Make ipset-based dynamic blacklisting work in the FORWARD chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Correct a warning message
2016-06-13 15:03:09 -07:00 · 2016-06-13 15:03:03 -07:00 · 2016-06-09 09:12:13 -07:00 · 2016-06-08 15:56:56 -07:00 · 2016-06-08 15:40:48 -07:00 · 2016-06-08 15:40:36 -07:00
749 changed files with 105181 additions and 53095 deletions
--- a/Samples/three-interfaces/routestopped
+++ b/Samples/three-interfaces/routestopped
@@ -1,16 +0,0 @@
-#
-# Shorewall version 4.0 - Sample Routestopped File for three-interface configuration.
-# Copyright (C) 2006 by the Shorewall Team
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#------------------------------------------------------------------------------
-# For information about entries in this file, type "man shorewall-routestopped"
-##############################################################################
-#INTERFACE	HOST(S)
-eth1		-
-eth2		-
--- a/Samples/two-interfaces/routestopped
+++ b/Samples/two-interfaces/routestopped
@@ -1,15 +0,0 @@
-#
-# Shorewall version 4.0 - Sample Routestopped File for two-interface configuration.
-# Copyright (C) 2006 by the Shorewall Team
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#------------------------------------------------------------------------------
-# For information about entries in this file, type "man shorewall-routestopped"
-##############################################################################
-#INTERFACE	HOST(S)                  OPTIONS
-eth1		-
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@@ -1,164 +0,0 @@
-###############################################################################
-#
-# Shorewall6 version 4 - Sample shorewall.conf for one-interface configuration.
-# Copyright (C) 2006,2008 by the Shorewall Team
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#
-# For information about the settings in this file, type "man shorewall6.conf"
-#
-# The manpage is also online at 
-# http://shorewall.net/manpages6/shorewall6.conf.html
-###############################################################################
-#		       S T A R T U P   E N A B L E D
-###############################################################################
-
-STARTUP_ENABLED=No
-
-###############################################################################
-#		              V E R B O S I T Y
-###############################################################################
-
-VERBOSITY=1
-
-###############################################################################
-#			       L O G G I N G
-###############################################################################
-
-LOGFILE=/var/log/messages
-
-STARTUP_LOG=/var/log/shorewall6-init.log
-
-LOG_VERBOSITY=2
-
-LOGFORMAT="Shorewall:%s:%s:"
-
-LOGTAGONLY=No
-
-LOGRATE=
-
-LOGBURST=
-
-LOGALLNEW=
-
-BLACKLIST_LOGLEVEL=
-
-TCP_FLAGS_LOG_LEVEL=info
-
-SMURF_LOG_LEVEL=info
-
-###############################################################################
-#	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
-###############################################################################
-
-IP6TABLES=
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
-SHOREWALL_SHELL=/bin/sh
-
-SUBSYSLOCK=
-
-MODULESDIR=
-
-CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6:/usr/share/shorewall
-
-RESTOREFILE=
-
-LOCKFILE=
-
-###############################################################################
-#		D E F A U L T   A C T I O N S / M A C R O S
-###############################################################################
-
-DROP_DEFAULT="Drop"
-REJECT_DEFAULT="Reject"
-ACCEPT_DEFAULT="none"
-QUEUE_DEFAULT="none"
-NFQUEUE_DEFAULT="none"
-
-###############################################################################
-#                        R S H / R C P  C O M M A N D S
-###############################################################################
-
-RSH_COMMAND='ssh ${root}@${system} ${command}'
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
-
-###############################################################################
-#			F I R E W A L L	  O P T I O N S
-###############################################################################
-
-IP_FORWARDING=Off
-
-TC_ENABLED=No
-
-TC_EXPERT=No
-
-TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
-
-CLEAR_TC=Yes
-
-MARK_IN_FORWARD_CHAIN=No
-
-CLAMPMSS=No
-
-MUTEX_TIMEOUT=60
-
-ADMINISABSENTMINDED=Yes
-
-BLACKLISTNEWONLY=Yes
-
-MODULE_SUFFIX=ko
-
-FASTACCEPT=No
-
-IMPLICIT_CONTINUE=No
-
-HIGH_ROUTE_MARKS=No
-
-OPTIMIZE=1
-
-EXPORTPARAMS=No
-
-EXPAND_POLICIES=No
-
-KEEP_RT_TABLES=Yes
-
-DELETE_THEN_ADD=Yes
-
-DONT_LOAD=
-
-AUTO_COMMENT=Yes
-
-MANGLE_ENABLED=Yes
-
-AUTOMAKE=No
-
-WIDE_TC_MARKS=Yes
-
-TRACK_PROVIDERS=Yes
-
-ZONE2ZONE=2
-
-ACCOUNTING=Yes
-
-DYNAMIC_BLACKLIST=Yes
-
-OPTIMIZE_ACCOUNTING=No
-
-LOAD_HELPERS_ONLY=Yes
-
-##############################################################################
-#			P A C K E T   D I S P O S I T I O N
-###############################################################################
-
-BLACKLIST_DISPOSITION=DROP
-
-TCP_FLAGS_DISPOSITION=DROP
-
-#LAST LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/routestopped
+++ b/Samples6/two-interfaces/routestopped
@@ -1,19 +0,0 @@
-#
-# Shorewall6 version 4.0 - Sample Routestopped File for two-interface configuration.
-# Copyright (C) 2006,2008 by the Shorewall Team
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#------------------------------------------------------------------------------
-# For information about entries in this file, type "man shorewall6-routestopped"
-#
-# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
-# information.
-#
-##############################################################################
-#INTERFACE	HOST(S)                  OPTIONS
-eth1		-
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@@ -1,164 +0,0 @@
-###############################################################################
-#
-# Shorewall version 3.4 - Sample shorewall.conf for one-interface configuration.
-# Copyright (C) 2006 by the Shorewall Team
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#
-# For information about the settings in this file, type "man shorewall6.conf"
-#
-# The manpage is also online at 
-# http://shorewall.net/manpages6/shorewall6.conf.html
-###############################################################################
-#		       S T A R T U P   E N A B L E D
-###############################################################################
-
-STARTUP_ENABLED=No
-
-###############################################################################
-#		              V E R B O S I T Y
-###############################################################################
-
-VERBOSITY=1
-
-###############################################################################
-#			       L O G G I N G
-###############################################################################
-
-LOGFILE=/var/log/messages
-
-STARTUP_LOG=/var/log/shorewall6-init.log
-
-LOG_VERBOSITY=2
-
-LOGFORMAT="Shorewall:%s:%s:"
-
-LOGTAGONLY=No
-
-LOGRATE=
-
-LOGBURST=
-
-LOGALLNEW=
-
-BLACKLIST_LOGLEVEL=
-
-TCP_FLAGS_LOG_LEVEL=info
-
-SMURF_LOG_LEVEL=info
-
-###############################################################################
-#	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
-###############################################################################
-
-IP6TABLES=
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
-SHOREWALL_SHELL=/bin/sh
-
-SUBSYSLOCK=
-
-MODULESDIR=
-
-CONFIG_PATH=/etc/shorewall6/:/usr/share/shorewall6:/usr/share/shorewall/
-
-RESTOREFILE=
-
-LOCKFILE=
-
-###############################################################################
-#		D E F A U L T   A C T I O N S / M A C R O S
-###############################################################################
-
-DROP_DEFAULT="Drop"
-REJECT_DEFAULT="Reject"
-ACCEPT_DEFAULT="none"
-QUEUE_DEFAULT="none"
-NFQUEUE_DEFAULT="none"
-
-###############################################################################
-#                        R S H / R C P  C O M M A N D S
-###############################################################################
-
-RSH_COMMAND='ssh ${root}@${system} ${command}'
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
-
-###############################################################################
-#			F I R E W A L L	  O P T I O N S
-###############################################################################
-
-IP_FORWARDING=On
-
-TC_ENABLED=No
-
-TC_EXPERT=No
-
-TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
-
-CLEAR_TC=Yes
-
-MARK_IN_FORWARD_CHAIN=No
-
-CLAMPMSS=No
-
-MUTEX_TIMEOUT=60
-
-ADMINISABSENTMINDED=Yes
-
-BLACKLISTNEWONLY=Yes
-
-MODULE_SUFFIX=ko
-
-FASTACCEPT=No
-
-IMPLICIT_CONTINUE=No
-
-HIGH_ROUTE_MARKS=No
-
-OPTIMIZE=1
-
-EXPORTPARAMS=No
-
-EXPAND_POLICIES=No
-
-KEEP_RT_TABLES=Yes
-
-DELETE_THEN_ADD=Yes
-
-DONT_LOAD=
-
-AUTO_COMMENT=Yes
-
-MANGLE_ENABLED=Yes
-
-AUTOMAKE=No
-
-WIDE_TC_MARKS=Yes
-
-TRACK_PROVIDERS=Yes
-
-ZONE2ZONE=2
-
-ACCOUNTING=Yes
-
-DYNAMIC_BLACKLIST=Yes
-
-OPTIMIZE_ACCOUNTING=No
-
-LOAD_HELPERS_ONLY=Yes
-
-###############################################################################
-#			P A C K E T   D I S P O S I T I O N
-###############################################################################
-
-BLACKLIST_DISPOSITION=DROP
-
-TCP_FLAGS_DISPOSITION=DROP
-
-#LAST LINE -- DO NOT REMOVE
--- a/Shorewall-core/COPYING
+++ b/Shorewall-core/COPYING
@@ -0,0 +1,341 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          51 Franklin Street, Fifth Floor,
+			  Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -0,0 +1,24 @@
+Shoreline Firewall (Shorewall) Version 5
+-----         ----
+
+-----------------------------------------------------------------------------
+
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of Version 2 of the GNU General Public License
+     as published by the Free Software Foundation.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with this program; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+---------------------------------------------------------------------------
+
+Please see http://www.shorewall.net/Install.htm for installation
+instructions.
+
+
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -0,0 +1,242 @@
+#!/bin/bash
+#
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#
+#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
+#
+#	Shorewall documentation is available at http://www.shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       Usage: ./configure [ <option>=<setting> ] ...
+#
+#
+################################################################################################
+#
+# Build updates this
+#
+VERSION=4.6.12
+
+case "$BASH_VERSION" in
+    [4-9].*)
+	;;
+    *)
+	echo "ERROR: This program requires Bash 4.0 or later" >&2
+	exit 1
+	;;
+esac
+
+declare -A params
+declare -A options
+
+getfileparams() {
+    while read option; do
+	case $option in
+	    \#*)
+		;;
+	    *)
+		on=${option%=*}
+		ov=${option#*=}
+		ov=${ov%#*}
+		[ -n "$on" ] && options[${on}]="${ov}"
+		;;
+	esac
+
+    done
+
+    return 0
+}
+
+for p in $@; do
+
+    if [ -n "${p}" ]; then
+	declare -u pn
+
+	pn=${p%=*}
+	pn=${pn#--}
+	pv=${p#*=}
+
+	if [ -n "${pn}" ]; then
+
+	    case ${pn} in
+		VENDOR)
+		    pn=HOST
+		    ;;
+		SHAREDSTATEDIR)
+		    pn=VARLIB
+		    ;;
+		DATADIR)
+		    pn=SHAREDIR
+		    ;;
+	    esac
+
+	    params[${pn}]="${pv}"
+	else
+	    echo "ERROR: Invalid option ($p)" >&2
+	    exit 1
+	fi
+    fi
+done
+
+cd $(dirname $0)
+
+vendor=${params[HOST]}
+
+if [ -z "$vendor" ]; then
+    if [ -f /etc/os-release ]; then
+	eval $(cat /etc/os-release | grep ^ID=)
+
+	case $ID in
+	    fedora|rhel)
+		vendor=redhat
+		;;
+	    debian|ubuntu)
+		vendor=debian
+		;;
+	    opensuse)
+		vendor=suse
+		;;
+	    *)
+		vendor="$ID"
+		;;
+	esac
+
+	params[HOST]="$vendor"
+    fi
+fi
+
+if [ -z "$vendor" ]; then
+    case `uname` in
+	Darwin)
+	    params[HOST]=apple
+	    rcfile=shorewallrc.apple
+	    ;;
+	cygwin*|CYGWIN*)
+	    params[HOST]=cygwin
+	    rcfile=shorewallrc.cygwin
+	    ;;
+	*)
+	    if [ -f /etc/debian_version ]; then
+		params[HOST]=debian
+		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
+	    elif [ -f /etc/redhat-release ]; then
+		params[HOST]=redhat
+		rcfile=shorewallrc.redhat
+	    elif [ -f /etc/slackware-version ] ; then
+		params[HOST]=slackware
+		rcfile=shorewallrc.slackware
+	    elif [ -f /etc/SuSE-release ]; then
+		params[HOST]=suse
+		rcfile=shorewallrc.suse
+	    elif [ -f /etc/arch-release ] ; then
+		params[HOST]=archlinux
+		rcfile=shorewallrc.archlinux
+	    elif [ -f /etc/openwrt_release ]; then
+		params[HOST]=openwrt
+		rcfile=shorewallrc.openwrt
+	    else
+		params[HOST]=linux
+		rcfile=shorewallrc.default
+	    fi
+	    ;;
+    esac
+    vendor=${params[HOST]}
+else
+    if [ $vendor = linux ]; then
+	rcfile=shorewallrc.default;
+    elif [ $vendor = debian -a -f /etc/debian_version ]; then
+	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
+    else
+	rcfile=shorewallrc.$vendor
+    fi
+
+    if [ ! -f $rcfile ]; then
+	echo "ERROR: $vendor is not a recognized host type" >&2
+	exit 1
+    elif [ $vendor = default ]; then
+	params[HOST]=linux
+	vendor=linux
+    elif [[ $vendor == debian.* ]]; then
+	params[HOST]=debian
+	vendor=debian
+    fi
+fi
+
+if [ $vendor = linux ]; then
+    echo "INFO: Creating a generic Linux installation - " `date`;
+else
+    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
+fi
+
+echo
+
+getfileparams < $rcfile || exit 1
+
+for p in ${!params[@]}; do
+    options[${p}]="${params[${p}]}"
+done
+
+echo '#'                                                                 > shorewallrc
+echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
+echo "# rc file: $rcfile"                                               >> shorewallrc
+echo '#'                                                                >> shorewallrc
+
+if [ $# -gt 0 ]; then
+    echo "# Input: $@" >> shorewallrc
+    echo '#'           >> shorewallrc
+fi
+
+if [ -n "${options[VARLIB]}" ]; then
+    if [ -z "${options[VARDIR]}" ]; then
+	options[VARDIR]='${VARLIB}/${PRODUCT}'
+    fi
+elif [ -n "${options[VARDIR]}" ]; then
+    if [ -z "{$options[VARLIB]}" ]; then
+	options[VARLIB]=${options[VARDIR]}
+	options[VARDIR]='${VARLIB}/${PRODUCT}'
+    fi
+fi
+
+if [ -z "${options[SERVICEDIR]}" ]; then
+    options[SERVICEDIR]="${options[SYSTEMD]}"
+fi
+
+for on in \
+    HOST \
+    PREFIX \
+    SHAREDIR \
+    LIBEXECDIR \
+    PERLLIBDIR \
+    CONFDIR \
+    SBINDIR \
+    MANDIR \
+    INITDIR \
+    INITSOURCE \
+    INITFILE \
+    AUXINITSOURCE \
+    AUXINITFILE \
+    SERVICEDIR \
+    SERVICEFILE \
+    SYSCONFFILE \
+    SYSCONFDIR \
+    SPARSE \
+    ANNOTATED \
+    VARLIB \
+    VARDIR
+do
+    echo "$on=${options[${on}]}"
+    echo "$on=${options[${on}]}" >> shorewallrc
+done
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -0,0 +1,222 @@
+#! /usr/bin/perl -w
+#
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
+#
+#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
+#
+#	Shorewall documentation is available at http://www.shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       Usage: ./configure.pl <option>=<setting> ...
+#
+#
+################################################################################################
+use strict;
+
+#
+# Build updates this
+#
+use constant {
+    VERSION => '4.6.12'
+};
+
+my %params;
+my %options;
+
+my %aliases = ( VENDOR         => 'HOST',
+		SHAREDSTATEDIR => 'VARLIB',
+		DATADIR        => 'SHAREDIR' );
+
+for ( @ARGV ) {
+    die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
+
+    my $pn = uc $1;
+    my $pv = $2 || '';
+
+    $pn = $aliases{$pn} if exists $aliases{$pn};
+
+    $params{$pn} = $pv;
+}
+
+use File::Basename;
+chdir dirname($0);
+
+my $vendor = $params{HOST};
+my $rcfile;
+my $rcfilename;
+
+unless ( defined $vendor ) {
+    if ( -f '/etc/os-release' ) {
+	my $id = `cat /etc/os-release | grep ^ID=`;
+
+	chomp $id;
+
+	$id =~ s/ID=//;
+	
+	if ( $id eq 'fedora' || $id eq 'rhel' ) {
+	    $vendor = 'redhat';
+	} elsif ( $id eq 'opensuse' ) {
+	    $vendor = 'suse';
+	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
+	    my $init = `ls -l /sbin/init`;
+	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
+	} else {
+	    $vendor = $id;
+	}
+    }
+
+    $params{HOST} = $vendor;
+    $params{HOST} =~ s/\..*//;
+}
+
+if ( defined $vendor ) {
+    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
+	if ( -l '/sbin/init' ) {
+	    if ( readlink('/sbin/init') =~ /systemd/ ) {
+		$rcfilename = 'shorewallrc.debian.systemd';
+	    } else {
+		$rcfilename = 'shorewallrc.debian.sysvinit';
+	    }
+	} else {
+	    $rcfilename = 'shorewallrc.debian.sysvinit';
+	}
+    } else {
+	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
+    }
+
+    unless ( -f $rcfilename ) {
+	die qq("ERROR: $vendor" is not a recognized host type);
+    } elsif ( $vendor eq 'default' ) {
+	$params{HOST} = $vendor = 'linux';
+    } elsif ( $vendor =~ /^debian\./ ) {
+	$params{HOST} = $vendor = 'debian';
+    }
+} else {
+    if ( -f '/etc/debian_version' ) {
+	$vendor = 'debian';
+	if ( -l '/sbin/init' ) {
+	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
+		$rcfilename = 'shorewallrc.debian.systemd';
+	    } else {
+		$rcfilename = 'shorewallrc.debian.sysvinit';
+	    }
+	} else {
+	    $rcfilename = 'shorewallrc.debian.sysvinit';
+	}
+    } elsif ( -f '/etc/redhat-release' ){
+	$vendor = 'redhat';
+	$rcfilename = 'shorewallrc.redhat';
+    } elsif ( -f '/etc/slackware-version' ) {
+	$vendor = 'slackware';
+	$rcfilename = 'shorewallrc.slackware';
+    } elsif ( -f '/etc/SuSE-release' ) {
+	$vendor = 'suse';
+	$rcfilename = 'shorewallrc.suse';
+    } elsif ( -f '/etc/arch-release' ) {
+	$vendor = 'archlinux';
+	$rcfilename = 'shorewallrc.archlinux';
+    } elsif ( `uname` =~ '^Darwin' ) {
+	$vendor = 'apple';
+	$rcfilename = 'shorewallrc.apple';
+    } elsif ( `uname` =~ /^Cygwin/i ) {
+	$vendor = 'cygwin';
+	$rcfilename = 'shorewallrc.cygwin';
+    } else {
+	$vendor = 'linux';
+	$rcfilename = 'shorewallrc.default';
+    }
+
+    $params{HOST} = $vendor;
+}
+
+my @localtime = localtime;
+my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
+
+if ( $vendor eq 'linux' ) {
+    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
+} else {
+    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
+}
+
+open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
+
+while ( <$rcfile> ) {
+    s/\s*#.*//;
+    unless ( /^\s*$/ ) {
+	chomp;
+	die "ERROR: Invalid entry ($_) in $rcfilename, line $." unless /\s*(\w+)=(.*)/;
+	$options{$1} = $2;
+    }
+}
+
+close $rcfile;
+
+while ( my ( $p, $v ) = each %params ) {
+    $options{$p} = ${v};
+}
+
+my $outfile;
+
+open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
+
+printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
+print $outfile "# rc file: $rcfilename\n#\n";
+
+print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
+
+if ( $options{VARLIB} ) {
+    unless ( $options{VARDIR} ) {
+	$options{VARDIR} = '${VARLIB}/${PRODUCT}';
+    }
+} elsif ( $options{VARDIR} ) {
+    $options{VARLIB} = $options{VARDIR};
+    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
+}
+
+$options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
+
+for ( qw/ HOST
+	  PREFIX
+	  SHAREDIR
+	  LIBEXECDIR
+	  PERLLIBDIR
+	  CONFDIR
+	  SBINDIR
+	  MANDIR
+	  INITDIR
+	  INITSOURCE
+	  INITFILE
+	  AUXINITSOURCE
+	  AUXINITFILE
+	  SERVICEDIR
+	  SERVICEFILE
+	  SYSCONFFILE
+	  SYSCONFDIR
+	  SPARSE
+	  ANNOTATED
+	  VARLIB
+	  VARDIR / ) {
+
+    my $val = $options{$_} || '';
+
+    print          "$_=$val\n";
+    print $outfile "$_=$val\n";
+}
+
+close $outfile;
+
+1;
--- a/Shorewall-core/init.slackware.firewall.sh
+++ b/Shorewall-core/init.slackware.firewall.sh
@@ -45,7 +45,7 @@ status() {

 export SHOREWALL_INIT_SCRIPT=1

-case $1 in 
+case $1 in
 	'start')
 	start
 	;;
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -0,0 +1,426 @@
+#!/bin/sh
+#
+# Script to install Shoreline Firewall Core Modules
+#
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+
+VERSION=xxx #The Build script inserts the actual version
+
+PRODUCT=shorewall-core
+Product="Shorewall Core"
+ 
+usage() # $1 = exit status
+{
+    ME=$(basename $0)
+    echo "usage: $ME [ <configuration-file> ] "
+    echo "       $ME -v"
+    echo "       $ME -h"
+    exit $1
+}
+
+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+qt()
+{
+    "$@" >/dev/null 2>&1
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    echo $dir/$1
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
+cant_autostart()
+{
+    echo
+    echo  "WARNING: Unable to configure shorewall to start automatically at boot" >&2
+}
+
+delete_file() # $1 = file to delete
+{
+    rm -f $1
+}
+
+install_file() # $1 = source $2 = target $3 = mode
+{
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
+}
+
+require()
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}
+
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
+#
+# Parse the run line
+#
+finished=0
+
+while [ $finished -eq 0 ]; do
+    option=$1
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "Shorewall Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
+	file=./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=~/.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+	file=/usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file || exit 1
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+update=0
+
+if [ -z "${VARLIB}" ]; then
+    VARLIB=${VARDIR}
+    VARDIR="${VARLIB}/${PRODUCT}"
+    update=1
+elif [ -z "${VARDIR}" ]; then
+    VARDIR="${VARLIB}/${PRODUCT}"
+    update=2
+fi
+
+for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
+    require $var
+done
+
+[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
+
+if [ -z "$BUILD" ]; then
+    case $(uname) in
+	cygwin*|CYGWIN*)
+	    BUILD=cygwin
+	    ;;
+	Darwin)
+	    BUILD=apple
+	    ;;
+	*)
+	    if [ -f /etc/os-release ]; then
+		eval $(cat /etc/os-release | grep ^ID)
+
+		case $ID in
+		    fedora|rhel|centos|foobar)
+			BUILD=redhat
+			;;
+		    debian)
+			BUILD=debian
+			;;
+		    gentoo)
+			BUILD=gentoo
+			;;
+		    opensuse)
+			BUILD=suse
+			;;
+		    *)
+			BUILD="$ID"
+			;;
+		esac
+	    elif [ -f /etc/debian_version ]; then
+		BUILD=debian
+	    elif [ -f /etc/gentoo-release ]; then
+		BUILD=gentoo
+	    elif [ -f /etc/redhat-release ]; then
+		BUILD=redhat
+	    elif [ -f /etc/slackware-version ] ; then
+		BUILD=slackware
+	    elif [ -f /etc/SuSE-release ]; then
+		BUILD=suse
+	    elif [ -f /etc/arch-release ] ; then
+		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
+		BUILD=openwrt
+	    else
+		BUILD=linux
+	    fi
+	    ;;
+    esac
+fi
+
+case $BUILD in
+    cygwin*)
+	if [ -z "$DESTDIR" ]; then
+	    DEST=
+	    INIT=
+	fi
+
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+	;;
+    apple)
+	if [ -z "$DESTDIR" ]; then
+	    DEST=
+	    INIT=
+	    SPARSE=Yes
+	fi
+
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	;;
+    *)
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
+	;;
+esac
+
+#
+# Determine where to install the firewall script
+#
+
+[ -n "$HOST" ] || HOST=$BUILD
+
+case "$HOST" in
+    cygwin)
+	echo "Installing Cygwin-specific configuration..."
+	;;
+    apple)
+	echo "Installing Mac-specific configuration...";
+	;;
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
+	;;
+    *)
+	echo "ERROR: Unknown HOST \"$HOST\"" >&2
+	exit 1;
+	;;
+esac
+
+if [ -z "$file" ]; then
+    if $HOST = linux; then
+	file=shorewallrc.default
+    else
+	file=shorewallrc.${HOST}
+    fi
+
+    echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
+    echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
+    echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
+    echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
+    echo "" >&2
+    echo "Example:" >&2
+    echo "" >&2
+    echo "   ./install.sh $file" &>2
+fi
+
+if [ -n "$DESTDIR" ]; then
+    if [ $BUILD != cygwin ]; then
+	if [ `id -u` != 0 ] ; then
+	    echo "Not setting file owner/group permissions, not running as root."
+	fi
+    fi
+fi
+
+echo "Installing Shorewall Core Version $VERSION"
+
+#
+# Create directories
+#
+mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
+chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
+
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
+chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
+
+mkdir -p ${DESTDIR}${CONFDIR}
+chmod 755 ${DESTDIR}${CONFDIR}
+
+if [ -n "${SYSCONFDIR}" ]; then
+    mkdir -p ${DESTDIR}${SYSCONFDIR}
+    chmod 755 ${DESTDIR}${SYSCONFDIR}
+fi
+
+if [ -z "${SERVICEDIR}" ]; then
+    SERVICEDIR="$SYSTEMD"
+fi
+
+if [ -n "${SERVICEDIR}" ]; then
+    mkdir -p ${DESTDIR}${SERVICEDIR}
+    chmod 755 ${DESTDIR}${SERVICEDIR}
+fi
+
+mkdir -p ${DESTDIR}${SBINDIR}
+chmod 755 ${DESTDIR}${SBINDIR}
+
+if [ -n "${MANDIR}" ]; then
+    mkdir -p ${DESTDIR}${MANDIR}
+    chmod 755 ${DESTDIR}${MANDIR}
+fi
+
+if [ -n "${INITFILE}" ]; then
+    mkdir -p ${DESTDIR}${INITDIR}
+    chmod 755 ${DESTDIR}${INITDIR}
+
+    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
+	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
+	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
+	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
+    fi
+fi
+#
+# Note: ${VARDIR} is created at run-time since it has always been
+#       a relocatable directory on a per-product basis
+#
+# Install wait4ifup
+#
+install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
+
+echo
+echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
+
+#
+# Install the libraries
+#
+for f in lib.* ; do
+    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
+    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
+done
+
+#
+# Symbolically link 'functions' to lib.base
+#
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
+#
+# Create the version file
+#
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
+chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
+
+if [ -z "${DESTDIR}" ]; then
+    if [ $update -ne 0 ]; then
+	echo "Updating $file - original saved in $file.bak"
+
+	cp $file $file.bak
+
+	echo '#'                                             >> $file
+	echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
+	echo '#'                                             >> $file
+
+	[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
+
+	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
+    fi
+fi
+
+[ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
+
+
+[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
+
+if [ ${SHAREDIR} != /usr/share ]; then
+    for f in lib.*; do
+	if [ $BUILD != apple ]; then
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
+	else
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
+	fi
+    done
+fi
+#
+#  Report Success
+#
+echo "Shorewall Core Version $VERSION Installed"
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -0,0 +1,431 @@
+#
+# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+#
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# This library contains the code common to all Shorewall components except the
+# generated scripts.
+#
+
+SHOREWALL_LIBVERSION=40509
+
+[ -n "${g_program:=shorewall}" ]
+
+if [ -z "$g_readrc" ]; then
+    #
+    # This is modified by the installer when ${SHAREDIR} != /usr/share
+    #
+    . /usr/share/shorewall/shorewallrc
+
+    g_sharedir="$SHAREDIR"/$g_program
+    g_confdir="$CONFDIR"/$g_program
+    g_readrc=1
+fi
+
+g_basedir=${SHAREDIR}/shorewall
+
+case $g_program in
+    shorewall)
+	g_product="Shorewall"
+	g_family=4
+	g_tool=iptables
+	g_lite=
+	;;
+    shorewall6)
+	g_product="Shorewall6"
+	g_family=6
+	g_tool=ip6tables
+	g_lite=
+	;;
+    shorewall-lite)
+	g_product="Shorewall Lite"
+	g_family=4
+	g_tool=iptables
+	g_lite=Yes
+	;;
+    shorewall6-lite)
+	g_product="Shorewall6 Lite"
+	g_family=6
+	g_tool=ip6tables
+	g_lite=Yes
+	;;
+esac
+
+if [ -z "${VARLIB}" ]; then
+    VARLIB=${VARDIR}
+    VARDIR=${VARLIB}/$g_program
+elif [ -z "${VARDIR}" ]; then
+    VARDIR="${VARLIB}/${PRODUCT}"
+fi
+
+#
+# Fatal Error
+#
+fatal_error() # $@ = Message
+{
+    echo "   ERROR: $@" >&2
+    exit 2
+}
+
+#
+# Not configured Error
+#
+not_configured_error() # $@ = Message
+{
+    echo "   ERROR: $@" >&2
+    exit 6
+}
+
+#
+# Conditionally produce message
+#
+progress_message() # $* = Message
+{
+    local timestamp
+    timestamp=
+
+    if [ $VERBOSITY -gt 1 ]; then
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
+	echo "${timestamp}$@"
+    fi
+}
+
+progress_message2() # $* = Message
+{
+    local timestamp
+    timestamp=
+
+    if [ $VERBOSITY -gt 0 ]; then
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
+	echo "${timestamp}$@"
+    fi
+}
+
+progress_message3() # $* = Message
+{
+    local timestamp
+    timestamp=
+
+    if [ $VERBOSITY -ge 0 ]; then
+	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
+	echo "${timestamp}$@"
+    fi
+}
+
+#
+# Undo the effect of 'separate_list()'
+#
+combine_list()
+{
+    local f
+    local o
+    o=
+
+    for f in $* ; do
+        o="${o:+$o,}$f"
+    done
+
+    echo $o
+}
+
+#
+# Validate an IP address
+#
+valid_address() {
+    local x
+    local y
+    local ifs
+    ifs=$IFS
+
+    IFS=.
+
+    for x in $1; do
+	case $x in
+	    [0-9]|[0-9][0-9]|[1-2][0-9][0-9])
+		[ $x -lt 256 ] || { IFS=$ifs; return 2; }
+                ;;
+	    *)
+	        IFS=$ifs
+		return 2
+		;;
+	esac
+    done
+
+    IFS=$ifs
+
+    return 0
+}
+
+#
+# Miserable Hack to work around broken BusyBox ash in OpenWRT
+#
+addr_comp() {
+    test $(bc <<EOF
+$1 > $2
+EOF
+) -eq 1
+
+}
+
+#
+# Enumerate the members of an IP range -- When using a shell supporting only
+# 32-bit signed arithmetic, the range cannot span 128.0.0.0.
+#
+# Comes in two flavors:
+#
+# ip_range() - produces a mimimal list of network/host addresses that spans
+#              the range.
+#
+# ip_range_explicit() - explicitly enumerates the range.
+#
+ip_range() {
+    local first
+    local last
+    local l
+    local x
+    local y
+    local z
+    local vlsm
+
+    case $1 in
+	!*)
+	    #
+	    # Let iptables complain if it's a range
+	    #
+	    echo $1
+	    return
+	    ;;
+	[0-9]*.*.*.*-*.*.*.*)
+            ;;
+	*)
+	    echo $1
+	    return
+	    ;;
+    esac
+
+    first=$(decodeaddr ${1%-*})
+    last=$(decodeaddr ${1#*-})
+
+    if addr_comp $first $last; then
+	fatal_error "Invalid IP address range: $1"
+    fi
+
+    l=$(( $last + 1 ))
+
+    while addr_comp $l $first; do
+	vlsm=
+	x=31
+	y=2
+	z=1
+
+	while [ $(( $first % $y )) -eq 0 ] && ! addr_comp $(( $first + $y )) $l; do
+	    vlsm=/$x
+	    x=$(( $x - 1 ))
+	    z=$y
+	    y=$(( $y * 2 ))
+	done
+
+	echo $(encodeaddr $first)$vlsm
+	first=$(($first + $z))
+    done
+}
+
+ip_range_explicit() {
+    local first
+    local last
+
+    case $1 in
+    [0-9]*.*.*.*-*.*.*.*)
+	;;
+    *)
+	echo $1
+	return
+	;;
+    esac
+
+    first=$(decodeaddr ${1%-*})
+    last=$(decodeaddr ${1#*-})
+
+    if addr_comp $first $last; then
+	fatal_error "Invalid IP address range: $1"
+    fi
+
+    while ! addr_comp $first $last; do
+	echo $(encodeaddr $first)
+	first=$(($first + 1))
+    done
+}
+
+[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
+
+#
+# Netmask to VLSM
+#
+ip_vlsm() {
+    local mask
+    mask=$(decodeaddr $1)
+    local vlsm
+    vlsm=0
+    local x
+    x=$(( 128 << 24 )) # 0x80000000
+
+    while [ $(( $x & $mask )) -ne 0 ]; do
+	[ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Not all shells shift 0x80000000 left properly.
+	vlsm=$(($vlsm + 1))
+    done
+
+    if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff
+	echo "Invalid net mask: $1" >&2
+    else
+	echo $vlsm
+    fi
+}
+
+#
+# Set default config path
+#
+ensure_config_path() {
+    local F
+    F=${g_sharedir}/configpath
+    if [ -z "$CONFIG_PATH" ]; then
+	[ -f $F ] || { echo "   ERROR: $F does not exist"; exit 2; }
+	. $F
+    fi
+
+    if [ -n "$g_shorewalldir" ]; then
+	[ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ] || CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
+    fi
+}
+
+#
+# Get fully-qualified name of file
+#
+resolve_file() # $1 = file name
+{
+    local pwd
+    pwd=$PWD
+
+    case $1 in
+	/*)
+	    echo $1
+	    ;;
+	.)
+	    echo $pwd
+	    ;;
+	./*)
+	    echo ${pwd}${1#.}
+	    ;;
+	..)
+	    cd ..
+	    echo $PWD
+	    cd $pwd
+	    ;;
+	../*)
+	    cd ..
+	    resolve_file ${1#../}
+	    cd $pwd
+	    ;;
+	*)
+	    echo $pwd/$1
+	    ;;
+    esac
+}
+
+#
+# Determine how to do "echo -e"
+#
+
+find_echo() {
+    local result
+
+    result=$(echo "a\tb")
+    [ ${#result} -eq 3 ] && { echo echo; return; }
+
+    result=$(echo -e "a\tb")
+    [ ${#result} -eq 3 ] && { echo "echo -e"; return; }
+
+    result=$(which echo)
+    [ -n "$result" ] && { echo "$result -e"; return; }
+
+    echo echo
+}
+
+# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
+#
+#     None - No mktemp
+#     BSD  - BSD mktemp (Mandrake)
+#     STD  - mktemp.org mktemp
+#
+find_mktemp() {
+    local mktemp
+    mktemp=`mywhich mktemp 2> /dev/null`
+
+    if [ -n "$mktemp" ]; then
+	if qt mktemp -V ; then
+	    MKTEMP=STD
+	else
+	    MKTEMP=BSD
+	fi
+    else
+	MKTEMP=None
+    fi
+}
+
+#
+# create a temporary file. If a directory name is passed, the file will be created in
+# that directory. Otherwise, it will be created in a temporary directory.
+#
+mktempfile() {
+
+    [ -z "$MKTEMP" ] && find_mktemp
+
+    if [ $# -gt 0 ]; then
+	case "$MKTEMP" in
+	    BSD)
+		mktemp $1/shorewall.XXXXXX
+		;;
+	    STD)
+		mktemp -p $1 shorewall.XXXXXX
+		;;
+	    None)
+		> $1/shorewall-$$ && echo $1/shorewall-$$
+		;;
+	    *)
+		error_message "ERROR:Internal error in mktempfile"
+		;;
+	esac
+    else
+	case "$MKTEMP" in
+	    BSD)
+		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
+		;;
+	    STD)
+		mktemp -t shorewall.XXXXXX
+		;;
+	    None)
+		rm -f ${TMPDIR:-/tmp}/shorewall-$$
+		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
+		;;
+	    *)
+		error_message "ERROR:Internal error in mktempfile"
+		;;
+	esac
+    fi
+}
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -0,0 +1,817 @@
+#
+# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+#
+#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# The purpose of this library is to hold those functions used by both the CLI and by the
+# generated firewall scripts. To avoid versioning issues, it is copied into generated
+# scripts rather than loaded at run-time.
+#
+#########################################################################################
+#
+# Wrapper around logger that sets the tag according to $SW_LOGGERTAG
+#
+mylogger() {
+    local level
+
+    level=$1
+    shift
+
+    if [ -n "$SW_LOGGERTAG" ]; then
+	logger -p $level -t "$SW_LOGGERTAG" $*
+    else
+	logger -p $level $*
+    fi
+}
+
+#
+# Issue a message and stop
+#
+startup_error() # $* = Error Message
+{
+    echo "   ERROR: $@: Firewall state not changed" >&2
+
+    if [ $LOG_VERBOSITY -ge 0 ]; then
+        timestamp="$(date +'%b %e %T') "
+        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
+    fi
+
+    case $COMMAND in
+        start)
+	    mylogger kern.err "ERROR:$g_product start failed:Firewall state not changed"
+	    ;;
+	restart)
+	    mylogger kern.err "ERROR:$g_product restart failed:Firewall state not changed"
+	    ;;
+	restore)
+	    mylogger kern.err "ERROR:$g_product restore failed:Firewall state not changed"
+	    ;;
+    esac
+
+    if [ $LOG_VERBOSITY -ge 0 ]; then
+        timestamp="$(date +'%b %e %T') "
+
+	case $COMMAND in
+	    start)
+		echo "${timestamp}  ERROR:$g_product start failed:Firewall state not changed" >> $STARTUP_LOG
+		;;
+	    restart)
+		echo "${timestamp}  ERROR:$g_product restart failed:Firewall state not changed" >> $STARTUP_LOG
+		;;
+	    restore)
+		echo "${timestamp}  ERROR:$g_product restore failed:Firewall state not changed" >> $STARTUP_LOG
+		;;
+	esac
+    fi
+
+    mutex_off
+    kill $$
+    exit 2
+}
+
+#
+# Create the required option string and run the passed script using
+# $SHOREWALL_SHELL
+#
+run_it() {
+    local script
+    local options
+
+    export VARDIR
+
+    script=$1
+    shift
+
+    if [ x$1 = xtrace -o x$1 = xdebug ]; then
+	options="$1 -"
+	shift;
+    else
+	options='-'
+    fi
+
+    [ -n "$g_noroutes" ]   && options=${options}n
+    [ -n "$g_timestamp" ]  && options=${options}t
+    [ -n "$g_purge" ]      && options=${options}p
+    [ -n "$g_recovering" ] && options=${options}r
+    [ -n "$g_counters" ]   && options=${options}c
+
+    options="${options}V $VERBOSITY"
+
+    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
+
+    $SHOREWALL_SHELL $script $options $@
+}
+
+#
+# Message to stderr
+#
+error_message() # $* = Error Message
+{
+   echo "   $@" >&2
+   return 1
+}
+
+#
+# Undo the effect of 'split()'
+#
+join()
+{
+    local f
+    local o
+    o=
+
+    for f in $* ; do
+        o="${o:+$o:}$f"
+    done
+
+    echo $o
+}
+
+#
+# Return the number of elements in a list
+#
+list_count() # $* = list
+{
+    return $#
+}
+
+#
+# Split a colon-separated list into a space-separated list
+#
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    echo $*
+    IFS=$ifs
+}
+
+#
+# Split a comma-separated list into a space-separated list
+#
+split_list() {
+    local ifs
+    ifs=$IFS
+    IFS=,
+    echo $*
+    IFS=$ifs
+}
+
+#
+# Search a list looking for a match -- returns zero if a match found
+# 1 otherwise
+#
+list_search() # $1 = element to search for , $2-$n = list
+{
+    local e
+    e=$1
+
+    while [ $# -gt 1 ]; do
+	shift
+	[ "x$e" = "x$1" ] && return 0
+    done
+
+    return 1
+}
+
+#
+# Suppress all output for a command
+#
+qt()
+{
+    "$@" >/dev/null 2>&1
+}
+
+#
+# Suppress all output and input - mainly for preventing leaked file descriptors
+# to avoid SELinux denials
+#
+qtnoin()
+{
+    "$@" </dev/null >/dev/null 2>&1
+}
+
+qt1()
+{
+    local status
+
+    while [ 1 ]; do
+	"$@" </dev/null >/dev/null 2>&1
+	status=$?
+	[ $status -ne 4 ] && return $status
+    done
+}
+
+#
+# Determine if Shorewall[6] is "running"
+#
+product_is_started() {
+    qt1 $g_tool -L shorewall -n
+}
+
+shorewall_is_started() {
+    qt1 $IPTABLES -L shorewall -n
+}
+
+shorewall6_is_started() {
+    qt1 $IP6TABLES -L shorewall -n
+}
+
+#
+# Echos the fully-qualified name of the calling shell program
+#
+my_pathname() {
+    local pwd
+    pwd=$PWD
+    cd $(dirname $0)
+    echo $PWD/$(basename $0)
+    cd $pwd
+}
+
+#
+# Source a user exit file if it exists
+#
+run_user_exit() # $1 = file name
+{
+    local user_exit
+    user_exit=$(find_file $1)
+
+    if [ -f $user_exit ]; then
+	progress_message "Processing $user_exit ..."
+	. $user_exit
+    fi
+}
+
+#
+# Load a Kernel Module -- assumes that the variable 'moduledirectories' contains
+#                         a space-separated list of directories to search for
+#                         the module and that 'moduleloader' contains the
+#                         module loader command.
+#
+loadmodule() # $1 = module name, $2 - * arguments
+{
+    local modulename
+    modulename=$1
+    local modulefile
+    local suffix
+
+    if [ -d /sys/module/ ]; then
+	if ! list_search $modulename $DONT_LOAD; then
+	    if [ ! -d /sys/module/$modulename ]; then
+		shift
+
+		for suffix in $MODULE_SUFFIX ; do
+		    for directory in $moduledirectories; do
+			modulefile=$directory/${modulename}.${suffix}
+
+			if [ -f $modulefile ]; then
+			    case $moduleloader in
+				insmod)
+				    insmod $modulefile $*
+				    ;;
+				*)
+				    modprobe $modulename $*
+				    ;;
+			    esac
+			    break 2
+			fi
+		    done
+		done
+	    fi
+	fi
+    elif ! list_search $modulename $DONT_LOAD $MODULES; then
+	shift
+
+	for suffix in $MODULE_SUFFIX ; do
+	    for directory in $moduledirectories; do
+		modulefile=$directory/${modulename}.${suffix}
+
+		if [ -f $modulefile ]; then
+		    case $moduleloader in
+			insmod)
+			    insmod $modulefile $*
+			    ;;
+			*)
+			    modprobe $modulename $*
+			    ;;
+		    esac
+		    break 2
+		fi
+	    done
+	done
+    fi
+}
+
+#
+# Reload the Modules
+#
+reload_kernel_modules() {
+
+    local save_modules_dir
+    save_modules_dir=$MODULESDIR
+    local directory
+    local moduledirectories
+    moduledirectories=
+    local moduleloader
+    moduleloader=modprobe
+    local uname
+    local extras
+
+    if ! qt mywhich modprobe; then
+	moduleloader=insmod
+    fi
+
+    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
+
+    if [ -n "$MODULESDIR" ]; then
+	case "$MODULESDIR" in
+	    +*)
+		extras="$MODULESDIR"
+		extras=${extras#+}
+		MODULESDIR=
+		;;
+	esac
+    fi
+
+    if [ -z "$MODULESDIR" ]; then
+	uname=$(uname -r)
+	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
+	if [ -n "$extras" ]; then
+	    for directory in $(split "$extras"); do
+		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
+	    done
+	fi
+    fi
+
+    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
+
+    for directory in $(split $MODULESDIR); do
+	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
+    done
+
+    [ -n "$moduledirectories" ] && while read command; do
+	eval $command
+    done
+
+    MODULESDIR=$save_modules_dir
+}
+
+#
+# Load kernel modules required for Shorewall
+#
+load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
+{
+    local save_modules_dir
+    save_modules_dir=$MODULESDIR
+    local directory
+    local moduledirectories
+    moduledirectories=
+    local moduleloader
+    moduleloader=modprobe
+    local savemoduleinfo
+    savemoduleinfo=${1:-Yes} # So old compiled scripts still work
+    local uname
+    local extras
+
+    if ! qt mywhich modprobe; then
+	moduleloader=insmod
+    fi
+
+    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
+
+    if [ -n "$MODULESDIR" ]; then
+	case "$MODULESDIR" in
+	    +*)
+		extras="$MODULESDIR"
+		extras=${extras#+}
+		MODULESDIR=
+		;;
+	esac
+    fi
+
+    if [ -z "$MODULESDIR" ]; then
+	uname=$(uname -r)
+	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
+	if [ -n "$extras" ]; then
+	    for directory in $(split "$extras"); do
+		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
+	    done
+	fi
+    fi
+
+    for directory in $(split $MODULESDIR); do
+	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
+    done
+
+    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
+
+    if [ -f $modules -a -n "$moduledirectories" ]; then
+	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
+	progress_message "Loading Modules..."
+	. $modules
+	if [ $savemoduleinfo = Yes ]; then
+	    [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+	    echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir
+	    cp -f $modules ${VARDIR}/.modules
+	fi
+    elif [ $savemoduleinfo = Yes ]; then
+	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+	> ${VARDIR}/.modulesdir
+	> ${VARDIR}/.modules
+    fi
+
+    MODULESDIR=$save_modules_dir
+}
+
+#
+#  Note: The following set of IP address manipulation functions have anomalous
+#        behavior when the shell only supports 32-bit signed arithmetic and
+#        the IP address is 128.0.0.0 or 128.0.0.1.
+#
+
+LEFTSHIFT='<<'
+
+#
+# Convert an IP address in dot quad format to an integer
+#
+decodeaddr() {
+    local x
+    local temp
+    temp=0
+    local ifs
+    ifs=$IFS
+
+    IFS=.
+
+    for x in $1; do
+	temp=$(( $(( $temp $LEFTSHIFT 8 )) | $x ))
+    done
+
+    echo $temp
+
+    IFS=$ifs
+}
+
+#
+# convert an integer to dot quad format
+#
+encodeaddr() {
+    addr=$1
+    local x
+    local y
+    y=$(($addr & 255))
+
+    for x in 1 2 3 ; do
+	addr=$(($addr >> 8))
+	y=$(($addr & 255)).$y
+    done
+
+    echo $y
+}
+
+#
+# Netmask from CIDR
+#
+ip_netmask() {
+    local vlsm
+    vlsm=${1#*/}
+
+    [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 $LEFTSHIFT $(( 32 - $vlsm )) ))
+}
+
+#
+# Network address from CIDR
+#
+ip_network() {
+    local decodedaddr
+    decodedaddr=$(decodeaddr ${1%/*})
+    local netmask
+    netmask=$(ip_netmask $1)
+
+    echo $(encodeaddr $(($decodedaddr & $netmask)))
+}
+
+#
+# The following hack is supplied to compensate for the fact that many of
+# the popular light-weight Bourne shell derivatives don't support XOR ("^").
+#
+ip_broadcast() {
+    local x
+    x=$(( 32 - ${1#*/} ))
+
+    [ $x -eq 32 ] && echo -1 || echo $(( $(( 1 $LEFTSHIFT $x )) - 1 ))
+}
+
+#
+# Calculate broadcast address from CIDR
+#
+broadcastaddress() {
+    local decodedaddr
+    decodedaddr=$(decodeaddr ${1%/*})
+    local netmask
+    netmask=$(ip_netmask $1)
+    local broadcast
+    broadcast=$(ip_broadcast $1)
+
+    echo $(encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast )))
+}
+
+#
+# Test for network membership
+#
+in_network() # $1 = IP address, $2 = CIDR network
+{
+    local netmask
+    netmask=$(ip_netmask $2)
+    #
+    # Use string comparison to work around a broken BusyBox ash in OpenWRT
+    #
+    test $(( $(decodeaddr $1) & $netmask)) = $(( $(decodeaddr ${2%/*}) & $netmask ))
+}
+
+#
+# Query NetFilter about the existence of a filter chain
+#
+chain_exists() # $1 = chain name, $2 = table name (optional)
+{
+    qt1 $g_tool -t ${2:-filter} -L $1 -n
+}
+
+#
+# Find the interface with the passed MAC address
+#
+
+find_interface_by_mac() {
+    local mac
+    mac=$1
+    local first
+    local second
+    local rest
+    local dev
+
+    $IP link list | while read first second rest; do
+	case $first in
+	    *:)
+                dev=$second
+		;;
+	    *)
+	        if [ "$second" = $mac ]; then
+		    echo ${dev%:}
+		    return
+		fi
+	esac
+    done
+}
+
+#
+# Find interface address--returns the first IP address assigned to the passed
+# device
+#
+find_first_interface_address() # $1 = interface
+{
+    if [ $g_family -eq 4 ]; then
+	#
+	# get the line of output containing the first IP address
+	#
+	addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
+	#
+	# If there wasn't one, bail out now
+	#
+	[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
+	#
+	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+	# along with everything else on the line
+	#
+	echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+    else
+	#
+	# get the line of output containing the first IP address
+	#
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	#
+	# If there wasn't one, bail out now
+	#
+	[ -n "$addr" ] || startup_error "Can't determine the IPv6 address of $1"
+	#
+	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+	# along with everything else on the line
+	#
+	echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
+    fi
+}
+
+find_first_interface_address_if_any() # $1 = interface
+{
+    if [ $g_family -eq 4 ]; then
+	#
+	# get the line of output containing the first IP address
+	#
+	addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
+	#
+	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+	# along with everything else on the line
+	#
+	[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
+    else
+	#
+	# get the line of output containing the first IP address
+	#
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	#
+	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+	# along with everything else on the line
+	#
+	[ -n "$addr" ] && echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//' || echo ::
+    fi
+}
+
+#
+#Determines if the passed interface is a loopback interface
+#
+loopback_interface() { #$1 = Interface name
+    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
+}
+
+#
+# Find Loopback Interfaces
+#
+find_loopback_interfaces() {
+    local interfaces
+
+    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
+
+    [ -n "$interfaces" ] && echo $interfaces || echo lo
+}
+
+#
+# Internal version of 'which'
+#
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    echo $dir/$1
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
+#
+# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
+#
+find_file()
+{
+    local saveifs
+    saveifs=
+    local directory
+
+    case $1 in
+	/*)
+	    echo $1
+	    ;;
+	*)
+	    for directory in $(split $CONFIG_PATH); do
+		if [ -f $directory/$1 ]; then
+		    echo $directory/$1
+		    return
+		fi
+	    done
+
+	    if [ -n "$g_shorewalldir" ]; then
+		echo ${g_shorewalldir}/$1
+	    else
+		echo ${g_confdir}/$1
+	    fi
+	    ;;
+    esac
+}
+
+#
+# Set the Shorewall state
+#
+set_state () # $1 = state
+{
+    if [ $# -gt 1 ]; then
+	echo "$1 $(date) from $2" > ${VARDIR}/state
+    else
+	echo "$1 $(date)" > ${VARDIR}/state
+    fi
+}
+
+#
+# Perform variable substitution on the passed argument and echo the result
+#
+expand() # $@ = contents of variable which may be the name of another variable
+{
+    eval echo \"$@\"
+}
+
+#
+# Function for including one file into another
+#
+INCLUDE() {
+    . $(find_file $(expand $@))
+}
+
+# Function to truncate a string -- It uses 'cut -b -<n>'
+# rather than ${v:first:last} because light-weight shells like ash and
+# dash do not support that form of expansion.
+#
+
+truncate() # $1 = length
+{
+    cut -b -${1}
+}
+
+#
+# Call this function to assert mutual exclusion with Shorewall. If you invoke the
+# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
+# the first argument. Example "shorewall nolock refresh"
+#
+# This function uses the lockfile utility from procmail if it exists.
+# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
+# behavior of lockfile.
+#
+mutex_on()
+{
+    local try
+    try=0
+    local lockf
+    lockf=${LOCKFILE:=${VARDIR}/lock}
+    local lockpid
+    local lockd
+
+    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
+
+    if [ $MUTEX_TIMEOUT -gt 0 ]; then
+
+	lockd=$(dirname $LOCKFILE)
+
+	[ -d "$lockd" ] || mkdir -p "$lockd"
+
+	if [ -f $lockf ]; then
+	    lockpid=`cat ${lockf} 2> /dev/null`
+	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} removed"
+	    elif [ $lockpid -eq $$ ]; then
+                return 0
+	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
+	    fi
+	fi
+
+	if qt mywhich lockfile; then
+	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
+	    chmod u+w ${lockf}
+	    echo $$ > ${lockf}
+	    chmod u-w ${lockf}
+	elif qt mywhich lock; then
+            lock ${lockf}
+            chmod u=r ${lockf}
+	else
+	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
+		sleep 1
+		try=$((${try} + 1))
+	    done
+
+	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
+	        # Create the lockfile
+		echo $$ > ${lockf}
+	    else
+		echo "Giving up on lock file ${lockf}" >&2
+	    fi
+	fi
+    fi
+}
+
+#
+# Call this function to release mutual exclusion
+#
+mutex_off()
+{
+    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
+}
+
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -0,0 +1,21 @@
+#
+# Apple OS X Shorewall 5.0 rc file
+#
+BUILD=apple
+HOST=apple
+PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                           #Directory where subsystem configurations are installed
+SBINDIR=/sbin                          #Directory where system administration programs are installed
+MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
+INITDIR=                               #Unused on OS X
+INITFILE=                              #Unused on OS X
+INITSOURCE=                            #Unused on OS X
+ANNOTATED=                             #Unused on OS X
+SERVICEDIR=                            #Unused on OS X
+SERVICEFILE=                           #Unused on OS X
+SYSCONFDIR=                            #Unused on OS X
+SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
+VARLIB=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -0,0 +1,22 @@
+#
+# Arch Linux Shorewall 5.0 rc file
+#
+BUILD=                                 #Default is to detect the build system
+HOST=archlinux
+PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                           #Directory where subsystem configurations are installed
+SBINDIR=/usr/bin                       #Directory where system administration programs are installed
+MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
+INITDIR=                               #Directory where SysV init scripts are installed.
+INITFILE=                              #Name of the product's installed SysV init script
+INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                             #If non-zero, annotated configuration files are installed
+SYSCONFDIR=                            #Directory where SysV init parameter files are installed
+SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib                        #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -0,0 +1,21 @@
+#
+# Cygwin Shorewall 5.0 rc file
+#
+BUILD=cygwin
+HOST=cygwin
+PREFIX=/usr                           #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share              #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share            #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall  #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                          #Directory where subsystem configurations are installed
+SBINDIR=/bin                          #Directory where system administration programs are installed
+MANDIR=${SHAREDIR}/man                #Directory where manpages are installed.
+INITDIR=/etc/init.d                   #Unused on Cygwin
+INITFILE=                             #Unused on Cygwin
+INITSOURCE=                           #Unused on Cygwin
+ANNOTATED=                            #Unused on Cygwin
+SERVICEDIR=                           #Unused on Cygwin
+SERVICEFILE=                          #Unused on Cygwin
+SYSCONFDIR=                           #Unused on Cygwin
+SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
+VARLIB=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -0,0 +1,23 @@
+#
+# Debian Shorewall 4.5 rc file
+#
+BUILD=					#Default is to detect the build system
+HOST=debian
+PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
+CONFDIR=/etc				#Directory where subsystem configurations are installed
+SBINDIR=/sbin				#Directory where system administration programs are installed
+MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
+INITDIR=				#Directory where SysV init scripts are installed.
+INITFILE=				#Name of the product's installed SysV init script
+INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
+ANNOTATED=				#If non-zero, annotated configuration files are installed
+SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
+SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
+SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
+SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib				#Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -0,0 +1,23 @@
+#
+# Debian Shorewall 4.5 rc file
+#
+BUILD=                                  #Default is to detect the build system
+HOST=debian
+PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                            #Directory where subsystem configurations are installed
+SBINDIR=/sbin                           #Directory where system administration programs are installed
+MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
+INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
+INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                              #If non-zero, annotated configuration files are installed
+SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
+SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
+SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
+SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -0,0 +1,23 @@
+#
+# Default Shorewall 5.0 rc file
+#
+HOST=linux                              #Generic Linux
+BUILD=                                  #Default is to detect the build system
+PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                            #Directory where subsystem configurations are installed
+SBINDIR=/sbin                           #Directory where system administration programs are installed
+MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
+INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
+INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                              #If non-zero, annotated configuration files are installed
+SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFDIR=                             #Directory where SysV init parameter files are installed
+SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -0,0 +1,23 @@
+#
+# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
+#
+# Input: host=openwrt
+#
+PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                            #Directory where subsystem configurations are installed
+SBINDIR=/sbin                           #Directory where system administration programs are installed
+MANDIR=                                 #Directory where manpages are installed.
+INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
+INITSOURCE=init.openwrt.sh              #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                              #If non-zero, annotated configuration files are installed
+SYSCONFDIR=${CONFDIR}/sysconfig         #Directory where SysV init parameter files are installed
+SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed in $SYSCONFDIR
+SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/lib                             #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -0,0 +1,23 @@
+#
+# RedHat/FedoraShorewall 5.0 rc file
+#
+BUILD=                                  #Default is to detect the build system
+HOST=redhat
+PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/libexec            #Directory for executable scripts.
+PERLLIBDIR=/usr/share/perl5/vendor_perl #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                            #Directory where subsystem configurations are installed
+SBINDIR=/sbin                           #Directory where system administration programs are installed
+MANDIR=${SHAREDIR}/man                  #Directory where manpages are installed.
+INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
+INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                              #If non-zero, annotated configuration files are installed
+SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
+SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
+SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
+SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -0,0 +1,24 @@
+#
+# Slackware Shorewall 5.0 rc file
+#
+BUILD=slackware
+HOST=slackware
+PREFIX=/usr                                #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                   #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share                 #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall       #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                               #Directory where subsystem configurations are installed
+SBINDIR=/sbin                              #Directory where system administration programs are installed
+MANDIR=${PREFIX}/man                       #Directory where manpages are installed.
+INITDIR=/etc/rc.d                          #Directory where SysV init scripts are installed.
+AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be installed as the SysV init script
+AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
+INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
+INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
+SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
+SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
+ANNOTATED=                                 #If non-empty, install annotated configuration files
+VARLIB=/var/lib                            #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -0,0 +1,23 @@
+#
+# SuSE Shorewall 5.0 rc file
+#
+BUILD=                                                #Default is to detect the build system
+HOST=suse
+PREFIX=/usr                                           #Top-level directory for shared files, libraries, etc.
+CONFDIR=/etc                                          #Directory where subsystem configurations are installed
+SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
+SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
+MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
+INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                                     #Name of the product's SysV init script
+INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                                            #If non-zero, annotated configuration files are installed
+SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
+SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/var/lib                                       #Directory where persistent product data is stored.
+VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -0,0 +1,124 @@
+#!/bin/sh
+#
+# Script to back uninstall Shoreline Firewall
+#
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://www.shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#    Usage:
+#
+#       You may only use this script to uninstall the version
+#       shown below. Simply run this script to remove Shorewall Firewall
+
+VERSION=xxx #The Build script inserts the actual version
+PRODUCT="shorewall-core"
+Product="Shorewall Core"
+ 
+usage() # $1 = exit status
+{
+    ME=$(basename $0)
+    echo "usage: $ME [ <shorewallrc file> ]"
+    exit $1
+}
+
+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
+qt()
+{
+    "$@" >/dev/null 2>&1
+}
+
+restore_file() # $1 = file to restore
+{
+    if [ -f ${1}-shorewall.bkout ]; then
+	if (mv -f ${1}-shorewall.bkout $1); then
+	    echo
+	    echo "$1 restored"
+        else
+	    exit 1
+        fi
+    fi
+}
+
+remove_file() # $1 = file to restore
+{
+    if [ -f $1 -o -L $1 ] ; then
+	rm -f $1
+	echo "$1 Removed"
+    fi
+}
+
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
+    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
+	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
+	echo "         and this is the $VERSION uninstaller."
+	VERSION="$INSTALLED_VERSION"
+    fi
+else
+    echo "WARNING: Shorewall Core Version $VERSION is not installed"
+    VERSION=""
+fi
+
+echo "Uninstalling Shorewall Core $VERSION"
+
+rm -rf ${SHAREDIR}/shorewall
+rm -f ~/.shorewallrc
+
+echo "Shorewall Core Uninstalled"
+
+
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,17 +2,18 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2007 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,8 +21,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
@@ -33,7 +33,7 @@
 #

 interface_is_up() {
-    [ -n "$(/sbin/ip link list dev $1 2> /dev/null | /bin/grep -e '[<,]UP[,>]')" ] 
+    [ -n "$(/sbin/ip link list dev $1 2> /dev/null | /bin/grep -e '[<,]UP[,>]')" ]
 }

 case $# in
@@ -57,4 +57,4 @@ done

 exit 1

-    
+
--- a/Shorewall-init/COPYING
+++ b/Shorewall-init/COPYING
@@ -0,0 +1,341 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          51 Franklin Street, Fifth Floor,
+			  Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -0,0 +1,135 @@
+#!/bin/sh
+#
+# Debian ifupdown script for Shorewall-based products
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ ! -x $STATEDIR/firewall ]; then
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	    ${SBINDIR}/$PRODUCT compile
+	fi
+    fi
+}
+
+Debian_ppp() {
+    NEWPRODUCTS=
+    INTERFACE="$1"
+
+    case $0 in
+	/etc/ppp/ip-*)
+	    #
+	    # IPv4
+	    #
+	    for product in $PRODUCTS; do
+		case $product in
+		    shorewall|shorewall-lite)
+			NEWPRODUCTS="$NEWPRODUCTS $product";
+			;;
+		esac
+	    done
+	    ;;
+	/etc/ppp/ipv6-*)
+	    #
+	    # IPv6
+	    #
+	    for product in $PRODUCTS; do
+		case $product in
+		    shorewall6|shorewall6-lite)
+			NEWPRODUCTS="$NEWPRODUCTS $product";
+			;;
+		esac
+	    done
+	    ;;
+	*)
+	    exit 0
+	    ;;
+    esac
+
+    PRODUCTS="$NEWPRODUCTS"
+
+    case $0 in
+	*up/*)
+	    COMMAND=up
+	    ;;
+	*)
+	    COMMAND=down
+	    ;;
+    esac
+}
+
+IFUPDOWN=0
+PRODUCTS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f /etc/default/shorewall-init ]; then
+    . /etc/default/shorewall-init
+elif [ -f /etc/sysconfig/shorewall-init ]; then
+    . /etc/sysconfig/shorewall-init
+fi
+
+[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
+
+case $0 in
+    /etc/ppp*)
+	#
+	# Debian ppp
+	#
+	Debian_ppp
+	;;
+    *)
+        #
+        # Debian ifupdown system
+        #
+	INTERFACE="$IFACE"
+
+	if [ "$MODE" = start ]; then
+	    COMMAND=up
+	elif [ "$MODE" = stop ]; then
+	    COMMAND=down
+	else
+	    exit 0
+	fi
+	;;
+esac
+
+[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+
+for PRODUCT in $PRODUCTS; do
+    setstatedir
+
+    if [ -x $VARLIB/$PRODUCT/firewall ]; then
+	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    fi
+done
+
+exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -0,0 +1,111 @@
+#!/bin/sh
+#
+# Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+# Get startup options (override default)
+OPTIONS=
+
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ ! -x "$STATEDIR/firewall" ]; then
+	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
+	    ${SBINDIR}/$PRODUCT $OPTIONS compile
+	fi
+    fi
+}
+
+IFUPDOWN=0
+PRODUCTS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f /etc/default/shorewall-init ]; then
+    . /etc/default/shorewall-init
+elif [ -f /etc/sysconfig/shorewall-init ]; then
+    . /etc/sysconfig/shorewall-init
+fi
+
+[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
+
+PHASE=''
+
+case $0 in
+    /etc/ppp*)
+	INTERFACE="$1"
+
+	case $0 in
+	    *ip-up.local)
+		COMMAND=up
+		;;
+	    *ip-down.local)
+		COMMAND=down
+		;;
+	    *)
+		exit 0
+		;;
+	esac
+	;;
+    *)
+	#
+	# RedHat ifup/down system
+	#
+	INTERFACE="$1"
+    
+	case $0 in 
+	    *ifup*)
+		COMMAND=up
+		;;
+	    *ifdown*)
+		COMMAND=down
+		;;
+	    *dispatcher.d*)
+		COMMAND="$2"
+		;;
+	    *)
+		exit 0
+		;;
+	esac
+	;;
+esac
+
+[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+
+for PRODUCT in $PRODUCTS; do
+    setstatedir
+
+    if [ -x "$STATEDIR/firewall" ]; then
+	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
+	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    fi
+done
+
+exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -0,0 +1,146 @@
+#!/bin/sh
+#
+# SuSE ifupdown script for Shorewall-based products
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ ! -x $STATEDIR/firewall ]; then
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	    ${SBINDIR}/$PRODUCT compile
+	fi
+    fi
+}
+
+SuSE_ppp() {
+    NEWPRODUCTS=
+    INTERFACE="$1"
+
+    case $0 in
+	/etc/ppp/ip-*)
+	    #
+	    # IPv4
+	    #
+	    for product in $PRODUCTS; do
+		case $product in
+		    shorewall|shorewall-lite)
+			NEWPRODUCTS="$NEWPRODUCTS $product";
+			;;
+		esac
+	    done
+	    ;;
+	/etc/ppp/ipv6-*)
+	    #
+	    # IPv6
+	    #
+	    for product in $PRODUCTS; do
+		case $product in
+		    shorewall6|shorewall6-lite)
+			NEWPRODUCTS="$NEWPRODUCTS $product";
+			;;
+		esac
+	    done
+	    ;;
+	*)
+	    exit 0
+	    ;;
+    esac
+
+    PRODUCTS="$NEWPRODUCTS"
+
+    case $0 in
+	*up/*)
+	    COMMAND=up
+	    ;;
+	*)
+	    COMMAND=down
+	    ;;
+    esac
+}
+
+IFUPDOWN=0
+PRODUCTS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f /etc/default/shorewall-init ]; then
+    . /etc/default/shorewall-init
+elif [ -f /etc/sysconfig/shorewall-init ]; then
+    . /etc/sysconfig/shorewall-init
+fi
+
+[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
+
+PHASE=''
+
+case $0 in
+    /etc/ppp*)
+        #
+	# SUSE ppp
+	#
+	SuSE_ppp
+	;;
+	
+    *)
+        #
+        # SuSE ifupdown system
+        #
+	INTERFACE="$2"
+
+	case $0 in
+	    *dispatcher.d*)
+		INTERFACE="$1"
+		COMMAND="$2"
+		;;
+	    *if-up.d*)
+		COMMAND=up
+		;;
+	    *if-down.d*)
+		COMMAND=down
+		;;
+	    *)
+		exit 0
+		;;
+	esac
+	;;
+esac
+
+[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+
+for PRODUCT in $PRODUCTS; do
+    setstatedir
+
+    if [ -x $VARLIB/$PRODUCT/firewall ]; then
+	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    fi
+done
+
+exit 0
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -0,0 +1,185 @@
+#!/bin/sh
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+### BEGIN INIT INFO
+# Provides:          shorewall-init
+# Required-Start:    $local_fs
+# X-Start-Before:    $network
+# Required-Stop:     $local_fs
+# X-Stop-After:      $network
+# Default-Start:     S
+# Default-Stop:      0 6
+# Short-Description: Initialize the firewall at boot time
+# Description:       Place the firewall in a safe state at boot time prior to
+#                    bringing up the network
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+export VERBOSITY=0
+
+if [ "$(id -u)" != "0" ]
+then
+  echo "You must be root to start, stop or restart \"Shorewall \"."
+  exit 1
+fi
+
+echo_notdone () {
+  echo "not done."
+  exit 1
+}
+
+not_configured () {
+    echo "#### WARNING ####"
+    echo "the firewall won't be initialized unless it is configured"
+    if [ "$1" != "stop" ]
+    then
+	echo ""
+	echo "Please read about Debian specific customization in"
+	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+    fi
+    echo "#################"
+    exit 0
+}
+
+# set the STATEDIR variable
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+    else
+	return 0
+    fi
+}
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# check if shorewall-init is configured or not
+if [ -f "$SYSCONFDIR/shorewall-init" ]
+then
+    . $SYSCONFDIR/shorewall-init
+    if [ -z "$PRODUCTS" ]
+    then
+	not_configured
+    fi
+else
+    not_configured
+fi
+
+# Initialize the firewall
+shorewall_start () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+              #
+	      # Run in a sub-shell to avoid name collisions
+	      #
+	      (
+		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+		      ${STATEDIR}/firewall ${OPTIONS} stop
+		  fi
+	      )
+	  fi
+      fi
+  done
+
+  echo "done."
+
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+
+      echo -n "Restoring ipsets: "
+
+      if ! ipset -R < "$SAVE_IPSETS"; then
+	  echo_notdone
+      fi
+
+      echo "done."
+  fi
+
+  return 0
+}
+
+# Clear the firewall
+shorewall_stop () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Clearing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
+	  fi
+      fi
+  done
+
+  echo "done."
+
+  if [ -n "$SAVE_IPSETS" ]; then
+
+      echo "Saving ipsets: "
+
+      mkdir -p $(dirname "$SAVE_IPSETS")
+      if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+      else
+	  echo_notdone
+      fi
+
+      echo "done."
+  fi
+
+  return 0
+}
+
+case "$1" in
+  start)
+     shorewall_start
+     ;;
+  stop)
+     shorewall_stop
+     ;;
+  reload|force-reload)
+     ;;
+  *)
+     echo "Usage: $0 {start|stop|reload|force-reload}"
+     exit 1
+esac
+
+exit 0
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -0,0 +1,155 @@
+#! /bin/bash
+#
+# chkconfig: - 09 91
+# description: Initialize the shorewall firewall at boot time
+#
+### BEGIN INIT INFO
+# Provides: shorewall-init
+# Required-Start: $local_fs
+# Required-Stop:  $local_fs
+# Default-Start:
+# Default-Stop:	  0 1 2 3 4 5 6
+# Short-Description: Initialize the shorewall firewall at boot time
+# Description:       Place the firewall in a safe state at boot time
+#                    prior to bringing up the network.  
+### END INIT INFO
+#determine where the files were installed
+
+. /usr/share/shorewall/shorewallrc
+
+prog="shorewall-init"
+logger="logger -i -t $prog"
+lockfile="/var/lock/subsys/shorewall-init"
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Get startup options (override default)
+OPTIONS=
+
+# check if shorewall-init is configured or not
+if [ -f "/etc/sysconfig/shorewall-init" ]; then
+    . /etc/sysconfig/shorewall-init
+else
+    echo "/etc/sysconfig/shorewall-init not found"
+    exit 6
+fi
+
+# set the STATEDIR variable
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
+	${SBINDIR}/$PRODUCT $OPTIONS compile -c
+    else
+	return 0
+    fi
+}
+
+# Initialize the firewall
+start () {
+    local PRODUCT
+    local STATEDIR
+
+    if [ -z "$PRODUCTS" ]; then
+	echo "No firewalls configured for shorewall-init"
+	failure
+	return 6 #Not configured
+    fi
+
+    echo -n "Initializing \"Shorewall-based firewalls\": "
+
+    for PRODUCT in $PRODUCTS; do
+	setstatedir
+	retval=$?
+
+	if [ $retval -eq 0 ]; then
+	    if [ -x "${STATEDIR}/firewall" ]; then
+		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
+	fi
+    done
+
+    if [ $retval -eq 0 ]; then
+	touch $lockfile 
+	success
+    else
+	failure
+    fi
+    echo
+    return $retval
+}
+
+# Clear the firewall
+stop () {
+    local PRODUCT
+    local STATEDIR
+
+    echo -n "Clearing \"Shorewall-based firewalls\": "
+
+    for PRODUCT in $PRODUCTS; do
+	setstatedir
+	retval=$?
+
+	if [ $retval -eq 0 ]; then
+	    if [ -x "${STATEDIR}/firewall" ]; then
+		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
+	fi
+    done
+
+    if [ $retval -eq 0 ]; then
+	rm -f $lockfile
+	success
+    else
+	failure
+    fi
+    echo
+    return $retval
+}
+
+status_q() {
+    status > /dev/null 2>&1
+}
+
+case "$1" in
+    start)
+	status_q && exit 0
+	$1
+	;;
+    stop)
+	status_q || exit 0
+	$1
+	;;
+    restart|reload|force-reload|condrestart|try-restart)
+	echo "Not implemented"
+	exit 3
+	;;
+    status)
+	status $prog
+	;;
+  *)
+	echo "Usage: $0 {start|stop|status}"
+	exit 1
+esac
+
+exit 0
--- a/Shorewall-init/init.openwrt.sh
+++ b/Shorewall-init/init.openwrt.sh
@@ -0,0 +1,131 @@
+#!/bin/sh /etc/rc.common
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall-init.
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+
+# arg1 of init script is arg2 when rc.common is sourced
+
+case "$action" in
+  start|stop|boot)
+      if [ "$(id -u)" != "0" ]
+      then
+	  echo "You must be root to start, stop or restart \"Shorewall \"."
+	  exit 1
+      fi
+
+      # check if shorewall-init is configured or not
+      if [ -f "/etc/sysconfig/shorewall-init" ]
+      then
+	  . /etc/sysconfig/shorewall-init
+	  if [ -z "$PRODUCTS" ]
+	  then
+	      exit 0
+	  fi
+      else
+	  exit 0
+      fi
+
+      ;;
+  enable|disable|enabled)
+      # Openwrt related
+      # start and stop runlevel variable
+      START=19
+      STOP=91
+      ;;
+  *)
+      echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+      exit 1
+esac
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# Locate the current PRODUCT's statedir
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . ${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+    else
+	return 0
+    fi
+}
+
+# Initialize the firewall
+start () {
+    local PRODUCT
+  local STATEDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop
+	      fi
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      ipset -R < "$SAVE_IPSETS"
+  fi
+}
+
+boot () {
+    start
+}
+
+# Clear the firewall
+stop () {
+    local PRODUCT
+    local STATEDIR
+
+    echo -n "Clearing \"Shorewall-based firewalls\": "
+    for PRODUCT in $PRODUCTS; do
+	if setstatedir; then
+	    if [ -x ${STATEDIR}/firewall ]; then
+		${STATEDIR}/firewall ${OPTIONS} clear
+	    fi
+	fi
+    done
+
+    if [ -n "$SAVE_IPSETS" ]; then
+	mkdir -p $(dirname "$SAVE_IPSETS")
+	if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+	fi
+    fi
+}
+
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -0,0 +1,138 @@
+#! /bin/bash
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# chkconfig: - 09 91
+#
+### BEGIN INIT INFO
+# Provides: shorewall-init
+# Required-start: $local_fs
+# Required-stop:  $local_fs
+# Default-Start:  2 3 5
+# Default-Stop:   6
+# Short-Description: Initialize the firewall at boot time
+# Description:       Place the firewall in a safe state at boot time
+#                    prior to bringing up the network.  
+### END INIT INFO
+
+if [ "$(id -u)" != "0" ]
+then
+  echo "You must be root to start, stop or restart \"Shorewall \"."
+  exit 1
+fi
+
+# check if shorewall-init is configured or not
+if [ -f "/etc/sysconfig/shorewall-init" ]
+then
+	. /etc/sysconfig/shorewall-init
+	if [ -z "$PRODUCTS" ]
+	then
+		exit 0
+	fi
+else
+	exit 0
+fi
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# Locate the current PRODUCT's statedir
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+    else
+	return 0
+    fi
+}
+
+# Initialize the firewall
+shorewall_start () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop
+	      fi
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      ipset -R < "$SAVE_IPSETS"
+  fi
+
+  return 0
+}
+
+# Clear the firewall
+shorewall_stop () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Clearing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" ]; then
+      mkdir -p $(dirname "$SAVE_IPSETS")
+      if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+      fi
+  fi
+
+  return 0
+}
+
+case "$1" in
+  start)
+     shorewall_start
+     ;;
+  stop)
+     shorewall_stop
+     ;;
+  *)
+     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+     exit 1
+esac
+
+exit 0
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -0,0 +1,147 @@
+#! /bin/bash
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+### BEGIN INIT INFO
+# Provides: shorewall-init
+# Required-Start: $local_fs
+# Required-Stop:  $local_fs
+# Default-Start:  2 3 5
+# Default-Stop:   0 1 6
+# Short-Description: Initialize the firewall at boot time
+# Description:       Place the firewall in a safe state at boot time
+#                    prior to bringing up the network.  
+### END INIT INFO
+
+#Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+if [ "$(id -u)" != "0" ]
+then
+  echo "You must be root to start, stop or restart \"Shorewall \"."
+  exit 4
+fi
+
+# check if shorewall-init is configured or not
+if [ -f "/etc/sysconfig/shorewall-init" ]
+then
+    . /etc/sysconfig/shorewall-init
+
+    if [ -z "$PRODUCTS" ]
+    then
+	echo "No PRODUCTS configured"
+	exit 6
+    fi
+else
+    echo "/etc/sysconfig/shorewall-init not found"
+    exit 6
+fi
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# set the STATEDIR variable
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+    else
+	return 0
+    fi
+}
+
+# Initialize the firewall
+shorewall_start () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x $STATEDIR/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
+	      fi
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      ipset -R < "$SAVE_IPSETS"
+  fi
+}
+
+# Clear the firewall
+shorewall_stop () {
+  local PRODUCT
+  local STATEDIR
+
+  echo -n "Clearing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      ${STATEDIR}/firewall ${OPTIONS} clear
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" ]; then
+      mkdir -p $(dirname "$SAVE_IPSETS")
+      if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+      fi
+  fi
+}
+
+case "$1" in
+    start)
+	shorewall_start
+	;;
+    stop)
+	shorewall_stop
+	;;
+    reload|forced-reload)
+	;;
+    *)
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+	exit 1
+	;;
+esac
+
+exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -0,0 +1,632 @@
+#!/bin/sh
+#
+# Script to install Shoreline Firewall Init
+#
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+VERSION=xxx #The Build script inserts the actual version.
+PRODUCT=shorewall-init
+Product="Shorewall Init"
+
+usage() # $1 = exit status
+{
+    ME=$(basename $0)
+    echo "usage: $ME [ <configuration-file> ]"
+    echo "       $ME -v"
+    echo "       $ME -h"
+    echo "       $ME -n"
+    exit $1
+}
+
+fatal_error() 
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+qt()
+{
+    "$@" >/dev/null 2>&1
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
+cant_autostart()
+{
+    echo
+    echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
+}
+
+install_file() # $1 = source $2 = target $3 = mode
+{
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
+}
+
+make_directory() # $1 = directory , $2 = mode
+{
+    mkdir -p $1
+    chmod 0755 $1
+    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
+}
+
+require() 
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}
+
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
+#
+# Parse the run line
+#
+
+finished=0
+configure=1
+
+while [ $finished -eq 0 ] ; do
+    option="$1"
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "Shorewall-init Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    n*)
+			configure=0
+			option=${option#n}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    #
+    # Load packager's settings if any
+    #
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc || exit 1
+	file=~/.shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=./.shorewallrc
+     else
+	fatal_error "No configuration file specified and ~/.shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+if [ -z "${VARLIB}" ]; then
+    VARLIB=${VARDIR}
+    VARDIR=${VARLIB}/${PRODUCT}
+elif [ -z "${VARDIR}" ]; then
+    VARDIR=${VARLIB}/${PRODUCT}
+fi
+
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
+    require $var
+done
+
+[ -n "$SANDBOX" ] && configure=0
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+
+[ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
+
+if [ -z "$BUILD" ]; then
+    case $(uname) in
+	cygwin*)
+	    BUILD=cygwin
+	    ;;
+	Darwin)
+	    BUILD=apple
+	    ;;
+	*)
+	    if [ -f /etc/os-release ]; then
+		eval $(cat /etc/os-release | grep ^ID=)
+
+		case $ID in
+		    fedora|rhel|centos|foobar)
+			BUILD=redhat
+			;;
+		    debian|ubuntu)
+			BUILD=debian
+			;;
+		    opensuse)
+			BUILD=suse
+			;;
+		    *)
+			BUILD="$ID"
+			;;
+		esac
+	    elif [ -f /etc/debian_version ]; then
+		BUILD=debian
+	    elif [ -f /etc/ubuntu_version ]; then
+		BUILD=debian
+	    elif [ -f /etc/gentoo-release ]; then
+		BUILD=gentoo
+	    elif [ -f /etc/redhat-release ]; then
+		BUILD=redhat
+	    elif [ -f /etc/SuSE-release ]; then
+		BUILD=suse
+	    elif [ -f /etc/slackware-version ] ; then
+		BUILD=slackware
+	    elif [ -f /etc/arch-release ] ; then
+		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ]; then
+		BUILD=openwrt
+	    else
+		BUILD=linux
+	    fi
+	    ;;
+    esac
+fi
+
+case $BUILD in
+    apple)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	;;
+    cygwin*|CYGWIN*)
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+ 	;;
+    *)
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
+	;;
+esac
+
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
+
+[ -n "$HOST" ] || HOST=$BUILD
+
+case "$HOST" in
+    debian)
+	echo "Installing Debian-specific configuration..."
+	;;
+    gentoo)
+	echo "Installing Gentoo-specific configuration..."
+	;;
+    redhat)
+	echo "Installing Redhat/Fedora-specific configuration..."
+	;;
+    slackware)
+	echo "Shorewall-init is currently not supported on Slackware" >&2
+	exit 1
+	;;
+    archlinux)
+	echo "Shorewall-init is currently not supported on Arch Linux" >&2
+	exit 1
+	;;
+    suse)
+	echo "Installing SuSE-specific configuration..."
+	;;
+    openwrt)
+	echo "Installing Openwrt-specific configuration..."
+	;;
+    linux)
+	echo "ERROR: Shorewall-init is not supported on this system" >&2
+	exit 1
+	;;
+    *)
+	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
+	exit 1;
+	;;
+esac
+
+[ -z "$TARGET" ] && TARGET=$HOST
+
+if [ -n "$DESTDIR" ]; then
+    if [ $(id -u) != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
+    fi
+    
+    make_directory ${DESTDIR}${INITDIR} 0755
+fi
+
+echo "Installing Shorewall Init Version $VERSION"
+
+#
+# Check for /usr/share/shorewall-init/version
+#
+if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
+    first_install=""
+else
+    first_install="Yes"
+fi
+
+if [ -n "$DESTDIR" ]; then
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
+    chmod 0755 ${DESTDIR}${CONFDIR}/logrotate.d
+fi
+
+#
+# Install the Firewall Script
+#
+if [ -n "$INITFILE" ]; then
+    mkdir -p ${DESTDIR}${INITDIR}
+    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
+    
+    if [ -n "${AUXINITSOURCE}" ]; then
+	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
+    fi
+
+    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
+fi
+
+#
+# Install the .service file
+#
+if [ -z "${SERVICEDIR}" ]; then
+    SERVICEDIR="$SYSTEMD"
+fi
+
+if [ -n "$SERVICEDIR" ]; then
+    mkdir -p ${DESTDIR}${SERVICEDIR}
+    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
+	mkdir -p ${DESTDIR}${SBINDIR}
+        chmod 0755 ${DESTDIR}${SBINDIR}
+    fi
+    install_file shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init 0700
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
+    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
+fi
+
+#
+# Create /usr/share/shorewall-init if needed
+#
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
+chmod 0755 ${DESTDIR}${SHAREDIR}/shorewall-init
+
+#
+# Install logrotate file
+#
+if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
+    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
+fi
+
+#
+# Create the version file
+#
+echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
+chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
+
+#
+# Remove and create the symbolic link to the init script
+#
+if [ -z "$DESTDIR" ]; then
+    rm -f ${SHAREDIR}/shorewall-init/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
+fi
+
+if [ $HOST = debian ]; then
+    if [ -n "${DESTDIR}" ]; then
+	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
+	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
+	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
+    elif [ $configure -eq 0 ]; then
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
+    fi
+
+    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
+	if [ -n "${DESTDIR}" ]; then
+	    mkdir -p ${DESTDIR}${ETC}/default
+	fi
+
+	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
+	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
+	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+    fi
+
+    IFUPDOWN=ifupdown.debian.sh
+else
+    if [ -n "$DESTDIR" ]; then
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
+
+	if [ -z "$RPM" ]; then
+	    if [ $HOST = suse ]; then
+		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
+		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
+	    elif [ $HOST = gentoo ]; then
+		# Gentoo does not support if-{up,down}.d
+		/bin/true
+	    elif [ $HOST = openwrt ]; then
+		# Not implemented on openwrt
+		/bin/true
+	    else
+		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
+	    fi
+	fi
+    fi
+
+    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+	install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT 0644
+	echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+    fi
+
+    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
+fi
+
+#
+# Install the ifupdown script
+#
+
+if [ $HOST != openwrt ]; then
+    cp $IFUPDOWN ifupdown
+
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
+
+    mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
+
+    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
+fi
+
+if [ -d ${DESTDIR}/etc/NetworkManager ]; then
+    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
+    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
+fi
+
+case $HOST in
+    debian)
+	if [ $configure -eq 1 ]; then
+	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
+	else
+	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
+	fi
+	;;
+    suse)
+	if [ -z "$RPM" ]; then
+	    if [ $configure -eq 0 ]; then
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
+	    fi
+
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
+	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
+	fi
+	;;
+    redhat)
+	if [ -z "$DESTDIR" ]; then
+	    install_local=
+
+	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
+		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
+		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
+		else
+		    install_local=Yes
+		fi
+	    else
+		install_local=Yes
+	    fi
+
+	    if [ -n "$install_local" ]; then
+		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
+		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
+	    fi
+	fi
+	;;
+esac
+
+if [ -z "$DESTDIR" ]; then
+    if [ $configure -eq 1 -a -n "first_install" ]; then
+	if [ $HOST = debian ]; then
+	    if [ -n "$SERVICEDIR" ]; then
+		if systemctl enable ${PRODUCT}.service; then
+                    echo "Shorewall Init will start automatically at boot"
+		fi
+	    elif mywhich insserv; then
+		if insserv ${INITDIR}/shorewall-init; then
+		    echo "Shorewall Init will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    elif mywhich update-rc.d ; then
+		if update-rc.d $PRODUCT enable; then
+		    echo "$PRODUCT will start automatically at boot"
+		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
+		else
+		    cant_autostart
+		fi
+	    else
+		cant_autostart
+	    fi
+	elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+	    /etc/init.d/$PRODUCT enable
+	    if /etc/init.d/$PRODUCT enabled; then
+		echo "$Product will start automatically at boot"
+	    else
+		cant_autostart
+	    fi
+	elif [ $HOST = gentoo ]; then
+	    # On Gentoo, a service must be enabled manually by the user,
+	    # not by the installer
+	    /bin/true
+	else
+	    if [ -n "$SERVICEDIR" ]; then
+		if systemctl enable shorewall-init.service; then
+		    echo "Shorewall Init will start automatically at boot"
+		fi
+	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
+		if insserv ${INITDIR}/shorewall-init ; then
+		    echo "Shorewall Init will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
+		if chkconfig --add shorewall-init ; then
+		    echo "Shorewall Init will start automatically in run levels as follows:"
+		    chkconfig --list shorewall-init
+		else
+		    cant_autostart
+		fi
+	    elif [ -x ${SBINDIR}/rc-update ]; then
+		if rc-update add shorewall-init default; then
+		    echo "Shorewall Init will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+		/etc/init.d/$PRODUCT enable
+		if /etc/init.d/shorewall-init enabled; then
+		    echo "$Product will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    else
+		cant_autostart
+	    fi
+	fi
+    fi
+else
+    if [ $configure -eq 1 -a -n "$first_install" ]; then
+	if [ $HOST = debian -a -z "$SERVICEDIR" ]; then
+	    if [ -n "${DESTDIR}" ]; then
+		mkdir -p ${DESTDIR}/etc/rcS.d
+	    fi
+
+	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
+	    echo "Shorewall Init will start automatically at boot"
+	fi
+    fi
+fi
+
+[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
+
+if [ -d ${DESTDIR}/etc/ppp ]; then
+    case $HOST in
+	debian|suse)
+	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
+		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
+		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
+	    done
+	    ;;
+	redhat)
+	    #
+	    # Must use the dreaded ip_xxx.local file
+	    #
+	    for file in ip-up.local ip-down.local; do
+		FILE=${DESTDIR}/etc/ppp/$file
+		if [ -f $FILE ]; then
+		    if grep -qF Shorewall-based $FILE ; then
+			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
+		    else
+			echo "$FILE already exists -- ppp devices will not be handled"
+			break
+		    fi
+		else
+		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
+		fi
+	    done
+	    ;;
+    esac
+fi
+#
+#  Report Success
+#
+echo "shorewall Init Version $VERSION Installed"
--- a/Shorewall-init/logrotate
+++ b/Shorewall-init/logrotate
@@ -0,0 +1,5 @@
+/var/log/shorewall-ifupdown.log {
+  missingok
+  notifempty
+  create 0600 root root
+}
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -0,0 +1,124 @@
+#!/bin/bash
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#
+#	On most distributions, this file should be called
+#	/etc/init.d/shorewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#	This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by
+#	the Free Software Foundation, either version 2 of the license or,
+#	at your option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+###############################################################################
+# set the STATEDIR variable
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+    else
+	return 0
+    fi
+}
+
+#
+# This is modified by the installer when ${SHAREDIR} <> /usr/share
+#
+. /usr/share/shorewall/shorewallrc
+
+# check if shorewall-init is configured or not
+if [ -f "$SYSCONFDIR/shorewall-init" ]; then
+    . $SYSCONFDIR/shorewall-init
+    if [ -z "$PRODUCTS" ]; then
+	echo "ERROR: No products configured" >&2
+	exit 1
+    fi
+else
+    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    exit 1
+fi
+
+# Initialize the firewall
+shorewall_start () {
+    local PRODUCT
+    local STATEDIR
+
+    echo -n "Initializing \"Shorewall-based firewalls\": "
+    for PRODUCT in $PRODUCTS; do
+	if setstatedir; then
+	    if [ -x ${STATEDIR}/firewall ]; then
+		#
+		# Run in a sub-shell to avoid name collisions
+		#
+		(
+		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+			${STATEDIR}/firewall ${OPTIONS} stop
+		    fi
+		)
+	    fi
+	fi
+    done
+
+    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+	ipset -R < "$SAVE_IPSETS"
+    fi
+
+    return 0
+}
+
+# Clear the firewall
+shorewall_stop () {
+    local PRODUCT
+    local STATEDIR
+
+    echo -n "Clearing \"Shorewall-based firewalls\": "
+    for PRODUCT in $PRODUCTS; do
+	if setstatedir; then
+	    if [ -x ${STATEDIR}/firewall ]; then
+		${STATEDIR}/firewall ${OPTIONS} clear
+	    fi
+	fi
+    done
+
+    if [ -n "$SAVE_IPSETS" ]; then
+	mkdir -p $(dirname "$SAVE_IPSETS")
+	if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+	fi
+    fi
+
+    return 0
+}
+
+case "$1" in
+    start)
+	shorewall_start
+	;;
+    stop)
+	shorewall_stop
+	;;
+    *)
+	echo "Usage: $0 {start|stop}"
+	exit 1
+esac
+
+exit 0
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -0,0 +1,20 @@
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#
+#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#
+[Unit]
+Description=Shorewall firewall (bootup security)
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-/etc/sysconfig/shorewall-init
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-init start
+ExecStop=/sbin/shorewall-init stop
+
+[Install]
+WantedBy=basic.target
--- a/Shorewall-init/shorewall-init.service.debian
+++ b/Shorewall-init/shorewall-init.service.debian
@@ -0,0 +1,20 @@
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#
+#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
+#
+[Unit]
+Description=Shorewall firewall (bootup security)
+Before=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-/etc/default/shorewall-init
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-init start
+ExecStop=/sbin/shorewall-init stop
+
+[Install]
+WantedBy=basic.target
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -0,0 +1,26 @@
+# List the Shorewall products that Shorewall-init is to
+# initialize (space-separated list).
+#
+# Sample: PRODUCTS="shorewall shorewall6"
+#
+PRODUCTS=""
+
+#
+# Set this to 1 if you want Shorewall-init to react to 
+# ifup/ifdown and NetworkManager events
+#
+IFUPDOWN=0
+#
+# Set this to the name of the file that is to hold
+# ipset contents. Shorewall-init will load those ipsets
+# during 'start' and will save them there during 'stop'.
+#
+SAVE_IPSETS=""
+#
+# Where Up/Down events get logged
+#
+LOGFILE=/var/log/shorewall-ifupdown.log
+
+# Startup options - set verbosity to 0 (minimal reporting)
+OPTIONS="-V0"
+
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -0,0 +1,237 @@
+#!/bin/sh
+#
+# Script to back uninstall Shoreline Firewall
+#
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.sourceforge.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#    Usage:
+#
+#       You may only use this script to uninstall the version
+#       shown below. Simply run this script to remove Shorewall Firewall
+
+VERSION=xxx  #The Build script inserts the actual version
+PRODUCT=shorewall-init
+Product="Shorewall Init"
+
+usage() # $1 = exit status
+{
+    ME=$(basename $0)
+    echo "usage: $ME [ <shorewallrc file> ]"
+    exit $1
+}
+
+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
+qt()
+{
+    "$@" >/dev/null 2>&1
+}
+
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
+}
+
+remove_file() # $1 = file to restore
+{
+    if [ -f $1 -o -L $1 ] ; then
+	rm -f $1
+	echo "$1 Removed"
+    fi
+}
+
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
+finished=0
+configure=1
+
+while [ $finished -eq 0 ]; do
+    option=$1
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "$Product Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    n*)
+			configure=0
+			option=${option#n}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file || exit 1
+else
+    usage 1
+fi
+
+if [ -f ${SHAREDIR}/shorewall-init/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
+    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
+	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
+	echo "         and this is the $VERSION uninstaller."
+	VERSION="$INSTALLED_VERSION"
+    fi
+else
+    echo "WARNING: Shorewall Init Version $VERSION is not installed"
+    VERSION=""
+fi
+
+[ -n "${LIBEXEC:=${SHAREDIR}}" ]
+
+echo "Uninstalling Shorewall Init $VERSION"
+
+[ -n "$SANDBOX" ] && configure=0
+
+INITSCRIPT=${CONFDIR}/init.d/shorewall-init
+
+if [ -f "$INITSCRIPT" ]; then
+    if [ $configure -eq 1 ]; then
+	if [ $HOST = openwrt ]; then
+	    if /etc/init.d/shorewall-init enabled; then
+		/etc/init.d/shorewall-init disable
+	    fi
+	elif mywhich updaterc.d ; then
+	    updaterc.d shorewall-init remove
+	elif mywhich insserv ; then
+            insserv -r $INITSCRIPT
+	elif mywhich chkconfig ; then
+	    chkconfig --del $(basename $INITSCRIPT)
+	fi
+    fi
+
+    remove_file $INITSCRIPT
+fi
+
+if [ -z "${SERVICEDIR}" ]; then
+    SERVICEDIR="$SYSTEMD"
+fi
+
+if [ -n "$SERVICEDIR" ]; then
+    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
+    rm -f $SERVICEDIR/shorewall-init.service
+fi
+
+if [ $HOST = openwrt ]; then
+    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
+else
+    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
+fi
+
+remove_file ${CONFDIR}/default/shorewall-init
+remove_file ${CONFDIR}/sysconfig/shorewall-init
+
+remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
+
+remove_file ${CONFDIR}/network/if-up.d/shorewall
+remove_file ${CONFDIR}/network/if-down.d/shorewall
+remove_file ${CONFDIR}/network/if-post-down.d/shorewall
+
+remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
+remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
+
+if [ -d ${CONFDIR}/ppp ]; then
+    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
+	remove_file ${CONFDIR}/ppp/$directory/shorewall
+    done
+
+    for file in if-up.local if-down.local; do
+	if [ -f ${CONFDIR}/ppp/$file ]; then
+	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+		remove_file ${CONFDIR}/ppp/$FILE
+	    fi
+	fi
+    done
+fi
+
+rm -f  ${SBINDIR}/shorewall-init
+rm -rf ${SHAREDIR}/shorewall-init
+rm -rf ${LIBEXECDIR}/shorewall-init
+
+echo "Shorewall Init Uninstalled"
+
+
--- a/Shorewall-lite/COPYING
+++ b/Shorewall-lite/COPYING
@@ -2,7 +2,8 @@
 		       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+                          51 Franklin Street, Fifth Floor,
+			  Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

--- a/Shorewall-lite/Makefile
+++ b/Shorewall-lite/Makefile
@@ -3,16 +3,16 @@ VARDIR=$(shell /sbin/shorewall-lite show vardir)
 SHAREDIR=/usr/share/shorewall-lite
 RESTOREFILE?=.restore

-all: $(VARDIR)/${RESTOREFILE}
+all: $(VARDIR)/$(RESTOREFILE)

-$(VARDIR)/${RESTOREFILE}: $(VARDIR)/firewall
+$(VARDIR)/$(RESTOREFILE): $(VARDIR)/firewall
 	@/sbin/shorewall-lite -q save >/dev/null; \
 	if \
 	    /sbin/shorewall-lite -q restart >/dev/null 2>&1; \
 	then \
 	    /sbin/shorewall-lite -q save >/dev/null; \
 	else \
-	    /sbin/shorewall-lite -q restart 2>&1 | tail >&2; \
+	    /sbin/shorewall-lite -q restart 2>&1 | tail >&2; exit 1; \
 	fi

 # EOF
--- a/Shorewall-lite/README.txt
+++ b/Shorewall-lite/README.txt
@@ -1 +0,0 @@
-This is the Shorewall-lite development 4.3 branch of SVN.
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -1,7 +1,7 @@
 #
-# Shorewall Lite version 4.1 - Default Config Path
+# Shorewall Lite version 5 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #

-CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
+CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
--- a/Shorewall-lite/default.debian
+++ b/Shorewall-lite/default.debian
@@ -18,12 +18,27 @@ startup=0
 #
 # Startup options
 #
-
 OPTIONS=""

+#
+# Start options
+#
+STARTOPTIONS=""
+
+#
+# Restart options
+#
+RESTARTOPTIONS=""
+
 #
 # Init Log -- if /dev/null, use the STARTUP_LOG defined in shorewall.conf
 #
 INITLOG=/dev/null

+#
+# Set this to 1 to cause '/etc/init.d/shorewall-lite stop' to place the firewall in
+# a safe state rather than to open it
+#
+SAFESTOP=0
+
 # EOF
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@@ -1,104 +0,0 @@
-#!/bin/sh
-#
-# Script to back out the installation of Shorewall Lite and to restore the previous version of
-# the program
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2006,2007 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#    Usage:
-#
-#       You may only use this script to back out the installation of the version
-#       shown below. Simply run this script to revert to your prior version of
-#       Shoreline Firewall.
-
-VERSION=4.4.7.1
-
-usage() # $1 = exit status
-{
-    echo "usage: $(basename $0)"
-    exit $1
-}
-
-restore_directory() # $1 = directory to restore
-{
-    if [ -d ${1}-${VERSION}.bkout ]; then
-	if mv -f $1 ${1}-${VERSION} && mv ${1}-${VERSION}.bkout $1; then
-	    echo
-	    echo "$1 restored"
-	    rm -rf ${1}-${VERSION}
-	else
-	    echo "ERROR: Could not restore $1"
-	    exit 1
-	fi
-    fi
-}
-
-restore_file() # $1 = file to restore, $2 = (Optional) Directory to restore from
-{
-    if [ -n "$2" ]; then
-	local file
-	file=$(basename $1)
-
-	if [ -f $2/$file ]; then
-	    if mv -f $2/$file $1 ; then
-		echo
-		echo "$1 restored"
-		return
-	    fi
-
-	    echo "ERROR: Could not restore $1"
-	    exit 1
-        fi
-    fi
-
-    if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
-	if (mv -f ${1}-${VERSION}.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    echo "ERROR: Could not restore $1"
-	    exit 1
-        fi
-    fi
-}
-
-if [ ! -f /usr/share/shorewall-lite-${VERSION}.bkout/version ]; then
-    echo "Shorewall Version $VERSION is not installed"
-    exit 1
-fi
-
-echo "Backing Out Installation of Shorewall $VERSION"
-
-if [ -L /usr/share/shorewall-lite/init ]; then
-    FIREWALL=$(ls -l /usr/share/shorewall-lite/init | sed 's/^.*> //')
-    restore_file $FIREWALL /usr/share/shorewall-lite-${VERSION}.bkout
-else
-    restore_file /etc/init.d/shorewall /usr/share/shorewall-lite-${VERSION}.bkout
-fi
-
-restore_file /sbin/shorewall /var/lib/shorewall-lite-${VERSION}.bkout
-
-restore_directory /etc/shorewall-lite
-restore_directory /usr/share/shorewall-lite
-restore_directory /var/lib/shorewall-lite
-
-echo "Shorewall Lite Restored to Version $(cat /usr/share/shorewall-lite/version)"
-
-
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -1,58 +0,0 @@
-#!/bin/bash
-
-OPTIONS="-f"
-
-if [ -f /etc/sysconfig/shorewall ] ; then
-	. /etc/sysconfig/shorewall
-elif [ -f /etc/default/shorewall ] ; then
-	. /etc/default/shorewall
-fi
-
-# if you want to override options, do so in /etc/sysconfig/shorewall or
-# in /etc/default/shorewall --
-# i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
-
-case "$1" in
-	start)
-		stat_busy "Starting $DAEMON_NAME"
-		/sbin/shorewall-lite $OPTIONS start &>/dev/null
-		if [ $? -gt 0 ]; then
-			stat_fail
-		else
-			add_daemon $DAEMON_NAME
-			stat_done
-		fi
-		;;
-
-
-	stop)
-		stat_busy "Stopping $DAEMON_NAME"
-		/sbin/shorewall-lite stop &>/dev/null
-		if [ $? -gt 0 ]; then
-			stat_fail
-		else
-			rm_daemon $DAEMON_NAME
-			stat_done
-		fi
-		;;
-
-	restart|reload)
-		stat_busy "Restarting $DAEMON_NAME"
-		/sbin/shorewall-lite restart &>/dev/null
-		if [ $? -gt 0  ]; then
-			stat_fail
-		else
-			stat_done
-		fi
-		;;
-
-	*)
-		echo "usage: $0 {start|stop|restart}"
-esac
-exit 0
-
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -2,8 +2,8 @@

 ### BEGIN INIT INFO
 # Provides:          shorewall-lite
-# Required-Start:    $network
-# Required-Stop:     $network
+# Required-Start:    $network $remote_fs
+# Required-Stop:     $network $remote_fs
 # Default-Start:     S
 # Default-Stop:      0 6
 # Short-Description: Configure the firewall at boot time
@@ -11,20 +11,19 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO

-
+. /lib/lsb/init-functions

 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
 test -n ${INITLOG:=/var/log/shorewall-lite-init.log}

-[ "$INITLOG" eq "/dev/null" && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0
+[ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0

 export SHOREWALL_INIT_SCRIPT
-
 test -x $SRWL || exit 0
 test -x $WAIT_FOR_IFUP || exit 0
 test -n "$INITLOG" || {
-	echo "INITLOG cannot be empty, please configure $0" ; 
+	echo "INITLOG cannot be empty, please configure $0" ;
 	exit 1;
 }

@@ -36,12 +35,13 @@ fi

 echo_notdone () {

-  if [ "$INITLOG" = "/dev/null" ] ; then 
+  if [ "$INITLOG" = "/dev/null" ] ; then
 	  echo "not done."
-  else 
+  else
 	  echo "not done (check $INITLOG)."
  fi

+  exit 1
 }

 not_configured () {
@@ -57,17 +57,23 @@ not_configured () {
 	exit 0
 }

+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
-if [ -f "/etc/shorewall-lite/params" ]
+
+if [ -f "$CONFDIR/shorewall-lite/params" ]
 then
-	. /etc/shorewall-lite/params
+	. $CONFDIR/shorewall-lite/params
 fi

 # check if shorewall is configured or not
-if [ -f "/etc/default/shorewall-lite" ]
+if [ -f "$SYSCONFDIR/shorewall-lite" ]
 then
-	. /etc/default/shorewall-lite
+	. $SYSCONFDIR/shorewall-lite
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
@@ -80,21 +86,25 @@ fi
 # start the firewall
 shorewall_start () {
  echo -n "Starting \"Shorewall firewall\": "
-  $SRWL $SRWL_OPTS start >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  $SRWL $SRWL_OPTS start $STARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
  return 0
 }

 # stop the firewall
 shorewall_stop () {
  echo -n "Stopping \"Shorewall firewall\": "
-  $SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  if [ "$SAFESTOP" = 1 ]; then
+      $SRWL $SRWL_OPTS stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  else
+      $SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  fi
  return 0
 }

 # restart the firewall
 shorewall_restart () {
  echo -n "Restarting \"Shorewall firewall\": "
-  $SRWL $SRWL_OPTS restart >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  $SRWL $SRWL_OPTS restart $RESTARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
  return 0
 }

@@ -105,6 +115,11 @@ shorewall_refresh () {
  return 0
 }

+# status of the firewall
+shorewall_status () {
+  $SRWL $SRWL_OPTS status && exit 0 || exit $?
+}
+
 case "$1" in
  start)
     shorewall_start
@@ -118,8 +133,11 @@ case "$1" in
  force-reload|restart)
     shorewall_restart
     ;;
+  status)
+     shorewall_status
+     ;;
  *)
-     echo "Usage: /etc/init.d/shorewall-lite {start|stop|refresh|restart|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-lite {start|stop|refresh|restart|force-reload|status}"
     exit 1
 esac

--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -0,0 +1,117 @@
+#!/bin/sh
+#
+# Shorewall init script
+#
+# chkconfig: - 28 90
+# description: Packet filtering firewall
+
+### BEGIN INIT INFO
+# Provides: shorewall-lite
+# Required-Start: $local_fs $remote_fs $syslog $network
+# Should-Start: VMware $time $named
+# Required-Stop:
+# Default-Start:
+# Default-Stop:	  0 1 2 3 4 5 6
+# Short-Description: Packet filtering firewall
+# Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
+#              Netfilter (iptables) based firewall
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+prog="shorewall-lite"
+shorewall="${SBINDIR}/$prog"
+logger="logger -i -t $prog"
+lockfile="/var/lock/subsys/$prog"
+
+# Get startup options (override default)
+OPTIONS=
+
+if [ -f ${SYSCONFDIR}/$prog ]; then
+    . ${SYSCONFDIR}/$prog
+fi
+
+start() {
+    echo -n $"Starting Shorewall: "
+    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
+    retval=${PIPESTATUS[0]}
+    if [[ $retval == 0 ]]; then
+	touch $lockfile
+	success
+    else
+	failure
+    fi
+    echo
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping Shorewall: "
+    $shorewall $OPTIONS stop 2>&1 | $logger
+    retval=${PIPESTATUS[0]}
+    if [[ $retval == 0 ]]; then
+	rm -f $lockfile
+	success
+    else
+	failure
+    fi
+    echo
+    return $retval
+}
+
+restart() {
+# Note that we don't simply stop and start since shorewall has a built in
+# restart which stops the firewall if running and then starts it.
+    echo -n $"Restarting Shorewall: "
+    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
+    retval=${PIPESTATUS[0]}
+    if [[ $retval == 0 ]]; then
+	touch $lockfile
+	success
+    else # Failed to start, clean up lock file if present
+	rm -f $lockfile
+	failure
+    fi
+    echo
+    return $retval
+}
+
+status(){
+    $shorewall status
+    return $?
+}
+
+status_q() {
+    status > /dev/null 2>&1
+}
+
+case "$1" in
+    start)
+	status_q && exit 0
+	$1
+	;;
+    stop)
+	status_q || exit 0
+	$1
+	;;
+    restart|reload|force-reload)
+	restart
+	;;
+    condrestart|try-restart)
+        status_q || exit 0
+        restart
+        ;;
+    status)
+	$1
+	;;
+    *)
+	echo "Usage: $0 start|stop|reload|restart|force-reload|status"
+	exit 1
+	;;
+esac
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -0,0 +1,94 @@
+#!/bin/sh /etc/rc.common
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
+#
+#	On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically stopped.
+#
+#	Commands are:
+#
+#	   shorewall-lite start			  Starts the firewall
+#	   shorewall-lite restart		  Restarts the firewall
+#	   shorewall-lite reload		  Reload the firewall
+#	   shorewall-lite stop			  Stops the firewall
+#	   shorewall-lite status		  Displays firewall status
+#
+
+# description: Packet filtering firewall
+
+# Openwrt related
+# Start and stop runlevel variable
+START=50
+STOP=89
+# Displays the status command
+EXTRA_COMMANDS="status"
+EXTRA_HELP=" status Displays firewall status"
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
+fi
+
+SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N    B E G I N S   H E R E				       #
+################################################################################
+# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
+command="$action"
+
+start() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STARTOPTIONS
+}
+
+boot() {
+	local command="start"
+	start
+}
+
+restart() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RESTARTOPTIONS
+}
+
+reload() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RELOADOPTION
+}
+
+stop() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STOPOPTIONS
+}
+
+status() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
+}
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -1,19 +1,20 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,8 +22,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
@@ -61,10 +61,14 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-if [ -f /etc/sysconfig/shorewall ]; then
-    . /etc/sysconfig/shorewall
-elif [ -f /etc/default/shorewall ] ; then
-    . /etc/default/shorewall
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
 fi

 SHOREWALL_INIT_SCRIPT=1
@@ -76,14 +80,13 @@ command="$1"

 case "$command" in
    start)
-	exec /sbin/shorewall-lite $OPTIONS $@
+	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
-    stop|restart|status)
-	exec /sbin/shorewall-lite $@
+    restart|reload)
+	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
-    reload)
-	shift
-	exec /sbin/shorewall-lite restart $@
+    status|stop)
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 	;;
    *)
 	usage
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
+#
+#	On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically stopped.
+#
+#	Commands are:
+#
+#	   shorewall start			  Starts the firewall
+#	   shorewall restart			  Restarts the firewall
+#	   shorewall reload			  Reload the firewall
+#						  (same as restart)
+#	   shorewall stop			  Stops the firewall
+#	   shorewall status			  Displays firewall status
+#
+
+
+### BEGIN INIT INFO
+# Provides:	  shorewall-lite
+# Required-Start: $network $remote_fs
+# Required-Stop:  
+# Default-Start:  2 3 5
+# Default-Stop:	  0 1 6
+# Description:	  starts and stops the shorewall firewall
+# Short-Description: Packet filtering firewall
+### END INIT INFO
+
+################################################################################
+# Give Usage Information						       #
+################################################################################
+usage() {
+    echo "Usage: $0 start|stop|reload|restart|status"
+    exit 1
+}
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
+fi
+
+SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N    B E G I N S   H E R E				       #
+################################################################################
+command="$1"
+
+case "$command" in
+    start)
+	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
+	;;
+    restart|reload)
+	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+	;;
+    status|stop)
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
+	;;
+    *)
+	usage
+	;;
+esac
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,37 +2,44 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+#       This program is part of Shorewall.
 #
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #

-VERSION=4.4.7.1
+VERSION=xxx #The Build script inserts the actual version

 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
+    echo "       $ME -n"
    exit $1
 }

+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 split() {
    local ifs
    ifs=$IFS
@@ -60,19 +67,10 @@ mywhich() {
    return 2
 }

-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
    echo
-    echo  "WARNING: Unable to configure shorewall to start automatically at boot" >&2
+    echo  "WARNING: Unable to configure $Product to start automatically at boot" >&2
 }

 delete_file() # $1 = file to delete
@@ -82,286 +80,542 @@ delete_file() # $1 = file to delete

 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
 }

-#
-# Parse the run line
-#
-# DEST is the SysVInit script directory
-# INIT is the name of the script in the $DEST directory
-# RUNLEVELS is the chkconfig parmeters for firewall
-# ARGS is "yes" if we've already parsed an argument
-#
-ARGS=""
+make_directory() # $1 = directory , $2 = mode
+{
+    mkdir -p $1
+    chmod 755 $1
+    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1

-if [ -z "$DEST" ] ; then
-	DEST="/etc/init.d"
-fi
+}

-if [ -z "$INIT" ] ; then
-	INIT="shorewall-lite"
-fi
-
-if [ -z "$RUNLEVELS" ] ; then
-	RUNLEVELS=""
-fi
-
-while [ $# -gt 0 ] ; do
-    case "$1" in
-	-h|help|?)
-	    usage 0
-	    ;;
-        -v)
-	    echo "Shorewall Lite Firewall Installer Version $VERSION"
-	    exit 0
-	    ;;
-	*)
-	    usage 1
-	    ;;
-    esac
-    shift
-    ARGS="yes"
-done
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
-#
-# Determine where to install the firewall script
-#
-DEBIAN=
-CYGWIN=
-
-case $(uname) in
-    CYGWIN*)
-	if [ -z "$PREFIX" ]; then
-	    DEST=
-	    INIT=
-	fi
-
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
-	;;
-    *)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=root
-	;;
-esac
-
-OWNERSHIP="-o $OWNER -g $GROUP"
-
-if [ -n "$PREFIX" ]; then
-    if [ `id -u` != 0 ] ; then
-	echo "Not setting file owner/group permissions, not running as root."
-	OWNERSHIP=""
-    fi
-    
-    install -d $OWNERSHIP -m 755 ${PREFIX}/sbin
-    install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
-elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
-    DEBIAN=yes
-elif [ -f /etc/slackware-version ] ; then
-    DEST="/etc/rc.d"
-    INIT="rc.firewall"
-elif [ -f /etc/arch-release ] ; then
-      DEST="/etc/rc.d"
-      INIT="shorewall-lite"
-      ARCHLINUX=yes
-fi
+require()
+{
+    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+}

 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"

-echo "Installing Shorewall Lite Version $VERSION"
+if [ -f shorewall-lite ]; then
+    PRODUCT=shorewall-lite
+    Product="Shorewall Lite"
+else
+    PRODUCT=shorewall6-lite
+    Product="Shorewall6 Lite"
+fi

 #
-# Check for /etc/shorewall-lite
+# Parse the run line
 #
-if [ -z "$PREFIX" -a -d /etc/shorewall-lite ]; then
+finished=0
+configure=1
+
+while [ $finished -eq 0 ] ; do
+
+    option=$1
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "$Product Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    n*)
+			configure=0
+			option=${option#n}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc || exit 1
+	file=./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+if [ -z "${VARLIB}" ]; then
+    VARLIB=${VARDIR}
+    VARDIR=${VARLIB}/${PRODUCT}
+elif [ -z "${VARDIR}" ]; then
+    VARDIR=${VARLIB}/${PRODUCT}
+fi
+
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
+    require $var
+done
+
+[ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
+
+PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
+
+[ -n "$SANDBOX" ] && configure=0
+
+#
+# Determine where to install the firewall script
+#
+cygwin=
+
+if [ -z "$BUILD" ]; then
+    case $(uname) in
+	cygwin*|CYGWIN*)
+	    BUILD=cygwin
+	    ;;
+	Darwin)
+	    BUILD=apple
+	    ;;
+	*)
+	    if [ -f /etc/os-release ]; then
+		eval $(cat /etc/os-release | grep ^ID)
+
+		case $ID in
+		    fedora|rhel|centos|foobar)
+			BUILD=redhat
+			;;
+		    debian)
+			BUILD=debian
+			;;
+		    gentoo)
+			BUILD=gentoo
+			;;
+		    opensuse)
+			BUILD=suse
+			;;
+		    *)
+			BUILD="$ID"
+			;;
+		esac
+	    elif [ -f ${CONFDIR}/debian_version ]; then
+		BUILD=debian
+	    elif [ -f /etc/gentoo-release ]; then
+		BUILD=gentoo
+	    elif [ -f ${CONFDIR}/redhat-release ]; then
+		BUILD=redhat
+	    elif [ -f ${CONFDIR}/SuSE-release ]; then
+		BUILD=suse
+	    elif [ -f ${CONFDIR}/slackware-version ] ; then
+		BUILD=slackware
+	    elif [ -f ${CONFDIR}/arch-release ] ; then
+		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ]; then
+		BUILD=openwrt
+	    else
+		BUILD=linux
+	    fi
+	    ;;
+    esac
+fi
+
+case $BUILD in
+    cygwin*|CYGWIN*)
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+	;;
+    apple)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	;;
+    *)
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
+	;;
+esac
+
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
+
+[ -n "$HOST" ] || HOST=$BUILD
+
+case "$HOST" in
+    cygwin)
+	echo "$PRODUCT is not supported on Cygwin" >&2
+	exit 1
+	;;
+    apple)
+	echo "$PRODUCT is not supported on OS X" >&2
+	exit 1
+	;;
+    debian)
+	echo "Installing Debian-specific configuration..."
+	;;
+    gentoo)
+	echo "Installing Gentoo-specific configuration..."
+	;;
+    redhat)
+	echo "Installing Redhat/Fedora-specific configuration..."
+	;;
+    slackware)
+	echo "Installing Slackware-specific configuration..."
+	;;
+    archlinux)
+	echo "Installing ArchLinux-specific configuration..."
+	;;
+    suse)
+	echo "Installing Suse-specific configuration..."
+	;;
+    openwrt)
+	echo "Installing OpenWRT-specific configuration..."
+	;;
+    linux)
+	;;
+    *)
+	echo "ERROR: Unknown HOST \"$HOST\"" >&2
+	exit 1;
+	;;
+esac
+
+[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
+
+if [ -n "$DESTDIR" ]; then
+    if [ `id -u` != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
+    fi
+
+    make_directory ${DESTDIR}${SBINDIR} 755
+    make_directory ${DESTDIR}${INITDIR} 755
+
+else
+    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
+	exit 1
+    fi
+fi
+
+echo "Installing $Product Version $VERSION"
+
+#
+# Check for ${CONFDIR}/$PRODUCT
+#
+if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
+    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
+	exit 1
+    fi
+
+    [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
+	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+else
+    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
+    rm -rf ${DESTDIR}${SHAREDIR}/$PRODUCT
+    rm -rf ${DESTDIR}${VARDIR}
+    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
+fi
+
+#
+# Check for ${SBINDIR}/$PRODUCT
+#
+if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
    first_install=""
-    [ -f /etc/shorewall-lite/shorewall.conf ] && \
-	mv -f /etc/shorewall-lite/shorewall.conf /etc/shorewall-lite/shorewall-lite.conf
 else
    first_install="Yes"
-    rm -rf ${PREFIX}/etc/shorewall-lite
-    rm -rf ${PREFIX}/usr/share/shorewall-lite
-    rm -rf ${PREFIX}/var/lib/shorewall-lite
 fi

-delete_file ${PREFIX}/usr/share/shorewall-lite/xmodules
+delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules

-install_file shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
+install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
+[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755

-echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite"
+echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"

 #
-# Install the Firewall Script
+# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
-if [ -n "$DEBIAN" ]; then
-    install_file init.debian.sh /etc/init.d/shorewall-lite 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
-elif [ -n "$ARCHLINUX" ]; then
-    install_file init.archlinux.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
+mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
+mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
+mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
+mkdir -p ${DESTDIR}${VARDIR}

-else
-    install_file init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
+chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
+chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+
+if [ -n "$DESTDIR" ]; then
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
+    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
+    mkdir -p ${DESTDIR}${INITDIR}
+    chmod 755 ${DESTDIR}${INITDIR}
 fi

-echo  "Shorewall Lite script installed in ${PREFIX}${DEST}/$INIT"
+if [ -n "$INITFILE" ]; then
+    if [ -f "${INITSOURCE}" ]; then
+	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
+	install_file ${INITSOURCE} "$initfile" 0544

+	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+
+	echo  "SysV init script $INITSOURCE installed in $initfile"
+    fi
+fi
 #
-# Create /etc/shorewall-lite, /usr/share/shorewall-lite and /var/lib/shorewall-lite if needed
+# Install the .service file
 #
-mkdir -p ${PREFIX}/etc/shorewall-lite
-mkdir -p ${PREFIX}/usr/share/shorewall-lite
-mkdir -p ${PREFIX}/var/lib/shorewall-lite
-
-chmod 755 ${PREFIX}/etc/shorewall-lite
-chmod 755 ${PREFIX}/usr/share/shorewall-lite
-
-if [ -n "$PREFIX" ]; then
-    mkdir -p ${PREFIX}/etc/logrotate.d
-    chmod 755 ${PREFIX}/etc/logrotate.d
+if [ -z "${SERVICEDIR}" ]; then
+    SERVICEDIR="$SYSTEMD"
 fi

+if [ -n "$SERVICEDIR" ]; then
+    mkdir -p ${DESTDIR}${SERVICEDIR}
+    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+fi
 #
 # Install the config file
 #
-if [ ! -f ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf ]; then
-   run_install $OWNERSHIP -m 0744 shorewall-lite.conf ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf
-   echo "Config file installed as ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf"
+if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
+   install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
+   echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
 fi

-if [ -n "$ARCHLINUX" ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall-lite/shorewall.conf
+if [ $HOST = archlinux ] ; then
+   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+elif [ $HOST = gentoo ]; then
+    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
+    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi

 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${PREFIX}/etc/shorewall-lite/Makefile
-echo "Makefile installed as ${PREFIX}/etc/shorewall-lite/Makefile"
+install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"

 #
 # Install the default config path file
 #
-install_file configpath ${PREFIX}/usr/share/shorewall-lite/configpath 0644
-echo "Default config path file installed as ${PREFIX}/usr/share/shorewall-lite/configpath"
+install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
+echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"

 #
 # Install the libraries
 #
 for f in lib.* ; do
    if [ -f $f ]; then
-	install_file $f ${PREFIX}/usr/share/shorewall-lite/$f 0644
-	echo "Library ${f#*.} file installed as ${PREFIX}/usr/share/shorewall-lite/$f"
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
    fi
 done

-ln -sf lib.base ${PREFIX}/usr/share/shorewall-lite/functions
+ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions

-echo "Common functions linked through ${PREFIX}/usr/share/shorewall-lite/functions"
+echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"

 #
 # Install Shorecap
 #

-install_file shorecap ${PREFIX}/usr/share/shorewall-lite/shorecap 0755
+install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap

 echo
-echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap"
+echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"

 #
-# Install wait4ifup
+# Install the Modules files
 #

-install_file wait4ifup ${PREFIX}/usr/share/shorewall-lite/wait4ifup 0755
+if [ -f modules ]; then
+    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
+    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
+fi

-echo
-echo "wait4ifup installed in ${PREFIX}/usr/share/shorewall-lite/wait4ifup"
+if [ -f helpers ]; then
+    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
+    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
+fi

-#
-# Install the Modules file
-#
-run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall-lite/modules
-echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
+for f in modules.*; do
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
+    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+done

 #
 # Install the Man Pages
 #

-cd manpages
+if [ -d manpages -a -n "$MANDIR" ]; then
+    cd manpages

-for f in *.5; do
-    gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
-    echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man5/$f.gz"
-done
+    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/

-for f in *.8; do
-    gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
-    echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man8/$f.gz"
-done
+    for f in *.5; do
+	gzip -c $f > $f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
+	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
+    done

-cd ..
+    for f in *.8; do
+	gzip -c $f > $f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
+	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
+    done

-echo "Man Pages Installed"
+    cd ..

-if [ -d ${PREFIX}/etc/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${PREFIX}/etc/logrotate.d/shorewall-lite
-    echo "Logrotate file installed as ${PREFIX}/etc/logrotate.d/shorewall-lite"
+    echo "Man Pages Installed"
 fi

+if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
+    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
+fi

 #
 # Create the version file
 #
-echo "$VERSION" > ${PREFIX}/usr/share/shorewall-lite/version
-chmod 644 ${PREFIX}/usr/share/shorewall-lite/version
+echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #

-if [ -z "$PREFIX" ]; then
-    rm -f /usr/share/shorewall-lite/init
-    ln -s ${DEST}/${INIT} /usr/share/shorewall-lite/init
+if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
+    rm -f ${SHAREDIR}/$PRODUCT/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi

-if [ -z "$PREFIX" -a -n "$first_install" ]; then
-    if [ -n "$DEBIAN" ]; then
-	run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall-lite
-	ln -s ../init.d/shorewall-lite /etc/rcS.d/S40shorewall-lite
-	echo "Shorewall Lite will start automatically at boot"
-	touch /var/log/shorewall-init.log
-    else
-	if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
-	    if insserv /etc/init.d/shorewall-lite ; then
-		echo "Shorewall Lite will start automatically at boot"
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
+delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
+
+#
+# Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
+#
+if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ ${DESTDIR} ]; then
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
+	chmod 755 ${DESTDIR}${SYSCONFDIR}
+    fi
+
+    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
+    echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+fi
+
+if [ ${SHAREDIR} != /usr/share ]; then
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
+fi
+
+if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
+    if [ -n "$SERVICEDIR" ]; then
+	if systemctl enable ${PRODUCT}.service; then
+	    echo "$Product will start automatically at boot"
+	fi
+    elif mywhich insserv; then
+	if insserv ${INITDIR}/${INITFILE} ; then
+	    echo "$PRODUCT will start automatically at boot"
+	    if [ $HOST = debian ]; then
+		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
+		touch /var/log/$PRODUCT-init.log
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
-		cant_autostart
+		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
-	elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
-	    if chkconfig --add shorewall-lite ; then
-		echo "Shorewall Lite will start automatically in run levels as follows:"
-		chkconfig --list shorewall-lite
-	    else
-		cant_autostart
-	    fi
-	elif [ -x /sbin/rc-update ]; then
-	    if rc-update add shorewall-lite default; then
-		echo "Shorewall Lite will start automatically at boot"
-	    else
-		cant_autostart
-	    fi
-	elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
+	else
 	    cant_autostart
 	fi
+    elif mywhich chkconfig; then
+	if chkconfig --add $PRODUCT ; then
+	    echo "$PRODUCT will start automatically in run levels as follows:"
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
+	    chkconfig --list $PRODUCT
+	else
+	    cant_autostart
+	fi
+    elif mywhich update-rc.d ; then
+	echo "$PRODUCT will start automatically at boot"
+	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
+	touch /var/log/$PRODUCT-init.log
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	update-rc.d $PRODUCT enable
+    elif mywhich rc-update ; then
+	if rc-update add $PRODUCT default; then
+	    echo "$PRODUCT will start automatically at boot"
+	    if [ $HOST = debian ]; then
+		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
+		touch /var/log/$PRODUCT-init.log
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	    else
+		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	    fi
+	else
+	    cant_autostart
+	fi
+    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+	/etc/init.d/$PRODUCT enable
+	if /etc/init.d/$PRODUCT enabled; then
+            echo "$PRODUCT will start automatically at boot"
+	else
+            cant_autostart
+	fi
+    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
+	cant_autostart
    fi
 fi

 #
 #  Report Success
 #
-echo "shorewall Lite Version $VERSION Installed"
+echo "$Product Version $VERSION Installed"
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -0,0 +1,33 @@
+#
+# Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
+#
+#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# This library contains the code common to all Shorewall components.
+
+g_program=shorewall-lite
+g_family=4
+#
+# This may be altered by the installer
+#
+g_basedir=/usr/share/shorewall
+
+. ${g_basedir}/lib.base
+
--- a/Shorewall-lite/logrotate
+++ b/Shorewall-lite/logrotate
@@ -1,4 +1,4 @@
-/var/log/shorewall-init.log {
+/var/log/shorewall-lite-init.log {
  missingok
  notifempty
  create 0600 root root
--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -1,9 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
 <refentry>
  <refmeta>
    <refentrytitle>shorewall-lite-vardir</refentrytitle>

    <manvolnum>5</manvolnum>
+
+    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -34,6 +38,28 @@
    directory. If you add this file, you should copy the files from
    <filename>/var/lib/shorewall-lite</filename> to the new directory before
    performing a <command>shorewall-lite restart</command>.</para>
+
+    <note>
+      <para>Beginning with Shorewall 4.5.2, use of this file is deprecated in
+      favor of specifying VARDIR in the <filename>shorewallrc</filename> file
+      used during installation of Shorewall Core. While the name of the
+      variable remains VARDIR, the meaning is slightly different. When set in
+      shorewallrc, Shorewall Lite, will create a directory under the specified
+      path name to hold state information.</para>
+
+      <para>Example:</para>
+
+      <blockquote>
+        <para>VARDIR=<filename><filename>/opt/var/lib/</filename></filename></para>
+
+        <para>The state directory for Shorewall Lite will be
+        /opt/var/lib/shorewall-lite/.</para>
+      </blockquote>
+
+      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      will save its state in the <replaceable>directory</replaceable>
+      specified.</para>
+    </note>
  </refsect1>

  <refsect1>
@@ -61,4 +87,4 @@
    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
    shorewall-zones(5)</para>
  </refsect1>
-</refentry>
+</refentry>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,6 +6,8 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>

    <manvolnum>5</manvolnum>
+
+    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -141,7 +143,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
        </listitem>
      </varlistentry>

--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,17 +2,18 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,9 +21,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
@@ -39,27 +38,36 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz ko o.gz ko.gz"
+#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
 #    require Shorewall to be installed.

-SHAREDIR=/usr/share/shorewall-lite
-VARDIR=/var/lib/shorewall-lite
-CONFDIR=/etc/shorewall-lite
-PRODUCT="Shorewall Lite"

-. /usr/share/shorewall-lite/lib.base
+g_program=shorewall-lite
+
+#
+# This is modified by the installer when ${SHAREDIR} != /usr/share
+#
+. /usr/share/shorewall/shorewallrc
+
+g_sharedir="$SHAREDIR"/shorewall-lite
+g_confdir="$CONFDIR"/shorewall-lite
+g_readrc=1
+
+. ${SHAREDIR}/shorewall/lib.cli
 . /usr/share/shorewall-lite/configpath

 [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

-VERSION=$(cat /usr/share/shorewall-lite/version)
+SHOREWALL_VERSION=$(cat /usr/share/shorewall-lite/version)

 [ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables)

-VERBOSE=0
+g_tool=$IPTABLES
+
+VERBOSITY=0
 load_kernel_modules No
 determine_capabilities
 report_capabilities1
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -1,18 +1,18 @@
 #!/bin/sh
 #
-#     Shorewall Lite Packet Filtering Firewall Control Program - V4.1
+#     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#         Tom Eastep (teastep@shorewall.net)
 #
-#     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
+#	Shorewall documentation is available at http://www.shorewall.net
 #
-#	This file should be placed in /sbin/shorewall-lite.
-#
-#	Shorewall documentation is available at http://shorewall.net
+#       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,828 +20,23 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
-#     If an error occurs while starting or restarting the firewall, the
-#     firewall is automatically stopped.
+#       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
-#     Commands are:
-#
-#     shorewall-lite dump                          Dumps all Shorewall-related information
-#                                                  for problem analysis
-#     shorewall-lite start 			   Starts the firewall
-#     shorewall-lite restart			   Restarts the firewall
-#     shorewall-lite stop			   Stops the firewall
-#     shorewall-lite status			   Displays firewall status
-#     shorewall-lite reset			   Resets iptables packet and
-#						   byte counts
-#     shorewall-lite clear			   Open the floodgates by
-#						   removing all iptables rules
-#						   and setting the three permanent
-#						   chain policies to ACCEPT
-#     shorewall-lite show <chain> [ <chain> ... ]  Display the rules in each <chain> listed
-#     shorewall-lite show log			   Print the last 20 log messages
-#     shorewall-lite show connections		   Show the kernel's connection
-#						   tracking table
-#     shorewall-lite show nat			   Display the rules in the nat table
-#     shorewall-lite show {mangle|tos}		   Display the rules in the mangle table
-#     shorewall-lite show tc			   Display traffic control info
-#     shorewall-lite show classifiers		   Display classifiers
-#     shorewall-lite show capabilities             Display iptables/kernel capabilities
-#     shorewall-lite show vardir                   Display VARDIR setting
-#     shorewall-lite version			   Display the installed version id
-#     shorewall-lite logwatch [ refresh-interval ] Monitor the local log for Shorewall
-#						   messages.
-#     shorewall-lite drop <address> ...		   Temporarily drop all packets from the
-#						   listed address(es)
-#     shorewall-lite reject <address> ...	   Temporarily reject all packets from the
-#						   listed address(es)
-#     shorewall-lite allow <address> ...	   Reenable address(es) previously
-#						   disabled with "drop" or "reject"
-#     shorewall-lite save [ <file> ]		   Save the list of "rejected" and
-#						   "dropped" addresses so that it will
-#						   be automatically reinstated the
-#						   next time that Shorewall starts.
-#                                                  Save the current state so that 'shorewall
-#                                                  restore' can be used.
-#
-#     shorewall-lite forget [ <file> ]             Discard the data saved by 'shorewall save'
-#
-#     shorewall-lite restore [ <file> ]            Restore the state of the firewall from
-#                                                  previously saved information.
-#
-#     shorewall-lite ipaddr { <address>/<cidr> | <address> <netmask> }
-#
-#                                                  Displays information about the network
-#                                                  defined by the argument[s]
-#
-#     shorewall-lite iprange <address>-<address>   Decomposes a range of IP addresses into
-#                                                  a list of network/host addresses.
-#
-#     shorewall-lite ipdecimal { <address> | <integer> }
-#
-#                                                  Displays the decimal equivalent of an IP
-#                                                  address and vice versa.
+################################################################################################
+PRODUCT=shorewall-lite

 #
-# Set the configuration variables from shorewall-lite.conf
+# This is modified by the installer when ${SHAREDIR} != /usr/share
 #
-get_config() {
+. /usr/share/shorewall/shorewallrc

-    [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+g_program=$PRODUCT
+g_sharedir="$SHAREDIR"/shorewall-lite
+g_confdir="$CONFDIR"/shorewall-lite
+g_readrc=1

-    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
+. ${SHAREDIR}/shorewall/lib.cli

-    if ( ps ax 2> /dev/null | grep -v grep |  qt grep 'syslogd.*-C' ) ; then
-	LOGREAD="logread | tac"
-    elif [ -r $LOGFILE ]; then
-	LOGREAD="tac $LOGFILE"
-    else
-	echo "LOGFILE ($LOGFILE) does not exist!" >&2
-	exit 2
-    fi
-    #
-    # See if we have a real version of "tail" -- use separate redirection so
-    # that ash (aka /bin/sh on LRP) doesn't crap
-    #
-    if ( tail -n5 /dev/null > /dev/null 2> /dev/null ) ; then
-	realtail="Yes"
-    else
-	realtail=""
-    fi
-
-    [ -n "$FW" ] || FW=fw
-
-    [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
-
-    [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
-
-    export LOGFORMAT
-
-    if [ -n "$IPTABLES" ]; then
-	if [ ! -x "$IPTABLES" ]; then
-	    echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
-	    exit 2
-	fi
-    else
-	IPTABLES=$(mywhich iptables 2> /dev/null)
-	if [ -z "$IPTABLES" ] ; then
-	    echo "   ERROR: Can't find iptables executable" >&2
-	    exit 2
-	fi
-    fi
-
-    export IPTABLES
-
-    if [ -n "$SHOREWALL_SHELL" ]; then
-	if [ ! -x "$SHOREWALL_SHELL" ]; then
-	    echo "   WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2
-	    SHOREWALL_SHELL=/bin/sh
-	fi
-    fi
-
-    [ -n "$RESTOREFILE" ] || RESTOREFILE=restore
-
-    validate_restorefile RESTOREFILE
-
-    export RESTOREFILE
-
-    [ -n "${VERBOSITY:=2}" ]
-
-    [ -n "$USE_VERBOSITY" ] && VERBOSE=$USE_VERBOSITY || VERBOSE=$(($VERBOSE_OFFSET + $VERBOSITY))
-
-    export VERBOSE
-
-    [ -n "${HOSTNAME:=$(hostname)}" ]
-
-}
-
-#
-# Verify that we have a compiled firewall script
-#
-verify_firewall_script() {
-    if [ ! -f $FIREWALL ]; then
-	echo "   ERROR: Shorewall Lite is not properly installed" >&2
-	if [ -L $FIREWALL ]; then
-	    echo "          $FIREWALL is a symbolic link to a" >&2
-	    echo "          non-existant file" >&2
-	else
-	    echo "          The file $FIREWALL does not exist" >&2
-	fi
-	
-	exit 2
-    fi
-}
-
-#
-# Start Command Executor
-#
-start_command() {
-    local finished
-    finished=0
-
-    do_it() {
-	local rc
-	rc=0
-	[ -n "$nolock" ] || mutex_on
-
-	if [ -x ${LITEDIR}/firewall ]; then
-	    ${LITEDIR}/firewall $debugging start
-	    rc=$?
-	else
-	    error_message "${LITEDIR}/firewall is missing or is not executable"
-	    logger -p kern.err "ERROR:Shorewall Lite start failed"
-	    rc=2
-	fi
-
-	[ -n "$nolock" ] || mutex_off
-	exit $rc
-    }
-
-    verify_firewall_script
-
-    if shorewall_is_started; then
-	error_message "Shorewall is already running"
-	exit 0
-    fi
-
-    while [ $finished -eq 0 -a $# -gt 0 ]; do
-	option=$1
-	case $option in
-	    -*)
-		option=${option#-}
-
-		while [ -n "$option" ]; do
-		    case $option in
-			-)
-			    finished=1
-			    option=
-			    ;;
-			f*)
-			    FAST=Yes
-			    option=${option#f}
-			    ;;
-			p*)
-			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
-			    option=${option%p}
-			    ;;
-			*)
-			    usage 1
-			    ;;
-		    esac
-		done
-		shift
-		;;
-	    *)
-		finished=1
-		;;
-	esac
-    done
-
-    case $# in
-	0)
-	    ;;
-	*)
-	    usage 1
-	    ;;
-    esac
-
-    export NOROUTES
-
-    if [ -n "$FAST" ]; then
-	if qt mywhich make; then
-	    #
-	    # RESTOREFILE is exported by get_config()
-	    #
-	    make -qf ${CONFDIR}/Makefile || FAST=
-	fi
-
-	if [ -n "$FAST" ]; then
-
-	    RESTOREPATH=${VARDIR}/$RESTOREFILE
-
-	    if [ -x $RESTOREPATH ]; then
-		if [ -x ${RESTOREPATH}-ipsets ]; then
-		    echo Restoring Ipsets...
-		    #
-		    # We must purge iptables to be sure that there are no
-		    # references to ipsets
-		    #
-		    iptables -F
-		    iptables -X
-		    $SHOREWALL_SHELL ${RESTOREPATH}-ipsets
-		fi
-
-		echo Restoring Shorewall Lite...
-		$SHOREWALL_SHELL $RESTOREPATH restore
-		date > ${VARDIR}/restarted
-		progress_message3 Shorewall Lite restored from $RESTOREPATH
-	    else
-		do_it
-	    fi
-	else
-	    do_it
-	fi
-    else
-	do_it
-    fi
-}
-
-#
-# Restart Command Executor
-#
-restart_command() {
-    local finished
-    finished=0
-    local rc
-    rc=0
-
-    verify_firewall_script
-
-    while [ $finished -eq 0 -a $# -gt 0 ]; do
-	option=$1
-	case $option in
-	    -*)
-		option=${option#-}
-
-		while [ -n "$option" ]; do
-		    case $option in
-			-)
-			    finished=1
-			    option=
-			    ;;
-			n*)
-			    NOROUTES=Yes
-			    option=${option#n}
-			    ;;
-			p*)
-			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
-			    PURGE=Yes
-			    option=${option%p}
-			    ;;
-			*)
-			    usage 1
-			    ;;
-		    esac
-		done
-		shift
-		;;
-	    *)
-		finished=1
-		;;
-	esac
-    done
-
-    case $# in
-	0)
-	    ;;
-	*)
-	    usage 1
-	    ;;
-    esac
-
-    export NOROUTES
-
-    [ -n "$nolock" ] || mutex_on
-
-    if [ -x ${LITEDIR}/firewall ]; then
-	$SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart
-	rc=$?
-    else
-	error_message "${LITEDIR}/firewall is missing or is not executable"
-	logger -p kern.err "ERROR:Shorewall Lite restart failed"
-	rc=2
-    fi
-
-    [ -n "$nolock" ] || mutex_off
-    return $rc
-}
-
-#
-# Give Usage Information
-#
-usage() # $1 = exit status
-{
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
-    echo "where <command> is one of:"
-    echo "   add <interface>[:<host-list>] ... <zone>"
-    echo "   allow <address> ..."
-    echo "   clear [ -f ]"
-    echo "   delete <interface>[:<host-list>] ... <zone>"
-    echo "   drop <address> ..."
-    echo "   dump [ -x ]"
-    echo "   forget [ <file name> ]"
-    echo "   help"
-    echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
-    echo "   ipdecimal { <address> | <integer> }"
-    echo "   iprange <address>-<address>"
-    echo "   logdrop <address> ..."
-    echo "   logreject <address> ..."
-    echo "   logwatch [<refresh interval>]"
-    echo "   reject <address> ..."
-    echo "   reset [ <chain> ... ]"
-    echo "   restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
-    echo "   restore [ -n ] [ <file name> ]"
-    echo "   save [ <file name> ]"
-    echo "   show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
-    echo "   show [ -f ] capabilities"
-    echo "   show classifiers"
-    echo "   show config"
-    echo "   show connections"
-    echo "   show filters"
-    echo "   show ip"
-    echo "   show [ -m ] log"
-    echo "   show [ -x ] mangle|nat|raw|routing"
-    echo "   show policies"
-    echo "   show tc [ device ]"
-    echo "   show vardir"
-    echo "   show zones"
-    echo "   start [ -f ] [ -p ] [ <directory> ]"
-    echo "   stop [ -f ]"
-    echo "   status"
-    echo "   version [ -a ]"
-    echo
-    exit $1
-}
-
-#
-# Execution begins here
-#
-debugging=
-
-if [ $# -gt 0 ] && [ "$1" = "debug" -o "$1" = "trace" ]; then
-    debugging=$1
-    shift
-fi
-
-nolock=
-
-if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
-    nolock=nolock
-    shift
-fi
-
-IPT_OPTIONS="-nv"
-FAST=
-VERBOSE_OFFSET=0
-USE_VERBOSITY=
-NOROUTES=
-EXPORT=
-export TIMESTAMP=
-noroutes=
-RECOVERING=
-export RECOVERING
-
-finished=0
-
-while [ $finished -eq 0 ]; do
-    [ $# -eq 0 ] && usage 1
-    option=$1
-    case $option in
-	-)
-	    finished=1
-	    ;;
-	-*)
-	    option=${option#-}
-
-	    [ -z "$option" ] && usage 1
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    x*)
-			IPT_OPTIONS="-xnv"
-			option=${option#x}
-			;;
-		    q*)
-			VERBOSE_OFFSET=$(($VERBOSE_OFFSET - 1 ))
-			option=${option#q}
-			;;
-		    f*)
-			FAST=Yes
-			option=${option#f}
-			;;
-		    v*)
-			option=${option#v}
-			case $option in 
-			    -1*)
-				USE_VERBOSITY=-1
-				option=${option#-1}
-				;;
-			    0*)
-				USE_VERBOSITY=0
-				option=${option#0}
-				;;
-			    1*)
-				USE_VERBOSITY=1
-				option=${option#1}
-				;;
-			    2*)
-				USE_VERBOSITY=2
-				option=${option#2}
-				;;
-			    *)
-				VERBOSE_OFFSET=$(($VERBOSE_OFFSET + 1 ))
-				USE_VERBOSITY=
-				;;
-			esac
-			;;
-		    n*)
-			NOROUTES=Yes
-			option=${option#n}
-			;;
-		    t*)
-			TIMESTAMP=Yes
-			option=${option#t}
-			;;
-		    -)
-			finished=1
-			option=
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-	    shift
-	    ;;
-	*)
-	    finished=1
-            ;;
-    esac
-done
-
-if [ $# -eq 0 ]; then
-    usage 1
-fi
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-export PATH
-MUTEX_TIMEOUT=
-
-SHAREDIR=/usr/share/shorewall-lite
-CONFDIR=/etc/shorewall-lite
-export PRODUCT="Shorewall Lite"
-
-[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir ]
-
-[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]
-
-[ -d $VARDIR ] || mkdir -p $VARDIR || fatal_error "Unable to create $VARDIR"
-
-LIBRARIES="$SHAREDIR/lib.base $SHAREDIR/lib.cli"
-VERSION_FILE=$SHAREDIR/version
-HELP=$SHAREDIR/help
-
-for library in $LIBRARIES; do
-    if [ -f $library ]; then
-	. $library
-    else
-	echo "Installation error: $library does not exist!" >&2
-	exit 2
-    fi
-done
-
-ensure_config_path
-
-config=$(find_file shorewall-lite.conf)
-
-if [ -f $config ]; then
-    if [ -r $config ]; then
-	. $config
-    else
-	echo "Cannot read $config! (Hint: Are you root?)" >&2
-	exit 1
-    fi
-else
-    echo "$config does not exist!" >&2
-    exit 2
-fi
-
-ensure_config_path
-export CONFIG_PATH
-
-LITEDIR=${VARDIR}
-
-[ -f ${LITEDIR}/firewall.conf ] && . ${LITEDIR}/firewall.conf
-
-get_config
-
-FIREWALL=$LITEDIR/firewall
-
-if [ -f $VERSION_FILE ]; then
-    version=$(cat $VERSION_FILE)
-else
-    echo "   ERROR: Shorewall Lite is not properly installed" >&2
-    echo "          The file $VERSION_FILE does not exist" >&2
-    exit 1
-fi
-
-banner="Shorewall Lite $version Status at $HOSTNAME -"
-
-case $(echo -e) in
-    -e*)
-	RING_BELL="echo \a"
-	ECHO_E="echo"
-	;;
-    *)
-	RING_BELL="echo -e \a"
-	ECHO_E="echo -e"
-	;;
-esac
-
-case $(echo -n "Testing") in
-    -n*)
-	ECHO_N=
-	;;
-    *)
-	ECHO_N=-n
-	;;
-esac
-
-COMMAND=$1
-
-case "$COMMAND" in
-    start)
-	shift
-	start_command $@
-	;;
-    stop|clear)
-	[ $# -ne 1 ] && usage 1
-	verify_firewall_script
-	export NOROUTES
-	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
-	;;
-    reset)
-	verify_firewall_script
-	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $@
-	;;
-    restart)
-	shift
-	restart_command
-	;;
-    show|list)
-    	shift
-    	show_command $@
-	;;
-    status)
-	[ $# -eq 1 ] || usage 1
-	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
-	echo "Shorewall Lite $version Status at $HOSTNAME - $(date)"
-	echo
-	if shorewall_is_started ; then
-	    echo "Shorewall Lite is running"
-	    status=0
-	else
-	    echo "Shorewall Lite is stopped"
-	    status=4
-	fi
-
-	if [ -f ${VARDIR}/state ]; then
-	    state="$(cat ${VARDIR}/state)"
-	    case $state in
-		Stopped*|Clear*)
-		    status=3
-		    ;;
-	    esac
-	else
-	    state=Unknown
-	fi
-	echo "State:$state"
-	echo
-	exit $status
-	;;
-    dump)
-    	shift
-    	dump_command $@
-	;;
-    hits)
-	[ -n "$debugging" ] && set -x
-	shift
-	hits_command $@
-	;;
-    version)
-	echo $version Lite
-	;;
-    logwatch)
-	logwatch_command $@
-	;;
-    drop)
-	[ -n "$debugging" ] && set -x
-	[ $# -eq 1 ] && usage 1
-	if shorewall_is_started ; then
-	    [ -n "$nolock" ] || mutex_on
-	    block DROP Dropped $*
-	    [ -n "$nolock" ] || mutex_off
-	else
-	    error_message "ERROR: Shorewall Lite is not started"
-	    exit 2
-	fi
-	;;
-    logdrop)
-	[ -n "$debugging" ] && set -x
-	[ $# -eq 1 ] && usage 1
-	if shorewall_is_started ; then
-	    [ -n "$nolock" ] || mutex_on
-	    block logdrop Dropped $*
-	    [ -n "$nolock" ] || mutex_off
-	else
-	    error_message "ERROR: Shorewall Lite is not started"
-	    exit 2
-	fi
-	;;
-    reject|logreject)
-	[ -n "$debugging" ] && set -x
-	[ $# -eq 1 ] && usage 1
-	if shorewall_is_started ; then
-	    [ -n "$nolock" ] || mutex_on
-	    block $COMMAND Rejected $*
-	    [ -n "$nolock" ] || mutex_off
-	else
-	    error_message "ERROR: Shorewall Lite is not started"
-	    exit 2
-	fi
-	;;
-    allow)
-	allow_command $@
-	;;
-    add)
-	get_config
-	shift
-	add_command $@
-	;;
-    delete)
-	get_config
-	shift
-	add_command $@
-	;;
-    save)
-	[ -n "$debugging" ] && set -x
-
-	case $# in
-	1)
-	    ;;
-	2)
-	    RESTOREFILE="$2"
-	    validate_restorefile '<restore file>'
-	    ;;
-	*)
-	    usage 1
-	    ;;
-	esac
-
-	RESTOREPATH=${VARDIR}/$RESTOREFILE
-
-	[ "$nolock" ] || mutex_on
-
-	save_config
-
-	[ "$nolock" ] || mutex_off
-	;;
-    forget)
-	case $# in
-	1)
-	    ;;
-	2)
-	    RESTOREFILE="$2"
-	    validate_restorefile '<restore file>'
-	    ;;
-	*)
-	    usage 1
-	    ;;
-	esac
-
-
-	RESTOREPATH=${VARDIR}/$RESTOREFILE
-
-	if [ -x $RESTOREPATH ]; then
-
-	    if [ -x ${RESTOREPATH}-ipsets ]; then
-		rm -f ${RESTOREPATH}-ipsets
-		echo "    ${RESTOREPATH}-ipsets removed"
-	    fi
-
-	    rm -f $RESTOREPATH
-	    rm -f ${RESTOREPATH}-iptables
-	    echo "    $RESTOREPATH removed"
-	elif [ -f $RESTOREPATH ]; then
-	    echo "   $RESTOREPATH exists and is not a saved Shorewall configuration"
-	fi
-	rm -f ${VARDIR}/save
-	;;
-    ipcalc)
-    	[ -n "$debugging" ] && set -x
-	if [ $# -eq 2 ]; then
-	    address=${2%/*}
-	    vlsm=${2#*/}
-	elif [ $# -eq 3 ]; then
-	    address=$2
-	    vlsm=$(ip_vlsm $3)
-	else
-	    usage 1
-	fi
-
-	valid_address $address || fatal_error "Invalid IP address: $address"
-	[ -z "$vlsm" ] && exit 2
-	[ "x$address" = "x$vlsm" ] && usage 2
-	[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2
-
-	address=$address/$vlsm
-
-	                                   echo "   CIDR=$address"
-	temp=$(ip_netmask $address);       echo "   NETMASK=$(encodeaddr $temp)"
-	temp=$(ip_network $address);       echo "   NETWORK=$temp"
-	temp=$(broadcastaddress $address); echo "   BROADCAST=$temp"
-	;;
-
-    iprange)
-	[ -n "$debugging" ] && set -x
-	case $2 in
-	    *.*.*.*-*.*.*.*)
-		for address in ${2%-*} ${2#*-}; do
-		    valid_address $address || fatal_error "Invalid IP address: $address"
-		done
-
-		ip_range $2
-		;;
-	    *)
-		usage 1
-		;;
-	esac
-	;;
-    ipdecimal)
-	[ -n "$debugging" ] && set -x
-	[ $# -eq 2 ] || usage 1
-	case $2 in
-	    *.*.*.*)
-		valid_address $2 || fatal_error "Invalid IP address: $2"
-		echo "   $(decodeaddr $2)"
-		;;
-	    *)
-		echo "   $(encodeaddr $2)"
-		;;
-	esac
-	;;
-    restore)
-	shift
-	STARTUP_ENABLED=Yes
-	restore_command $@
-        ;;
-    call)
-	[ -n "$debugging" ] && set -x
-	#
-	# Undocumented way to call functions in ${SHAREDIR}/functions directly
-	#
-	shift
-	$@
-	;;
-    help)
-	shift
-	usage
-	;;
-    *)
-	usage 1
-	;;
-
-esac
+shorewall_cli $@
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -1,15 +1,14 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following 
+#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.
 #
-#  This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#  This file should be placed in /etc/shorewall-lite
-#
-#  (c) 2006,2007 - Tom Eastep (teastep@shorewall.net)
+#  For information about the settings in this file, type
+#  "man shorewall-lite.conf"
 #
+#  Manpage also online at
+#  http://www.shorewall.net/manpages/shorewall-lite.conf.html
 ###############################################################################
 #                                   N 0 T E
 ###############################################################################
@@ -22,6 +21,7 @@
 ###############################################################################
 #		              V E R B O S I T Y
 ###############################################################################
+
 VERBOSITY=

 ###############################################################################
@@ -30,8 +30,6 @@ VERBOSITY=

 LOGFILE=

-LOGFORMAT=
-
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -0,0 +1,21 @@
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#
+#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#
+[Unit]
+Description=Shorewall IPv4 firewall (lite)
+Wants=network-online.target
+After=network-online.target
+Conflicts=iptables.service firewalld.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-/etc/sysconfig/shorewall-lite
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall-lite $OPTIONS stop
+
+[Install]
+WantedBy=basic.target
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -0,0 +1,23 @@
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#
+#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
+#
+[Unit]
+Description=Shorewall IPv4 firewall (lite)
+Wants=network-online.target
+After=network-online.target
+Conflicts=iptables.service firewalld.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-/etc/default/shorewall-lite
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall-lite $OPTIONS stop
+ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
+
+[Install]
+WantedBy=basic.target
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@@ -1,306 +0,0 @@
-%define name shorewall-lite
-%define version 4.4.7
-%define release 1
-
-Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
-Name: %{name}
-Version: %{version}
-Release: %{release}
-License: GPLv2
-Packager: Tom Eastep <teastep@shorewall.net>
-Group: Networking/Utilities
-Source: %{name}-%{version}.tgz
-URL: http://www.shorewall.net/
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: iptables iproute
-
-%description
-
-The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
-(iptables) based firewall that can be used on a dedicated firewall system,
-a multi-function gateway/ router/server or on a standalone GNU/Linux system.
-
-Shorewall Lite is a companion product to Shorewall that allows network
-administrators to centralize the configuration of Shorewall-based firewalls.
-
-%prep
-
-%setup
-
-%build
-
-%install
-export PREFIX=$RPM_BUILD_ROOT ; \
-export OWNER=`id -n -u` ; \
-export GROUP=`id -n -g` ;\
-./install.sh
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%pre
-
-if [ -f /etc/shorewall-lite/shorewall.conf ]; then
-    cp -fa /etc/shorewall-lite/shorewall.conf /etc/shorewall-lite/shorewall.conf.rpmsave
-fi
-
-%post
-
-if [ $1 -eq 1 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv /etc/rc.d/shorewall-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --add shorewall-lite;
-    fi
-elif [ -f /etc/shorewall-lite/shorewall.conf.rpmsave ]; then
-    mv -f /etc/shorewall-lite/shorewall-lite.conf /etc/shorewall-lite/shorewall-lite.conf.rpmnew
-    mv -f /etc/shorewall-lite/shorewall.conf.rpmsave /etc/shorewall-lite/shorewall-lite.conf
-    echo "/etc/shorewall-lite/shorewall.conf retained as /etc/shorewall-lite/shorewall-lite.conf"
-    echo "/etc/shorewall-lite/shorewall-lite.conf installed as /etc/shorewall-lite/shorewall-lite.conf.rpmnew"
-fi
-
-%preun
-
-if [ $1 -eq 0 ]; then
-    if [ -x /sbin/insserv ]; then
-	/sbin/insserv -r /etc/init.d/shorewall-lite
-    elif [ -x /sbin/chkconfig ]; then
-	/sbin/chkconfig --del shorewall-lite
-    fi
-fi
-
-%files
-%defattr(0644,root,root,0755)
-%attr(0755,root,root) %dir /etc/shorewall-lite
-%attr(0644,root,root) %config(noreplace) /etc/shorewall-lite/shorewall-lite.conf
-%attr(0644,root,root) /etc/shorewall-lite/Makefile
-%attr(0544,root,root) /etc/init.d/shorewall-lite
-%attr(0755,root,root) %dir /usr/share/shorewall-lite
-%attr(0700,root,root) %dir /var/lib/shorewall-lite
-
-%attr(0644,root,root) /etc/logrotate.d/shorewall-lite
-
-%attr(0755,root,root) /sbin/shorewall-lite
-
-%attr(0644,root,root) /usr/share/shorewall-lite/version
-%attr(0644,root,root) /usr/share/shorewall-lite/configpath
-%attr(-   ,root,root) /usr/share/shorewall-lite/functions
-%attr(0644,root,root) /usr/share/shorewall-lite/lib.base
-%attr(0644,root,root) /usr/share/shorewall-lite/lib.cli
-%attr(0644,root,root) /usr/share/shorewall-lite/modules
-%attr(0544,root,root) /usr/share/shorewall-lite/shorecap
-%attr(0755,root,root) /usr/share/shorewall-lite/wait4ifup
-
-%attr(0644,root,root) %{_mandir}/man5/shorewall-lite.conf.5.gz
-%attr(0644,root,root) %{_mandir}/man5/shorewall-lite-vardir.5.gz
-
-%attr(0644,root,root) %{_mandir}/man8/shorewall-lite.8.gz
-
-%doc COPYING changelog.txt releasenotes.txt
-
-%changelog
-* Sat Feb 13 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-1
-* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0base
-* Tue Feb 02 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0RC2
-* Wed Jan 27 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0RC1
-* Mon Jan 25 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0Beta4
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0Beta3
-* Fri Jan 22 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0Beta2
-* Sun Jan 17 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.7-0Beta1
-* Wed Jan 13 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.6-0base
-* Tue Jan 12 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.6-0Beta1
-* Thu Dec 24 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.5-0base
-* Sat Nov 21 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.4-0base
-* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.4-0Beta2
-* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.4-0Beta1
-* Tue Nov 03 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-0base
-* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.2-0base
-* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.2-0base
-* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.1-0base
-* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0base
-* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0RC2
-* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0RC1
-* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0Beta4
-* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0Beta3
-* Mon Jun 15 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0Beta2
-* Fri Jun 12 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.0-0Beta1
-* Sun Jun 07 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.13-0base
-* Fri Jun 05 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.12-0base
-* Sun May 10 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.11-0base
-* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.10-0base
-* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.9-0base
-* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.8-0base
-* Sun Mar 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.7-0base
-* Fri Feb 27 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.6-0base
-* Sun Feb 22 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.5-0base
-* Wed Feb 04 2009 Tom Eastep tom@shorewall.net
- Updated to 4.2.6-0base
-* Thu Jan 29 2009 Tom Eastep tom@shorewall.net
- Updated to 4.2.6-0base
-* Tue Jan 06 2009 Tom Eastep tom@shorewall.net
- Updated to 4.2.5-0base
-* Thu Dec 25 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.4-0base
-* Fri Dec 05 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.3-0base
-* Wed Nov 05 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.2-0base
-* Wed Oct 08 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.1-0base
-* Fri Oct 03 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0base
-* Tue Sep 23 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0RC4
-* Mon Sep 15 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0RC3
-* Mon Sep 08 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0RC2
-* Tue Aug 19 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0RC1
-* Thu Jul 03 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0Beta3
-* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0Beta2
-* Wed May 07 2008 Tom Eastep tom@shorewall.net
- Updated to 4.2.0-0Beta1
-* Mon Apr 28 2008 Tom Eastep tom@shorewall.net
- Updated to 4.1.8-0base
-* Mon Mar 24 2008 Tom Eastep tom@shorewall.net
- Updated to 4.1.7-0base
-* Thu Mar 13 2008 Tom Eastep tom@shorewall.net
- Updated to 4.1.6-0base
-* Tue Feb 05 2008 Tom Eastep tom@shorewall.net
- Updated to 4.1.5-0base
-* Fri Jan 04 2008 Tom Eastep tom@shorewall.net
- Updated to 4.1.4-0base
-* Wed Dec 12 2007 Tom Eastep tom@shorewall.net
- Updated to 4.1.3-0base
-* Fri Dec 07 2007 Tom Eastep tom@shorewall.net
- Updated to 4.1.3-1
-* Tue Nov 27 2007 Tom Eastep tom@shorewall.net
- Updated to 4.1.2-1
-* Wed Nov 21 2007 Tom Eastep tom@shorewall.net
- Updated to 4.1.1-1
-* Mon Nov 19 2007 Tom Eastep tom@shorewall.net
- Updated to 4.1.0-1
-* Thu Nov 15 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.6-1
-* Sat Nov 10 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.6-0RC3
-* Wed Nov 07 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.6-0RC2
-* Thu Oct 25 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.6-0RC1
-* Tue Oct 03 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.5-1
-* Wed Sep 05 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.4-1
-* Mon Aug 13 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.3-1
-* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.2-1
-* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.1-1
-* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-1
-* Sun Jul 08 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0RC2
-* Mon Jul 02 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0RC1
-* Sun Jun 24 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta7
-* Wed Jun 20 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta6
-* Thu Jun 14 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta5
-* Fri Jun 08 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta4
-* Tue Jun 05 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta3
-* Tue May 15 2007 Tom Eastep tom@shorewall.net
- Updated to 4.0.0-0Beta1
-* Fri May 11 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.7-1
-* Sat May 05 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.6-1
-* Mon Apr 30 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.5-1
-* Mon Apr 23 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.4-1
-* Wed Apr 18 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.3-1
-* Sat Apr 14 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.2-1
-* Sat Apr 07 2007 Tom Eastep tom@shorewall.net
- Updated to 3.9.1-1
-* Thu Mar 15 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.1-1
-* Sat Mar 10 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-1
-* Sun Feb 25 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0RC3
-* Sun Feb 04 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0RC2
-* Wed Jan 24 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0RC1
-* Mon Jan 22 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0Beta3
-* Wed Jan 03 2007 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0Beta2
- Handle rename of shorewall.conf
-* Thu Dec 14 2006 Tom Eastep tom@shorewall.net
- Updated to 3.4.0-0Beta1
-* Sat Nov 25 2006 Tom Eastep tom@shorewall.net
- Added shorewall-exclusion(5)
- Updated to 3.3.6-1
-* Sun Nov 19 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.5-1
-* Sun Oct 29 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.4-1
-* Mon Oct 16 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.3-1
-* Sat Sep 30 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.2-1
-* Wed Aug 30 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.1-1
-* Wed Aug 09 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.0-1
-* Wed Aug 09 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.0-1
-
-
--- a/Shorewall-lite/sysconfig
+++ b/Shorewall-lite/sysconfig
@@ -0,0 +1,26 @@
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
+
+#
+# Start options
+#
+STARTOPTIONS=""
+
+#
+# Restart options
+#
+RESTARTOPTIONS=""
+
+#
+# Reload options
+#
+RELOADOPTIONS=""
+
+#
+# Stop options
+#
+STOPOPTIONS=""
+
+# EOF
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,54 +2,75 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+#       This program is part of Shorewall.
 #
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.7.1
+VERSION=xxx  #The Build script inserts the actual version
+PRODUCT=shorewall-lite
+Product="Shorewall Lite"

 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME"
+    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "where <option> is one of"
+    echo "  -h"
+    echo "  -v"
+    echo "  -n"
    exit $1
 }

+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    exit 1
+}
+
 qt()
 {
    "$@" >/dev/null 2>&1
 }

-restore_file() # $1 = file to restore
-{
-    if [ -f ${1}-shorewall.bkout ]; then
-	if (mv -f ${1}-shorewall-lite.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    exit 1
-        fi
-    fi
+split() {
+    local ifs
+    ifs=$IFS
+    IFS=:
+    set -- $1
+    echo $*
+    IFS=$ifs
+}
+
+mywhich() {
+    local dir
+
+    for dir in $(split $PATH); do
+	if [ -x $dir/$1 ]; then
+	    return 0
+	fi
+    done
+
+    return 2
 }

 remove_file() # $1 = file to restore
@@ -60,8 +81,73 @@ remove_file() # $1 = file to restore
    fi
 }

-if [ -f /usr/share/shorewall-lite/version ]; then
-    INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
+finished=0
+configure=1
+
+while [ $finished -eq 0 ]; do
+    option=$1
+
+    case "$option" in
+	-*)
+	    option=${option#-}
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    h)
+			usage 0
+			;;
+		    v)
+			echo "$Product Firewall Installer Version $VERSION"
+			exit 0
+			;;
+		    n*)
+			configure=0
+			option=${option#n}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+
+	    shift
+	    ;;
+	*)
+	    finished=1
+	    ;;
+    esac
+done
+#
+# Read the RC file
+#
+if [ $# -eq 0 ]; then
+    if [ -f ./shorewallrc ]; then
+	. ./shorewallrc
+    elif [ -f ~/.shorewallrc ]; then
+	. ~/.shorewallrc || exit 1
+	file=./.shorewallrc
+    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	. /usr/share/shorewall/shorewallrc
+    else
+	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
+    fi
+elif [ $# -eq 1 ]; then
+    file=$1
+    case $file in
+	/*|.*)
+	    ;;
+	*)
+	    file=./$file
+	    ;;
+    esac
+
+    . $file
+else
+    usage 1
+fi
+
+if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -74,39 +160,62 @@ fi

 echo "Uninstalling Shorewall Lite $VERSION"

-if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
-   /sbin/shorewall-lite clear
+[ -n "$SANDBOX" ] && configure=0
+
+if [ $configure -eq 1 ]; then
+    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
+	shorewall-lite clear
+    fi
 fi

-if [ -L /usr/share/shorewall-lite/init ]; then
-    FIREWALL=$(ls -l /usr/share/shorewall-lite/init | sed 's/^.*> //')
-else
-    FIREWALL=/etc/init.d/shorewall-lite
-fi
-
-if [ -n "$FIREWALL" ]; then
-    if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
-        insserv -r $FIREWALL
-    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
-	chkconfig --del $(basename $FIREWALL)
+if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
+    if [ $HOST = openwrt ]; then
+	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
+	    /etc/init.d/shorewall-lite disable
+	fi
+	
+	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
    else
-	rm -f /etc/rc*.d/*$(basename $FIREWALL)
+	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    fi
+elif [ -n "$INITFILE" ]; then
+    FIREWALL=${INITDIR}/${INITFILE}
+fi
+
+if [ -f "$FIREWALL" ]; then
+    if [ $configure -eq 1 ]; then
+	if mywhich updaterc.d ; then
+	    updaterc.d shorewall-lite remove
+	elif mywhich insserv ; then
+            insserv -r $FIREWALL
+	elif mywhich chkconfig ; then
+	    chkconfig --del $(basename $FIREWALL)
+	fi
    fi

    remove_file $FIREWALL
-    rm -f ${FIREWALL}-*.bkout
 fi

-rm -f /sbin/shorewall-lite
-rm -f /sbin/shorewall-lite-*.bkout
+[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"

-rm -rf /etc/shorewall-lite
-rm -rf /etc/shorewall-lite-*.bkout
-rm -rf /var/lib/shorewall-lite
-rm -rf /var/lib/shorewall-lite-*.bkout
-rm -rf /usr/share/shorewall-lite
-rm -rf /usr/share/shorewall-lite-*.bkout
+if [ -n "$SERVICEDIR" ]; then
+    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
+    rm -f $SERVICEDIR/shorewall-lite.service
+fi

-echo "Shorewall Uninstalled"
+rm -f ${SBINDIR}/shorewall-lite

+rm -rf ${CONFDIR}/shorewall-lite
+rm -rf ${VARDIR}
+rm -rf ${SHAREDIR}/shorewall-lite
+rm -rf ${LIBEXECDIR}/shorewall-lite
+rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
+rm -f  ${SYSCONFDIR}/shorewall-lite
+
+if [ -n "${MANDIR}" ]; then
+    rm -f ${MANDIR}/man5/shorewall-lite*
+    rm -f ${MANDIR}/man8/shorewall-lite*
+fi
+
+echo "Shorewall Lite Uninstalled"

--- a/Shorewall/COPYING
+++ b/Shorewall/COPYING
@@ -2,7 +2,8 @@
 		       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+                          51 Franklin Street, Fifth Floor,
+			  Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

--- a/Shorewall/Contrib/swping
+++ b/Shorewall/Contrib/swping
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     Shorewall WAN Interface monitor - V4.2
+#     Shorewall WAN Interface monitor - V4.4
 #
 #     Inspired by Angsuman Chakraborty's gwping script.
 #
@@ -224,7 +224,7 @@ while : ; do
 	# One of the interfaces changed state -- restart Shorewall
 	#
 	echo $if1_state > $VARDIR/${IF1}.status
-	echo $if2_state > $VARDIR/${IF2}.status 
+	echo $if2_state > $VARDIR/${IF2}.status
 	eval $COMMAND
 	state_changed=
    fi
--- a/Shorewall/Contrib/swping.init
+++ b/Shorewall/Contrib/swping.init
@@ -1,5 +1,5 @@
 #!/bin/sh
-#     Shorewall WAN Interface monitor - V4.2
+#     Shorewall WAN Interface monitor - V4.4
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -32,7 +32,7 @@
 ### BEGIN INIT INFO
 # Provides:	  swping
 # Required-Start: shorewall
-# Should-Start: 
+# Should-Start:
 # Required-Stop:
 # Default-Start:  2 3 5
 # Default-Stop:	  0 1 6
@@ -87,7 +87,7 @@ case "$command" in
 	    echo "swping is running"
 	    exit 0
 	else
-	    echo "swping is stopped" 
+	    echo "swping is stopped"
 	    exit 3
 	fi
 	;;
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 4
+Shoreline Firewall (Shorewall) Version 5
 -----         ----

 -----------------------------------------------------------------------------
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -0,0 +1,10 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.AMQP
+#
+# This macro handles AMQP traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	5672
+PARAM	-	-	udp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -0,0 +1,12 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
+#
+# This macro audits and accepts needed ICMP types.
+#
+###############################################################################
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
+
+?COMMENT Needed ICMP types
+
+A_ACCEPT       -	-	icmp	fragmentation-needed
+A_ACCEPT       -	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -0,0 +1,11 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
+#
+# This macro audits and drops DNS UDP replies.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+?COMMENT Late DNS Replies
+
+A_DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -0,0 +1,11 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
+#
+# This macro audits and drops UPnP probes on UDP port 1900.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+?COMMENT UPnP
+
+A_DROP	-	-	udp	1900
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -0,0 +1,37 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
+#
+# This macro handles ports for Samba 4 Active Directory Service.
+# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
+# do not want open.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM   -       -       tcp     389 	#LDAP services
+PARAM   -       -       udp	389  
+PARAM   -       -       tcp     636	#LDAP SSL
+PARAM   -       -       tcp     3268	#LDAP GC
+PARAM   -       -       tcp     3269	#LDAP GC SSL
+PARAM   -       -       tcp     88	#Kerberos
+PARAM   -       -       udp	88
+
+# Use macro.DNS for DNS sevice
+
+PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
+PARAM   -       -       udp	445
+
+# Use macro.SMTP for Mail service
+
+PARAM   -       -       tcp     135	#RPC, EPM
+PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
+PARAM   -       -       udp	123	#Windows Time
+PARAM   -       -       tcp     464	#Kerberosb change/set password
+PARAM   -       -       udp	464
+PARAM   -       -       udp	138	#DFS, Group Policy
+PARAM   -       -       tcp     9389	#SOAP
+PARAM   -       -       tcp     2535	#MADCAP
+PARAM   -       -       udp	2535
+PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
+PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
+  
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,15 +1,13 @@
 #
-# Shorewall version 4 - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
-#
-#	This macro ACCEPTs needed ICMP types
+# This macro ACCEPTs needed ICMP types.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER

-COMMENT Needed ICMP types
+?COMMENT Needed ICMP types

-ACCEPT	-	-	icmp	fragmentation-needed
-ACCEPT	-	-	icmp	time-exceeded
+DEFAULT ACCEPT
+PARAM	-	-	icmp	fragmentation-needed
+PARAM	-	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,16 +1,20 @@
 #
-# Shorewall version 4 - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
 #
-# /usr/share/shorewall/macro.Amanda
-#
-#	This macro handles connections required by the AMANDA backup system
-#	to back up remote nodes.  It does not provide the ability to restore
-#	files from those nodes.
+# This macro handles connections required by the AMANDA backup system
+# to back up remote nodes.  It does not provide the ability to restore
+# files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	10080
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
+ PARAM	-	-	udp	10080 { helper=amanda }
+?else
+ PARAM	-	-	udp	10080
+?endif
+
+PARAM	-	-	tcp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
 # it should not be necessary to use this.  The ip_conntrack_amanda
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,11 +1,9 @@
 #
-# Shorewall version 4 - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
 #
-# /usr/share/shorewall/macro.Auth
-#
-#	This macro handles Auth (identd) traffic.
+# This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,11 +1,9 @@
 #
-# Shorewall version 4 - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
 #
-# /usr/share/shorewall/macro.BGP
-#
-#	This macro handles BGP4 traffic.
+# This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S) PORT(S) LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -0,0 +1,13 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.blacklist
+#
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+?if $BLACKLIST_LOGLEVEL
+blacklog
+?else
+$BLACKLIST_DISPOSITION
+?endif
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,18 +1,16 @@
 #
-# Shorewall version 4 - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
 #
-# /usr/share/shorewall/macro.BitTorrent
+# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
-#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
+# If you are running BitTorrent 3.2 or later, you should use the
+# BitTorrent32 macro.
 #
-#	If you are running BitTorrent 3.2 or later, you should use the 
-#	BitTorrent32 macro.
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,16 +1,13 @@
 #
-# Shorewall version 4 - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
 #
-# /usr/share/shorewall/macro.BitTorrent32
-#
-#	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
+# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,11 +1,9 @@
 #
-# Shorewall version 4 - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
 #
-# /usr/share/shorewall/macro.CVS
-#
-#	This macro handles connections to the CVS pserver.
+# This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,14 +1,12 @@
 #
-# Shorewall version 4 - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
 #
-# /usr/share/shorewall/macro.Citrix
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
+# ICA Session Reliability)
 #
-#	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-#	ICA Session Reliability)
-#
-####################################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S) PORT(S) LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
 #
-# /usr/share/shorewall/macro.DAAP
-#
-#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#	The protocol is used by iTunes, Rythmbox and other similar daemons.
+# This macro handles DAAP (Digital Audio Access Protocol) traffic.
+# The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,12 +1,10 @@
 #
-# Shorewall version 4 - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
 #
-# /usr/share/shorewall/macro.DCC
-#
-#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#	DCC is a distributed spam filtering mechanism.
+# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
+# DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	6277
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,12 +1,10 @@
 #
-# Shorewall version 4 - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
 #
-# /usr/share/shorewall/macro.DHCPfwd
-#
-#	This macro (bidirectional) handles forwarded DHCP traffic
+# This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S) PORT(S) LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,12 +1,10 @@
 #
-# Shorewall version 4 - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
 #
-# /usr/share/shorewall/macro.DNS
-#
-#	This macro handles DNS traffic.
+# This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,11 +1,9 @@
 #
-# Shorewall version 4 - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
 #
-# /usr/share/shorewall/macro.Distcc
-#
-#	This macro handles connections to the Distributed Compiler service.
+# This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,22 +1,19 @@
 #
-# Shorewall version 4 - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
 #
-# /usr/share/shorewall/macro.Drop
+# This macro generates the same rules as the Drop default action
+# It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Drop default action
-#	It is used in place of action.Drop when USE_ACTIONS=No.
+# Example:
 #
-#	Example:
-#
-#		Drop	net	all
+#	Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
-# Don't log 'auth' REJECT
+# Don't log 'auth' DROP
 #
-REJECT	-	-	tcp	113
+DROP	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,14 +1,12 @@
 #
-# Shorewall version 4 - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
-# /usr/share/shorewall/macro.DropDNSrep
-#
-#	This macro silently drops DNS UDP replies
+# This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER

-COMMENT Late DNS Replies
+?COMMENT Late DNS Replies

-DROP	-	-	udp	-	53
+DEFAULT DROP
+PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,14 +1,12 @@
 #
-# Shorewall version 4 - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
 #
-# /usr/share/shorewall/macro.DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER

-COMMENT UPnP
+?COMMENT UPnP

-DROP	-	-	udp	1900
+DEFAULT DROP
+PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,34 +1,31 @@
 #
-# Shorewall version 4 - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
 #
-# /usr/share/shorewall/macro.Edonkey
+# This macro handles Edonkey traffic.
 #
-#	This macro handles Edonkey traffic.
+# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+# says to use udp 5737 rather than 4665.
 #
+# http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-#	says to use udp 5737 rather than 4665.
+# 4661 TCP (outgoing) Port, on which a server listens for connection
+# (defined by server).
 #
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
+# 4665 UDP (outgoing) used for global server searches and global source
+# queries. This is always Server TCP port (in this case 4661) + 4.
 #
-#	4661 TCP (outgoing) Port, on which a server listens for connection
-#	(defined by server).
+# 4662 TCP (outgoing and incoming) Client to client transfers.
 #
-#	4665 UDP (outgoing) used for global server searches and global source
-#	queries. This is always Server TCP port (in this case 4661) + 4.
+# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+# Rating, File Reask Ping
 #
-#	4662 TCP (outgoing and incoming) Client to client transfers.
+# 4711 TCP WebServer listening port.
 #
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	Rating, File Reask Ping
-#
-#	4711 TCP WebServer listening port.
-#
-#	4712 TCP External Connection port. Used to communicate aMule with other
-#	applications such as aMule WebServer or aMuleCMD.
+# 4712 TCP External Connection port. Used to communicate aMule with other
+# applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,11 +1,13 @@
 #
-# Shorewall version 4 - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
 #
-# /usr/share/shorewall/macro.FTP
-#
-#	This macro handles FTP traffic.
+# This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	21
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
+ PARAM	-	-	tcp	21 { helper=ftp }
+?else
+ PARAM	-	-	tcp	21
+?endif
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,12 +1,10 @@
 #
-# Shorewall version 4 - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
-#
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
+# This macro handles Finger protocol.
+# You should not generally open your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
 #
-# /usr/share/shorewall/macro.GNUnet
-#
-#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
+# This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,13 +1,10 @@
 #
-# Shorewall version 4 - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,11 +1,9 @@
 #
-# Shorewall version 4 - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
 #
-# /usr/share/shorewall/macro.Git
-#
-#	This macro handles Git traffic.
+# This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9418
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`This is the Shorewall-lite development 4.3 branch of SVN.`