Fix compiler crash from unknown interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/install.sh

@@ -118,37 +118,7 @@ esac
 
 INSTALLD='-D'
 
-if [ -z "$INSTALLSYS" ]; then
-    case $(uname) in
-	CYGWIN*)
-	    INSTALLSYS=CYGWIN
-	    ;;
-	Darwin)
-	    INSTALLSYS=MAC
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		INSTALLSYS=DEBIAN
-	    elif [ -f /etc/redhat-release ]; then
-		if [ -d /etc/sysconfig/network-scripts/ ]; then
-		    INSTALLSYS=REDHAT
-		else
-		    INSTALLSYS=FEDORA
-		fi
-	    elif [ -f /etc/slackware-version ] ; then
-		INSTALLSYS=SLACKWARE
-	    elif [ -f /etc/SuSE-release ]; then
-		INSTALLSYS=SUSE
-	    elif [ -f /etc/arch-release ] ; then
-		INSTALLSYS=ARCHLINUX
-	    else
-		INSTALLSYS=LINUX
-	    fi
-	    ;;
-    esac
-fi
-
-case $INSTALLSYS in
+case $(uname) in
     CYGWIN*)
 	if [ -z "$DESTDIR" ]; then
 	    DEST=
@@ -157,16 +127,18 @@ case $INSTALLSYS in
 
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
+	CYGWIN=Yes
 	;;
-    MAC)
+    Darwin)
 	if [ -z "$DESTDIR" ]; then
 	    DEST=
 	    INIT=
-	    SPARSE=Yes
 	fi
 
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
+	MAC=Yes
+        MACHOST=Yes
 	INSTALLD=
 	T=
 	;;
@@ -225,34 +197,43 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 # Determine where to install the firewall script
 #
 
-[ -n "$TARGET" ] || TARGET=$INSTALLSYS
-
-case "$TARGET" in
-    CYGWIN)
-	echo "Installing Cygwin-specific configuration..."
-	;;
-    MAC)
-	echo "Installing Mac-specific configuration...";
-	;;
-    DEBIAN)
-	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
-	;;
-    FEDORA|REDHAT|SLACKWARE|ARCHLINUX|LINUX)
-	;;
-    *)
-	echo "ERROR: Unknown TARGET \"$TARGET\"" >&2
-	exit 1;
-	;;
-esac
-
 if [ -n "$DESTDIR" ]; then
-    if [ $INSTALLSYS != CYGWIN ]; then
+    if [ -z "$CYGWIN" ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
 	    OWNERSHIP=""
 	fi
     fi
+
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+
+    CYGWIN=
+    MAC=
+else
+    if [ -n "$CYGWIN" ]; then
+	echo "Installing Cygwin-specific configuration..."
+    elif [ -n "$MAC" ]; then
+	echo "Installing Mac-specific configuration..."
+    else
+	if [ -f /etc/debian_version ]; then
+	    echo "Installing Debian-specific configuration..."
+	    DEBIAN=yes
+	elif [ -f /etc/redhat-release ]; then
+	    echo "Installing Redhat/Fedora-specific configuration..."
+	    FEDORA=yes
+	elif [ -f /etc/slackware-version ] ; then
+	    echo "Installing Slackware-specific configuration..."
+	    DEST="/etc/rc.d"
+	    MANDIR="/usr/man"
+	    SLACKWARE=yes
+	elif [ -f /etc/arch-release ] ; then
+	    echo "Installing ArchLinux-specific configuration..."
+	    DEST="/etc/rc.d"
+	    INIT="shorewall"
+	    ARCHLINUX=yes
+	fi
+    fi
 fi
 
 #

Shorewall-init/install.sh

@@ -131,53 +131,16 @@ case "$LIBEXEC" in
 	;;
 esac
 
-if [ -z "$INSTALLSYS" ]; then
-    case $(uname) in
-	CYGWIN*)
-	    INSTALLSYS=CYGWIN
-	    ;;
-	Darwin)
-	    INSTALLSYS=MAC
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		INSTALLSYS=DEBIAN
-	    elif [ -f /etc/redhat-release ]; then
-		if [ -d /etc/sysconfig/network-scripts/ ]; then
-		    INSTALLSYS=REDHAT
-		else
-		    INSTALLSYS=FEDORA
-		fi
-	    elif [ -f /etc/SuSE-release ]; then
-		INSTALLSYS=SUSE
-	    elif [ -f /etc/slackware-version ] ; then
-		INSTALLSYS=SLACKWARE
-	    elif [ -f /etc/arch-release ] ; then
-		INSTALLSYS=ARCHLINUX
-	    else
-		INSTALLSYS=
-	    fi
-	    ;;
-    esac
-fi
-
-case $INSTALLSYS in
-    CYGWIN*)
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
-	;;
-    MAC)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	    SPARSE=Yes
-	fi
+#
+# Determine where to install the firewall script
+#
 
+case $(uname) in
+    Darwin)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
-	INSTALLD=
 	T=
-	;;
+	;;	
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -186,39 +149,6 @@ esac
 
 OWNERSHIP="-o $OWNER -g $GROUP"
 
-[ -n "$TARGET" ] || TARGET=$INSTALLSYS
-
-case "$TARGET" in
-    DEBIAN)
-	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
-	;;
-    FEDORA)
-	echo "Installing Fedora-specific configuration..."
-	;;
-    REDHAT)
-	echo "Installing Redhat-specific configuration..."
-	;;
-    SLACKWARE)
-	echo "Shorewall-init is currently not supported on Slackware" >&2
-	exit 1
-	;;
-    ARCHLINUX)
-	echo "Shorewall-init is currently not supported on Arch Linux" >&2
-	exit 1
-	;;
-    SUSE)
-	echo "Installing SuSE-specific configuration..."
-	;;
-    LINUX)
-	echo "ERROR: Shorewall-init is not supported on this system" >&2
-	;;
-    *)
-	echo "ERROR: Unsupported TARGET distribution: \"$TARGET\"" >&2
-	exit 1;
-	;;
-esac
-
 if [ -n "$DESTDIR" ]; then
     if [ `id -u` != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
@@ -226,6 +156,31 @@ if [ -n "$DESTDIR" ]; then
     fi
     
     install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+elif [ -f /etc/debian_version ]; then
+    DEBIAN=yes
+elif [ -f /etc/SuSE-release ]; then
+    SUSE=Yes
+elif [ -f /etc/redhat-release ]; then
+    FEDORA=Yes
+elif [ -f /etc/slackware-version ] ; then
+    echo "Shorewall-init is currently not supported on Slackware" >&2
+    exit 1
+#   DEST="/etc/rc.d"
+#   INIT="rc.firewall"
+elif [ -f /etc/arch-release ] ; then
+    echo "Shorewall-init is currently not supported on Arch Linux" >&2
+    exit 1
+#   DEST="/etc/rc.d"
+#   INIT="shorewall-init"
+#   ARCHLINUX=yes
+elif [ -d /etc/sysconfig/network-scripts/ ]; then
+    #
+    # Assume RedHat-based
+    #
+    REDHAT=Yes
+else
+    echo "Unknown distribution: Shorewall-init support is not available" >&2
+    exit 1
 fi
 
 if [ -z "$DESTDIR" ]; then
@@ -255,17 +210,15 @@ fi
 #
 # Install the Init Script
 #
-case $TARGET in
-    DEBIAN)
-	install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
-	;;
-    REDHAT|FEDORA)
-	install_file init.fedora.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
-	;;
-    *)
-	install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
-	;;
-esac
+if [ -n "$DEBIAN" ]; then
+    install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
+elif [ -n "$FEDORA" ]; then
+    install_file init.fedora.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
+#elif [ -n "$ARCHLINUX" ]; then
+#    install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
+else
+    install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
+fi
 
 echo  "Shorewall Init script installed in ${DESTDIR}${DEST}/$INIT"
 
@@ -297,7 +250,7 @@ if [ -z "$DESTDIR" ]; then
     ln -s ${DEST}/${INIT} /usr/share/shorewall-init/init
 fi
 
-if [ $TARGET = DEBIAN ]; then
+if [ -n "$DEBIAN" ]; then
     if [ -n "${DESTDIR}" ]; then
 	mkdir -p ${DESTDIR}/etc/network/if-up.d/
 	mkdir -p ${DESTDIR}/etc/network/if-post-down.d/
@@ -315,7 +268,7 @@ else
 	mkdir -p ${DESTDIR}/etc/sysconfig
 
 	if [ -z "$RPM" ]; then
-	    if [ $TARGET = SUSE ]; then
+	    if [ -n "$SUSE" ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
 	    else
@@ -341,30 +294,24 @@ if [ -d ${DESTDIR}/etc/NetworkManager ]; then
     install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
 
-case $TARGET in
-    DEBIAN)
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
-	;;
-    SUSE)
-	if [ -z "$RPM" ]; then
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
-	    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
-	fi
-	;;
-    REDHAT)
-	if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
-	    echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
-	else
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
-	    install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
-	fi
-	;;
-esac
+if [ -n "$DEBIAN" ]; then
+    install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+    install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
+elif [ -n "$SUSE" ]; then
+    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
+    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
+elif [ -n "$REDHAT" ]; then
+    if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
+	echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
+    else
+	install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
+	install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
+    fi
+fi
 
 if [ -z "$DESTDIR" ]; then
     if [ -n "$first_install" ]; then
-	if [ $TARGET = DEBIAN ]; then
+	if [ -n "$DEBIAN" ]; then
 	    
 	    update-rc.d shorewall-init defaults
 
@@ -401,7 +348,7 @@ if [ -z "$DESTDIR" ]; then
     fi
 else
     if [ -n "$first_install" ]; then
-	if [ $TARGET = DEBIAN ]; then
+	if [ -n "$DEBIAN" ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi
@@ -413,33 +360,31 @@ else
 fi
 
 if [ -f ${DESTDIR}/etc/ppp ]; then
-    case $TARGET in
-	DEBIAN|SUSE)
-	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
-	    done
-	    ;;
-	REDHAT)
-	    #
-	    # Must use the dreaded ip_xxx.local file
-	    #
-	    for file in ip-up.local ip-down.local; do
-		FILE=${DESTDIR}/etc/ppp/$file
-		if [ -f $FILE ]; then
-		    if fgrep -q Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
-		    else
-			echo "$FILE already exists -- ppp devices will not be handled"
-			break
-		    fi
-		else
+    if [ -n "$DEBIAN" ] -o -n "$SUSE" ]; then
+	for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
+	    mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
+	    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
+	done
+    elif [ -n "$REDHAT" ]; then
+	#
+	# Must use the dreaded ip_xxx.local file
+	#
+	for file in ip-up.local ip-down.local; do
+	    FILE=${DESTDIR}/etc/ppp/$file
+	    if [ -f $FILE ]; then
+		if fgrep -q Shorewall-based $FILE ; then
 		    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+		else
+		    echo "$FILE already exists -- ppp devices will not be handled"
+		    break
 		fi
-	    done
-	    ;;
-    esac
+	    else
+		cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+	    fi
+	done
+    fi
 fi
+
 #
 #  Report Success
 #

Shorewall-lite/install.sh

@@ -149,37 +149,7 @@ CYGWIN=
 INSTALLD='-D'
 T='-T'
 
-if [ -z "$INSTALLSYS" ]; then
-    case $(uname) in
-	CYGWIN*)
-	    INSTALLSYS=CYGWIN
-	    ;;
-	Darwin)
-	    INSTALLSYS=MAC
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		INSTALLSYS=DEBIAN
-	    elif [ -f /etc/redhat-release ]; then
-		if [ -d /etc/sysconfig/network-scripts/ ]; then
-		    INSTALLSYS=REDHAT
-		else
-		    INSTALLSYS=FEDORA
-		fi
-	    elif [ -f /etc/SuSE-release ]; then
-		INSTALLSYS=SUSE
-	    elif [ -f /etc/slackware-version ] ; then
-		INSTALLSYS=SLACKWARE
-	    elif [ -f /etc/arch-release ] ; then
-		INSTALLSYS=ARCHLINUX
-	    else
-		INSTALLSYS=LINUX
-	    fi
-	    ;;
-    esac
-fi
-
-case $INSTALLSYS in
+case $(uname) in
     CYGWIN*)
 	if [ -z "$DESTDIR" ]; then
 	    DEST=
@@ -189,18 +159,10 @@ case $INSTALLSYS in
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
-    MAC)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	    SPARSE=Yes
-	fi
-
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
+    Darwin)
 	INSTALLD=
 	T=
-	;;
+	;;	   
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -209,41 +171,6 @@ esac
 
 OWNERSHIP="-o $OWNER -g $GROUP"
 
-[ -n "$TARGET" ] || TARGET=$INSTALLSYS
-
-case "$TARGET" in
-    CYGWIN)
-	echo "Installing Cygwin-specific configuration..."
-	;;
-    MAC)
-	echo "Installing Mac-specific configuration...";
-	;;
-    DEBIAN)
-	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
-	;;
-    FEDORA|REDHAT)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    SLACKWARE)
-	echo "Installing Slackware-specific configuration..."
-	DEST="/etc/rc.d"
-	MANDIR="/usr/man"
-	INIT="rc.firewall"
-	;;
-    ARCHLINUX)
-	echo "Installing ArchLinux-specific configuration..."
-	DEST="/etc/rc.d"
-	INIT="$PRODUCT"
-	;;
-    LINUX|SUSE)
-	;;
-    *)
-	echo "ERROR: Unknown TARGET \"$TARGET\"" >&2
-	exit 1;
-	;;
-esac
-
 if [ -n "$DESTDIR" ]; then
     if [ `id -u` != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
@@ -252,11 +179,20 @@ if [ -n "$DESTDIR" ]; then
     
     install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
     install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
+    DEBIAN=yes
+elif [ -f /etc/redhat-release ]; then
+    FEDORA=yes
+elif [ -f /etc/slackware-version ] ; then
+    DEST="/etc/rc.d"
+    INIT="rc.firewall"
+elif [ -f /etc/arch-release ] ; then
+      DEST="/etc/rc.d"
+      INIT="$PRODUCT"
+      ARCHLINUX=yes
+fi
 
-    if [ -n "$SYSTEMD" ]; then
-	mkdir -p ${DESTDIR}/lib/systemd/system
-    fi
-else
+if [ -z "$DESTDIR" ]; then
     if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
@@ -265,6 +201,8 @@ else
     if [ -f /lib/systemd/system ]; then
 	SYSTEMD=Yes
     fi
+elif [ -n "$SYSTEMD" ]; then
+    mkdir -p ${DESTDIR}/lib/systemd/system
 fi
 
 echo "Installing $Product Version $VERSION"
@@ -305,20 +243,15 @@ echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"
 #
 # Install the Firewall Script
 #
-case $TARGET in
-    DEBIAN)
-	install_file init.debian.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
-	;;
-    FEDORA|REDHAT)
-	install_file init.fedora.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
-	;;
-    ARCHLINUX)
-	install_file init.archlinux.sh ${DESTDIR}/${DEST}/$INIT 0544
-	;;
-    *)
-	install_file init.sh ${DESTDIR}/${DEST}/$INIT 0544
-	;;
-esac
+if [ -n "$DEBIAN" ]; then
+    install_file init.debian.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$FEDORA" ]; then
+    install_file init.fedora.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$ARCHLINUX" ]; then
+    install_file init.archlinux.sh ${DESTDIR}/${DEST}/$INIT 0544
+else
+    install_file init.sh ${DESTDIR}/${DEST}/$INIT 0544
+fi
 
 echo  "$Product script installed in ${DESTDIR}${DEST}/$INIT"
 
@@ -354,7 +287,7 @@ if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
    echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
 fi
 
-if [ $TARGET = ARCHLINUX ] ; then
+if [ -n "$ARCHLINUX" ] ; then
    sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
 fi
 
@@ -465,7 +398,7 @@ if [ -z "$DESTDIR" ]; then
     touch /var/log/$PRODUCT-init.log
 
     if [ -n "$first_install" ]; then
-	if [ $TARGET = DEBIAN ]; then
+	if [ -n "$DEBIAN" ]; then
 	    run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
 
 	    update-rc.d $PRODUCT defaults

Shorewall/Perl/Shorewall/Chains.pm

@@ -4313,13 +4313,6 @@ sub get_set_flags( $$ ) {
     } elsif ( $setname =~ /^(.*)\[((src|dst)(,(src|dst))*)\]$/ ) {
 	$setname = $1;
 	$options = $2;
-
-	my @options = split /,/, $options;
-	my %typemap = ( src => 'Source', dst => 'Destination' );
-
-	for ( @options ) {
-	    warning_messsage( "The '$_' ipset flag is used in a $typemap{$option} column" ), last unless $_ eq $option;
-	}
     }
 
     $setname =~ s/^\+//;

Shorewall/Perl/Shorewall/Nat.pm

@@ -54,8 +54,8 @@ sub initialize() {
 #
 sub process_one_masq( )
 {
-    my ($interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition ) = 
-	split_line1 'masq file', { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8 };
+    my ($interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user ) = 
+	split_line1 'masq file', { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7 };
 
     if ( $interfacelist eq 'COMMENT' ) {
 	process_comment;
@@ -117,9 +117,9 @@ sub process_one_masq( )
     }
 
     #
-    # Handle Protocol, Ports and Condition
+    # Handle Protocol and Ports
     #
-    $baserule .= do_proto( $proto, $ports, '' ) . do_condition( $condition );
+    $baserule .= do_proto $proto, $ports, '';
     #
     # Handle Mark
     #

Shorewall/Perl/Shorewall/Tc.pm

@@ -855,7 +855,7 @@ sub validate_tc_device( ) {
 			    pfifo         => $pfifo,
 			    tablenumber   => 1 ,
 			    redirected    => \@redirected,
-			    default       => undef,
+			    default       => 0,
 			    nextclass     => 2,
 			    qdisc         => $qdisc,
 			    guarantee     => 0,
@@ -998,7 +998,6 @@ sub validate_tc_class( ) {
 	}
     } else {
 	fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
-	$markval = '-';
     }
 
     if ( $parentclass != 1 ) {
@@ -1115,10 +1114,8 @@ sub validate_tc_class( ) {
     }
 
     unless ( $devref->{classify} || $occurs > 1 ) {
-	if ( $mark ne '-' ) {
-	    fatal_error "Missing MARK" if $mark eq '-';
-	    warning_message "Class NUMBER ignored -- INTERFACE $device does not have the 'classify' option"	if $devclass =~ /:/;
-	}
+	fatal_error "Missing MARK" if $mark eq '-';
+	warning_message "Class NUMBER ignored -- INTERFACE $device does not have the 'classify' option"	if $devclass =~ /:/;
     }
 
     $tcref->{flow}  = $devref->{flow}  unless $tcref->{flow};
@@ -1599,7 +1596,7 @@ sub process_traffic_shaping() {
 	my $devnum  = in_hexp $devref->{number};
 	my $r2q     = int calculate_r2q $devref->{out_bandwidth};
 
-	fatal_error "No default class defined for device $devname" unless defined $devref->{default};
+	fatal_error "No default class defined for device $devname" unless $devref->{default};
 
 	my $device = physical_name $devname;
 
@@ -1711,7 +1708,7 @@ sub process_traffic_shaping() {
 		#
 		# add filters
 		#
-		unless ( $mark eq '-' ) {
+		unless ( $devref->{classify} ) {
 		    emit "run_tc filter add dev $device protocol all parent $devicenumber:0 prio " . ( $priority | 20 ) . " handle $mark fw classid $classid" if $tcref->{occurs} == 1;
 		}
 

Shorewall/configfiles/masq

@@ -6,6 +6,6 @@
 # The manpage is also online at
 # http://www.shorewall.net/manpages/shorewall-masq.html
 #
-######################################################################################################
-#INTERFACE:DEST		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK	USER/	SWITCH
+#############################################################################################
+#INTERFACE:DEST		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK	USER/
 #											GROUP

Shorewall/install.sh

@@ -119,6 +119,9 @@ if [ -z "$INIT" ] ; then
 fi
 
 ANNOTATED=
+CYGWIN=
+MAC=
+MACHOST=
 MANDIR=${MANDIR:-"/usr/share/man"}
 SPARSE=
 INSTALLD='-D'
@@ -141,37 +144,7 @@ case "$PERLLIB" in
 	;;
 esac
 
-if [ -z "$INSTALLSYS" ]; then
-    case $(uname) in
-	CYGWIN*)
-	    INSTALLSYS=CYGWIN
-	    ;;
-	Darwin)
-	    INSTALLSYS=MAC
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		INSTALLSYS=DEBIAN
-	    elif [ -f /etc/redhat-release ]; then
-		if [ -d /etc/sysconfig/network-scripts/ ]; then
-		    INSTALLSYS=REDHAT
-		else
-		    INSTALLSYS=FEDORA
-		fi
-	    elif [ -f /etc/slackware-version ] ; then
-		INSTALLSYS=SLACKWARE
-	    elif [ -f /etc/SuSE-release ]; then
-		INSTALLSYS=SUSE
-	    elif [ -f /etc/arch-release ] ; then
-		INSTALLSYS=ARCHLINUX
-	    else
-		INSTALLSYS=LINUX
-	    fi
-	    ;;
-    esac
-fi
-
-case $INSTALLSYS in
+case $(uname) in
     CYGWIN*)
 	if [ -z "$DESTDIR" ]; then
 	    DEST=
@@ -180,8 +153,10 @@ case $INSTALLSYS in
 
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
+	CYGWIN=Yes
+	SPARSE=Yes
 	;;
-    MAC)
+    Darwin)
 	if [ -z "$DESTDIR" ]; then
 	    DEST=
 	    INIT=
@@ -190,6 +165,8 @@ case $INSTALLSYS in
 
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
+	MAC=Yes
+	MACHOST=Yes
 	INSTALLD=
 	T=
 	;;
@@ -252,54 +229,8 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 # Determine where to install the firewall script
 #
 
-if [ $PRODUCT = shorewall ]; then
-    #
-    # Verify that Perl is installed
-    #
-    if ! perl -c Perl/compiler.pl; then
-	echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the $Product perl code" >&2
-	echo "       Try perl -c $PWD/Perl/compiler.pl" >&2
-	exit 1
-    fi
-fi
-
-[ -n "$TARGET" ] || TARGET=$INSTALLSYS
-
-case "$TARGET" in
-    CYGWIN)
-	echo "Installing Cygwin-specific configuration..."
-	;;
-    MAC)
-	echo "Installing Mac-specific configuration...";
-	;;
-    DEBIAN)
-	echo "Installing Debian-specific configuration..."
-	SPARSE=yes
-	;;
-    FEDORA|REDHAT)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    SLACKWARE)
-	echo "Installing Slackware-specific configuration..."
-	DEST="/etc/rc.d"
-	MANDIR="/usr/man"
-	INIT="rc.firewall"
-	;;
-    ARCHLINUX)
-	echo "Installing ArchLinux-specific configuration..."
-	DEST="/etc/rc.d"
-	INIT="$PRODUCT"
-	;;
-    LINUX)
-	;;
-    *)
-	echo "ERROR: Unknown TARGET \"$TARGET\"" >&2
-	exit 1;
-	;;
-esac
-
 if [ -n "$DESTDIR" ]; then
-    if [ $INSTALLSYS != CYGWIN ]; then
+    if [ -z "$CYGWIN" ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
 	    OWNERSHIP=""
@@ -308,9 +239,49 @@ if [ -n "$DESTDIR" ]; then
 
     install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
     install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
-elif [ -z "$DESTDIR" ]; then
-    [ -x /usr/share/shorewall/compiler.pl ] || \
-	{ echo "   ERROR: Shorewall >= 4.3.5 is not installed" >&2; exit 1; }
+
+    CYGWIN=
+    MAC=
+else
+    if [ $PRODUCT = shorewall ]; then
+        #
+        # Verify that Perl is installed
+        #
+	if ! perl -c Perl/compiler.pl; then
+	    echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the $Product perl code" >&2
+	    echo "       Try perl -c $PWD/Perl/compiler.pl" >&2
+	    exit 1
+	fi
+    else
+	[ -x /usr/share/shorewall/compiler.pl ] || \
+	    { echo "   ERROR: Shorewall >= 4.3.5 is not installed" >&2; exit 1; }
+    fi
+
+    if [ -n "$CYGWIN" ]; then
+	echo "Installing Cygwin-specific configuration..."
+    elif [ -n "$MAC" ]; then
+	echo "Installing Mac-specific configuration..."
+    else
+	if [ -f /etc/debian_version ]; then
+	    echo "Installing Debian-specific configuration..."
+	    DEBIAN=yes
+	    SPARSE=yes
+	elif [ -f /etc/redhat-release ]; then
+	    echo "Installing Redhat/Fedora-specific configuration..."
+	    FEDORA=yes
+	elif [ -f /etc/slackware-version ] ; then
+	    echo "Installing Slackware-specific configuration..."
+	    DEST="/etc/rc.d"
+	    MANDIR="/usr/man"
+	    SLACKWARE=yes
+	    INIT="rc.firewall"
+	elif [ -f /etc/arch-release ] ; then
+	    echo "Installing ArchLinux-specific configuration..."
+	    DEST="/etc/rc.d"
+	    INIT="$PRODUCT"
+	    ARCHLINUX=yes
+	fi
+    fi
 fi
 
 if [ -z "$DESTDIR" ]; then
@@ -337,7 +308,7 @@ if [ -z "${DESTDIR}" -a $PRODUCT = shorewall -a ! -f /usr/share/$PRODUCT/corever
     exit 1
 fi
 
-if [ $TARGET != CYGWIN ]; then
+if [ -z "$CYGWIN" ]; then
    install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0755
    echo "$PRODUCT control program installed in ${DESTDIR}/sbin/$PRODUCT"
 else
@@ -348,28 +319,18 @@ fi
 #
 # Install the Firewall Script
 #
-case $TARGET in
-    DEBIAN)
-	install_file init.debian.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
-	;;
-    FEDORA|REDHAT)
-	install_file init.fedora.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
-	;;
-    ARCHLINUX)
-	install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
-	;;
-    SLACKWARE)
-        if [ $PRODUCT = shorewall ]; then
-	    install_file init.slackware.firewall.sh ${DESTDIR}${DEST}/rc.firewall 0644
-	    install_file init.slackware.$PRODUCT.sh ${DESTDIR}${DEST}/rc.$PRODUCT 0644
-	fi
-	;;
-    *)
-	if [ -n "$INIT" ]; then
-	    install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
-	fi
-	;;
-esac
+if [ -n "$DEBIAN" ]; then
+    install_file init.debian.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$FEDORA" ]; then
+    install_file init.fedora.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$ARCHLINUX" ]; then
+    install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
+elif [ -n "$SLACKWARE" -a $PRODUCT = shorewall ]; then
+	install_file init.slackware.firewall.sh ${DESTDIR}${DEST}/rc.firewall 0644
+	install_file init.slackware.$PRODUCT.sh ${DESTDIR}${DEST}/rc.$PRODUCT 0644
+elif [ -n "$INIT" ]; then
+    install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
+fi
 
 [ -n "$INIT" ] && echo  "$Product script installed in ${DESTDIR}${DEST}/$INIT"
 
@@ -466,7 +427,7 @@ run_install $OWNERSHIP -m 0644 $PRODUCT.conf.annotated ${DESTDIR}/usr/share/$PRO
 if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
    run_install $OWNERSHIP -m 0644 $PRODUCT.conf${suffix} ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
 
-   if [ $TARGET = DEBIAN ] && mywhich perl; then
+   if [ -n "$DEBIAN" ] && mywhich perl; then
        #
        # Make a Debian-like $PRODUCT.conf
        #
@@ -477,7 +438,7 @@ if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
 fi
 
 
-if [ $TARGET = ARCHLINUX ] ; then
+if [ -n "$ARCHLINUX" ] ; then
    sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
 fi
 
@@ -1120,7 +1081,7 @@ if [ -d ${DESTDIR}/etc/logrotate.d ]; then
 fi
 
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${CYGWIN}${MAC}" ]; then
-    if [ $TARGET = DEBIAN ]; then
+    if [ -n "$DEBIAN" ]; then
 	run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
 
 	update-rc.d $PRODUCT defaults
@@ -1156,7 +1117,7 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${CYGWIN}${MAC}" ]; then
 	    else
 		cant_autostart
 	    fi
-	elif [ "$INIT" != rc.f ]; then #Slackware starts this automatically
+	elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
 	    cant_autostart
 	fi
     fi

Shorewall/manpages/shorewall-masq.xml

@@ -35,8 +35,8 @@
       <para>If you have more than one ISP link, adding entries to this file
       will <emphasis role="bold">not</emphasis> force connections to go out
       through a particular link. You must use entries in <ulink
-      url="shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or PREROUTING
-      entries in <ulink
+      url="shorewall-rtrules.html">shorewall-rtrules</ulink>(5) or
+      PREROUTING entries in <ulink
       url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) to do
       that.</para>
     </warning>
@@ -88,8 +88,7 @@
           addresses to indicate that you only want to change the source IP
           address for packets being sent to those particular destinations.
           Exclusion is allowed (see <ulink
-          url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)) as
-          are ipset names preceded by a plus sign '+';</para>
+          url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
 
           <para>If you wish to inhibit the action of ADD_SNAT_ALIASES for this
           entry then include the ":" but omit the digit:</para>
@@ -150,10 +149,6 @@
 
           <para>In that example traffic from eth1 would be masqueraded unless
           it came from 192.168.1.4 or 196.168.32.0/27</para>
-
-          <para>The preferred way to specify the SOURCE is to supply one or
-          more host or network addresses separated by comma. You may use ipset
-          names preceded by a plus sign (+) to specify a set of hosts.</para>
         </listitem>
       </varlistentry>
 
@@ -472,43 +467,6 @@
           </variablelist>
         </listitem>
       </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">SWITCH -
-        [!]<replaceable>switch-name</replaceable></emphasis></term>
-
-        <listitem>
-          <para>Added in Shorewall 4.5.1 and allows enabling and disabling the
-          rule without requiring <command>shorewall restart</command>.</para>
-
-          <para>The rule is enabled if the value stored in
-          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
-          is 1. The rule is disabled if that file contains 0 (the default). If
-          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. <replaceable>switch-name</replaceable> must
-          begin with a letter and be composed of letters, decimal digits,
-          underscores or hyphens. Switch names must be 30 characters or less
-          in length.</para>
-
-          <para>Switches are normally <emphasis role="bold">off</emphasis>. To
-          turn a switch <emphasis role="bold">on</emphasis>:</para>
-
-          <simplelist>
-            <member><command>echo 1 &gt;
-            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
-          </simplelist>
-
-          <para>To turn it <emphasis role="bold">off</emphasis> again:</para>
-
-          <simplelist>
-            <member><command>echo 0 &gt;
-            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
-          </simplelist>
-
-          <para>Switch settings are retained over <command>shorewall
-          restart</command>.</para>
-        </listitem>
-      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -590,19 +548,6 @@
           </warning>
         </listitem>
       </varlistentry>
-
-      <varlistentry>
-        <term>Example 6:</term>
-
-        <listitem>
-          <para>Connections leaving on eth0 and destined to any host defined
-          in the ipset <emphasis>myset</emphasis> should have the source IP
-          address changed to 206.124.146.177.</para>
-
-          <programlisting>        #INTERFACE              SOURCE          ADDRESS
-        eth0:+myset[dst]        -               206.124.146.177</programlisting>
-        </listitem>
-      </varlistentry>
     </variablelist>
   </refsect1>