diff --git a/Shorewall-common/diff-3.4-lib.base b/Shorewall-common/diff-3.4-lib.base
deleted file mode 100644
index 34f44638f..000000000
--- a/Shorewall-common/diff-3.4-lib.base
+++ /dev/null
@@ -1,147 +0,0 @@
---- /home/teastep/shorewall/branches/3.4/Shorewall/lib.base	2007-06-17 14:30:30.000000000 -0700
-+++ lib.base	2007-07-22 06:29:50.000000000 -0700
-@@ -1,6 +1,6 @@
- #!/bin/sh
- #
--# Shorewall 3.4 -- /usr/share/shorewall/lib.base
-+# Shorewall 4.0 -- /usr/share/shorewall/lib.base
- #
- #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
- #
-@@ -21,20 +21,26 @@
- #	along with this program; if not, write to the Free Software
- #	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
- #
--# This library contains the code common to all Shorewall components. It is copied into
--# the compiled script with the -e compiler flag is specified and is loaded by
--# /sbin/shorewall, /usr/share/shorewall/compiler and /usr/share/shorewall/firewall. It
--# is also released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
--# and /usr/share/shorewall-lite/shorecap.
-+# This library contains the code common to all Shorewall components.
-+#
-+# - It is copied into the compiled script with the -e compiler flag is specified to
-+#   shorewall-shell.
-+# - It is loaded by /sbin/shorewall.
-+# - It is loaded by /usr/share/shorewall/firewall.
-+# - It is loaded by /usr/share/shorewall-shell/compiler.
-+# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
-+#   and /usr/share/shorewall-lite/shorecap.
-+# - It is released as part of Shorewall Perl where it is copied into the compiled script
-+#   by the compiler.
- #
- 
--SHOREWALL_LIBVERSION=30404
-+SHOREWALL_LIBVERSION=40000
- SHOREWALL_CAPVERSION=30405
- 
- [ -n "${VARDIR:=/var/lib/shorewall}" ]
- [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
- [ -n "${CONFDIR:=/etc/shorewall}" ]
--SHELLSHAREDIR=/usr/share/shorewall
-+SHELLSHAREDIR=/usr/share/shorewall-shell
- PERLSHAREDIR=/usr/share/shorewall-perl
- 
- #
-@@ -360,6 +366,8 @@
-     eval loaded=\$LIB_${1}_LOADED
- 
-     if [ -z "$loaded" ]; then
-+	[ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
-+	
- 	if [ -f $lib ]; then
- 	    progress_message "Loading library $lib..."
- 	    . $lib
-@@ -380,7 +388,7 @@
- 
- #
- #  Note: The following set of IP address manipulation functions have anomalous
--#        behavior when the shell only supports 32-bit signed arithmatic and
-+#        behavior when the shell only supports 32-bit signed arithmetic and
- #        the IP address is 128.0.0.0 or 128.0.0.1.
- #
- 
-@@ -692,7 +700,7 @@
- #
- 
- find_rt_interface() {
--    ip route ls | while read addr rest; do
-+    ip route list | while read addr rest; do
- 	case $addr in
- 	    */*)
- 		in_network ${1%/*} $addr && echo $(find_device $rest)
-@@ -713,14 +721,14 @@
- 
- find_nexthop() # $1 = interface
- {
--    echo $(find_gateway `ip route ls | grep "[[:space:]]nexthop.* $1"`)
-+    echo $(find_gateway `ip route list | grep "[[:space:]]nexthop.* $1"`)
- }
- 
- #
- # Find the default route's interface
- #
- find_default_interface() {
--    ip route ls | while read first rest; do
-+    ip route list | while read first rest; do
- 	[ "$first" = default ] && echo $(find_device $rest) && return
-     done
- }
-@@ -746,7 +754,7 @@
- find_interface_by_mac() {
-     local mac=$1 first second rest dev
- 
--    ip link ls | while read first second rest; do
-+    ip link list | while read first second rest; do
- 	case $first in
- 	    *:)
-                 dev=$second
-@@ -764,7 +772,7 @@
- # Determine if Interface is up
- #
- interface_is_up() {
--    [ -n "$(ip link ls dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
-+    [ -n "$(ip link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
- }
- 
- #
-@@ -1232,11 +1240,11 @@
-     #
-     # First assume that this is some sort of point-to-point interface
-     #
--    gateway=$( find_peer $(ip addr ls $interface ) )
-+    gateway=$( find_peer $(ip addr list $interface ) )
-     #
-     # Maybe there's a default route through this gateway already
-     #
--    [ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface))
-+    [ -n "$gateway" ] || gateway=$(find_gateway $(ip route list dev $interface))
-     #
-     # Last hope -- is there a load-balancing route through the interface?
-     #
-@@ -1251,7 +1259,7 @@
- # Disable IPV6
- #
- disable_ipv6() {
--    local foo="$(ip -f inet6 addr ls 2> /dev/null)"
-+    local foo="$(ip -f inet6 addr list 2> /dev/null)"
- 
-     if [ -n "$foo" ]; then
- 	if qt mywhich ip6tables; then
-@@ -1381,7 +1389,7 @@
- #
- get_device_mtu() # $1 = device
- {
--    local output="$(ip link ls dev $1 2> /dev/null)" # quotes required for /bin/ash
-+    local output="$(ip link list dev $1 2> /dev/null)" # quotes required for /bin/ash
- 
-     if [ -n "$output" ]; then
- 	echo $(find_mtu $output)
-@@ -1396,7 +1404,7 @@
- #
- get_device_mtu1() # $1 = device
- {
--    local output="$(ip link ls dev $1 2> /dev/null)" # quotes required for /bin/ash
-+    local output="$(ip link list dev $1 2> /dev/null)" # quotes required for /bin/ash
-     local mtu
- 
-     if [ -n "$output" ]; then
diff --git a/Shorewall-common/diff-3.4-lib.cli b/Shorewall-common/diff-3.4-lib.cli
deleted file mode 100644
index 001565c42..000000000
--- a/Shorewall-common/diff-3.4-lib.cli
+++ /dev/null
@@ -1,65 +0,0 @@
---- /home/teastep/shorewall/branches/3.4/Shorewall/lib.cli	2007-06-28 17:05:43.000000000 -0700
-+++ lib.cli	2007-07-22 06:29:50.000000000 -0700
-@@ -1,6 +1,6 @@
- #!/bin/sh
- #
--# Shorewall 3.4 -- /usr/share/shorewall/lib.cli.
-+# Shorewall 4.0 -- /usr/share/shorewall/lib.cli.
- #
- #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
- #
-@@ -363,18 +363,18 @@
- # Show routing configuration
- #
- show_routing() {
--    if [ -n "$(ip rule ls)" ]; then
-+    if [ -n "$(ip rule list)" ]; then
- 	heading "Routing Rules"
--	ip rule ls
--	ip rule ls | while read rule; do
-+	ip rule list
-+	ip rule list | while read rule; do
- 	    echo ${rule##* }
- 	done | sort -u | while read table; do
- 	    heading "Table $table:"
--	    ip route ls table $table
-+	    ip route list table $table
- 	done
-     else
- 	heading "Routing Table"
--	ip route ls
-+	ip route list
-     fi
- }
- 
-@@ -530,7 +530,7 @@
- 	    [ $# -gt 1 ] && usage 1
- 	    echo "$PRODUCT $version IP at $HOSTNAME - $(date)"
- 	    echo
--	    ip addr ls
-+	    ip addr list
- 	    ;;
- 	routing)
- 	    [ $# -gt 1 ] && usage 1
-@@ -541,7 +541,7 @@
- 	config)
- 	    . ${SHAREDIR}/configpath
- 	    echo "Default CONFIG_PATH is $CONFIG_PATH"
--	    echo "LITEDIR is $LITEDIR"
-+	    [ -n "$LITEDIR" ] && echo "LITEDIR is $LITEDIR"
- 	    ;;
- 	chain)
- 	    shift
-@@ -697,10 +697,10 @@
-     [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || cat /proc/net/nf_conntrack
- 
-     heading "IP Configuration"
--    ip addr ls
-+    ip addr list
- 
-     heading "IP Stats"
--    ip -stat link ls
-+    ip -stat link list
- 
-     if qt mywhich brctl; then
- 	heading "Bridges"
diff --git a/Shorewall-common/diff-3.4-lib.config b/Shorewall-common/diff-3.4-lib.config
deleted file mode 100644
index 761142482..000000000
--- a/Shorewall-common/diff-3.4-lib.config
+++ /dev/null
@@ -1,65 +0,0 @@
---- /home/teastep/shorewall/branches/3.4/Shorewall/lib.config	2007-06-22 13:44:06.000000000 -0700
-+++ lib.config	2007-06-19 15:56:40.000000000 -0700
-@@ -1865,7 +1865,7 @@
- 
-     if [ -n "$IP_FORWARDING" ]; then
- 	case "$IP_FORWARDING" in
--	    On|Off|Keep|on|off|keep|ON|OFF|KEEP)
-+	    On|Off|Yes|No|Keep|on|off|yes|no|keep|ON|OFF|YES|NO|KEEP)
- 		;;
- 	    *)
- 		startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
-@@ -1875,6 +1875,44 @@
- 	IP_FORWARDING=On
-     fi
- 
-+    if [ -n "$ROUTE_FILTER" ]; then
-+	case "$ROUTE_FILTER" in
-+	    Yes|yes|YES)
-+		ROUTE_FILTER=yes
-+		;;
-+	    No|no|NO)
-+		ROUTE_FILTER=no
-+		;;
-+	    Keep|keep|KEEP)
-+		ROUTE_FILTER=
-+		;;
-+	    *)
-+		startup_error "Invalid value ($ROUTE_FILTER) for ROUTE_FILTER"
-+		;;
-+	esac
-+    else
-+	ROUTE_FILTER=
-+    fi
-+
-+    if [ -n "$LOG_MARTIANS" ]; then
-+	case "$LOG_MARTIANS" in
-+	    Yes|yes|YES)
-+		LOG_MARTIANS=yes
-+		;;
-+	    No|no|NO)
-+		LOG_MARTIANS=no
-+		;;
-+	    Keep|keep|KEEP)
-+		LOG_MARTIANS=
-+		;;
-+	    *)
-+		startup_error "Invalid value ($LOG_MARTIANS) for LOG_MARTIANS"
-+		;;
-+	esac
-+    else
-+	LOG_MARTIANS=
-+    fi
-+
-     [ -n "${BLACKLIST_DISPOSITION:=DROP}" ]
- 
-     case "$CLAMPMSS" in
-@@ -1886,8 +1924,6 @@
-     esac
- 
-     ADD_SNAT_ALIASES=$(added_param_value_no ADD_SNAT_ALIASES $ADD_SNAT_ALIASES)
--    ROUTE_FILTER=$(added_param_value_no ROUTE_FILTER $ROUTE_FILTER)
--    LOG_MARTIANS=$(added_param_value_no LOG_MARTIANS $LOG_MARTIANS)
-     DETECT_DNAT_IPADDRS=$(added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS)
- 
-     MACLIST_TARGET=reject
diff --git a/Shorewall-common/diff-3.4-shorewall b/Shorewall-common/diff-3.4-shorewall
deleted file mode 100644
index 9b45171b7..000000000
--- a/Shorewall-common/diff-3.4-shorewall
+++ /dev/null
@@ -1,30 +0,0 @@
---- /home/teastep/shorewall/branches/3.4/Shorewall/shorewall	2007-06-18 11:32:15.000000000 -0700
-+++ shorewall	2007-06-19 06:36:20.000000000 -0700
-@@ -1305,7 +1305,7 @@
-     echo "   stop"
-     echo "   status"
-     echo "   try [ -C {shell|perl} ] <directory> [ <timeout> ]"
--    echo "   version"
-+    echo "   version [ -a ]"
-     echo "   safe-start [ -C {shell|perl} ] [ <directory> ]"
-     echo "   safe-restart [ -C {shell|perl} ] [ <directory> ]"
-     echo
-@@ -1449,6 +1449,10 @@
-     echo $version
- 
-     if [ -n "$all" ]; then
-+	if [ -f /usr/share/shorewall-shell/version ]; then
-+	    echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
-+	fi
-+
- 	if [ -f /usr/share/shorewall-perl/version ]; then
- 	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
- 	fi
-@@ -1534,6 +1538,7 @@
- 	[ $# -ne 1 ] && usage 1
- 	get_config
- 	export NOROUTES
-+	[ -x ${VARDIR}/.restore ] && FIREWALL=${VARDIR}/.restore
- 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
- 	;;
-     compile)
diff --git a/Shorewall-common/lib.config b/Shorewall-common/lib.config
index 1f2b3ba7d..d4fa90032 100644
--- a/Shorewall-common/lib.config
+++ b/Shorewall-common/lib.config
@@ -376,10 +376,10 @@ validate_interfaces_file() {
 		dhcp|tcpflags|arp_filter|routefilter|logmartians|sourceroute|blacklist|nosmurfs|upnp|-)
 		    ;;
 		proxyarp)
-		    lib_load proxyarp "The 'proxyarp' option on interface $interface"
+		    [ "$PROGRAM" = compiler ] && lib_load proxyarp "The 'proxyarp' option on interface $interface"
 		    ;;
 		maclist)
-		    lib_load maclist "The 'maclist' option"
+		    [ "$PROGRAM" = compiler ] && lib_load maclist "The 'maclist' option"
 		    ;;
 		norfc1918)
 		    if [ "$PROGRAM" != compiler ]; then
@@ -627,7 +627,7 @@ validate_hosts_file() {
 		    norfc1918|blacklist|tcpflags|nosmurfs|-)
 			;;
 		    maclist)
-		       	lib_load maclist "The 'maclist' option"
+		       	[ "$PROGRAM" = compiler ] && lib_load maclist "The 'maclist' option"
 			;;
 		    ipsec)
 			[ -n "$POLICY_MATCH" ] || \