall6.xml
@@ -803,8 +803,6 @@
 
       <arg choice="plain"><option>update</option></arg>
 
-      <arg><option>-b</option></arg>
-
       <arg><option>-d</option></arg>
 
       <arg><option>-r</option></arg>
@@ -813,16 +811,8 @@
 
       <arg><option>-a</option></arg>
 
-      <arg><option>-D</option></arg>
-
       <arg><option>-i</option></arg>
 
-      <arg><option>-t</option></arg>
-
-      <arg><option>-r</option></arg>
-
-      <arg><option>-n</option></arg>
-
       <arg><option>-A</option></arg>
 
       <arg><replaceable>directory</replaceable></arg>
@@ -2333,10 +2323,9 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">update </emphasis> [-<option>b</option>]
-        [-<option>d</option>] [-<option>r</option>] [-<option>T</option>]
-        [-<option>a</option>] [-<option>D</option>] [-<option>i</option>]
-        [-<option>t</option>] [-r] [-n][-<option>A</option>] [
+        <term><emphasis role="bold">update</emphasis> [-<option>d</option>]
+        [-<option>r</option>] [-<option>T</option>] [-<option>a</option>]
+        [-<option>i</option>] [-<option>A</option>] [
         <replaceable>directory</replaceable> ]</term>
 
         <listitem>
@@ -2349,96 +2338,92 @@
           <filename>shorewall.conf</filename> file is renamed
           <filename>shorewall.conf.bak.</filename></para>
 
+          <para><filename>The command was extended over the years with a set
+          of options that caused additional configuration
+          updates.</filename></para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Convert an existing <filename>blacklist</filename> file
+              into an equivalent <filename>blrules</filename> file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert an existing <filename>routestopped</filename> file
+              into an equivalent <filename>stoppedrules</filename>
+              file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert existing <filename>tcrules</filename> and
+              <filename>tos</filename> files into an equivalent mangle
+              file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert an existing <filename>notrack</filename> file into
+              an equivalent <filename>conntrack</filename> file.</para>
+            </listitem>
+
+            <listitem>
+              <para>Convert FORMAT, SECTION and COMMENT entries into ?FORMAT,
+              ?SECTION and ?COMMENT directives.</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>In each case, the old file is renamed with a .bak
+          suffix.</para>
+
+          <para>In Shorewall 5.0.0, the options were eliminated and the
+          <command>update</command> command performs all of the updates
+          described above.</para>
+
+          <important>
+            <para>There are some notable restrictions with the
+            <command>update</command> command:</para>
+
+            <orderedlist>
+              <listitem>
+                <para>Converted rules will be appended to the existing file;
+                if there is no existing file in the CONFIG_PATH, one will be
+                created in the directory specified in the command or in the
+                first entry in the CONFIG_PATH (normally <filename
+                class="directory">/etc/shorewall6</filename>)
+                otherwise.</para>
+              </listitem>
+
+              <listitem>
+                <para>Existing comments in the file being converted will not
+                be transferred to the output file.</para>
+              </listitem>
+
+              <listitem>
+                <para>INCLUDEd files will be expanded inline in the output
+                file.</para>
+              </listitem>
+
+              <listitem>
+                <para>Columns in the output file will be separated by a single
+                tab character; there is no attempt made to otherwise align the
+                columns.</para>
+              </listitem>
+            </orderedlist>
+          </important>
+
           <para>The <option>-a</option> option causes the updated
           <filename>shorewall.conf</filename> file to be annotated with
           documentation.</para>
 
-          <para>The <option>-b</option> option was added in Shorewall 4.4.26
-          and causes legacy blacklisting rules (<ulink
-          url="/manpages6/shorewall6-blacklist.html">shorewall6-blacklist</ulink>
-          (5) ) to be converted to entries in the blrules file (<ulink
-          url="/manpages6/shorewall6-blrules.html">shorewall6-blrules</ulink>
-          (5) ). The blacklist keyword is removed from <ulink
-          url="/manpages6/shorewall6-zones.html">shorewall6-zones</ulink> (5),
-          <ulink
-          url="/manpages6/shorewall6-interfaces.html">shorewall6-interfaces</ulink>
-          (5) and <ulink
-          url="/manpages6/shorewall6-hosts.html">shorewall6-hosts</ulink> (5).
-          The unmodified files are saved with a .bak suffix.</para>
-
-          <para>The <option>-D</option> option was added in Shorewall 4.5.11.
-          When this option is specified, the compiler will walk through the
-          directories in the CONFIG_PATH replacing FORMAT and COMMENT entries
-          to compiler directives (e.g., ?FORMAT and ?COMMENT. When a file is
-          updated, the original is saved in a .bak file in the same
-          directory.</para>
-
           <para>The <option>-i</option> option was added in Shorewall 4.6.0
           and causes a warning message to be issued if the current line
           contains alternative input specifications following a semicolon
           (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
           set to Yes in <ulink
-          url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
+          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
 
-          <para>The <option>-t</option> option was added in Shorewall 4.6.0.
-          When specified, <option>-t</option> causes the <emphasis
-          role="bold">tcrules</emphasis> file to be converted to <ulink
-          url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old
-          file is renamed with a .bak suffix. Beginning with Shorewall
-          4.6.12.2, this option also causes the <emphasis
-          role="bold">tos</emphasis> file to be converted to <ulink
-          url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>.</para>
-
-          <important>
-            <para>There are some notable restrictions with the
-            <option>-t</option> option:</para>
-
-            <orderedlist>
-              <listitem>
-                <para>Converted rules will be appended to the existing
-                <filename>mangle</filename> file; if there is no
-                <filename>mangle</filename> file in the CONFIG_PATH, one will
-                be created in <filename
-                class="directory">/etc/shorewall</filename>.</para>
-              </listitem>
-
-              <listitem>
-                <para>Existing comments in the <filename>tcrules</filename>
-                file will not be transferred to the
-                <filename>mangle</filename> file.</para>
-              </listitem>
-
-              <listitem>
-                <para>INCLUDEd files will be expanded inline in the
-                <filename>mangle</filename> file.</para>
-              </listitem>
-
-              <listitem>
-                <para>Columns in the <filename>mangle</filename> file will be
-                separated by a single tab character; there is no attempt made
-                to otherwise align the columns.</para>
-              </listitem>
-            </orderedlist>
-          </important>
-
-          <para>The <option>-r</option> option was added in Shorewall 4.6.12.
-          When specified, <option>-r</option> causes <ulink
-          url="manpages6/shorewall6-routestopped.html">shorewall6-routestopped(5)</ulink>
-          to be converted to <ulink
-          url="manpages6/shorewall6-stoppedrules.html">shorewall6-stoppedrules(5)</ulink>.
-          The old file is renamed with a .bak suffix.</para>
-
-          <para>The <option>-n</option> option was added in Shorewall 4.6.12.
-          When specified, <option>-n</option> causes <ulink
-          url="manpages6/shorewall6-routestopped.html">shorewall6-notrack(5)</ulink>
-          to be converted to <ulink
-          url="manpages6/shorewall6-conntrack.html">shorewall6-conntrack(5)</ulink>.
-          The old file is renamed with a .bak suffix.</para>
-
-          <para>The <option>-A</option> option was added in Shorewall 4.6.0
-          and is equivalent to specifying the <option>-b</option>,
-          <option>-D</option>, <option>-t,</option> <option>-r</option> and
-          the <option>-n</option> options.</para>
+          <para>The <option>-A</option> option is included for compatibility
+          with Shorewall 4.6 and is equivalent to specifying the
+          <option>-i</option> option.</para>
 
           <para>For a description of the other options, see the <emphasis
           role="bold">check</emphasis> command above.</para>