Clean up push_irule() after branching 4.4.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/shorewall-init.spec

@@ -1,280 +0,0 @@
-%define name shorewall-init
-%define version 4.4.21
-%define release 1
-
-Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: shoreline_firewall >= 4.4.10
-
-%description
-
-The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
-(iptables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-
-Shorewall Init is a companion product to Shorewall that allows for tigher
-control of connections during boot and that integrates Shorewall with
-ifup/ifdown and NetworkManager.
-
-%prep
-
-%setup
-
-%build
-
-%install
-export DESTDIR=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-
-if [ $1 -eq 1 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv /etc/rc.d/shorewall-init
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --add shorewall-init;
-    fi
-fi
-
-if [ -f /etc/SuSE-release ]; then
-    cp -pf /usr/share/shorewall-init/ifupdown /etc/sysconfig/network/if-up.d/shorewall
-    cp -pf /usr/share/shorewall-init/ifupdown /etc/sysconfig/network/if-down.d/shorewall
-    if [ -d /etc/ppp ]; then
-	for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-	    mkdir -p /etc/ppp/$directory
-	    cp -pf /usr/share/shorewall-init/ifupdown /etc/ppp/$directory/shorewall
-	done
-    fi
-else
-    if [ -f /sbin/ifup-local -o -f /sbin/ifdown-local ]; then
-	if ! grep -q Shorewall /sbin/ifup-local || ! grep -q Shorewall /sbin/ifdown-local; then
-	    echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; ifup/ifdown events will not be handled" >&2
-	else
-	    cp -pf /usr/share/shorewall-init/ifupdown /sbin/ifup-local
-	    cp -pf /usr/share/shorewall-init/ifupdown /sbin/ifdown-local
-	fi
-    else
-	cp -pf /usr/share/shorewall-init/ifupdown /sbin/ifup-local
-	cp -pf /usr/share/shorewall-init/ifupdown /sbin/ifdown-local
-    fi
-
-    if [ -d /etc/ppp ]; then
-	if [ -f /etc/ppp/ip-up.local -o -f /etc/ppp/ip-down.local ]; then
-	    if ! grep -q Shorewall-based /etc/ppp/ip-up.local || ! grep -q Shorewall-based /etc/ppp//ip-down.local; then
-		echo "WARNING: /etc/ppp/ip-up.local and/or /etc/ppp/ip-down.local already exist; ppp devices will not be handled" >&2
-	    fi
-	else
-	    cp -pf /usr/share/shorewall-init/ifupdown /etc/ppp/ip-up.local
-	    cp -pf /usr/share/shorewall-init/ifupdown /etc/ppp/ip-down.local
-	fi
-    fi
-
-    if [ -d /etc/NetworkManager/dispatcher.d/ ]; then
-	cp -pf /usr/share/shorewall-init/ifupdown /etc/NetworkManager/dispatcher.d/01-shorewall
-    fi
-fi
-
-%preun
-
-if [ $1 -eq 0 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv -r /etc/init.d/shorewall-init
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --del shorewall-init
-    fi
-
-    [ -f /sbin/ifup-local ]   && grep -q Shorewall /sbin/ifup-local   && rm -f /sbin/ifup-local
-    [ -f /sbin/ifdown-local ] && grep -q Shorewall /sbin/ifdown-local && rm -f /sbin/ifdown-local
-
-    [ -f /etc/ppp/ip-up.local ]   && grep -q Shorewall-based /etc/ppp/ip-up.local   && rm -f /etc/ppp/ip-up.local
-    [ -f /etc/ppp/ip-down.local ] && grep -q Shorewall-based /etc/ppp/ip-down.local && rm -f /etc/ppp/ip-down.local
-
-    rm -f /etc/NetworkManager/dispatcher.d/01-shorewall
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0644,root,root) %config(noreplace) /etc/sysconfig/shorewall-init
-
-%attr(0544,root,root) /etc/init.d/shorewall-init
-%attr(0755,root,root) %dir /usr/share/shorewall-init
-
-%attr(0644,root,root) /usr/share/shorewall-init/version
-%attr(0544,root,root) /usr/share/shorewall-init/ifupdown
-
-%doc COPYING changelog.txt releasenotes.txt
-
-%changelog
-* Mon Jul 11 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-1
-* Wed Jul 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0base
-* Mon Jul 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC3
-* Sun Jul 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC2
-* Thu Jun 23 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC1
-* Sun Jun 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta3
-* Sat Jun 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta2
-* Tue Jun 07 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta1
-* Mon Jun 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-1
-* Tue May 31 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0base
-* Fri May 27 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0RC1
-* Tue May 24 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta5
-* Sun May 22 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta4
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta3
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta2
-* Sat Apr 16 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-1
-* Sat Apr 09 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0base
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0RC1
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta5
-* Sat Apr 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta4
-* Sat Mar 26 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta3
-* Sat Mar 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta1
-* Wed Mar 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0base
-* Mon Feb 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0RC1
-* Sun Feb 20 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta4
-* Sat Feb 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta3
-* Sun Feb 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta2
-* Sat Feb 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta1
-* Fri Feb 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0base
-* Sun Jan 30 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0RC1
-* Fri Jan 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta3
-* Wed Jan 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta2
-* Sat Jan 08 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta1
-* Mon Jan 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0base
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0RC1
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta8
-* Sun Dec 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta7
-* Mon Dec 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta6
-* Fri Dec 10 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta5
-* Sat Dec 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta4
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta3
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta2
-* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta1
-* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0base
-* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0RC1
-* Mon Nov 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta2
-* Sat Oct 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta1
-* Sat Oct 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0base
-* Wed Oct 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0RC1
-* Fri Oct 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta4
-* Sun Sep 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta3
-* Thu Sep 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta2
-* Tue Sep 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta6
-* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta5
-* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta4
-* Mon Aug 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta3
-* Wed Aug 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta2
-* Wed Aug 18 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta1
-* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0base
-* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0RC1
-* Sun Aug 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta4
-* Sat Jul 31 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta3
-* Sun Jul 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta2
-* Wed Jul 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta1
-* Fri Jul 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0base
-* Mon Jul 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0RC1
-* Sat Jul 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta3
-* Thu Jul 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta2
-* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta1
-* Sat Jun 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0base
-* Fri Jun 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC2
-* Thu May 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC1
-* Wed May 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta4
-* Tue May 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta3
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Tue May 18 2010 Tom Eastep tom@shorewall.net
-- Initial version
-
-
-

Shorewall-lite/shorewall-lite.spec

@@ -1,493 +0,0 @@
-%define name shorewall-lite
-%define version 4.4.21
-%define release 1
-
-Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: iptables iproute
-Provides: shoreline_firewall = %{version}-%{release}
-
-%description
-
-The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
-(iptables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-
-Shorewall Lite is a companion product to Shorewall that allows network
-administrators to centralize the configuration of Shorewall-based firewalls.
-
-%prep
-
-%setup
-
-%build
-
-%install
-export DESTDIR=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%pre
-
-if [ -f /etc/shorewall-lite/shorewall.conf ]; then
-    cp -fa /etc/shorewall-lite/shorewall.conf /etc/shorewall-lite/shorewall.conf.rpmsave
-fi
-
-%post
-
-if [ $1 -eq 1 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv /etc/rc.d/shorewall-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --add shorewall-lite;
-    fi
-elif [ -f /etc/shorewall-lite/shorewall.conf.rpmsave ]; then
-    mv -f /etc/shorewall-lite/shorewall-lite.conf /etc/shorewall-lite/shorewall-lite.conf.rpmnew
-    mv -f /etc/shorewall-lite/shorewall.conf.rpmsave /etc/shorewall-lite/shorewall-lite.conf
-    echo "/etc/shorewall-lite/shorewall.conf retained as /etc/shorewall-lite/shorewall-lite.conf"
-    echo "/etc/shorewall-lite/shorewall-lite.conf installed as /etc/shorewall-lite/shorewall-lite.conf.rpmnew"
-fi
-
-%preun
-
-if [ $1 -eq 0 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv -r /etc/init.d/shorewall-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --del shorewall-lite
-    fi
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0755,root,root) %dir /etc/shorewall-lite
-%attr(0644,root,root) %config(noreplace) /etc/shorewall-lite/shorewall-lite.conf
-%attr(0644,root,root) /etc/shorewall-lite/Makefile
-%attr(0544,root,root) /etc/init.d/shorewall-lite
-%attr(0755,root,root) %dir /usr/share/shorewall-lite
-%attr(0700,root,root) %dir /var/lib/shorewall-lite
-
-%attr(0644,root,root) /etc/logrotate.d/shorewall-lite
-
-%attr(0755,root,root) /sbin/shorewall-lite
-
-%attr(0644,root,root) /usr/share/shorewall-lite/version
-%attr(0644,root,root) /usr/share/shorewall-lite/configpath
-%attr(-   ,root,root) /usr/share/shorewall-lite/functions
-%attr(0644,root,root) /usr/share/shorewall-lite/lib.base
-%attr(0644,root,root) /usr/share/shorewall-lite/lib.cli
-%attr(0644,root,root) /usr/share/shorewall-lite/lib.common
-%attr(0644,root,root) /usr/share/shorewall-lite/modules*
-%attr(0644,root,root) /usr/share/shorewall-lite/helpers
-%attr(0544,root,root) /usr/share/shorewall-lite/shorecap
-%attr(0755,root,root) /usr/share/shorewall-lite/wait4ifup
-
-%attr(0644,root,root) %{_mandir}/man5/shorewall-lite.conf.5.gz
-%attr(0644,root,root) %{_mandir}/man5/shorewall-lite-vardir.5.gz
-
-%attr(0644,root,root) %{_mandir}/man8/shorewall-lite.8.gz
-
-%doc COPYING changelog.txt releasenotes.txt
-
-%changelog
-* Mon Jul 11 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-1
-* Wed Jul 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0base
-* Mon Jul 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC3
-* Sun Jul 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC2
-* Thu Jun 23 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC1
-* Sun Jun 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta3
-* Sat Jun 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta2
-* Tue Jun 07 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta1
-* Mon Jun 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-1
-* Tue May 31 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0base
-* Fri May 27 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0RC1
-* Tue May 24 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta5
-* Sun May 22 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta4
-* Thu May 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta3
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta2
-* Sat Apr 16 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta1
-* Wed Apr 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-1
-* Sat Apr 09 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0base
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0RC1
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta5
-* Sat Apr 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta4
-* Sat Mar 26 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta3
-* Sat Mar 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta1
-* Wed Mar 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0base
-* Mon Feb 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0RC1
-* Sun Feb 20 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta4
-* Sat Feb 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta3
-* Sun Feb 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta2
-* Sat Feb 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta1
-* Fri Feb 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0base
-* Sun Jan 30 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0RC1
-* Fri Jan 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta3
-* Wed Jan 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta2
-* Sat Jan 08 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta1
-* Mon Jan 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0base
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0RC1
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta8
-* Sun Dec 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta7
-* Mon Dec 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta6
-* Fri Dec 10 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta5
-* Sat Dec 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta4
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta3
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta2
-* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta1
-* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0base
-* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0RC1
-* Mon Nov 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta2
-* Sat Oct 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta1
-* Sat Oct 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0base
-* Wed Oct 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0RC1
-* Fri Oct 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta4
-* Sun Sep 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta3
-* Thu Sep 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta2
-* Tue Sep 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta6
-* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta5
-* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta4
-* Mon Aug 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta3
-* Wed Aug 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta2
-* Wed Aug 18 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta1
-* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0base
-* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0RC1
-* Sun Aug 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta4
-* Sat Jul 31 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta3
-* Sun Jul 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta2
-* Wed Jul 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta1
-* Fri Jul 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0base
-* Mon Jul 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0RC1
-* Sat Jul 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta3
-* Thu Jul 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta2
-* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta1
-* Sat Jun 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0base
-* Fri Jun 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC2
-* Thu May 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC1
-* Wed May 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta4
-* Tue May 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta3
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta1
-* Mon May 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0base
-* Sun May 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC2
-* Sun Apr 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC1
-* Sat Apr 24 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta5
-* Fri Apr 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta4
-* Fri Apr 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta3
-* Thu Apr 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta2
-* Sat Mar 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta1
-* Fri Mar 19 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0base
-* Tue Mar 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC2
-* Mon Mar 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC1
-* Sun Feb 28 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta2
-* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta1
-* Fri Feb 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0base
-* Tue Feb 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC2
-* Wed Jan 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC1
-* Mon Jan 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta4
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta3
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta2
-* Sun Jan 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta1
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0base
-* Tue Jan 12 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0Beta1
-* Thu Dec 24 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.5-0base
-* Sat Nov 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0base
-* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta2
-* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta1
-* Tue Nov 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.3-0base
-* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.1-0base
-* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0base
-* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC2
-* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC1
-* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta4
-* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta3
-* Mon Jun 15 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta2
-* Fri Jun 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta1
-* Sun Jun 07 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.13-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.12-0base
-* Sun May 10 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.11-0base
-* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.10-0base
-* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.9-0base
-* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.8-0base
-* Sun Mar 01 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.7-0base
-* Fri Feb 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.6-0base
-* Sun Feb 22 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.5-0base
-* Wed Feb 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Thu Jan 29 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Tue Jan 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.5-0base
-* Thu Dec 25 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0base
-* Fri Dec 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.3-0base
-* Wed Nov 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.2-0base
-* Wed Oct 08 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.1-0base
-* Fri Oct 03 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0base
-* Tue Sep 23 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC4
-* Mon Sep 15 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC3
-* Mon Sep 08 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC2
-* Tue Aug 19 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC1
-* Thu Jul 03 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta3
-* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta2
-* Wed May 07 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta1
-* Mon Apr 28 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.8-0base
-* Mon Mar 24 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.7-0base
-* Thu Mar 13 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.6-0base
-* Tue Feb 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.5-0base
-* Fri Jan 04 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.4-0base
-* Wed Dec 12 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.3-0base
-* Fri Dec 07 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.3-1
-* Tue Nov 27 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.2-1
-* Wed Nov 21 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.1-1
-* Mon Nov 19 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.0-1
-* Thu Nov 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-1
-* Sat Nov 10 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC3
-* Wed Nov 07 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC2
-* Thu Oct 25 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC1
-* Tue Oct 03 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.5-1
-* Wed Sep 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.4-1
-* Mon Aug 13 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.3-1
-* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.2-1
-* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.1-1
-* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-1
-* Sun Jul 08 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0RC2
-* Mon Jul 02 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0RC1
-* Sun Jun 24 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta7
-* Wed Jun 20 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta6
-* Thu Jun 14 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta5
-* Fri Jun 08 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta4
-* Tue Jun 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta3
-* Tue May 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta1
-* Fri May 11 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.7-1
-* Sat May 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.6-1
-* Mon Apr 30 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.5-1
-* Mon Apr 23 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.4-1
-* Wed Apr 18 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.3-1
-* Sat Apr 14 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.2-1
-* Sat Apr 07 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.1-1
-* Thu Mar 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.1-1
-* Sat Mar 10 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-1
-* Sun Feb 25 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC3
-* Sun Feb 04 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC2
-* Wed Jan 24 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC1
-* Mon Jan 22 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta3
-* Wed Jan 03 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta2
-- Handle rename of shorewall.conf
-* Thu Dec 14 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta1
-* Sat Nov 25 2006 Tom Eastep tom@shorewall.net
-- Added shorewall-exclusion(5)
-- Updated to 3.3.6-1
-* Sun Nov 19 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.5-1
-* Sun Oct 29 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.4-1
-* Mon Oct 16 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.3-1
-* Sat Sep 30 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.2-1
-* Wed Aug 30 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.1-1
-* Wed Aug 09 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.0-1
-* Wed Aug 09 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.0-1
-
-

Shorewall/Perl/Shorewall/Accounting.pm

@@ -35,7 +35,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_accounting );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 #
 # Per-IP accounting tables. Each entry contains the associated network.
@@ -400,47 +400,47 @@ sub setup_accounting() {
 
 	    if ( have_bridges || $asection ) {
 		if ( $tableref->{accountin} ) {
-		    add_jump( $tableref->{INPUT}, 'accountin', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{INPUT}, j => 'accountin', 0 );
 		}
 
 		if ( $tableref->{accounting} ) {
 		    dont_optimize( 'accounting' );
 		    for my $chain ( qw/INPUT FORWARD/ ) {
-			add_jump( $tableref->{$chain}, 'accounting', 0, '', 0, 0 );
+			insert_ijump( $tableref->{$chain}, j => 'accounting', 0 );
 		    }
 		}
 
 		if ( $tableref->{accountfwd} ) {
-		    add_jump( $tableref->{FORWARD}, 'accountfwd', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{FORWARD}, j => 'accountfwd', 0 );
 		}
 
 		if ( $tableref->{accountout} ) {
-		    add_jump( $tableref->{OUTPUT}, 'accountout', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{OUTPUT}, j => 'accountout', 0 );
 		}
 
 		if ( $tableref->{accountpre} ) {
-		    add_jump( $tableref->{PREROUTING}, 'accountpre', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{PREROUTING}, j => 'accountpre' , 0 );
 		}
 
 		if ( $tableref->{accountpost} ) {
-		    add_jump( $tableref->{POSTROUTING}, 'accountpost', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{POSTROUTING}, j => 'accountpost', 0 );
 		}
 	    } elsif ( $tableref->{accounting} ) {
 		dont_optimize( 'accounting' );
 		for my $chain ( qw/INPUT FORWARD OUTPUT/ ) {
-		    add_jump( $tableref->{$chain}, 'accounting', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{$chain}, j => 'accounting', 0 );
 		}
 	    }
 
 	    if ( $tableref->{accipsecin} ) {
 		for my $chain ( qw/INPUT FORWARD/ ) {
-		    add_jump( $tableref->{$chain}, 'accipsecin', 0,  '', 0, 0 );
+		    insert_ijump( $tableref->{$chain}, j => 'accipsecin', 0 );
 		}
 	    }
 
 	    if ( $tableref->{accipsecout} ) {
 		for my $chain ( qw/FORWARD OUTPUT/ ) {
-		    add_jump( $tableref->{$chain}, 'accipsecout', 0, '', 0, 0 );
+		    insert_ijump( $tableref->{$chain}, j => 'accipsecout', 0 );
 		}
 	    }
 

Shorewall/Perl/Shorewall/Compiler.pm

@@ -41,7 +41,7 @@ use Shorewall::Misc;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( compiler );
 our @EXPORT_OK = qw( $export );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 my $export;
 

Shorewall/Perl/Shorewall/Config.pm

@@ -150,7 +150,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 
 Exporter::export_ok_tags('internal');
 
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 #
 # describe the current command, it's present progressive, and it's completion.
@@ -242,7 +242,7 @@ my  %capdesc = ( NAT_ENABLED     => 'NAT',
 		 OWNER_MATCH     => 'Owner Match',
 		 IPSET_MATCH     => 'Ipset Match',
 		 OLD_IPSET_MATCH => 'Old Ipset Match',
-		 IPSET_V5        => 'Version 5 IPSETs',
+		 IPSET_V5        => 'Version 5 ipsets',
 		 CONNMARK        => 'CONNMARK Target',
 		 XCONNMARK       => 'Extended CONNMARK Target',
 		 CONNMARK_MATCH  => 'Connmark Match',
@@ -427,14 +427,15 @@ sub initialize( $ ) {
     # Misc Globals
     #
     %globals  =   ( SHAREDIRPL => '/usr/share/shorewall/' ,
-		    CONFDIR    =>  '/etc/shorewall',     # Run-time configuration directory
+		    CONFDIR    => '/etc/shorewall',     # Run-time configuration directory
 		    CONFIGDIR  => '',                  # Compile-time configuration directory (location of $product.conf)
 		    LOGPARMS   => '',
 		    TC_SCRIPT  => '',
 		    EXPORT     => 0,
+		    KLUDGEFREE => '',
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED  => 0,
-		    VERSION    => "4.4.21",
+		    VERSION    => "4.4.22-Beta1",
 		    CAPVERSION => 40421 ,
 		  );
     #
@@ -557,7 +558,6 @@ sub initialize( $ ) {
 	  COMPLETE => undef,
 	  EXPORTMODULES => undef,
 	  LEGACY_FASTSTART => undef,
-	  FAKE_AUDIT => undef,
 	  #
 	  # Packet Disposition
 	  #
@@ -575,6 +575,13 @@ sub initialize( $ ) {
 	  MASK_BITS => undef
 	);
 
+
+    #
+    # Valid log levels
+    #
+    # Note that we don't include LOGMARK; that is so we can default its
+    # priority to 'info' (LOGMARK itself defaults to 'warn').
+    #
     %validlevels = ( DEBUG   => 7,
 		     INFO    => 6,
 		     NOTICE  => 5,
@@ -588,7 +595,7 @@ sub initialize( $ ) {
 		     PANIC   => 0,
 		     NONE    => '',
 		     NFLOG   => 'NFLOG',
-		     LOGMARK => 'LOGMARK' );
+		   );
 
     #
     # From parsing the capabilities file or capabilities detection
@@ -636,10 +643,10 @@ sub initialize( $ ) {
 	       CONNLIMIT_MATCH => undef,
 	       TIME_MATCH => undef,
 	       GOTO_TARGET => undef,
+	       LOG_TARGET => 1,         # Assume that we have it.
 	       LOGMARK_TARGET => undef,
 	       IPMARK_TARGET => undef,
 	       TPROXY_TARGET => undef,
-	       LOG_TARGET => 1,         # Assume that we have it.
 	       PERSISTENT_SNAT => undef,
 	       OLD_HL_MATCH => undef,
 	       FLOW_FILTER => undef,
@@ -807,7 +814,7 @@ sub fatal_error1 {
 #
 # C/C++-like assertion checker
 #
-sub assert( $ ) {
+sub assert( $;$ ) {
     unless ( $_[0] ) {
 	my @caller0 = caller 0; # Where assert() was called
 	my @caller1 = caller 1; # Who called assert()
@@ -1348,6 +1355,7 @@ sub split_line1( $$$;$ ) {
     my ( $mincolumns, $maxcolumns, $description, $nopad) = @_;
 
     fatal_error "Shorewall Configuration file entries may not contain double quotes, single back quotes or backslashes" if $currentline =~ /["`\\]/;
+    fatal_error "Non-ASCII gunk in file" if $currentline =~ /[^\s[:print:]]/;
 
     my @line = split( ' ', $currentline );
 
@@ -1432,7 +1440,7 @@ sub close_file() {
 }
 
 #
-# Functions for copying files into the script
+# Functions for copying a file into the script
 #
 sub copy( $ ) {
     assert( $script_enabled );
@@ -1784,7 +1792,7 @@ sub embedded_perl( $ ) {
     if ( $perlscript ) {
 	fatal_error "INCLUDEs nested too deeply" if @includestack >= 4;
 
-	close $perlscript or assert(0);
+	assert( close $perlscript );
 
 	$perlscript = undef;
 
@@ -2137,12 +2145,15 @@ sub validate_level( $ ) {
 	    return $rawlevel;
 	}
 
-	if ( $level =~ /LOGMARK[(](.*)[)]$/ ) {
-	    my $sublevel = $1;
-	    
-	    $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/;
+	if ( $level =~ /LOGMARK([(](.+)[)])?$/ ) {
+	    my $sublevel = $2;
 
-	    level_error( $level ) unless defined $sublevel  =~ /^[0-7]$/; 
+	    if ( $1 ) {	    
+		$sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/;
+		level_error( $level ) unless defined $sublevel && $sublevel  =~ /^[0-7]$/;
+	    } else {
+		$sublevel = 6; # info
+	    }
 	    
 	    require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
 	    require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
@@ -2646,7 +2657,7 @@ sub Account_Target() {
 }
 
 sub Audit_Target() {
-    $config{FAKE_AUDIT} || qt1( "$iptables -A $sillyname -j AUDIT --type drop" );
+    qt1( "$iptables -A $sillyname -j AUDIT --type drop" );
 }
 
 our %detect_capability =
@@ -2721,9 +2732,11 @@ sub have_capability( $ ) {
     my $capability = shift;
     our %detect_capability;
 
-    $capabilities{ $capability } = detect_capability( $capability ) unless defined $capabilities{ $capability };
+    my $setting = $capabilities{ $capability };
 
-    $capabilities{ $capability };
+    $setting = $capabilities{ $capability } = detect_capability( $capability ) unless defined $setting;
+
+    $setting;
 }
 
 #
@@ -2748,6 +2761,7 @@ sub determine_capabilities() {
 	    qt1( "$iptables -A $sillyname -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT") ||
 	    qt1( "$iptables -A $sillyname -m state --state ESTABLISHED,RELATED -j ACCEPT");;
 
+    $globals{KLUDGEFREE} = $capabilities{KLUDGEFREE} = detect_capability 'KLUDGEFREE';
 
     unless ( $config{ LOAD_HELPERS_ONLY } ) {
 	#
@@ -2766,24 +2780,17 @@ sub determine_capabilities() {
 	    $capabilities{OLD_CONNTRACK_MATCH} = '';
 	}
 
-	if ( $capabilities{ MULTIPORT } = detect_capability( 'MULTIPORT' ) ) {
-	     $capabilities{KLUDGEFREE}  = Kludgefree1;
-	}
-
+	$capabilities{ MULTIPORT } = detect_capability( 'MULTIPORT' );
 	$capabilities{XMULTIPORT}   = detect_capability( 'XMULTIPORT' );
 	$capabilities{POLICY_MATCH} = detect_capability( 'POLICY_MATCH' );
 
 	if ( $capabilities{PHYSDEV_MATCH} = detect_capability( 'PHYSDEV_MATCH' ) ) {
 	    $capabilities{PHYSDEV_BRIDGE} = detect_capability( 'PHYSDEV_BRIDGE' );
-	    $capabilities{KLUDGEFREE}   ||= Kludgefree2;
 	} else {
 	    $capabilities{PHYSDEV_BRIDGE} = '';
 	}
 
-	if ( $capabilities{IPRANGE_MATCH} = detect_capability( 'IPRANGE_MATCH' ) ) {
-	    $capabilities{KLUDGEFREE}   ||= Kludgefree3;
-	}
-
+	$capabilities{IPRANGE_MATCH}   = detect_capability( 'IPRANGE_MATCH' );
 	$capabilities{RECENT_MATCH}    = detect_capability( 'RECENT_MATCH' );
 	$capabilities{OWNER_MATCH}     = detect_capability( 'OWNER_MATCH' );
 	$capabilities{CONNMARK_MATCH}  = detect_capability( 'CONNMARK_MATCH' );
@@ -2945,7 +2952,7 @@ sub update_config_file( $ ) {
     #
     # Undocumented options -- won't be listed in the template
     #
-    my @undocumented = ( qw( TC_BITS PROVIDER_BITS PROVIDER_OFFSET MASK_BITS FAKE_AUDIT ) );
+    my @undocumented = ( qw( TC_BITS PROVIDER_BITS PROVIDER_OFFSET MASK_BITS ) );
 
     if ( -f $fn ) {
 	my ( $template, $output );
@@ -3138,6 +3145,7 @@ sub read_capabilities() {
 	$capabilities{$_} = '' unless defined $capabilities{$_};
     }
 
+    $globals{KLUDGEFREE} = $capabilities{KLUDGEFREE};
 }
 
 #

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -80,7 +80,7 @@ our @EXPORT = qw( ALLIPv4
 		  validate_icmp6
 		 );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_20';
+our $VERSION = 'MODULEVERSION';
 
 #
 # Some IPv4/6 useful stuff

Shorewall/Perl/Shorewall/Nat.pm

@@ -36,7 +36,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_masq setup_nat setup_netmap add_addresses );
 our @EXPORT_OK = ();
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 my @addresses_to_add;
 my %addresses_to_add;
@@ -413,22 +413,22 @@ sub setup_netmap() {
 
 	    for my $interface ( split_list $interfacelist, 'interface' ) {
 
-		my $rulein = '';
-		my $ruleout = '';
+		my @rulein;
+		my @ruleout;
 		my $iface = $interface;
 
 		fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface );
 
 		unless ( $interfaceref->{root} ) {
-		    $rulein  = match_source_dev( $interface );
-		    $ruleout = match_dest_dev( $interface );
+		    @rulein  = imatch_source_dev( $interface );
+		    @ruleout = imatch_dest_dev( $interface );
 		    $interface = $interfaceref->{name};
 		}
 
 		if ( $type eq 'DNAT' ) {
-		    add_rule ensure_chain( 'nat' , input_chain $interface ) , $rulein   . match_source_net( $net3 ) . "-d $net1 -j NETMAP --to $net2";
+		    add_ijump ensure_chain( 'nat' , input_chain $interface ) ,  j => "NETMAP --to $net2", @rulein  , imatch_source_net( $net3 ), d => $net1;
 		} elsif ( $type eq 'SNAT' ) {
-		    add_rule ensure_chain( 'nat' , output_chain $interface ) , $ruleout . match_dest_net( $net3 )   . "-s $net1 -j NETMAP --to $net2";
+		    add_ijump ensure_chain( 'nat' , output_chain $interface ) , j => "NETMAP --to $net2", @ruleout , imatch_dest_net( $net3 ) ,  s => $net1;
 		} else {
 		    fatal_error "Invalid type ($type)";
 		}

Shorewall/Perl/Shorewall/Proc.pm

@@ -41,7 +41,7 @@ our @EXPORT = qw(
 		 setup_forwarding
 		 );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_7';
+our $VERSION = 'MODULEVERSION';
 
 #
 # ARP Filtering

Shorewall/Perl/Shorewall/Providers.pm

@@ -35,7 +35,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_providers @routemarked_interfaces handle_stickiness handle_optional_interfaces );
 our @EXPORT_OK = qw( initialize lookup_provider );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 use constant { LOCAL_TABLE   => 255,
 	       MAIN_TABLE    => 254,
@@ -100,7 +100,7 @@ sub setup_route_marking() {
 
     require_capability( $_ , q(The provider 'track' option) , 's' ) for qw/CONNMARK_MATCH CONNMARK/;
 
-    add_rule $mangle_table->{$_} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask" for qw/PREROUTING OUTPUT/;
+    add_ijump $mangle_table->{$_} , j => "CONNMARK --restore-mark --mask $mask", connmark => "! --mark 0/$mask" for qw/PREROUTING OUTPUT/;
 
     my $chainref  = new_chain 'mangle', 'routemark';
     my $chainref1 = new_chain 'mangle', 'setsticky';
@@ -114,22 +114,22 @@ sub setup_route_marking() {
 	my $mark      = $providerref->{mark};
 
 	unless ( $marked_interfaces{$interface} ) {
-	    add_jump $mangle_table->{PREROUTING} , $chainref,  0, "-i $physical -m mark --mark 0/$mask ";
-	    add_jump $mangle_table->{PREROUTING} , $chainref1, 0, "! -i $physical -m mark --mark  $mark/$mask ";
-	    add_jump $mangle_table->{OUTPUT}     , $chainref2, 0, "-m mark --mark  $mark/$mask ";
+	    add_ijump $mangle_table->{PREROUTING} , j => $chainref,  i => $physical,     mark => "--mark 0/$mask";
+	    add_ijump $mangle_table->{PREROUTING} , j => $chainref1, i => "! $physical", mark => "--mark  $mark/$mask";
+	    add_ijump $mangle_table->{OUTPUT}     , j => $chainref2,                     mark => "--mark  $mark/$mask";
 	    $marked_interfaces{$interface} = 1;
 	}
 
 	if ( $providerref->{shared} ) {
 	    add_commands( $chainref, qq(if [ -n "$providerref->{mac}" ]; then) ), incr_cmd_level( $chainref ) if $providerref->{optional};
-	    add_rule $chainref, match_source_dev( $interface ) . "-m mac --mac-source $providerref->{mac} -j MARK --set-mark $providerref->{mark}";
+	    add_ijump $chainref, j => "MARK --set-mark $providerref->{mark}", imatch_source_dev( $interface ), mac => "--mac-source $providerref->{mac}";
 	    decr_cmd_level( $chainref ), add_commands( $chainref, "fi\n" ) if $providerref->{optional};
 	} else {
-	    add_rule $chainref, match_source_dev( $interface ) . "-j MARK --set-mark $providerref->{mark}";
+	    add_ijump $chainref, j => "MARK --set-mark $providerref->{mark}", imatch_source_dev( $interface );
 	}
     }
 
-    add_rule $chainref, "-m mark ! --mark 0/$mask -j CONNMARK --save-mark --mask $mask";
+    add_ijump $chainref, j => "CONNMARK --save-mark --mask $mask", mark => "! --mark 0/$mask";
 }
 
 sub copy_table( $$$ ) {
@@ -1095,7 +1095,7 @@ sub handle_stickiness( $ ) {
 	    my $base      = uc chain_base $interface;
 	    my $mark      = $providerref->{mark};
 
-	    for ( grep /-j sticky/, @{$tcpreref->{rules}} ) {
+	    for ( grep rule_target($_) eq 'sticky', @{$tcpreref->{rules}} ) {
 		my $stickyref = ensure_mangle_chain 'sticky';
 		my ( $rule1, $rule2 );
 		my $list = sprintf "sticky%03d" , $sticky++;
@@ -1103,26 +1103,32 @@ sub handle_stickiness( $ ) {
 		for my $chainref ( $stickyref, $setstickyref ) {
 		    if ( $chainref->{name} eq 'sticky' ) {
 			$rule1 = $_;
-			$rule1 =~ s/-j sticky/-m recent --name $list --update --seconds 300 -j MARK --set-mark $mark/;
+
+			set_rule_target( $rule1, 'MARK',   "--set-mark $mark" );
+			set_rule_option( $rule1, 'recent', "--name $list --update --seconds 300" );
+
 			$rule2 = $_;
-			$rule2 =~ s/-j sticky/-m mark --mark 0\/$mask -m recent --name $list --remove/;
+
+			clear_rule_target( $rule2 );
+			set_rule_option( $rule2, 'mark', "--mark 0/$mask -m recent --name $list --remove" );
 		    } else {
 			$rule1 = $_;
-			$rule1 =~ s/-j sticky/-m mark --mark $mark\/$mask -m recent --name $list --set/;
+
+			clear_rule_target( $rule1 );
+			set_rule_option( $rule1, 'mark', "--mark $mark\/$mask -m recent --name $list --set" ); 
+
 			$rule2 = '';
 		    }
 
-		    assert ( $rule1 =~ s/^-A // );
-		    add_rule $chainref, $rule1;
+		    add_trule $chainref, $rule1;
 
 		    if ( $rule2 ) {
-			assert ( $rule2 =~ s/^-A // );
-			add_rule $chainref, $rule2;
+			add_trule $chainref, $rule2;
 		    }
 		}
 	    }
 
-	    for ( grep /-j sticko/, @{$tcoutref->{rules}} ) {
+	    for ( grep rule_target( $_ ) eq 'sticko', , @{$tcoutref->{rules}} ) {
 		my ( $rule1, $rule2 );
 		my $list = sprintf "sticky%03d" , $sticky++;
 		my $stickoref = ensure_mangle_chain 'sticko';
@@ -1130,21 +1136,27 @@ sub handle_stickiness( $ ) {
 		for my $chainref ( $stickoref, $setstickoref ) {
 		    if ( $chainref->{name} eq 'sticko' ) {
 			$rule1 = $_;
-			$rule1 =~ s/-j sticko/-m recent --name $list --rdest --update --seconds 300 -j MARK --set-mark $mark/;
+
+			set_rule_target( $rule1, 'MARK',   "--set-mark $mark" );
+			set_rule_option( $rule1, 'recent', " --name $list --rdest --update --seconds 300 -j MARK --set-mark $mark" );
+
 			$rule2 = $_;
-			$rule2 =~ s/-j sticko/-m mark --mark 0\/$mask -m recent --name $list --rdest --remove/;
+			
+			clear_rule_target( $rule2 );
+			set_rule_option  ( $rule2, 'mark', "--mark 0\/$mask -m recent --name $list --rdest --remove" );
 		    } else {
 			$rule1 = $_;
-			$rule1 =~ s/-j sticko/-m mark --mark $mark -m recent --name $list --rdest --set/;
+
+			clear_rule_target( $rule1 );
+			set_rule_option  ( $rule1, 'mark', "--mark $mark -m recent --name $list --rdest --set" );
+
 			$rule2 = '';
 		    }
 
-		    assert( $rule1 =~ s/-A // );
-		    add_rule $chainref, $rule1;
+		    add_trule $chainref, $rule1;
 
 		    if ( $rule2 ) {
-			$rule2 =~ s/-A //;
-			add_rule $chainref, $rule2;
+			add_trule $chainref, $rule2;
 		    }
 		}
 	    }

Shorewall/Perl/Shorewall/Proxyarp.pm

@@ -35,7 +35,7 @@ our @EXPORT = qw(
 		  );
 
 our @EXPORT_OK = qw( initialize );
-our $VERSION = '4.4_19';
+our $VERSION = 'MODULEVERSION';
 
 our @proxyarp;
 

Shorewall/Perl/Shorewall/Raw.pm

@@ -34,7 +34,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_notrack );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_14';
+our $VERSION = 'MODULEVERSION';
 
 #
 # Notrack

Shorewall/Perl/Shorewall/Rules.pm

@@ -52,7 +52,7 @@ our @EXPORT = qw(
 	       );
 
 our @EXPORT_OK = qw( initialize );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 #
 # Globals are documented in the initialize() function
 #
@@ -528,20 +528,13 @@ sub policy_rules( $$$$$ ) {
     my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
 
     unless ( $target eq 'NONE' ) {
-	add_rule $chainref, "-d 224.0.0.0/4 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
-	add_jump $chainref, $default, 0 if $default && $default ne 'none';
+	add_ijump $chainref, j => 'RETURN', d => '224.0.0.0/4' if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
+	add_ijump $chainref, j => $default if $default && $default ne 'none';
 	log_rule $loglevel , $chainref , $target , '' if $loglevel ne '';
 	fatal_error "Null target in policy_rules()" unless $target;
 	
-	if ( $chainref->{audit} ) {
-	    if ( $config{FAKE_AUDIT} ) {
-		add_rule( $chainref , '-j AUDIT -m comment --comment "--type ' . lc $target . '"' );
-	    } else { 
-		add_rule( $chainref , '-j AUDIT --type ' . lc $target );
-	    }
-	}
-
-	add_jump( $chainref , $target eq 'REJECT' ? 'reject' : $target, 1 ) unless $target eq 'CONTINUE';
+	add_ijump( $chainref , j => 'AUDIT --type ' . lc $target ) if $chainref->{audit};
+	add_ijump( $chainref , g => $target eq 'REJECT' ? 'reject' : $target ) unless $target eq 'CONTINUE';
     }
 }
 
@@ -570,7 +563,7 @@ sub default_policy( $$$ ) {
 		report_syn_flood_protection;
 		policy_rules $chainref , $policy , $loglevel , $default, $config{MULTICAST};
 	    } else {
-		add_jump $chainref,  $policyref, 1;
+		add_ijump $chainref,  g => $policyref;
 		$chainref = $policyref;
 	    }
 	} elsif ( $policy eq 'CONTINUE' ) {
@@ -578,7 +571,7 @@ sub default_policy( $$$ ) {
 	    policy_rules $chainref , $policy , $loglevel , $default, $config{MULTICAST};
 	} else {
 	    report_syn_flood_protection if $synparams;
-	    add_jump $chainref , $policyref, 1;
+	    add_ijump $chainref , g => $policyref;
 	    $chainref = $policyref;
 	}
     }
@@ -687,7 +680,7 @@ sub setup_syn_flood_chains() {
 			    'add' ,
 			    '' )
 		if $level ne '';
-	    add_rule $synchainref, '-j DROP';
+	    add_ijump $synchainref, j => 'DROP';
 	}
     }
 }
@@ -704,7 +697,7 @@ sub optimize_policy_chains() {
     #
     my $outputrules = $filter_table->{OUTPUT}{rules};
 
-    if ( @{$outputrules} && $outputrules->[-1] =~ /-j ACCEPT/ ) {
+    if ( @{$outputrules} && $outputrules->[-1]->{target} eq 'ACCEPT' ) {
 	optimize_chain( $filter_table->{OUTPUT} );
     }
 
@@ -751,7 +744,7 @@ sub finish_chain_section ($$) {
     
     push_comment(''); #These rules should not have comments
 
-    add_rule $chainref, "$globals{STATEMATCH} $state -j ACCEPT" unless $config{FASTACCEPT};
+    add_ijump $chainref, j => 'ACCEPT', state_imatch $state unless $config{FASTACCEPT};
 
     if ($sections{NEW} ) {
 	if ( $chainref->{is_policy} ) {
@@ -759,17 +752,17 @@ sub finish_chain_section ($$) {
 		my $synchainref = ensure_chain 'filter', syn_flood_chain $chainref;
 		if ( $section eq 'DONE' ) {
 		    if ( $chainref->{policy} =~ /^(ACCEPT|CONTINUE|QUEUE|NFQUEUE)/ ) {
-			add_jump $chainref, $synchainref, 0, "-p tcp --syn ";
+			add_ijump $chainref, j => $synchainref, p => 'tcp --syn';
 		    }
 		} else {
-		    add_jump $chainref, $synchainref, 0, "-p tcp --syn ";
+		    add_ijump $chainref, j => $synchainref, p => 'tcp --syn';
 		}
 	    }
 	} else {
 	    my $policychainref = $filter_table->{$chainref->{policychain}};
 	    if ( $policychainref->{synparams} ) {
 		my $synchainref = ensure_chain 'filter', syn_flood_chain $policychainref;
-		add_jump $chainref, $synchainref, 0, "-p tcp --syn ";
+		add_ijump $chainref, j => $synchainref, p => 'tcp --syn';
 	    }
 	}
 
@@ -910,16 +903,20 @@ sub createlogactionchain( $$$$$ ) {
 
     $chain = substr $chain, 0, 28 if ( length $chain ) > 28;
 
-  CHECKDUP:
-    {
-	$actionref->{actchain}++ while $chain_table{filter}{'%' . $chain . $actionref->{actchain}};
-	$chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28;
+    if ( $filter_table->{$chain} ) {
+      CHECKDUP:
+	{
+	    $actionref->{actchain}++ while $chain_table{filter}{'%' . $chain . $actionref->{actchain}};
+	    $chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28;
+	}
+
+	$usedactions{$normalized} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++;
+
+	fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99;
+    } else {
+	$usedactions{$normalized} = $chainref = new_standard_chain $chain;
     }
 
-    $usedactions{$normalized} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++;
-
-    fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99;
-
     $chainref->{action} = $normalized;
 
     unless ( $targets{$action} & BUILTIN ) {
@@ -1163,11 +1160,11 @@ sub dropBcast( $$$$ ) {
 	    if ( $family == F_IPV4 ) {
 		log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ';
 	    } else {
-		log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST , '' );
+		log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST , '-j DROP ' );
 	    }
 	}
 	
-	add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
+	add_ijump $chainref, j => $target, addrtype => '--dst-type BROADCAST';
     } else {
 	if ( $family == F_IPV4 ) {
 	    add_commands $chainref, 'for address in $ALL_BCASTS; do';
@@ -1177,17 +1174,17 @@ sub dropBcast( $$$$ ) {
 
 	incr_cmd_level $chainref;
 	log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d $address ' if $level ne '';
-	add_jump $chainref, $target, 0, "-d \$address ";
+	add_ijump $chainref, j => $target, d => '$address';
 	decr_cmd_level $chainref;
 	add_commands $chainref, 'done';
     }
 
     if ( $family == F_IPV4 ) {
 	log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
-	add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
+	add_ijump $chainref, j => $target, d => '224.0.0.0/4';
     } else {
 	log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST . ' ' ) if $level ne '';
-	add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
+	add_ijump $chainref, j => $target, d => IPv6_MULTICAST;
     }
 }
 
@@ -1199,14 +1196,10 @@ sub allowBcast( $$$$ ) {
     if ( $family == F_IPV4 && have_capability( 'ADDRTYPE' ) ) {
 	if ( $level ne '' ) {
 	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
-	    if ( $family == F_IPV4 ) {
-		log_rule_limit $level, $chainref, 'dropBcast' , 'ACCECT', '', $tag, 'add', ' -d 224.0.0.0/4 ';
-	    } else {
-		log_rule_limit $level, $chainref, 'dropBcast' , 'ACCEPT', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST . ' ' );
-	    }
+	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ';
 	}
 
-	add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
+	add_ijump $chainref, j => $target, addrtype => '--dst-type BROADCAST';
     } else {
 	if ( $family == F_IPV4 ) {
 	    add_commands $chainref, 'for address in $ALL_BCASTS; do';
@@ -1216,17 +1209,17 @@ sub allowBcast( $$$$ ) {
 
 	incr_cmd_level $chainref;
 	log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d $address ' if $level ne '';
-	add_rule $chainref, "-d \$address -j $target";
+	add_ijump $chainref, j => $target, d => '$address';
 	decr_cmd_level $chainref;
 	add_commands $chainref, 'done';
     }
 
     if ( $family == F_IPV4 ) {
 	log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
-	add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
+	add_ijump $chainref, j => $target, d => '224.0.0.0/4';
     } else {
 	log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ' . IPv6_MULTICAST . ' ' if $level ne '';
-	add_jump $chainref, $target, 0, join ( ' ', '-d', IPv6_MULTICAST . ' ' );
+	add_ijump $chainref, j => $target, d => IPv6_MULTICAST;
     }
 }
 
@@ -1236,7 +1229,7 @@ sub dropNotSyn ( $$$$ ) {
     my $target = require_audit( 'DROP', $audit );
 
     log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
-    add_jump $chainref , $target, 0, "-p 6 ! --syn ";
+    add_ijump $chainref , j => $target, p => '6 ! --syn';
 }
 
 sub rejNotSyn ( $$$$ ) {
@@ -1249,7 +1242,7 @@ sub rejNotSyn ( $$$$ ) {
     }
 
     log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
-    add_jump $chainref , $target, 0, '-p 6 ! --syn ';
+    add_ijump $chainref , j => $target, p => '6 ! --syn';
 }
 
 sub dropInvalid ( $$$$ ) {
@@ -1258,7 +1251,7 @@ sub dropInvalid ( $$$$ ) {
     my $target = require_audit( 'DROP', $audit );
 
     log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
-    add_jump $chainref , $target, 0, "$globals{STATEMATCH} INVALID ";
+    add_ijump $chainref , j => $target, state_imatch 'INVALID';
 }
 
 sub allowInvalid ( $$$$ ) {
@@ -1267,7 +1260,7 @@ sub allowInvalid ( $$$$ ) {
     my $target = require_audit( 'ACCEPT', $audit );
 
     log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
-    add_rule $chainref , "$globals{STATEMATCH} INVALID -j $target";
+    add_ijump $chainref , j => $target, state_imatch 'INVALID';
 }
 
 sub forwardUPnP ( $$$$ ) {
@@ -1286,8 +1279,8 @@ sub allowinUPnP ( $$$$ ) {
 	log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p 6 --dport 49152 ';
     }
 
-    add_jump $chainref, $target, 0, '-p 17 --dport 1900 ';
-    add_jump $chainref, $target, 0, '-p 6 --dport 49152 ';
+    add_ijump $chainref, j => $target, p => '17 --dport 1900';
+    add_ijump $chainref, j => $target, p => '6 --dport 49152';
 }
 
 sub Limit( $$$$ ) {
@@ -1314,18 +1307,18 @@ sub Limit( $$$$ ) {
 
     require_capability( 'RECENT_MATCH' , 'Limit rules' , '' );
 
-    add_rule $chainref, "-m recent --name $set --set";
+    add_irule $chainref, recent => "--name $set --set";
 
     if ( $level ne '' ) {
 	my $xchainref = new_chain 'filter' , "$chainref->{name}%";
 	log_rule_limit $level, $xchainref, $param[0], 'DROP', '', $tag, 'add', '';
-	add_rule $xchainref, '-j DROP';
-	add_jump $chainref,  $xchainref, 0, "-m recent --name $set --update --seconds $param[2] --hitcount $count ";
+	add_ijump $xchainref, j => 'DROP';
+	add_ijump $chainref,  j => $xchainref, recent => "--name $set --update --seconds $param[2] --hitcount $count";
     } else {
-	add_rule $chainref, "-m recent --update --name $set --seconds $param[2] --hitcount $count -j DROP";
+	add_ijump $chainref, j => 'DROP', recent => "--update --name $set --seconds $param[2] --hitcount $count";
     }
 
-    add_rule $chainref, '-j ACCEPT';
+    add_ijump $chainref, j => 'ACCEPT';
 }
 
 my %builtinops = ( 'dropBcast'      => \&dropBcast,
@@ -2129,7 +2122,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
 		    # Static NAT is defined on this interface
 		    #
 		    $chn = new_chain( 'nat', newnonatchain ) unless $chn;
-		    add_jump $chn, $nat_table->{$ichain}, 0, @interfaces > 1 ? match_source_dev( $_ )  : '';
+		    add_ijump $chn, j => $nat_table->{$ichain}, @interfaces > 1 ? imatch_source_dev( $_ )  : ();
 		}
 	    }
 

Shorewall/Perl/Shorewall/Tc.pm

@@ -40,7 +40,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_tc );
 our @EXPORT_OK = qw( process_tc_rule initialize );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 my  %tcs = ( T => { chain  => 'tcpost',
 		    connmark => 0,
@@ -111,8 +111,6 @@ my  %tosoptions = ( 'tos-minimize-delay'       => '0x10/0x10' ,
 		    'tos-normal-service'       => '0x00/0x1e' );
 my  %classids;
 
-my  @deferred_rules;
-
 #
 # Perl version of Arn Bernin's 'tc4shorewall'.
 #
@@ -182,7 +180,6 @@ my $family;
 sub initialize( $ ) {
     $family   = shift;
     %classids = ();
-    @deferred_rules = ();
     @tcdevices = ();
     %tcdevices = ();
     @tcclasses = ();
@@ -1402,8 +1399,16 @@ sub setup_simple_traffic_shaping() {
 	clear_comment;
 
 	if ( $ipp2p ) {
-	    insert_rule1 $mangle_table->{tcpost} , 0 , '-m mark --mark 0/'   . in_hex( $globals{TC_MASK} ) . ' -j CONNMARK --restore-mark --ctmask ' . in_hex( $globals{TC_MASK} );
-	    add_rule     $mangle_table->{tcpost} ,     '-m mark ! --mark 0/' . in_hex( $globals{TC_MASK} ) . ' -j CONNMARK --save-mark --ctmask '    . in_hex( $globals{TC_MASK} );
+	    insert_irule( $mangle_table->{tcpost} ,
+			  j => 'CONNMARK --restore-mark --ctmask ' . in_hex( $globals{TC_MASK} ) ,
+			  0 ,
+			  mark => '--mark 0/'   . in_hex( $globals{TC_MASK} )
+			);
+
+	    add_ijump( $mangle_table->{tcpost} ,
+		       j    => 'CONNMARK --save-mark --ctmask '    . in_hex( $globals{TC_MASK} ),
+		       mark => '! --mark 0/' . in_hex( $globals{TC_MASK} ) 
+		     );
 	}
     }
 }
@@ -1687,31 +1692,31 @@ sub setup_tc() {
 	    ensure_mangle_chain 'tcin';
 	}
 
-	my $mark_part = '';
+	my @mark_part;
 
 	if ( @routemarked_interfaces && ! $config{TC_EXPERT} ) {
-	    $mark_part = '-m mark --mark 0/' . in_hex( $globals{PROVIDER_MASK} ) . ' ';
+	    @mark_part = ( mark => '--mark 0/' . in_hex( $globals{PROVIDER_MASK} ) );
 
 	    unless ( $config{TRACK_PROVIDERS} ) {
 		#
 		# This is overloading TRACK_PROVIDERS a bit but sending tracked packets through PREROUTING is a PITA for users
 		#
 		for my $interface ( @routemarked_interfaces ) {
-		    add_jump $mangle_table->{PREROUTING} , 'tcpre', 0, match_source_dev( $interface );
+		    add_ijump $mangle_table->{PREROUTING} , j => 'tcpre', imatch_source_dev( $interface );
 		}
 	    }
 	}
 
-	add_jump $mangle_table->{PREROUTING} , 'tcpre', 0, $mark_part;
-	add_jump $mangle_table->{OUTPUT} ,     'tcout', 0, $mark_part;
+	add_ijump $mangle_table->{PREROUTING} , j => 'tcpre', @mark_part;
+	add_ijump $mangle_table->{OUTPUT} ,     j => 'tcout', @mark_part;
 
 	if ( have_capability( 'MANGLE_FORWARD' ) ) {
 	    my $mask = have_capability 'EXMARK' ? have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : '' : '';
 
-	    add_rule( $mangle_table->{FORWARD},     "-j MARK --set-mark 0${mask}" ) if $config{FORWARD_CLEAR_MARK};
-	    add_jump $mangle_table->{FORWARD} ,     'tcfor',  0;
-	    add_jump $mangle_table->{POSTROUTING} , 'tcpost', 0;
-	    add_jump $mangle_table->{INPUT} ,       'tcin' ,  0;
+	    add_ijump $mangle_table->{FORWARD},      j => "MARK --set-mark 0${mask}" if $config{FORWARD_CLEAR_MARK};
+	    add_ijump $mangle_table->{FORWARD} ,     j => 'tcfor';
+	    add_ijump $mangle_table->{POSTROUTING} , j => 'tcpost';
+	    add_ijump $mangle_table->{INPUT} ,       j => 'tcin';
 	}
     }
 
@@ -1792,8 +1797,6 @@ sub setup_tc() {
 	    clear_comment;
 	}
 
-	add_rule ensure_chain( 'mangle' , 'tcpost' ), $_ for @deferred_rules;
-
 	handle_stickiness( $sticky );
     }
 }

Shorewall/Perl/Shorewall/Tunnels.pm

@@ -35,7 +35,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_tunnels );
 our @EXPORT_OK = ( );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 #
 # Here starts the tunnel stuff -- we really should get rid of this crap...
@@ -62,22 +62,22 @@ sub setup_tunnels() {
 	    }
 	}
 
-	my $options = $globals{UNTRACKED} ? "-m state --state NEW,UNTRACKED -j ACCEPT" : "$globals{STATEMATCH} NEW -j ACCEPT";
+	my @options = $globals{UNTRACKED} ? state_imatch 'NEW,UNTRACKED' : state_imatch 'NEW';
 
-	add_tunnel_rule $inchainref,  "-p 50 $source -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p 50 $dest   -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => 50, @$source;
+	add_tunnel_rule $outchainref, p => 50, @$dest;
 
 	unless ( $noah ) {
-	    add_tunnel_rule $inchainref,  "-p 51 $source -j ACCEPT";
-	    add_tunnel_rule $outchainref, "-p 51 $dest   -j ACCEPT";
+	    add_tunnel_rule $inchainref,  p => 51, @$source;
+	    add_tunnel_rule $outchainref, p => 51, @$dest;
 	}
 
 	if ( $kind eq 'ipsec' ) {
-	    add_tunnel_rule $inchainref,  "-p udp $source --dport 500 $options";
-	    add_tunnel_rule $outchainref, "-p udp $dest   --dport 500 $options";
+	    add_tunnel_rule $inchainref,  p => 'udp --dport 500', @$source, @options;
+	    add_tunnel_rule $outchainref, p => 'udp --dport 500', @$dest,   @options;
 	} else {
-	    add_tunnel_rule $inchainref,  "-p udp $source -m multiport --dports 500,4500 $options";
-	    add_tunnel_rule $outchainref, "-p udp $dest   -m multiport --dports 500,4500 $options";
+	    add_tunnel_rule $inchainref,  p => 'udp', @$source, multiport => '--dports 500,4500', @options;
+	    add_tunnel_rule $outchainref, p => 'udp', @$dest,   multiport => '--dports 500,4500', @options;
 	}
 
 	unless ( $gatewayzones eq '-' ) {
@@ -88,21 +88,21 @@ sub setup_tunnels() {
 		$outchainref = ensure_rules_chain( rules_chain( ${fw}, ${zone} ) );
 
 		unless ( have_ipsec ) {
-		    add_tunnel_rule $inchainref,  "-p 50 $source -j ACCEPT";
-		    add_tunnel_rule $outchainref, "-p 50 $dest -j ACCEPT";
+		    add_tunnel_rule $inchainref,  p => 50, @$source;
+		    add_tunnel_rule $outchainref, p => 50, @$dest;
 
 		    unless ( $noah ) {
-			add_tunnel_rule $inchainref,  "-p 51 $source -j ACCEPT";
-			add_tunnel_rule $outchainref, "-p 51 $dest -j ACCEPT";
+			add_tunnel_rule $inchainref,  p => 51, @$source;
+			add_tunnel_rule $outchainref, p => 51, @$dest;
 		    }
 		}
 
 		if ( $kind eq 'ipsec' ) {
-		    add_tunnel_rule $inchainref,  "-p udp $source --dport 500 $options";
-		    add_tunnel_rule $outchainref, "-p udp $dest --dport 500 $options";
+		    add_tunnel_rule $inchainref,  p => 'udp --dport 500', @$source, @options;
+		    add_tunnel_rule $outchainref, p => 'udp --dport 500', @$dest,   @options;
 		} else {
-		    add_tunnel_rule $inchainref,  "-p udp $source -m multiport --dports 500,4500 $options";
-		    add_tunnel_rule $outchainref, "-p udp $dest -m multiport --dports 500,4500 $options";
+		    add_tunnel_rule $inchainref,  p => 'udp', @$source, multiport => '--dports 500,4500', @options;
+		    add_tunnel_rule $outchainref, p => 'udp', @$dest,   multiport => '--dports 500,4500', @options;
 		}
 	    }
 	}
@@ -111,24 +111,24 @@ sub setup_tunnels() {
     sub setup_one_other {
 	my ($inchainref, $outchainref, $source, $dest , $protocol) = @_;
 
-	add_tunnel_rule $inchainref ,  "-p $protocol $source -j ACCEPT";
-	add_tunnel_rule $outchainref , "-p $protocol $dest -j ACCEPT";
+	add_tunnel_rule $inchainref ,  p => $protocol, @$source;
+	add_tunnel_rule $outchainref , p => $protocol, @$dest;
     }
 
     sub setup_pptp_client {
 	my ($inchainref, $outchainref, $kind, $source, $dest ) = @_;
 
-	add_tunnel_rule $outchainref,  "-p 47 $dest -j ACCEPT";
-	add_tunnel_rule $inchainref,   "-p 47 $source -j ACCEPT";
-	add_tunnel_rule $outchainref,  "-p tcp --dport 1723 $dest -j ACCEPT"
-	}
+	add_tunnel_rule $outchainref,  p => 47, @$dest;
+	add_tunnel_rule $inchainref,   p => 47, @$source;
+	add_tunnel_rule $outchainref,  p => 'tcp --dport 1723', @$dest;
+    }
 
     sub setup_pptp_server {
 	my ($inchainref, $outchainref, $kind, $source, $dest ) = @_;
 
-	add_tunnel_rule $inchainref,  "-p 47 $dest -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p 47 $source -j ACCEPT";
-	add_tunnel_rule $inchainref,  "-p tcp --dport 1723 $dest -j ACCEPT"
+	add_tunnel_rule $inchainref,  p => 47, @$dest;
+	add_tunnel_rule $outchainref, p => 47, @$source;
+	add_tunnel_rule $inchainref,  p => 'tcp --dport 1723', @$dest
 	}
 
     sub setup_one_openvpn {
@@ -152,8 +152,8 @@ sub setup_tunnels() {
 	    }
 	}
 
-	add_tunnel_rule $inchainref,  "-p $protocol $source --dport $port -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p $protocol $dest --dport $port -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => "$protocol --dport $port", @$source;
+	add_tunnel_rule $outchainref, p => "$protocol --dport $port", @$dest;;
     }
 
     sub setup_one_openvpn_client {
@@ -177,8 +177,8 @@ sub setup_tunnels() {
 	    }
 	}
 
-	add_tunnel_rule $inchainref,  "-p $protocol $source --sport $port -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p $protocol $dest --dport $port -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => "$protocol --sport $port", @$source;
+	add_tunnel_rule $outchainref, p => "$protocol --dport $port", @$dest;
     }
 
     sub setup_one_openvpn_server {
@@ -202,8 +202,8 @@ sub setup_tunnels() {
 	    }
 	}
 
-	add_tunnel_rule $inchainref,  "-p $protocol $source --dport $port -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p $protocol $dest --sport $port -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => "$protocol --dport $port" , @$source;
+	add_tunnel_rule $outchainref, p => "$protocol --sport $port",  @$dest;
     }
 
     sub setup_one_l2tp {
@@ -211,8 +211,8 @@ sub setup_tunnels() {
 
 	fatal_error "Unknown option ($1)" if $kind =~ /^.*?:(.*)$/;
 
-	add_tunnel_rule $inchainref,  "-p udp $source --sport 1701 --dport 1701 -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p udp $dest   --sport 1701 --dport 1701 -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => 'udp --sport 1701 --dport 1701', @$source;
+	add_tunnel_rule $outchainref, p => 'udp --sport 1701 --dport 1701', @$dest;
     }
 
     sub setup_one_generic {
@@ -229,8 +229,8 @@ sub setup_tunnels() {
 	    ( $kind, $protocol ) = split /:/ , $kind if $kind =~ /.*:.*/;
 	}
 
-	add_tunnel_rule $inchainref,  "-p $protocol $source $port -j ACCEPT";
-	add_tunnel_rule $outchainref, "-p $protocol $dest $port -j ACCEPT";
+	add_tunnel_rule $inchainref,  p => "$protocol $port", @$source;
+	add_tunnel_rule $outchainref, p => "$protocol $port", @$dest;
     }
 
     sub setup_one_tunnel($$$$) {
@@ -245,21 +245,21 @@ sub setup_tunnels() {
 
 	$gateway = ALLIP if $gateway eq '-';
 
-	my $source = match_source_net $gateway;
-	my $dest   = match_dest_net   $gateway;
+	my @source = imatch_source_net $gateway;
+	my @dest   = imatch_dest_net   $gateway;
 
-	my %tunneltypes = ( 'ipsec'         => { function => \&setup_one_ipsec ,         params   => [ $kind, $source, $dest , $gatewayzones ] } ,
-			    'ipsecnat'      => { function => \&setup_one_ipsec ,         params   => [ $kind, $source, $dest , $gatewayzones ] } ,
-			    'ipip'          => { function => \&setup_one_other,          params   => [ $source, $dest , 4 ] } ,
-			    'gre'           => { function => \&setup_one_other,          params   => [ $source, $dest , 47 ] } ,
-			    '6to4'          => { function => \&setup_one_other,          params   => [ $source, $dest , 41 ] } ,
-			    'pptpclient'    => { function => \&setup_pptp_client,        params   => [ $kind, $source, $dest ] } ,
-			    'pptpserver'    => { function => \&setup_pptp_server,        params   => [ $kind, $source, $dest ] } ,
-			    'openvpn'       => { function => \&setup_one_openvpn,        params   => [ $kind, $source, $dest ] } ,
-			    'openvpnclient' => { function => \&setup_one_openvpn_client, params   => [ $kind, $source, $dest ] } ,
-			    'openvpnserver' => { function => \&setup_one_openvpn_server, params   => [ $kind, $source, $dest ] } ,
-			    'l2tp'          => { function => \&setup_one_l2tp ,          params   => [ $kind, $source, $dest ] } ,
-			    'generic'       => { function => \&setup_one_generic ,       params   => [ $kind, $source, $dest ] } ,
+	my %tunneltypes = ( 'ipsec'         => { function => \&setup_one_ipsec ,         params   => [ $kind, \@source, \@dest , $gatewayzones ] } ,
+			    'ipsecnat'      => { function => \&setup_one_ipsec ,         params   => [ $kind, \@source, \@dest , $gatewayzones ] } ,
+			    'ipip'          => { function => \&setup_one_other,          params   => [ \@source, \@dest , 4 ] } ,
+			    'gre'           => { function => \&setup_one_other,          params   => [ \@source, \@dest , 47 ] } ,
+			    '6to4'          => { function => \&setup_one_other,          params   => [ \@source, \@dest , 41 ] } ,
+			    'pptpclient'    => { function => \&setup_pptp_client,        params   => [ $kind, \@source, \@dest ] } ,
+			    'pptpserver'    => { function => \&setup_pptp_server,        params   => [ $kind, \@source, \@dest ] } ,
+			    'openvpn'       => { function => \&setup_one_openvpn,        params   => [ $kind, \@source, \@dest ] } ,
+			    'openvpnclient' => { function => \&setup_one_openvpn_client, params   => [ $kind, \@source, \@dest ] } ,
+			    'openvpnserver' => { function => \&setup_one_openvpn_server, params   => [ $kind, \@source, \@dest ] } ,
+			    'l2tp'          => { function => \&setup_one_l2tp ,          params   => [ $kind, \@source, \@dest ] } ,
+			    'generic'       => { function => \&setup_one_generic ,       params   => [ $kind, \@source, \@dest ] } ,
 			  );
 
 	$kind = "\L$kind";

Shorewall/Perl/Shorewall/Zones.pm

@@ -85,7 +85,7 @@ our @EXPORT = qw( NOTHING
 		 );
 
 our @EXPORT_OK = qw( initialize );
-our $VERSION = '4.4_21';
+our $VERSION = 'MODULEVERSION';
 
 #
 # IPSEC Option types
@@ -890,7 +890,7 @@ sub process_interface( $$ ) {
     if ( supplied $port ) {
 	fatal_error qq("Virtual" interfaces are not supported -- see http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html) if $port =~ /^\d+$/;
 	require_capability( 'PHYSDEV_MATCH', 'Bridge Ports', '');
-	fatal_error "Your iptables is not recent enough to support bridge ports" unless have_capability( 'KLUDGEFREE' );
+	fatal_error "Your iptables is not recent enough to support bridge ports" unless $globals{KLUDGEFREE};
 
 	fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
 	fatal_error "Duplicate Interface ($port)" if $interfaces{$port};

Shorewall/action.Broadcast

@@ -0,0 +1,71 @@
+#
+# Shorewall 4 - Broadcast Action
+#
+#    /usr/share/shorewall/action.Broadcast
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#   Broadcast[([<action>|-[,{audit|-}])] 
+#
+#       Default action is DROP
+#
+##########################################################################################
+FORMAT 2
+
+DEFAULTS DROP,-
+
+BEGIN PERL;
+
+use Shorewall::IPAddrs;
+use Shorewall::Config;
+use Shorewall::Chains;
+
+my $chainref           = get_action_chain;
+my ( $action, $audit ) = get_action_params( 2 );
+my ( $level, $tag )    = get_action_logging;
+my $target             = require_audit ( $action , $audit );
+
+fatal_error "Invalid parameter to action Broadcast"   if supplied $audit && $audit ne 'audit';
+
+if ( have_capability( 'ADDRTYPE' ) ) {
+    if ( $level ne '' ) {
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type MULTICAST ';
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type ANYCAST ';
+    }	
+
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type BROADCAST ';
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type MULTICAST ';
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type ANYCAST ';
+} else {
+    add_commands $chainref, 'for address in $ALL_BCASTS; do';
+    incr_cmd_level $chainref;
+    log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d $address ' if $level ne '';
+    add_jump $chainref, $target, 0, "-d \$address ";
+    decr_cmd_level $chainref;
+    add_commands $chainref, 'done';
+}
+    
+log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
+add_jump $chainref, $target, 0, '-d 224.0.0.0/4 ';
+
+1;
+
+END PERL;

Shorewall/action.Drop

@@ -70,7 +70,7 @@ Auth($2)
 #
 # Don't log broadcasts
 #
-dropBcast($1)
+Broadcast(DROP,$1)
 #
 # ACCEPT critical ICMP types
 #
@@ -79,7 +79,7 @@ AllowICMPs($4)	-	-	icmp
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
-dropInvalid($1)
+Invalid(DROP,$1)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
@@ -88,7 +88,7 @@ DropUPnP($5)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
-dropNotSyn($1)	-	-	tcp
+NotSyn(DROP,$1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.

Shorewall/action.Invalid

@@ -0,0 +1,54 @@
+#
+# Shorewall 4 - Invalid Action
+#
+#    /usr/share/shorewall/action.Invalid
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#   Invalid[([<action>|-[,{audit|-}])] 
+#
+#       Default action is DROP
+#
+##########################################################################################
+FORMAT 2
+
+DEFAULTS DROP,-
+
+BEGIN PERL;
+
+use Shorewall::IPAddrs;
+use Shorewall::Config;
+use Shorewall::Chains;
+
+my $chainref         = get_action_chain;
+my ( $action, $audit ) = get_action_params( 2 );
+my ( $level, $tag )  = get_action_logging;
+my $target           = require_audit ( $action , $audit );
+
+fatal_error "Invalid parameter to action Invalid"   if supplied $audit && $audit ne 'audit';
+
+log_rule_limit $level, $chainref, 'Invalid' , $action, '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
+add_jump $chainref , $target, 0, "$globals{STATEMATCH} INVALID ";
+
+$chainref->{dont_optimize} = 0;
+
+1;
+
+END PERL;

Shorewall/action.NotSyn

@@ -0,0 +1,54 @@
+#
+# Shorewall 4 - NotSyn Action
+#
+#    /usr/share/shorewall/action.NotSyn
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#   NotSyn[([<action>|-[,{audit|-}])] 
+#
+#       Default action is DROP
+#
+##########################################################################################
+FORMAT 2
+
+DEFAULTS DROP,-
+
+BEGIN PERL;
+
+use Shorewall::IPAddrs;
+use Shorewall::Config;
+use Shorewall::Chains;
+
+my $chainref         = get_action_chain;
+my ( $action, $audit ) = get_action_params( 2 );
+my ( $level, $tag )  = get_action_logging;
+my $target           = require_audit ( $action , $audit );
+
+fatal_error "Invalid parameter to action NotSyn"   if supplied $audit && $audit ne 'audit';
+
+log_rule_limit $level, $chainref, 'NotSyn' , $action, '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
+add_jump $chainref , $target, 0, '-p 6 ! --syn ';
+
+$chainref->{dont_optimize} = 0;
+
+1;
+
+END PERL;

Shorewall/action.Reject

@@ -67,7 +67,7 @@ Auth($2)
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
-dropBcast($1)
+Broadcast(DROP,$1)
 #
 # ACCEPT critical ICMP types
 #
@@ -77,7 +77,7 @@ AllowICMPs($4)	-	-	icmp
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
-dropInvalid($1)
+Invalid(DROP,$1)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
@@ -86,7 +86,7 @@ DropUPnP($5)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
-dropNotSyn($1)	-	-	tcp
+NotSyn(DROP,$1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.

Shorewall/actions.std

@@ -35,5 +35,8 @@
 #ACTION
 A_Drop 		    # Audited Default Action for DROP policy
 A_Reject	    # Audited Default action for REJECT policy
+Broadcast	    # Handles Broadcast/Multicast/Anycast
 Drop		    # Default Action for DROP policy
+Invalid             # Handles packets in the INVALID conntrack state
+NotSyn              # Handles TCP packets which do not have SYN=1 and ACK=0
 Reject		    # Default Action for REJECT policy

Shorewall/known_problems.txt

@@ -1,26 +0,0 @@
-1)  On systems running Upstart, shorewall-init cannot reliably secure
-    the firewall before interfaces are brought up.
-
-2)  A harmless 'unitialized variable' diagnostic is issued by the 
-    compiler when it is displaying the capabilities.
-
-    Corrected in Shorewall 4.4.21.
-
-3)  As the result of a typo, an orphan filter chain named FORWAR can
-    be created under rare circumstances. This chain is deleted by
-    OPTIMIZE level 4.
-
-    Corrected in Shorewall 4.4.21.
-
-4)  The SNAT options --persistent and --randomize (/etc/shorewall/masq)
-    generate invalid iptables input.
-
-    Corrected in Shorewall 4.4.21.
-
-5)  The LOGMARK log level was generated invalid iptables  input making
-    it unusable.
-
-    Corrected in Shorewall 4.4.21.
-
-
-

Shorewall/shorewall.spec

@@ -1,538 +0,0 @@
-%define name shorewall
-%define version 4.4.21
-%define release 1
-
-Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root1
-Requires: iptables iproute perl
-Provides: shoreline_firewall = %{version}-%{release}
-Obsoletes: shorewall-common shorewall-perl shorewall-shell
-
-%description
-
-The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
-(iptables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-%prep
-
-%setup
-
-%build
-
-%install
-export DESTDIR=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-
-if [ $1 -eq 1 ]; then
-	if [ -x /sbin/insserv ]; then
-		/sbin/insserv /etc/rc.d/shorewall
-	elif [ -x /sbin/chkconfig ]; then
-		/sbin/chkconfig --add shorewall;
-	fi
-fi
-
-%preun
-
-if [ $1 = 0 ]; then
-	if [ -x /sbin/insserv ]; then
-		/sbin/insserv -r /etc/init.d/shorewall
-	elif [ -x /sbin/chkconfig ]; then
-		/sbin/chkconfig --del shorewall
-	fi
-
-	rm -f /etc/shorewall/startup_disabled
-
-fi
-
-%triggerpostun  -- shorewall-common < 4.4.0
-
-if [ -x /sbin/insserv ]; then
-    /sbin/insserv /etc/rc.d/shorewall
-elif [ -x /sbin/chkconfig ]; then
-    /sbin/chkconfig --add shorewall;
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0544,root,root) /etc/init.d/shorewall
-%attr(0755,root,root) %dir /etc/shorewall
-%attr(0755,root,root) %dir /usr/share/shorewall
-%attr(0755,root,root) %dir /usr/share/shorewall/configfiles
-%attr(0700,root,root) %dir /var/lib/shorewall
-%attr(0644,root,root) %config(noreplace) /etc/shorewall/*
-
-%attr(0644,root,root) /etc/logrotate.d/shorewall
-
-%attr(0755,root,root) /sbin/shorewall
-
-%attr(0644,root,root) /usr/share/shorewall/version
-%attr(0644,root,root) /usr/share/shorewall/actions.std
-%attr(0644,root,root) /usr/share/shorewall/action.Drop
-%attr(0644,root,root) /usr/share/shorewall/action.A_Drop
-%attr(0644,root,root) /usr/share/shorewall/action.Reject
-%attr(0644,root,root) /usr/share/shorewall/action.A_Reject
-%attr(0644,root,root) /usr/share/shorewall/action.template
-%attr(-   ,root,root) /usr/share/shorewall/functions
-%attr(0644,root,root) /usr/share/shorewall/lib.base
-%attr(0644,root,root) /usr/share/shorewall/lib.cli
-%attr(0644,root,root) /usr/share/shorewall/lib.common
-%attr(0644,root,root) /usr/share/shorewall/macro.*
-%attr(0644,root,root) /usr/share/shorewall/modules*
-%attr(0644,root,root) /usr/share/shorewall/helpers
-%attr(0644,root,root) /usr/share/shorewall/configpath
-%attr(0755,root,root) /usr/share/shorewall/wait4ifup
-
-%attr(755,root,root) /usr/share/shorewall/compiler.pl
-%attr(755,root,root) /usr/share/shorewall/getparams
-%attr(0644,root,root) /usr/share/shorewall/prog.*
-%attr(0644,root,root) /usr/share/shorewall/Shorewall/*.pm
-
-%attr(0644,root,root) /usr/share/shorewall/configfiles/*
-
-%attr(0644,root,root) %{_mandir}/man5/*
-%attr(0644,root,root) %{_mandir}/man8/*
-
-%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
-
-%changelog
-* Mon Jul 11 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-1
-* Wed Jul 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0base
-* Mon Jul 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC3
-* Sun Jul 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC2
-* Thu Jun 23 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC1
-* Sun Jun 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta3
-* Sat Jun 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta2
-* Tue Jun 07 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta1
-* Mon Jun 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-1
-* Tue May 31 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0base
-* Fri May 27 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0RC1
-* Tue May 24 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta5
-* Sun May 22 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta4
-* Thu May 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta3
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta2
-* Fri Apr 15 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta1
-* Wed Apr 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-1
-* Sat Apr 09 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0base
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0RC1
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta5
-* Sat Apr 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta4
-* Sat Mar 26 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta3
-* Sat Mar 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta1
-* Wed Mar 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0base
-* Mon Feb 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0RC1
-* Sun Feb 20 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta4
-* Sat Feb 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta3
-* Sun Feb 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta2
-* Sat Feb 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta1
-* Fri Feb 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0base
-* Sun Jan 30 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0RC1
-* Fri Jan 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta3
-* Wed Jan 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta2
-* Sat Jan 08 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta1
-* Mon Jan 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0base
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0RC1
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta8
-* Sun Dec 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta7
-* Mon Dec 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta6
-* Fri Dec 10 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta5
-* Sat Dec 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta4
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta3
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta2
-* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta1
-* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0base
-* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0RC1
-* Mon Nov 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta2
-* Sun Nov 14 2010 Tom Eastep tom@shorewall.net
-- Added getparams to installed files
-* Sat Oct 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta1
-* Sat Oct 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0base
-* Wed Oct 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0RC1
-* Fri Oct 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta4
-* Sun Sep 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta3
-* Thu Sep 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta2
-* Tue Sep 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta6
-* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta5
-* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta4
-* Mon Aug 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta3
-* Wed Aug 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta2
-* Wed Aug 18 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta1
-* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0base
-* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0RC1
-* Sun Aug 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta4
-* Sat Jul 31 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta3
-* Sun Jul 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta2
-* Wed Jul 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta1
-* Fri Jul 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0base
-* Mon Jul 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0RC1
-* Sat Jul 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta3
-* Thu Jul 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta2
-* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta1
-* Sat Jun 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0base
-* Fri Jun 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC2
-* Thu May 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC1
-* Wed May 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta4
-* Tue May 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta3
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta1
-* Mon May 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0base
-* Sun May 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC2
-* Sun Apr 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC1
-* Sat Apr 24 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta5
-* Fri Apr 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta4
-* Fri Apr 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta3
-* Thu Apr 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta2
-* Sat Mar 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta1
-* Fri Mar 19 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0base
-* Tue Mar 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC2
-* Mon Mar 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC1
-* Sun Feb 28 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta2
-* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta1
-* Fri Feb 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0base
-* Tue Feb 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC2
-* Wed Jan 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC1
-* Mon Jan 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta4
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta3
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta2
-* Thu Jan 21 2010 Tom Eastep tom@shorewall.net
-- Add /usr/share/shorewall/helpers
-* Sun Jan 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta1
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0base
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0Beta1
-* Thu Dec 24 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.5-0base
-* Sat Nov 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0base
-* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta2
-* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta1
-* Tue Nov 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.3-0base
-* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.1-0base
-* Sun Aug 09 2009 Tom Eastep tom@shorewall.net
-- Made Perl a dependency
-* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0base
-* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC2
-* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC1
-* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta4
-* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta3
-* Mon Jun 15 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta2
-* Fri Jun 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta1
-* Sun Jun 07 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.13-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.12-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
-- Remove 'rfc1918' file
-* Sun May 10 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.11-0base
-* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.10-0base
-* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.9-0base
-* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.8-0base
-* Sun Mar 01 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.7-0base
-* Fri Feb 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.6-0base
-* Sun Feb 22 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.5-0base
-* Sat Feb 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.7-0base
-* Thu Feb 05 2009 Tom Eastep tom@shorewall.net
-- Add 'restored' script
-* Wed Feb 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Fri Jan 30 2009 Tom Eastep tom@shorewall.net
-- Added swping files to the doc directory
-* Thu Jan 29 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Tue Jan 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.5-0base
-* Thu Dec 25 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0base
-* Sun Dec 21 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC2
-* Wed Dec 17 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC1
-* Tue Dec 16 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.4-0base
-* Sat Dec 13 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.3-0base
-* Fri Dec 12 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.2-0base
-* Thu Dec 11 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.1-0base
-* Thu Dec 11 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.1-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.0-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 2.3.0-0base
-* Fri Dec 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.3-0base
-* Wed Nov 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.2-0base
-* Wed Oct 08 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.1-0base
-* Fri Oct 03 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0base
-* Tue Sep 23 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC4
-* Mon Sep 15 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC3
-* Mon Sep 08 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC2
-* Tue Aug 19 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0RC1
-* Thu Jul 03 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta3
-* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta2
-* Wed May 07 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.0-0Beta1
-* Mon Apr 28 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.8-0base
-* Mon Mar 24 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.7-0base
-* Thu Mar 13 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.6-0base
-* Tue Feb 05 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.5-0base
-* Fri Jan 04 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.1.4-0base
-* Wed Dec 12 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.3-0base
-* Fri Dec 07 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.3-1
-* Tue Nov 27 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.2-1
-* Wed Nov 21 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.1-1
-* Mon Nov 19 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.1.0-1
-* Thu Nov 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-1
-* Sat Nov 10 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC3
-* Wed Nov 07 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC2
-* Thu Oct 25 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.6-0RC1
-* Tue Oct 03 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.5-1
-* Wed Sep 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.4-1
-* Mon Aug 13 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.3-1
-* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.2-1
-* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.1-1
-* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-1
-* Sun Jul 08 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0RC2
-* Fri Jun 29 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0RC1
-* Sun Jun 24 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta7
-* Wed Jun 20 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta6
-* Thu Jun 14 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta5
-* Fri Jun 08 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta4
-* Tue Jun 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta3
-* Tue May 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 4.0.0-0Beta1
-* Fri May 11 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.7-1
-* Sat May 05 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.6-1
-* Mon Apr 30 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.5-1
-* Mon Apr 23 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.4-1
-* Wed Apr 18 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.3-1
-* Mon Apr 16 2007 Tom Eastep tom@shorewall.net
-- Moved lib.dynamiczones from Shorewall-shell
-* Sat Apr 14 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.2-1
-* Tue Apr 03 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.9.1-1
-* Thu Mar 24 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.2-1
-* Thu Mar 15 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.1-1
-* Sat Mar 10 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-1
-* Sun Feb 25 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC3
-* Sun Feb 04 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC2
-* Wed Jan 24 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0RC1
-* Mon Jan 22 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta3
-* Wed Jan 03 2007 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta2
-* Thu Dec 14 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.4.0-0Beta1
-* Sat Nov 25 2006 Tom Eastep tom@shorewall.net
-- Added shorewall-exclusion(5)
-- Updated to 3.3.6-1
-* Sun Nov 19 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.5-1
-* Sat Nov 18 2006 Tom Eastep tom@shorewall.net
-- Add Man Pages.
-* Sun Oct 29 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.4-1
-* Mon Oct 16 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.3-1
-* Sat Sep 30 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.2-1
-* Wed Aug 30 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.1-1
-* Sun Aug 27 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.3.0-1
-* Fri Aug 25 2006 Tom Eastep tom@shorewall.net
-- Updated to 3.2.3-1
-
-

Shorewall6-lite/shorewall6-lite.spec

@@ -1,376 +0,0 @@
-%define name shorewall6-lite
-%define version 4.4.21
-%define release 1
-
-Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: iptables iproute
-Provides: shoreline_firewall = %{version}-%{release}
-
-%description
-
-The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
-(ip6tables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-
-Shorewall6 Lite is a companion product to Shorewall6 that allows network
-administrators to centralize the configuration of Shorewall6-based firewalls.
-
-%prep
-
-%setup
-
-%build
-
-%install
-export DESTDIR=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%pre
-
-%post
-
-if [ $1 -eq 1 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv /etc/rc.d/shorewall6-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --add shorewall6-lite;
-    fi
-fi
-
-%preun
-
-if [ $1 -eq 0 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv -r /etc/init.d/shorewall6-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --del shorewall6-lite
-    fi
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0755,root,root) %dir /etc/shorewall6-lite
-%attr(0644,root,root) %config(noreplace) /etc/shorewall6-lite/shorewall6-lite.conf
-%attr(0644,root,root) /etc/shorewall6-lite/Makefile
-%attr(0544,root,root) /etc/init.d/shorewall6-lite
-%attr(0755,root,root) %dir /usr/share/shorewall6-lite
-%attr(0700,root,root) %dir /var/lib/shorewall6-lite
-
-%attr(0644,root,root) /etc/logrotate.d/shorewall6-lite
-
-%attr(0755,root,root) /sbin/shorewall6-lite
-
-%attr(0644,root,root) /usr/share/shorewall6-lite/version
-%attr(0644,root,root) /usr/share/shorewall6-lite/configpath
-%attr(-   ,root,root) /usr/share/shorewall6-lite/functions
-%attr(0644,root,root) /usr/share/shorewall6-lite/lib.base
-%attr(0644,root,root) /usr/share/shorewall6-lite/lib.cli
-%attr(0644,root,root) /usr/share/shorewall6-lite/lib.common
-%attr(0644,root,root) /usr/share/shorewall6-lite/modules*
-%attr(0644,root,root) /usr/share/shorewall6-lite/helpers
-%attr(0544,root,root) /usr/share/shorewall6-lite/shorecap
-%attr(0755,root,root) /usr/share/shorewall6-lite/wait4ifup
-
-%attr(0644,root,root) %{_mandir}/man5/shorewall6-lite.conf.5.gz
-%attr(0644,root,root) %{_mandir}/man5/shorewall6-lite-vardir.5.gz
-
-%attr(0644,root,root) %{_mandir}/man8/shorewall6-lite.8.gz
-
-%doc COPYING changelog.txt releasenotes.txt
-
-%changelog
-* Mon Jul 11 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-1
-* Wed Jul 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0base
-* Mon Jul 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC3
-* Sun Jul 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC2
-* Thu Jun 23 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC1
-* Sun Jun 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta3
-* Sat Jun 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta2
-* Tue Jun 07 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta1
-* Mon Jun 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-1
-* Tue May 31 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0base
-* Fri May 27 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0RC1
-* Tue May 24 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta5
-* Sun May 22 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta4
-* Thu May 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta3
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta2
-* Sat Apr 16 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta1
-* Wed Apr 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-1
-* Sat Apr 09 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0base
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0RC1
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta5
-* Sat Apr 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta4
-* Sat Mar 26 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta3
-* Sat Mar 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta1
-* Wed Mar 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0base
-* Mon Feb 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0RC1
-* Sun Feb 20 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta4
-* Sat Feb 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta3
-* Sun Feb 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta2
-* Sat Feb 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta1
-* Fri Feb 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0base
-* Sun Jan 30 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0RC1
-* Fri Jan 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta3
-* Wed Jan 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta2
-* Sat Jan 08 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta1
-* Mon Jan 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0base
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0RC1
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta8
-* Sun Dec 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta7
-* Mon Dec 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta6
-* Fri Dec 10 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta5
-* Sat Dec 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta4
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta3
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta2
-* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta1
-* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0base
-* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0RC1
-* Mon Nov 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta2
-* Sat Oct 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta1
-* Sat Oct 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0base
-* Wed Oct 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0RC1
-* Fri Oct 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta4
-* Sun Sep 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta3
-* Thu Sep 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta2
-* Tue Sep 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta6
-* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta5
-* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta4
-* Mon Aug 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta3
-* Wed Aug 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta2
-* Wed Aug 18 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta1
-* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0base
-* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0RC1
-* Sun Aug 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta4
-* Sat Jul 31 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta3
-* Sun Jul 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta2
-* Wed Jul 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta1
-* Fri Jul 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0base
-* Mon Jul 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0RC1
-* Sat Jul 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta3
-* Thu Jul 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta2
-* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta1
-* Sat Jun 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0base
-* Fri Jun 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC2
-* Thu May 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC1
-* Wed May 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta4
-* Tue May 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta3
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta1
-* Mon May 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0base
-* Sun May 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC2
-* Sun Apr 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC1
-* Sat Apr 24 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta5
-* Fri Apr 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta4
-* Fri Apr 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta3
-* Thu Apr 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta2
-* Sat Mar 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta1
-* Fri Mar 19 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0base
-* Tue Mar 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC2
-* Mon Mar 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC1
-* Sun Feb 28 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta2
-* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta1
-* Fri Feb 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0base
-* Tue Feb 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC2
-* Wed Jan 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC1
-* Mon Jan 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta4
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta3
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta2
-* Sun Jan 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta1
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0base
-* Tue Jan 12 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0Beta1
-* Thu Dec 24 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.5-0base
-* Sat Nov 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0base
-* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta2
-* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta1
-* Tue Nov 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.3-0base
-* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.1-0base
-* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0base
-* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC2
-* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC1
-* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta4
-* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta3
-* Mon Jun 15 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta2
-* Fri Jun 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta1
-* Sun Jun 07 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.13-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.12-0base
-* Sun May 10 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.11-0base
-* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.10-0base
-* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.9-0base
-* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.8-0base
-* Sun Mar 01 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.7-0base
-* Fri Feb 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.6-0base
-* Sun Feb 22 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.5-0base
-* Wed Feb 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Thu Jan 29 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Tue Jan 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.5-0base
-* Thu Dec 25 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0base
-* Sun Dec 21 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC2
-* Wed Dec 17 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC1
-* Tue Dec 16 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.4-0base
-* Sat Dec 13 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.3-0base
-* Fri Dec 12 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.2-0base
-* Thu Dec 11 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.1-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.0-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 2.3.0-0base
-* Tue Dec 09 2008 Tom Eastep tom@shorewall.net
-- Initial Version
-
-

Shorewall6/action.Broadcast

@@ -0,0 +1,71 @@
+#
+# Shorewall 4 - Broadcast Action
+#
+#    /usr/share/shorewall/action.Broadcast
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#   Broadcast[([<action>|-[,{audit|-}])] 
+#
+#       Default action is DROP
+#
+##########################################################################################
+FORMAT 2
+
+DEFAULTS DROP,-
+
+BEGIN PERL;
+
+use Shorewall::IPAddrs;
+use Shorewall::Config;
+use Shorewall::Chains;
+
+my $chainref           = get_action_chain;
+my ( $action, $audit ) = get_action_params( 2 );
+my ( $level, $tag )    = get_action_logging;
+my $target             = require_audit ( $action , $audit );
+
+fatal_error "Invalid parameter to action Broadcast"   if supplied $audit && $audit ne 'audit';
+
+if ( have_capability( 'ADDRTYPE' ) ) {
+    if ( $level ne '' ) {
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type MULTICAST ';
+	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type ANYCAST ';
+    }	
+
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type BROADCAST ';
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type MULTICAST ';
+    add_jump $chainref, $target, 0, '-m addrtype --dst-type ANYCAST ';
+} else {
+    add_commands $chainref, 'for address in $ALL_ACASTS; do';
+    incr_cmd_level $chainref;
+    log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d $address ' if $level ne '';
+    add_jump $chainref, $target, 0, "-d \$address ";
+    decr_cmd_level $chainref;
+    add_commands $chainref, 'done';
+}
+    
+log_rule_limit( $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', join( ' ', '-d', IPv6_MULTICAST . ' ' ) )  if $level ne '';
+add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
+
+1;
+
+END PERL;

Shorewall6/action.Drop

@@ -71,12 +71,12 @@ AllowICMPs($4)	-	-	ipv6-icmp
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
-dropBcast($1)
+Broadcast(DROP,$1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
-dropInvalid($1)
+Invalid(DROP,$1)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
@@ -84,7 +84,7 @@ SMB($3)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
-dropNotSyn($1)	-	-	tcp
+NotSyn(DROP,$1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.

Shorewall6/action.Reject

@@ -68,13 +68,13 @@ AllowICMPs($4)	-	-	ipv6-icmp
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
-dropBcast($1)
+Broadcast(DROP,$1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
-dropInvalid($1)
+Invalid(DROP,$1)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
@@ -82,7 +82,7 @@ SMB($3)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
-dropNotSyn($1)	-	-	tcp
+NotSyn(DROP,$1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.

Shorewall6/actions.std

@@ -8,7 +8,7 @@
 #
 # Builtin Actions are:
 #
-#    allowBcasts        # Accept multicast and anycast packets
+#    allowBcasts        # Accept multicast and anycast packets 
 #    dropBcasts         # Silently Drop multicast and anycast packets
 #    dropNotSyn		# Silently Drop Non-syn TCP packets
 #    rejNotSyn		# Silently Reject Non-syn TCP packets
@@ -23,5 +23,8 @@ A_Drop	            # Audited Default Action for DROP policy
 A_Reject	    # Audited Default Action for REJECT policy
 A_AllowICMPs	    # Audited Accept needed ICMP6 types
 AllowICMPs	    # Accept needed ICMP6 types
+Broadcast           # Handles Broadcast/Multicast/Anycast
 Drop		    # Default Action for DROP policy
+Invalid		    # Handles packets in the INVALID conntrack state
+NotSyn		    # Handles TCP packets that do not have SYN=1 and ACK=0
 Reject		    # Default Action for REJECT policy

Shorewall6/shorewall6.spec

@@ -1,386 +0,0 @@
-%define name shorewall6
-%define version 4.4.21
-%define release 1
-
-Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: iptables iproute shorewall >= 4.3.5
-Provides: shoreline_firewall = %{version}-%{release}
-
-%description
-
-The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
-(ip6tables) based IPv6 firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-
-%prep
-
-%setup
-
-%build
-
-%install
-export DESTDIR=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-
-if [ $1 -eq 1 ]; then
-	if [ -x /sbin/insserv ]; then
-		/sbin/insserv /etc/rc.d/shorewall6
-	elif [ -x /sbin/chkconfig ]; then
-		/sbin/chkconfig --add shorewall6;
-	fi
-fi
-
-%preun
-
-if [ $1 = 0 ]; then
-	if [ -x /sbin/insserv ]; then
-		/sbin/insserv -r /etc/init.d/shorewall6
-	elif [ -x /sbin/chkconfig ]; then
-		/sbin/chkconfig --del shorewall6
-	fi
-
-	rm -f /etc/shorewall/startup_disabled
-
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0544,root,root) /etc/init.d/shorewall6
-%attr(0755,root,root) %dir /etc/shorewall6
-%attr(0755,root,root) %dir /usr/share/shorewall6
-%attr(0755,root,root) %dir /usr/share/shorewall6/configfiles
-%attr(0700,root,root) %dir /var/lib/shorewall6
-%attr(0644,root,root) %config(noreplace) /etc/shorewall6/*
-%attr(0600,root,root) /etc/shorewall6/Makefile
-
-%attr(0644,root,root) /etc/logrotate.d/shorewall6
-
-%attr(0755,root,root) /sbin/shorewall6
-
-%attr(0644,root,root) /usr/share/shorewall6/version
-%attr(0644,root,root) /usr/share/shorewall6/actions.std
-%attr(0644,root,root) /usr/share/shorewall6/action.AllowICMPs
-%attr(0644,root,root) /usr/share/shorewall6/action.A_AllowICMPs
-%attr(0644,root,root) /usr/share/shorewall6/action.Drop
-%attr(0644,root,root) /usr/share/shorewall6/action.A_Drop
-%attr(0644,root,root) /usr/share/shorewall6/action.Reject
-%attr(0644,root,root) /usr/share/shorewall6/action.A_Reject
-%attr(0644,root,root) /usr/share/shorewall6/action.template
-%attr(-   ,root,root) /usr/share/shorewall6/functions
-%attr(0644,root,root) /usr/share/shorewall6/lib.base
-%attr(0644,root,root) /usr/share/shorewall6/lib.cli
-%attr(0644,root,root) /usr/share/shorewall6/lib.common
-%attr(0644,root,root) /usr/share/shorewall6/macro.*
-%attr(0644,root,root) /usr/share/shorewall6/modules*
-%attr(0644,root,root) /usr/share/shorewall6/helpers
-%attr(0644,root,root) /usr/share/shorewall6/configpath
-%attr(0755,root,root) /usr/share/shorewall6/wait4ifup
-
-%attr(0644,root,root) /usr/share/shorewall6/configfiles/*
-
-%attr(0644,root,root) %{_mandir}/man5/*
-%attr(0644,root,root) %{_mandir}/man8/shorewall6.8.gz
-
-%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
-
-%changelog
-* Mon Jul 11 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-1
-* Wed Jul 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0base
-* Mon Jul 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC3
-* Sun Jul 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC2
-* Thu Jun 23 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0RC1
-* Sun Jun 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta3
-* Sat Jun 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta2
-* Tue Jun 07 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.21-0Beta1
-* Mon Jun 06 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-1
-* Tue May 31 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0base
-* Fri May 27 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0RC1
-* Tue May 24 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta5
-* Sun May 22 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta4
-* Thu May 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta3
-* Wed May 18 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta2
-* Sat Apr 16 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.20-0Beta1
-* Wed Apr 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-1
-* Sat Apr 09 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0base
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0RC1
-* Sun Apr 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta5
-* Sat Apr 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta4
-* Sat Mar 26 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta3
-* Sat Mar 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.19-0Beta1
-* Wed Mar 02 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0base
-* Mon Feb 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0RC1
-* Sun Feb 20 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta4
-* Sat Feb 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta3
-* Sun Feb 13 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta2
-* Sat Feb 05 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.18-0Beta1
-* Fri Feb 04 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0base
-* Sun Jan 30 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0RC1
-* Fri Jan 28 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta3
-* Wed Jan 19 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta2
-* Sat Jan 08 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.17-0Beta1
-* Mon Jan 03 2011 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0base
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0RC1
-* Thu Dec 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta8
-* Sun Dec 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta7
-* Mon Dec 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta6
-* Fri Dec 10 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta5
-* Sat Dec 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta4
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta3
-* Fri Dec 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta2
-* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.16-0Beta1
-* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0base
-* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0RC1
-* Mon Nov 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta2
-* Sat Oct 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.15-0Beta1
-* Sat Oct 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0base
-* Wed Oct 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0RC1
-* Fri Oct 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta4
-* Sun Sep 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta3
-* Thu Sep 23 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta2
-* Tue Sep 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.14-0Beta1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
-* Fri Sep 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta6
-* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta5
-* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta4
-* Mon Aug 30 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta3
-* Wed Aug 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta2
-* Wed Aug 18 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0Beta1
-* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0base
-* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0RC1
-* Sun Aug 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta4
-* Sat Jul 31 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta3
-* Sun Jul 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta2
-* Wed Jul 21 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.12-0Beta1
-* Fri Jul 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0base
-* Mon Jul 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0RC1
-* Sat Jul 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta3
-* Thu Jul 01 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta2
-* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.11-0Beta1
-* Sat Jun 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0base
-* Fri Jun 04 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC2
-* Thu May 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0RC1
-* Wed May 26 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta4
-* Tue May 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta3
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta2
-* Thu May 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.10-0Beta1
-* Mon May 03 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0base
-* Sun May 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC2
-* Sun Apr 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0RC1
-* Sat Apr 24 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta5
-* Fri Apr 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta4
-* Fri Apr 09 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta3
-* Thu Apr 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta2
-* Sat Mar 20 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.9-0Beta1
-* Fri Mar 19 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0base
-* Tue Mar 16 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC2
-* Mon Mar 08 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0RC1
-* Sun Feb 28 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta2
-* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.8-0Beta1
-* Fri Feb 05 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0base
-* Tue Feb 02 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC2
-* Wed Jan 27 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0RC1
-* Mon Jan 25 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta4
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta3
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta2
-- Added helpers file
-* Sun Jan 17 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.7-0Beta1
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0base
-* Tue Jan 12 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.6-0Beta1
-* Thu Dec 24 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.5-0base
-* Sat Nov 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0base
-* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta2
-* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.4-0Beta1
-* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.3-0base
-* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.2-0base
-* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.1-0base
-* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0base
-* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC2
-* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0RC1
-* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta4
-* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta3
-* Mon Jun 15 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta2
-* Fri Jun 12 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.4.0-0Beta1
-* Sun Jun 07 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.13-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.12-0base
-* Sun May 10 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.11-0base
-* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.10-0base
-* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.9-0base
-* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.8-0base
-* Sun Mar 01 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.7-0base
-* Fri Feb 27 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.6-0base
-* Sun Feb 22 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.3.5-0base
-* Sat Feb 21 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.7-0base
-* Wed Feb 05 2009 Tom Eastep tom@shorewall.net
-- Added 'restored' script
-* Wed Feb 04 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Thu Jan 29 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.6-0base
-* Tue Jan 06 2009 Tom Eastep tom@shorewall.net
-- Updated to 4.2.5-0base
-* Thu Dec 25 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0base
-* Sun Dec 21 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC2
-* Wed Dec 17 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.2.4-0RC1
-* Tue Dec 16 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.4-0base
-* Sat Dec 13 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.3-0base
-* Fri Dec 12 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.2-0base
-* Thu Dec 11 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.1-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 4.3.0-0base
-* Wed Dec 10 2008 Tom Eastep tom@shorewall.net
-- Updated to 2.3.0-0base
-* Tue Dec 09 2008 Tom Eastep tom@shorewall6.net
-- Initial Version

docs/Actions.xml

@@ -372,7 +372,10 @@ REDIRECT       net     -       tcp     80      -       1.2.3.4</programlisting>
 
       <para>Example: ACTION(REDIRECT,-,info)</para>
 
-      <para>In the above example, $2 would expand to '-'.</para>
+      <para>In the above example, $2 would expand to nothing.</para>
+
+      <para>If you want to make '-' a parameter value, use '--' (e.g.,
+      ACTION(REDIRECT,--.info)).</para>
 
       <para>Beginning with Shorewall 4.4.21, you can specify the default
       values of your FORMAT-2 actions:</para>

manpages/shorewall.conf.xml

@@ -80,11 +80,12 @@
 
     <simplelist>
       <member><emphasis
-      role="bold">LOGMARK</emphasis><replaceable>(priority)</replaceable></member>
+      role="bold">LOGMARK[</emphasis><replaceable>(priority)</replaceable><emphasis
+      role="bold">]</emphasis></member>
     </simplelist>
 
     <para>where <replaceable>priority</replaceable> is one of the levels
-    listed in the list above.</para>
+    listed in the list above. If omitted, the default is info (6).</para>
 
     <para>The following options may be set in shorewall.conf.</para>
 

release

@@ -0,0 +1 @@
+../release