From e545329eb96fec649e9e373822c62420266a4406 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 8 Aug 2014 10:34:29 -0700
Subject: [PATCH 1/4] Modify the preceding fix to work with wildcard interfaces

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Providers.pm | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 49d81e4d0..d48bbd617 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -457,14 +457,30 @@ sub process_a_provider( $ ) {
     my $interfaceref = known_interface( $interface );
 
     fatal_error "Unknown Interface ($interface)" unless $interfaceref;
-    #
-    # Switch to the logical name if a physical name was passed
-    #
-    $interface = $interfaceref->{name};
 
     fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
 
-    my $physical    = get_physical $interface;
+    #
+    # Switch to the logical name if a physical name was passed
+    #
+    my $physical;
+
+    if ( $interface eq $interfaceref->{name} ) {
+	#
+	# The logical interface name was specified
+	#
+	$physical = get_physical $interface;
+    } else {
+	#
+	# A Physical name was specified
+	#
+	$physical = $interface;
+	#
+	# Switch to the logical name unless it is a wildcard
+	#
+	$interface = $interfaceref->{name} unless $interfaceref->{name} =~ /\+$/;
+    } 
+
     my $gatewaycase = '';
 
     if ( $physical =~ /\+$/ ) {

From 6f777098d7b1bae12b7e50ade1cde39d87c1d583 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 11 Aug 2014 08:30:44 -0700
Subject: [PATCH 2/4] Add 'wildcard' member to the interface table

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Providers.pm | 4 ++--
 Shorewall/Perl/Shorewall/Zones.pm     | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index d48bbd617..1775955b2 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -469,7 +469,7 @@ sub process_a_provider( $ ) {
 	#
 	# The logical interface name was specified
 	#
-	$physical = get_physical $interface;
+	$physical = $interfaceref->{physical};
     } else {
 	#
 	# A Physical name was specified
@@ -478,7 +478,7 @@ sub process_a_provider( $ ) {
 	#
 	# Switch to the logical name unless it is a wildcard
 	#
-	$interface = $interfaceref->{name} unless $interfaceref->{name} =~ /\+$/;
+	$interface = $interfaceref->{name} unless $interfaceref->{wildcard};
     } 
 
     my $gatewaycase = '';
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 0fb336554..78bd882a5 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -193,6 +193,7 @@ our %reservedName = ( all => 1,
 #                                     physical    => <physical interface name>
 #                                     base        => <shell variable base representing this interface>
 #                                     provider    => <Provider Name, if interface is associated with a provider>
+#                                     wildcard    => undef|1 # Wildcard Name
 #                                     zones       => { zone1 => 1, ... }
 #                                   }
 #                 }
@@ -1375,6 +1376,7 @@ sub process_interface( $$ ) {
 						       base       => var_base( $physical ),
 						       zones      => {},
 						       origin     => shortlineinfo(''),
+						       wildcard   => $wildcard,
 						     };
 
     if ( $zone ) {
@@ -1531,6 +1533,7 @@ sub known_interface($)
 						   number   => $interfaceref->{number} ,
 						   physical => $physical ,
 						   base     => var_base( $physical ) ,
+						   wildcard => $interfaceref->{wildcard} ,
 						   zones    => $interfaceref->{zones} ,
 						 };
 	    }
@@ -1768,7 +1771,7 @@ sub find_interfaces_by_option1( $ ) {
 	my $optionsref = $interfaceref->{options};
 
 	if ( $optionsref && defined $optionsref->{$option} ) {
-	    $wild ||= ( $interfaceref->{physical} =~ /\+$/ );
+	    $wild ||= $interfaceref->{wildcard};
 	    push @ints , $interface
 	}
     }

From bf5be7198b294055e45b48dcf623341d1af98f0f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 12 Aug 2014 16:18:42 -0700
Subject: [PATCH 3/4] Make dump work correctly on RHEL5

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 9cb05f8c2..94b2ff65a 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1470,10 +1470,22 @@ do_dump_command() {
 	$g_tool -t rawpost -L $g_ipt_options
     fi
 
-    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
-    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+    local count
+    local max
 
-    heading "Conntrack Table ($count out of $max)"
+    if [ -f /proc/sys/net/netfilter/nf_conntrack_count ]; then
+	count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+
+	heading "Conntrack Table ($count out of $max)"
+    elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_count ]; then
+	count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count)
+	max=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max)
+
+	heading "Conntrack Table ($count out of $max)"
+    else
+	heading "Conntrack Table"
+    fi
 
     if [ $g_family -eq 4 ]; then
     	[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack

From 8236ce572e2edecd17408b871d229b75894ed866 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 12 Aug 2014 16:39:52 -0700
Subject: [PATCH 4/4] Apply Louis Lagendijk's patch for Shorewall-init

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/shorewall-init | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init
index dea336538..52b1e6426 100644
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -63,18 +63,19 @@ shorewall_start () {
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ -x ${STATEDIR}/firewall ]; then
           #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
+	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
       else
+          echo ERROR:  ${STATEDIR}/firewall does not exist or is not executable!
 	  exit 1
       fi
   done
@@ -95,8 +96,8 @@ shorewall_stop () {
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
+      if [ -x ${STATEDIR}/firewall ]; then
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
       fi
   done