Correct modules.xtables

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
Correct helper validation
2012-12-31 08:00:04 -08:00 · 2012-12-30 12:51:39 -08:00 · 2012-12-30 08:59:20 -08:00
399 changed files with 8034 additions and 21981 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,17 +1,16 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure [ <option>=<setting> ] ...
 #
@@ -93,38 +93,15 @@ done
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
    if [ -f /etc/os-release ]; then
 	eval $(cat /etc/os-release | grep ^ID=)
 	case $ID in
 	    fedora)
 		vendor=redhat
 		;;
 	    debian|ubuntu)
 		vendor=debian
 		;;
 	    opensuse)
 		vendor=suse
 		;;
 	    *)
 		vendor="$ID"
 		;;
 	esac
 	params[HOST]="$vendor"
    fi
 fi
 if [ -z "$vendor" ]; then
    case `uname` in
 	Darwin)
-	    params[HOST]=apple
+	    $params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
-	cygwin*|CYGWIN*)
+	cygwin*)
-	    params[HOST]=cygwin
+	    $params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
 	    ;;
 	*)
@@ -210,7 +187,6 @@ for on in \
    AUXINITSOURCE \
    AUXINITFILE \
    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
    SPARSE \
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -2,16 +2,15 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure.pl <option>=<setting> ...
 #
@@ -56,28 +56,6 @@ my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
 unless ( defined $vendor ) {
    if ( -f '/etc/os-release' ) {
 	my $id = `cat /etc/os-release | grep ^ID=`;
 	chomp $id;
 	$id =~ s/ID=//;
 	if ( $id eq 'fedora' ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
 	} elsif ( $id eq 'ubuntu' ) {
 	    $vendor = 'debian';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
 }
 if ( defined $vendor ) {
    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
@@ -168,7 +146,6 @@ for ( qw/ HOST
 	  AUXINITSOURCE
 	  AUXINITFILE
 	  SYSTEMD
          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
 	  SPARSE
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -194,30 +194,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -276,7 +254,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|redhat|slackware|archlinux|linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -347,7 +325,7 @@ if [ -n "${INITFILE}" ]; then
    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
 	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
    fi
 fi
 #
@@ -393,13 +371,12 @@ if [ -z "${DESTDIR}" ]; then
 	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
    fi
    [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 fi
 [ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
 	if [ $BUILD != apple ]; then
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components except the
 # generated scripts.
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,14 +17,15 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the command processing code common to /sbin/shorewall[6] and
 # /sbin/shorewall[6]-lite. In Shorewall and Shorewall6, the lib.cli-std library is 
 # loaded after this one and replaces some of the functions declared here.
 #
-SHOREWALL_CAPVERSION=40600
+SHOREWALL_CAPVERSION=40509
 [ -n "${g_program:=shorewall}" ]
@@ -277,7 +277,8 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
 	elif [ -r $LOGFILE ]; then
 	    g_logread="tac $LOGFILE"
 	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist!"
+	    echo "LOGFILE ($LOGFILE) does not exist!" >&2
 	    exit 2
 	fi
    fi
@@ -328,30 +329,11 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
    done
 }
 #
 # Try to find the arptables binary -- sets the variable 'arptables'
 #
 resolve_arptables() {
    arptables="$ARPTABLES"
    [ -n "${arptables:=arptables}" ]
    case $arptables in
 	*/*)
 	    ;;
 	*)
 	    arptables=$(mywhich "$arptables")
 	    ;;
    esac
 }
 #
 # Save currently running configuration
 #
 do_save() {
    local status
    local arptables
    status=0
    if [ -f ${VARDIR}/firewall ]; then
@@ -371,42 +353,6 @@ do_save() {
 	status=1
    fi
    case ${SAVE_ARPTABLES:=No} in
 	[Yy]es)
 	    resolve_arptables
 	    if [ -n "$arptables" ]; then
 	        #
 	        # 'sed' command is a hack to work around broken arptables_jf
 	        #
 		if ${arptables}-save | sed 's/-p[[:space:]]\+0\([[:digit:]]\)00\/ffff/-p 000\1\/ffff/' > ${VARDIR}/restore-$$; then
 		    if grep -q '^-A' ${VARDIR}/restore-$$; then
 			mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
 		    else
 			rm -f ${VARDIR}/restore-$$
 		    fi
 		fi
 	    else
 		case "$ARPTABLES" in
 		    */*)
 			error_message "ERROR: ARPTABLES=$ARPTABLES does not exist or is not executable - arptables not saved"
 			;;
 		    *)
 			error_message "ERROR: The arptables utility cannot be located - arptables not saved"
 		    ;;
 		esac
 		rm -f ${g_restorepath}-arptables
 	    fi
 	    ;;
 	[Nn]o)
 	    rm -f ${g_restorepath}-arptables
 	    ;;
 	*)
 	    error_message "WARNING: Invalid value ($SAVE_ARPTABLES) for SAVE_ARPTABLES"
 	    ;;
    esac
    case ${SAVE_IPSETS:=No} in
 	[Yy]es)
 	    case ${IPSET:=ipset} in
@@ -471,10 +417,7 @@ save_config() {
 		    ;;
 		*)
 		    validate_restorefile RESTOREFILE
-		    if do_save; then
+		    do_save && rm -f ${VARDIR}/save
 			rm -f ${VARDIR}/save
 			result=0
 		    fi
 		    ;;
 	    esac
 	fi
@@ -482,7 +425,7 @@ save_config() {
 	echo "$g_product isn't started" >&2
    fi
-    return $result
+    return 0
 }
@@ -559,7 +502,7 @@ show_routing() {
 	ip -$g_family rule list | find_tables | sort -u | while read table; do
 	    heading "Table $table:"
 	    if [ $g_family -eq 6 ]; then
-		ip -$g_family -o route list table $table | grep -vF cache | sort_routes
+		ip -$g_family -o route list table $table | fgrep -v cache | sort_routes
 	    else
 		ip -4 -o route list table $table | sort_routes
 	    fi
@@ -572,7 +515,7 @@ show_routing() {
    else
 	heading "Routing Table"
 	if [ $g_family -eq 6 ]; then
-	    ip -$g_family -o route list | grep -vF cache | sort_routes
+	    ip -$g_family -o route list | fgrep -v cache | sort_routes
 	else
 	    ip -4 -o route list table $table | sort_routes
 	fi
@@ -582,7 +525,7 @@ show_routing() {
 determine_ipset_version() {
    local setname
-    if [ -z "$IPSET" -o "$IPSET" = "ipset" ]; then
+    if [ -z "$IPSET" -o $IPSET = ipset ]; then
 	IPSET=$(mywhich ipset)
 	[ -n "$IPSET" ] || fatal_error "The ipset utility cannot be located"
    fi
@@ -672,18 +615,13 @@ version_command() {
    [ $# -gt 0 ] && usage 1
    if [ -n "$all" ]; then
-	echo "shorewall-core: $(cat ${SHAREDIR}/shorewall/coreversion)"
+	echo "shorewall-core: $(cat $g_sharedir/coreversion)"
 	for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
 	    if [ -f ${SHAREDIR}/$product/version ]; then
 		echo "$product: $(cat ${SHAREDIR}/$product/version)"
 	    fi
 	done
 	if [ "$(id -u)" -eq 0 -a -f $g_firewall ]; then
 	    echo $g_echo_n "$g_firewall was compiled by Shorewall version "
 	    $g_firewall version
 	fi
    else
 	echo $SHOREWALL_VERSION
    fi
@@ -733,104 +671,6 @@ show_nfacct() {
 	echo
    fi
 }
 show_event() {
    local address
    local ttl_label
    local ttl
    local last_seen
    local last
    local oldest_pkt
    local oldest
    local intimes
    local outtimes1
    local outtimes2
    local time
    local count
    while read address ttl_label ttl last_seen last oldest_pkt oldest intimes; do
 	case $address in
 	    *.*)
 		[ $g_family -eq 4 ] || continue
 		;;
 	    *:*)
 		[ $g_family -eq 6 ] || continue
 		;;
 	    *)
 		continue
 		;;
 	esac
 	outtimes1=''
 	outtimes2=''
 	count=0
 	last=$((($currenttime - $last)/1000))
 	for time in $intimes; do
 	    time=${time%,}
 	    time=$(($currenttime - $time))
 	    if [ $time -lt 10 ]; then
 		time="000$time"
 	    elif [ $time -lt 100 ]; then
 		time="00$time"
 	    elif [ $time -lt 1000 ]; then
 		time="0$time"
 	    fi
 	    if [ $count -lt $oldest ]; then
 		outtimes2="$outtimes2 $time"
 	    else
 		outtimes1="$outtimes1 $time"
 	    fi
 	    count=$(($count + 1))
 	done
 	outtimes1="${outtimes1}${outtimes2}"
 	[ -n "$outtimes1" ] && outtimes1=$(echo "$outtimes1 " | sed -r 's/([[:digit:]]{3}) /\.\1, /g') && outtimes1=${outtimes1%, }
 	echo "   $address : ${outtimes1}"
    done < /proc/net/xt_recent/$1
 }
 show_events() {
    local file
    local base
    local currenttime
    if [ -f /proc/net/xt_recent/%CURRENTTIME ]; then
 	echo -127.0.0.1 > /proc/net/xt_recent/%CURRENTTIME
 	echo +127.0.0.1 > /proc/net/xt_recent/%CURRENTTIME
 	currenttime=$(cat /proc/net/xt_recent/%CURRENTTIME | cut -d ' ' -f 5 -)
 	# echo Current time: $currenttime
 	# echo
    else
 	currenttime=0
    fi
    if [ $# -gt 0 ]; then
 	for event in $@ ; do
 	    if [ -f /proc/net/xt_recent/$event ]; then
 		echo $event:
 		show_event $event
 		echo
 	    else
 		error_message "WARNING: Event $event not found"
 	    fi
 	done
    else
 	for file in /proc/net/xt_recent/*; do
 	    base=$(basename $file)
 	    if [ $base != %CURRENTTIME ]; then
 		echo $base
 		show_event $base
 		echo
 	    fi
 	done
    fi
 }
 #
 # Show Command Executor
 #
@@ -843,7 +683,6 @@ show_command() {
    table_given=
    local output_filter
    output_filter=cat
    local arptables
    show_macro() {
 	foo=`grep 'This macro' $macro | sed 's/This macro //'`
@@ -1019,7 +858,8 @@ show_command() {
 		elif [ -r $LOGFILE ]; then
 		    g_logread="tac $LOGFILE"
 		else
-		    fatal_error "LOGFILE ($LOGFILE) does not exist!"
+		    echo "LOGFILE ($LOGFILE) does not exist!" >&2
 		    exit 2
 		fi
 	    fi
@@ -1073,7 +913,8 @@ show_command() {
 		done < ${VARDIR}/zones
 		echo
 	    else
-		fatal_error "${VARDIR}/zones does not exist"
+		echo "   ERROR: ${VARDIR}/zones does not exist" >&2
 		exit 1
 	    fi
 	    ;;
 	capabilities)
@@ -1158,30 +999,6 @@ show_command() {
 	    echo
 	    show_nfacct
 	    ;;
 	arptables)
 	    [ $# -gt 1 ] && usage 1
 	    resolve_arptables
 	    if [ -n "$arptables" -a -x $arptables ]; then
 		echo "$g_product $SHOREWALL_VERSION arptables at $g_hostname - $(date)"
 		echo
 		$arptables -L -n -v
 	    else
 		error_message "Cannot locate the arptables executable"
 	    fi
 	    ;;
 	event)
 	    [ $# -gt 1 ] || usage 1
 	    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
 	    echo
 	    shift
 	    show_events $@
 	    ;;
 	events)
 	    [ $# -gt 1 ] && usage 1
 	    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
 	    echo
 	    show_events
 	    ;;	    
 	*)
 	    case "$g_program" in
 		*-lite)
@@ -1339,9 +1156,6 @@ dump_filter() {
 do_dump_command() {
    local finished
    finished=0
    local arptables
    resolve_arptables
    while [ $finished -eq 0 -a $# -gt 0 ]; do
 	option=$1
@@ -1392,7 +1206,8 @@ do_dump_command() {
 	elif [ -r $LOGFILE ]; then
 	    g_logread="tac $LOGFILE"
 	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
+	    echo "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html" >&2
 	    exit 2
 	fi
    fi
@@ -1415,11 +1230,6 @@ do_dump_command() {
    host=$(echo $g_hostname | sed 's/\..*$//')
    $g_tool -L $g_ipt_options
    if [ -n "$arptables" -a -x "$arptables" ]; then
 	heading "ARP rules"
 	$arptables -L -n -v
    fi
    heading "Log ($LOGFILE)"
    packet_log 20
@@ -1476,9 +1286,6 @@ do_dump_command() {
    heading "NF Accounting"
    show_nfacct
    heading "Events"
    show_events
    if qt mywhich setkey; then
 	heading "PFKEY SPD"
 	setkey -DP
@@ -1508,12 +1315,7 @@ do_dump_command() {
    if [ $g_family -eq 4 ]; then
 	heading "ARP"
-	if qt mywhich arp; then
+	arp -na
 	    arp -na
 	else
 	    ip -4 neigh ls
 	    ip -4 neigh ls proxy
 	fi
    else
 	heading "Neighbors"
 	ip -6 neigh ls
@@ -1535,7 +1337,11 @@ do_dump_command() {
    echo
-    ss -${g_family}tunap
+    if qt netstat -4; then
 	netstat -${g_family}tunap
    else
 	netstat -tunap
    fi
    if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
@@ -1546,7 +1352,7 @@ do_dump_command() {
 }
 dump_command() {
-    do_dump_command $@ | dump_filter
+    do_dump_command | dump_filter
 }
 #
@@ -1839,7 +1645,8 @@ separate_list() {
 add_command() {
    local interface host hostlist zone ipset
    if ! product_is_started ; then
-	fatal_error "$g_product Not Started"
+	echo "$g_product Not Started" >&2
 	exit 2
    fi
    determine_ipset_version
@@ -1896,8 +1703,6 @@ add_command() {
 		ipset=6_${zone}_${interface};
 	    fi
 	    ipset=$(echo $ipset | sed 's/./_/g');
 	    if ! qt $IPSET -L $ipset; then
 		fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
 	    fi
@@ -1929,7 +1734,8 @@ add_command() {
 delete_command() {
    local interface host hostent hostlist zone ipset
    if ! product_is_started ; then
-	fatal_error "$g_product Not Started"
+	echo "$g_product Not Started" >&2
 	exit 2;
    fi
    determine_ipset_version
@@ -1986,8 +1792,6 @@ delete_command() {
 		ipset=6_${zone}_${interface};
 	    fi
 	    ipset=$(echo $ipset | sed 's/./_/g');
 	    if ! qt $IPSET -L $ipset -n; then
 		fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
 	    fi
@@ -2116,7 +1920,8 @@ allow_command() {
 	range='--src-range'
 	if ! chain_exists dynamic; then
-	    fatal_error "Dynamic blacklisting is not enabled in the current $g_product configuration"
+	    echo "Dynamic blacklisting is not enabled in the current $g_product configuration" >&2
 	    exit 2
 	fi
 	[ -n "$g_nolock" ] || mutex_on
@@ -2230,7 +2035,6 @@ determine_capabilities() {
    local tool
    local chain
    local chain1
    local arptables
    if [ -z "$g_tool" ]; then
 	[ $g_family -eq 4 ] && tool=iptables || tool=ip6tables
@@ -2238,7 +2042,8 @@ determine_capabilities() {
 	g_tool=$(mywhich $tool)
 	if [ -z "$g_tool" ]; then
-	    fatal-error "No executable $tool binary can be found on your PATH"
+	    echo "   ERROR: No executable $tool binary can be found on your PATH" >&2
 	    exit 1
 	fi
    fi
@@ -2258,19 +2063,15 @@ determine_capabilities() {
    OLD_CONNTRACK_MATCH=
    MULTIPORT=
    XMULTIPORT=
    EMULTIPORT=
    POLICY_MATCH=
    PHYSDEV_MATCH=
    PHYSDEV_BRIDGE=
    IPRANGE_MATCH=
    RECENT_MATCH=
    REAP_OPTION=
    OWNER_MATCH=
    OWNER_NAME_MATCH=
    IPSET_MATCH=
    OLD_IPSET_MATCH=
    IPSET_MATCH_NOMATCH=
    IPSET_MATCH_COUNTERS=
    IPSET_V5=
    CONNMARK=
    XCONNMARK=
@@ -2315,7 +2116,6 @@ determine_capabilities() {
    CONDITION_MATCH=
    IPTABLES_S=
    BASIC_FILTER=
    BASIC_EMATCH=
    CT_TARGET=
    STATISTIC_MATCH=
    IMQ_TARGET=
@@ -2325,11 +2125,6 @@ determine_capabilities() {
    RPFILTER_MATCH=
    NFACCT_MATCH=
    CHECKSUM_TARGET=
    ARPTABLESJF=
    MASQUERADE_TGT=
    UDPLITEREDIRECT=
    NEW_TOS_MATCH=
    AMANDA_HELPER=
    FTP_HELPER=
    FTP0_HELPER=
@@ -2346,23 +2141,13 @@ determine_capabilities() {
    TFTP_HELPER=
    TFTP0_HELPER=
    resolve_arptables
    if [ -n "$arptables" -a -x "$arptables" ]; then
 	qt $arptables -L OUT && ARPTABLESJF=Yes
    fi
    chain=fooX$$
    if [ -n "$NAT_ENABLED" ]; then
 	if qt $g_tool -t nat -N $chain; then
 	    if [ $g_family -eq 4 ]; then
 		qt $g_tool -t nat -A $chain -j SNAT --to-source 1.2.3.4 --persistent && PERSISTENT_SNAT=Yes
 	    else
 		qt $g_tool -t nat -A $chain -j SNAT --to-source 2001::1 --persistent && PERSISTENT_SNAT=Yes
 	    fi
 	    qt $g_tool -t nat -A $chain -j MASQUERADE && MASQUERADE_TGT=Yes
 	    qt $g_tool -t nat -A $chain -p udplite -m multiport --dport 33 -j REDIRECT --to-port 22 && UDPREDIRECT=Yes
 	    qt $g_tool -t nat -F $chain
 	    qt $g_tool -t nat -X $chain
 	fi
@@ -2371,7 +2156,8 @@ determine_capabilities() {
    qt $g_tool -F $chain
    qt $g_tool -X $chain
    if ! $g_tool -N $chain; then
-	fatal_error "The command \"$g_tool -N $chain\" failed"
+	echo "   ERROR: The command \"$g_tool -N $chain\" failed" >&2
 	exit 1
    fi
    chain1=${chain}1
@@ -2380,14 +2166,16 @@ determine_capabilities() {
    qt $g_tool -X $chain1
    if ! $g_tool -N $chain1; then
 	qt $g_tool -X $CHAIN
-	fatal_error "The command \"$g_tool -N $chain1\" failed"
+	echo "   ERROR: The command \"$g_tool -N $chain1\" failed" >&2
 	exit 1
    fi
    if ! qt $g_tool -A $chain -m state --state ESTABLISHED,RELATED -j ACCEPT &&
       ! qt $g_tool -A $chain -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT; then
 	qt $g_tool -x $chain
 	qt $g_tool -x $chain1
-	fatal_error "Your kernel lacks connection tracking and/or state matching -- $g_product will not run on this system"
+	echo "   ERROR: Your kernel lacks connection tracking and/or state matching -- $g_product will not run on this system" >&2
 	exit 1
    fi
    if [ $g_family -eq 4 ]; then
@@ -2411,8 +2199,7 @@ determine_capabilities() {
 	qt $g_tool -A $chain -p tcp -m multiport --sports 60 -m multiport --dports 99 -j ACCEPT && KLUDEFREE=Yes
    fi
-    qt $g_tool -A $chain -p tcp  -m multiport --dports 21:22 -j ACCEPT           && XMULTIPORT=Yes
+    qt $g_tool -A $chain -p tcp -m multiport --dports 21:22 -j ACCEPT           && XMULTIPORT=Yes
    qt $g_tool -A $chain -p sctp -m multiport --dports 21,22 -j ACCEPT           && EMULTIPORT=Yes
    qt $g_tool -A $chain -m policy --pol ipsec --mode tunnel --dir in -j ACCEPT && POLICY_MATCH=Yes
    if qt $g_tool -A $chain -m physdev --physdev-out eth0 -j ACCEPT; then
@@ -2437,11 +2224,7 @@ determine_capabilities() {
 	fi
    fi
-    if qt $g_tool -A $chain -m recent --update -j ACCEPT; then
+    qt $g_tool -A $chain -m recent --update -j ACCEPT     && RECENT_MATCH=Yes
 	RECENT_MATCH=Yes
 	qt $g_tool -A $chain -m recent --rcheck --seconds 10 --reap && REAP_OPTION=Yes
    fi
    qt $g_tool -A $chain -m owner --uid-owner 0 -j ACCEPT && OWNER_MATCH=Yes
    local name
@@ -2504,7 +2287,6 @@ determine_capabilities() {
 	qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
 	qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
 	qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
 	qt $g_tool -t mangle -A $chain -m tos --tos 0x10/0xff && NEW_TOS_MATCH=Yes
 	qt $g_tool -t mangle -F $chain
 	qt $g_tool -t mangle -X $chain
@@ -2559,8 +2341,6 @@ determine_capabilities() {
 	    if [ -n "$have_ipset" ]; then
 		if qt $g_tool -A $chain -m set --match-set $chain src -j ACCEPT; then
 		    qt $g_tool -A $chain -m set --match-set $chain src --return-nomatch  -j ACCEPT && IPSET_MATCH_NOMATCH=Yes
 		    qt $g_tool -A $chain -m set --match-set $chain src --packets-lt 100  -j ACCEPT && IPSET_MATCH_COUNTERS=Yes
 		    qt $g_tool -F $chain
 		    IPSET_MATCH=Yes
 		elif qt $g_tool -A $chain -m set --set $chain src -j ACCEPT; then
@@ -2644,15 +2424,8 @@ determine_capabilities() {
    qt $g_tool -F $chain1
    qt $g_tool -X $chain1
-    if [ -n "$TC" ]; then
+    [ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
-	$TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
+    [ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes
 	if $TC filter add basic help 2>&1 | grep -q ^Usage; then
 	    BASIC_FILTER=Yes
 	    $TC filter add basic help 2>&1 | egrep -q match && BASIC_EMATCH=Yes
 	fi
    fi
    [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
    CAPVERSION=$SHOREWALL_CAPVERSION
@@ -2683,8 +2456,7 @@ report_capabilities_unsorted() {
    report_capability "NAT (NAT_ENABLED)" $NAT_ENABLED
    report_capability "Packet Mangling (MANGLE_ENABLED)" $MANGLE_ENABLED
    report_capability "Multi-port Match (MULTIPORT)" $MULTIPORT
-    [ -n "$MULTIPORT" ]  && report_capability "Extended Multi-port Match (XMULIPORT)" $XMULTIPORT
+    [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match (XMULIPORT)" $XMULTIPORT
    [ -n "$EMULTIPORT" ] && report_capability "Enhanced Multi-port Match (EMULIPORT)" $EMULTIPORT
    report_capability "Connection Tracking Match (CONNTRACK_MATCH)" $CONNTRACK_MATCH
    if [ -n "$CONNTRACK_MATCH" ]; then
 	report_capability "Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH)" $NEW_CONNTRACK_MATCH
@@ -2697,14 +2469,11 @@ report_capabilities_unsorted() {
    report_capability "Packet length Match (LENGTH_MATCH)" $LENGTH_MATCH
    report_capability "IP range Match(IPRANGE_MATCH)" $IPRANGE_MATCH
    report_capability "Recent Match (RECENT_MATCH)" $RECENT_MATCH
    [ -n "$RECENT_MATCH" ] && report_capability 'Recent Match "--reap" option (REAP_OPTION)' $REAP_OPTION
    report_capability "Owner Match (OWNER_MATCH)" $OWNER_MATCH
    report_capability "Owner Name Match (OWNER_NAME_MATCH)" $OWNER_NAME_MATCH
    if [ -n "$IPSET_MATCH" ]; then
 	report_capability "Ipset Match (IPSET_MATCH)" $IPSET_MATCH
-	[ -n "$OLD_IPSET_MATCH" ]     && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)"           $OLD_IPSET_MATCH
+	[ -n "$OLD_IPSET_MATCH" ] && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)" $OLD_IPSET_MATCH
 	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Nomatch (IPSET_MATCH_NOMATCH)"   $IPSET_MATCH_NOMATCH
 	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Counters (IPSET_MATCH_COUNTERS)" $IPSET_MATCH_COUNTERS
    fi
    report_capability "CONNMARK Target (CONNMARK)" $CONNMARK
    [ -n "$CONNMARK" ] && report_capability "Extended CONNMARK Target (XCONNMARK)" $XCONNMARK
@@ -2741,7 +2510,7 @@ report_capabilities_unsorted() {
    report_capability "TPROXY Target (TPROXY_TARGET)" $TPROXY_TARGET
    report_capability "FLOW Classifier (FLOW_FILTER)" $FLOW_FILTER
    report_capability "fwmark route mask (FWMARK_RT_MASK)" $FWMARK_RT_MASK
-    report_capability "Mark in the filter table (MARK_ANYWHERE)" $MARK_ANYWHERE
+    report_capability "Mark in any table (MARK_ANYWHERE)" $MARK_ANYWHERE
    report_capability "Header Match (HEADER_MATCH)" $HEADER_MATCH
    report_capability "ACCOUNT Target (ACCOUNT_TARGET)" $ACCOUNT_TARGET
    report_capability "AUDIT Target (AUDIT_TARGET)" $AUDIT_TARGET
@@ -2755,10 +2524,6 @@ report_capabilities_unsorted() {
    report_capability "RPFilter match" $RPFILTER_MATCH
    report_capability "NFAcct match" $NFACCT_MATCH
    report_capability "Checksum Target" $CHECKSUM_TARGET
    report_capability "Arptables JF" $ARPTABLESJF
    report_capability "MASQUERADE Target" $MASQUERADE_TGT
    report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
    report_capability "New tos Match" $NEW_TOS_MATCH
    report_capability "Amanda Helper" $AMANDA_HELPER
    report_capability "FTP Helper" $FTP_HELPER
@@ -2783,7 +2548,6 @@ report_capabilities_unsorted() {
    fi
    report_capability "Basic Filter (BASIC_FILTER)" $BASIC_FILTER
    report_capability "Basic Ematch (BASIC_EMATCH)" $BASIC_EMATCH
    report_capability "CT Target (CT_TARGET)" $CT_TARGET
    echo "   Kernel Version (KERNELVERSION): $KERNELVERSION"
@@ -2811,7 +2575,6 @@ report_capabilities_unsorted1() {
    report_capability1 MANGLE_ENABLED
    report_capability1 MULTIPORT
    report_capability1 XMULTIPORT
    report_capability1 EMULTIPORT
    report_capability1 CONNTRACK_MATCH
    report_capability1 NEW_CONNTRACK_MATCH
    report_capability1 OLD_CONNTRACK_MATCH
@@ -2822,13 +2585,10 @@ report_capabilities_unsorted1() {
    report_capability1 LENGTH_MATCH
    report_capability1 IPRANGE_MATCH
    report_capability1 RECENT_MATCH
    report_capability1 REAP_OPTION
    report_capability1 OWNER_MATCH
    report_capability1 OWNER_NAME_MATCH
    report_capability1 IPSET_MATCH
    report_capability1 OLD_IPSET_MATCH
    report_capability1 IPSET_MATCH_NOMATCH
    report_capability1 IPSET_MATCH_COUNTERS
    report_capability1 CONNMARK
    report_capability1 XCONNMARK
    report_capability1 CONNMARK_MATCH
@@ -2872,7 +2632,6 @@ report_capabilities_unsorted1() {
    report_capability1 CONDITION_MATCH
    report_capability1 IPTABLES_S
    report_capability1 BASIC_FILTER
    report_capability1 BASIC_EMATCH
    report_capability1 CT_TARGET
    report_capability1 STATISTIC_MATCH
    report_capability1 IMQ_TARGET
@@ -2882,10 +2641,6 @@ report_capabilities_unsorted1() {
    report_capability1 RPFILTER_MATCH
    report_capability1 NFACCT_MATCH
    report_capability1 CHECKSUM_TARGET
    report_capability1 ARPTABLESJF
    report_capability1 MASQUERADE_TGT
    report_capability1 UDPLITEREDIRECT
    report_capability1 NEW_TOS_MATCH
    report_capability1 AMANDA_HELPER
    report_capability1 FTP_HELPER
@@ -2916,10 +2671,10 @@ report_capabilities1() {
 show_status() {
    if product_is_started ; then
-	[ $VERBOSITY -ge 1 ] && echo "$g_product is running"
+	echo "$g_product is running"
 	status=0
    else
-	[ $VERBOSITY -ge 1 ] && echo "$g_product is stopped"
+	echo "$g_product is stopped"
 	status=4
    fi
@@ -2933,20 +2688,14 @@ show_status() {
    else
 	state=Unknown
    fi
-
+    echo "State:$state"
    if [ $VERBOSITY -ge 1 ]; then 
 	if [ -f $g_firewall ]; then
 	    state="$state ($g_firewall compiled by Shorewall version $($g_firewall version))"
 	fi
 	echo "State:$state"
 	echo
    fi
 }
 status_command() {
-    [ $VERBOSITY -ge 1 ] && echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
+    echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)"
    echo
    show_status
    echo
    exit $status
 }
@@ -3035,7 +2784,6 @@ forget_command() {
 	rm -f $g_restorepath
 	rm -f ${g_restorepath}-iptables
 	rm -f ${g_restorepath}-ipsets
 	rm -f ${g_restorepath}-arptables
 	echo "    $g_restorepath removed"
    elif [ -f $g_restorepath ]; then
 	echo "   $g_restorepath exists and is not a saved $g_product configuration"
@@ -3062,7 +2810,7 @@ ipcalc_command() {
    valid_address $address || fatal_error "Invalid IP address: $address"
    [ -z "$vlsm" ] && usage 2
    [ "x$address" = "x$vlsm" ] && usage 2
-    [ $vlsm -gt 32 ] && fatal_error "Invalid VLSM: /$vlsm"
+    [ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2
    address=$address/$vlsm
@@ -3144,10 +2892,12 @@ get_config() {
 	if [ -r $config ]; then
 	    . $config
 	else
-	    fatal_error "Cannot read $config! (Hint: Are you root?)"
+	    echo "Cannot read $config! (Hint: Are you root?)" >&2
 	    exit 1
 	fi
    else
-	fatal_error "$config does not exist!"
+	echo "$config does not exist!" >&2
 	exit 2
    fi
    ensure_config_path
@@ -3163,7 +2913,8 @@ get_config() {
    elif [ -r $LOGFILE ]; then
 	g_logread="tac $LOGFILE"
    else
-	fatal_error "LOGFILE ($LOGFILE) does not exist!"
+	echo "LOGFILE ($LOGFILE) does not exist!" >&2
 	exit 2
    fi
    #
    # See if we have a real version of "tail" -- use separate redirection so
@@ -3180,12 +2931,14 @@ get_config() {
    if [ $g_family -eq 4 ]; then
 	if [ -n "$IPTABLES" ]; then
 	    if [ ! -x "$IPTABLES" ]; then
-		fatal_error "The program specified in IPTABLES does not exist or is not executable"
+		echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
 		exit 2
 	    fi
 	else
 	    IPTABLES=$(mywhich iptables 2> /dev/null)
 	    if [ -z "$IPTABLES" ] ; then
-		fatal_error "Can't find iptables executable"
+		echo "   ERROR: Can't find iptables executable" >&2
 		exit 2
 	    fi
 	fi
@@ -3193,12 +2946,14 @@ get_config() {
    else
 	if [ -n "$IP6TABLES" ]; then
 	    if [ ! -x "$IP6TABLES" ]; then
-		fatal_error "The program specified in IP6TABLES does not exist or is not executable"
+		echo "   ERROR: The program specified in IP6TABLES does not exist or is not executable" >&2
 		exit 2
 	    fi
 	else
 	    IP6TABLES=$(mywhich ip6tables 2> /dev/null)
 	    if [ -z "$IP6TABLES" ] ; then
-		fatal_error "Can't find ip6tables executable"
+		echo "   ERROR: Can't find ip6tables executable" >&2
 		exit 2
 	    fi
 	fi
@@ -3230,20 +2985,23 @@ get_config() {
    IP=$(mywhich ip 2> /dev/null)
    if [ -z "$IP" ] ; then
-	fatal_error "Can't find ip executable"
+	echo "   ERROR: Can't find ip executable" >&2
 	exit 2
    fi
    if [ -n "$IPSET" ]; then
 	case "$IPSET" in
 	    */*)
 		if [ ! -x "$IPSET" ] ; then
-		    fatal_error "The program specified in IPSET ($IPSET) does not exist or is not executable"
+		    echo "   ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2
 		    exit 2
 		fi
 		;;
 	    *)
 		prog="$(mywhich $IPSET 2> /dev/null)"
 		if [ -z "$prog" ] ; then
-		    fatal_error "Can't find $IPSET executable"
+		    echo "   ERROR: Can't find $IPSET executable" >&2
 		    exit 2
 		fi
 		IPSET=$prog
 		;;
@@ -3436,7 +3194,7 @@ usage() # $1 = exit status
    echo "   delete <interface>[:<host-list>] ... <zone>"
    echo "   disable <interface>"
    echo "   drop <address> ..."
-    echo "   dump [ -x ] [ -l ] [ -m ]"
+    echo "   dump [ -x ]"
    echo "   enable <interface>"
    echo "   forget [ <file name> ]"
    echo "   help"
@@ -3455,29 +3213,26 @@ usage() # $1 = exit status
    echo "   restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
    echo "   restore [ -n ] [ <file name> ]"
    echo "   save [ <file name> ]"
-    echo "   [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
+    echo "   show [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
-    echo "   [ show | list | ls ] [ -f ] capabilities"
+    echo "   show [ -f ] capabilities"
-    echo "   [ show | list | ls ] arptables"
+    echo "   show classifiers"
-    echo "   [ show | list | ls ] classifiers"
+    echo "   show config"
-    echo "   [ show | list | ls ] config"
+    echo "   show connections"
-    echo "   [ show | list | ls ] connections"
+    echo "   show filters"
-    echo "   [ show | list | ls ] event [ <event> ...]"
+    echo "   show ip"
    echo "   [ show | list | ls ] events"
    echo "   [ show | list | ls ] filters"
    echo "   [ show | list | ls ] ip"
    if [ $g_family -eq 4 ]; then
-	echo "   [ show | list | ls ] ipa"
+	echo "   show ipa"
    fi
-    echo "   [ show | list | ls ] [ -m ] log [<regex>]"
+    echo "   show [ -m ] log [<regex>]"
-    echo "   [ show | list | ls ] [ -x ] mangle|nat|raw|rawpost"
+    echo "   show [ -x ] mangle|nat|raw|rawpost"
-    echo "   [ show | list | ls ] nfacct"
+    echo "   show nfacct"
-    echo "   [ show | list | ls ] policies"
+    echo "   show policies"
-    echo "   [ show | list | ls ] routing"
+    echo "   show routing"
-    echo "   [ show | list | ls ] tc [ device ]"
+    echo "   show tc [ device ]"
-    echo "   [ show | list | ls ] vardir"
+    echo "   show vardir"
-    echo "   [ show | list | ls ] zones"
+    echo "   show zones"
    echo "   start [ -f ] [ -p ] [ <directory> ]"
    echo "   stop"
    echo "   status"
@@ -3523,13 +3278,6 @@ shorewall_cli() {
    g_recovering=
    g_timestamp=
    g_shorewalldir=
    g_haveconfig=
    g_conditional=
    g_file=
    g_doing="Compiling"
    g_directives=
    g_inline=
    g_tcrules=
    VERBOSE=
    VERBOSITY=1
@@ -3555,9 +3303,9 @@ shorewall_cli() {
 			    if [ ! -d $2 ]; then
 				if [ -e $2 ]; then
-				    fatal_error "$2 is not a directory"
+				    echo "$2 is not a directory" >&2 && exit 2
 				else
-				    fatal_error "Directory $2 does not exist"
+				    echo "Directory $2 does not exist" >&2 && exit 2
 				fi
 			    fi
@@ -3582,16 +3330,8 @@ shorewall_cli() {
 			    g_fast=Yes
 			    option=${option#f}
 			    ;;
-			[vV]*)
+			v*)
-			    case $option in
+			    option=${option#v}
 				v*)
 				    option=${option#v}
 				    ;;
 				*)
 				    option=${option#V}
 				    ;;
 			    esac
 			    case $option in
 				-1*)
 				    g_use_verbosity=-1
@@ -3722,10 +3462,10 @@ shorewall_cli() {
 	    if product_is_started; then
 		run_it ${VARDIR}/firewall $g_debugging $@
 	    else
-		fatal_error "$g_product is not running"
+		fatal_error "Shorewall is not running"
 	    fi
 	    ;;
-	show|list|ls)
+	show|list)
 	    get_config Yes No Yes
    	    shift
    	    show_command $@
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated
@@ -65,7 +65,6 @@ startup_error() # $* = Error Message
 	esac
    fi
    mutex_off
    kill $$
    exit 2
 }
@@ -273,11 +272,8 @@ shorewall6_is_started() {
 # Echos the fully-qualified name of the calling shell program
 #
 my_pathname() {
    local pwd
    pwd=$PWD
    cd $(dirname $0)
    echo $PWD/$(basename $0)
    cd $pwd
 }
 #
@@ -605,7 +601,7 @@ find_first_interface_address() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# If there wasn't one, bail out now
 	#
@@ -634,7 +630,7 @@ find_first_interface_address_if_any() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
 	# along with everything else on the line
@@ -680,11 +676,7 @@ find_file()
 		fi
 	    done
-	    if [ -n "$g_shorewalldir" ]; then
+	    echo ${g_confdir}/$1
 		echo ${g_shorewalldir}/$1
 	    else
 		echo ${g_confdir}/$1
 	    fi
 	    ;;
    esac
 }
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -15,7 +15,6 @@ INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
 SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,22 +1,21 @@
 #
-# Arch Linux Shorewall 4.5 rc file
+# Archlinux Shorewall 4.5 rc file
 #
-BUILD=                                 #Default is to detect the build system
+BUILD=archlinux
 HOST=archlinux
 PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/sbin                      #Directory where system administration programs are installed
+SBINDIR=/sbin                          #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
+INITDIR=/etc/rc.d                      #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
+INITFILE=$PRODUCT                      #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.sh                     #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                               #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -15,7 +15,6 @@ INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
 SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -15,7 +15,6 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -15,7 +15,6 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -16,7 +16,6 @@ INITSOURCE=init.fedora.sh               #Name of the distributed file to be inst
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -16,7 +16,6 @@ AUXINITFILE=rc.firewall                    #Name of the product's installed SysV
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
 SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
 ANNOTATED=                                 #If non-empty, install annotated configuration files
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -15,8 +15,7 @@ INITFILE=$PRODUCT                                     #Name of the product's Sys
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
 SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=                                          #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                                       #Directory where persistent product data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,18 +2,17 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -1,135 +0,0 @@
 #!/bin/sh
 #
 # Debian ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
 Debian_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
    case $0 in
 	/etc/ppp/ip-*)
 	    #
 	    # IPv4
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall|shorewall-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	/etc/ppp/ipv6-*)
 	    #
 	    # IPv6
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall6|shorewall6-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	*)
 	    exit 0
 	    ;;
    esac
    PRODUCTS="$NEWPRODUCTS"
    case $0 in
 	*up/*)
 	    COMMAND=up
 	    ;;
 	*)
 	    COMMAND=down
 	    ;;
    esac
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 case $0 in
    /etc/ppp*)
 	#
 	# Debian ppp
 	#
 	Debian_ppp
 	;;
    *)
        #
        # Debian ifupdown system
        #
 	INTERFACE="$IFACE"
 	if [ "$MODE" = start ]; then
 	    COMMAND=up
 	elif [ "$MODE" = stop ]; then
 	    COMMAND=down
 	else
 	    exit 0
 	fi
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x $VARLIB/$PRODUCT/firewall ]; then
 	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -1,111 +0,0 @@
 #!/bin/sh
 #
 # Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Get startup options (override default)
 OPTIONS=
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x "$STATEDIR/firewall" ]; then
 	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT $OPTIONS compile
 	fi
    fi
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 PHASE=''
 case $0 in
    /etc/ppp*)
 	INTERFACE="$1"
 	case $0 in
 	    *ip-up.local)
 		COMMAND=up
 		;;
 	    *ip-down.local)
 		COMMAND=down
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
    *)
 	#
 	# RedHat ifup/down system
 	#
 	INTERFACE="$1"
 	case $0 in 
 	    *ifup*)
 		COMMAND=up
 		;;
 	    *ifdown*)
 		COMMAND=down
 		;;
 	    *dispatcher.d*)
 		COMMAND="$2"
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x "$STATEDIR/firewall" ]; then
 	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
 	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# SuSE ifupdown script for Shorewall-based products
+# ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -37,7 +37,7 @@ setstatedir() {
    fi
 }
-SuSE_ppp() {
+Debian_SuSE_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
@@ -99,39 +99,105 @@ fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-PHASE=''
+if [ -f /etc/debian_version ]; then
    case $0 in
 	/etc/ppp*)
 	    #
 	    # Debian ppp
 	    #
 	    Debian_SuSE_ppp
 	    ;;
-case $0 in
+	*)
-    /etc/ppp*)
+            #
-        #
+            # Debian ifupdown system
-	# SUSE ppp
+            #
-	#
+	    INTERFACE="$IFACE"
 	SuSE_ppp
 	;;
-    *)
+	    if [ "$MODE" = start ]; then
        #
        # SuSE ifupdown system
        #
 	INTERFACE="$2"
 	case $0 in
 	    *dispatcher.d*)
 		INTERFACE="$1"
 		COMMAND="$2"
 		;;
 	    *if-up.d*)
 		COMMAND=up
-		;;
+	    elif [ "$MODE" = stop ]; then
 	    *if-down.d*)
 		COMMAND=down
-		;;
+	    else
 	    *)
 		exit 0
-		;;
+	    fi
-	esac
+	    ;;
-	;;
+    esac
-esac
+elif [ -f /etc/SuSE-release ]; then
    PHASE=''
    case $0 in
 	/etc/ppp*)
 	    #
 	    # SUSE ppp
 	    #
 	    Debian_SuSE_ppp
 	    ;;
 	*)
            #
            # SuSE ifupdown system
            #
 	    INTERFACE="$2"
 	    case $0 in
 		*if-up.d*)
 		    COMMAND=up
 		    ;;
 		*if-down.d*)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 else
    #
    # Assume RedHat/Fedora/CentOS/Foobar/...
    #
    PHASE=''
    case $0 in
 	/etc/ppp*)
 	    INTERFACE="$1"
 	    case $0 in
 		*ip-up.local)
 		    COMMAND=up
 		    ;;
 		*ip-down.local)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
 	*)
 	    #
 	    # RedHat ifup/down system
 	    #
 	    INTERFACE="$1"
 	    case $0 in 
 		*ifup*)
 		    COMMAND=up
 		    ;;
 		*ifdown*)
 		    COMMAND=down
 		    ;;
 		*dispatcher.d*)
 		    COMMAND="$2"
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 fi
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -36,8 +36,6 @@
 #                    bringing up the network
 ### END INIT INFO
 . /lib/lsb/init-functions
 export VERBOSITY=0
 if [ "$(id -u)" != "0" ]
@@ -52,16 +50,16 @@ echo_notdone () {
 }
 not_configured () {
-    echo "#### WARNING ####"
+	echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
+	echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
+	if [ "$1" != "stop" ]
-    then
+	then
-	echo ""
+		echo ""
-	echo "Please read about Debian specific customization in"
+		echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
+	fi
-    echo "#################"
+	echo "#################"
-    exit 0
+	exit 0
 }
 # set the STATEDIR variable
@@ -73,8 +71,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
@@ -83,16 +83,18 @@ setstatedir() {
 #
 . /usr/share/shorewall/shorewallrc
 vardir=$VARDIR
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-    . $SYSCONFDIR/shorewall-init
+	. $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
+	if [ -z "$PRODUCTS" ]
-    then
+	then
-	not_configured
+		not_configured
-    fi
+	fi
 else
-    not_configured
+	not_configured
 fi
 # Initialize the firewall
@@ -101,23 +103,24 @@ shorewall_start () {
  local STATEDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ ! -x ${VARDIR}/$PRODUCT/firewall ]; then
-          #
+	  if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	  #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
+	      if ! ${VARDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || echo_notdone
+		  ${VARDIR}/$PRODUCT/firewall stop || echo_notdone
 	      else
 		  echo_notdone
 	      fi
 	  )
      else
 	  echo echo_notdone
      fi
  done
@@ -129,14 +132,20 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ ! -x ${VARDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || echo_notdone
+	  if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	  ${VARDIR}/$PRODUCT/firewall clear || echo_notdone
      fi
  done
@@ -155,7 +164,7 @@ case "$1" in
  reload|force-reload)
     ;;
  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
     exit 1
 esac
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -24,6 +24,8 @@ lockfile="/var/lock/subsys/shorewall-init"
 # Source function library.
 . /etc/rc.d/init.d/functions
 vardir=$VARDIR
 # Get startup options (override default)
 OPTIONS=
@@ -44,17 +46,17 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT $OPTIONS compile -c
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-    else
+	    ${SBINDIR}/$PRODUCT compile
-	return 0
+	fi
    fi
 }
 # Initialize the firewall
 start () {
    local PRODUCT
-    local STATEDIR
+    local vardir
    if [ -z "$PRODUCTS" ]; then
 	echo "No firewalls configured for shorewall-init"
@@ -63,26 +65,23 @@ start () {
    fi
    echo -n "Initializing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
-	if [ $retval -eq 0 ]; then
+	if [ ! -x ${VARDIR}/firewall ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
+	    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
+		${SBINDIR}/$PRODUCT compile
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
-	else
+	fi
-	    break
+
 	if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	    ${VARDIR}/$PRODUCT/firewall stop 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ $retval -ne 0 ] && break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	touch $lockfile 
 	success
    else
@@ -95,29 +94,26 @@ start () {
 # Clear the firewall
 stop () {
    local PRODUCT
-    local STATEDIR
+    local vardir
    echo -n "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
-	if [ $retval -eq 0 ]; then
+	if [ ! -x ${VARDIR}/firewall ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
+	    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
+		${SBINDIR}/$PRODUCT compile
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
-	else
+	fi
-	    break
+
 	if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	    ${VARDIR}/$PRODUCT/firewall clear 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ $retval -ne 0 ] && break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	rm -f $lockfile
 	success
    else
@@ -148,7 +144,7 @@ case "$1" in
 	status $prog
 	;;
  *)
-	echo "Usage: $0 {start|stop|status}"
+	echo "Usage: /etc/init.d/shorewall-init {start|stop|status}"
 	exit 1
 esac
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,24 +1,22 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#       it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#       as published by the Free Software Foundation.
 #       option, any later version.
 #
-#	This program is distributed in the hope that it will be useful,
+#       This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
+#       GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -71,7 +69,7 @@ setstatedir() {
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+	    ${SBINDIR}/$PRODUCT compile $STATEDIR/firewall
 	fi
    fi
 }
@@ -87,7 +85,7 @@ shorewall_start () {
      if [ -x ${STATEDIR}/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
+	      ${STATEDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@@ -102,14 +100,20 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/firewall ]; then
+      if [ ! -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
+	  if [ $PRODUCT = shorewall -o $product = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/firewall ]; then
 	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -34,35 +34,22 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #Return values acc. to LSB for all commands but status:
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
 # 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
 # 7 - program is not running
 if [ "$(id -u)" != "0" ]
 then
  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 4
+  exit 1
 fi
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]
 then
-    . /etc/sysconfig/shorewall-init
+	. /etc/sysconfig/shorewall-init
-
+	if [ -z "$PRODUCTS" ]
-    if [ -z "$PRODUCTS" ]
+	then
-    then
+		exit 0
-	echo "No PRODUCTS configured"
+	fi
 	exit 6
    fi
 else
-    echo "/etc/sysconfig/shorewall-init not found"
+	exit 0
    exit 6
 fi
 #
@@ -79,8 +66,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
@@ -95,16 +84,16 @@ shorewall_start () {
      if [ -x $STATEDIR/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
+	      $STATEDIR/$PRODUCT/firewall stop || echo_notdone
 	  fi
      else
 	  exit 6
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 # Clear the firewall
@@ -117,9 +106,7 @@ shorewall_stop () {
      setstatedir
      if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
+	  ${STATEDIR}/firewall clear || exit 1
      else
 	  exit 6
      fi
  done
@@ -129,21 +116,20 @@ shorewall_stop () {
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      fi
  fi
  return 0
 }
 case "$1" in
-    start)
+  start)
-	shorewall_start
+     shorewall_start
-	;;
+     ;;
-    stop)
+  stop)
-	shorewall_stop
+     shorewall_stop
-	;;
+     ;;
-    reload|forced-reload)
+  *)
-	;;
+     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-    *)
+     exit 1
 	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 	;;
 esac
 exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,25 +2,21 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -63,6 +59,7 @@ mywhich() {
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    echo $dir/$1
 	    return 0
 	fi
    done
@@ -102,8 +99,6 @@ PRODUCT=shorewall-init
 #
 # Parse the run line
 #
 T='-T'
 finished=0
 while [ $finished -eq 0 ] ; do
@@ -187,29 +182,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID=)
 		case $ID in
 		    fedora)
 			BUILD=redhat
 			;;
 		    debian|ubuntu)
 			BUILD=debian
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/ubuntu_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -232,7 +206,7 @@ case $BUILD in
    apple)
 	T=
 	;;
-    debian|gentoo|redhat|suse|slackware|archlinux)
+    debian|redhat|suse|slackware|archlinux)
 	;;
    *)
 	[ -n "$BUILD" ] && echo "ERROR: Unknown BUILD environment ($BUILD)" >&2 || echo "ERROR: Unknown BUILD environment"
@@ -248,10 +222,7 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
-    gentoo)
+    redhat|redhat)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
    slackware)
@@ -262,12 +233,11 @@ case "$HOST" in
 	echo "Shorewall-init is currently not supported on Arch Linux" >&2
 	exit 1
 	;;
-    suse)
+    suse|suse)
 	echo "Installing SuSE-specific configuration..."
 	;;
    linux)
 	echo "ERROR: Shorewall-init is not supported on this system" >&2
 	exit 1
 	;;
    *)
 	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
@@ -313,7 +283,7 @@ if [ -n "$INITFILE" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
    fi
-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
+    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 #
@@ -321,16 +291,14 @@ fi
 #
 if [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/shorewall-init.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
@@ -375,8 +343,6 @@ if [ $HOST = debian ]; then
 	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
    fi
    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
@@ -385,28 +351,22 @@ else
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
-	run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
 	echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
    fi 
    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
 fi
 #
 # Install the ifupdown script
 #
-cp $IFUPDOWN ifupdown
+cp ifupdown.sh ifupdown
 [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
@@ -431,23 +391,11 @@ case $HOST in
 	fi
 	;;
    redhat)
-	if [ -z "$DESTDIR" ]; then
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
-	    install_local=
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-
+	elif [ -z "$DESTDIR" ]; then
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 		else
 		    install_local=Yes
 		fi
 	    else
 		install_local=Yes
 	    fi
 	    if [ -n "$install_local" ]; then
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	    fi
 	fi
 	;;
 esac
@@ -455,26 +403,10 @@ esac
 if [ -z "$DESTDIR" ]; then
    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
+	    
-		if insserv ${INITDIR}/shorewall-init; then
+	    update-rc.d shorewall-init enable
-		    echo "Shorewall Init will start automatically at boot"
+
-		else
+	    echo "Shorewall Init will start automatically at boot"
 		    cant_autostart
 		fi
 	    elif mywhich update-rc.d ; then
 		if update-rc.d $PRODUCT enable; then
 		    echo "$PRODUCT will start automatically at boot"
 		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		else
 		    cant_autostart
 		fi
 	    else
 		cant_autostart
 	    fi
 	elif [ $HOST = gentoo ]; then
 	    # On Gentoo, a service must be enabled manually by the user,
 	    # not by the installer
 	    /bin/true
 	else
 	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable shorewall-init.service; then
@@ -534,7 +466,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	    for file in ip-up.local ip-down.local; do
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
+		    if fgrep -q Shorewall-based $FILE ; then
 			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,42 +1,28 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
    fi
 }
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
@@ -50,32 +36,21 @@ if [ -f "$SYSCONFDIR/shorewall-init" ]; then
 	exit 1
    fi
 else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
    exit 1
 fi
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if [ -x ${VARDIR}/firewall ]; then
-
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+	      ${VARDIR}/firewall stop || exit 1
-          #
+	  fi
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
      else
 	  exit 1
      fi
  done
@@ -89,14 +64,14 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      VARDIR=/var/lib/$PRODUCT
-
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -21,6 +21,3 @@ SAVE_IPSETS=""
 #
 LOGFILE=/var/log/shorewall-ifupdown.log
 # Startup options - set verbosity to 0 (minimal reporting)
 OPTIONS="-V0"
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -140,7 +140,6 @@ remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
 remove_file ${CONFDIR}/network/if-up.d/shorewall
 remove_file ${CONFDIR}/network/if-down.d/shorewall
 remove_file ${CONFDIR}/network/if-post-down.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
@@ -153,7 +152,7 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
    for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
 	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
    done
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -4,4 +4,4 @@
 # /usr/share/shorewall-lite/configpath
 #
-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -0,0 +1,58 @@
 #!/bin/bash
 OPTIONS="-f"
 if [ -f /etc/sysconfig/shorewall ] ; then
 	. /etc/sysconfig/shorewall
 elif [ -f /etc/default/shorewall ] ; then
 	. /etc/default/shorewall
 fi
 # if you want to override options, do so in /etc/sysconfig/shorewall or
 # in /etc/default/shorewall --
 # i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
 . /etc/rc.conf
 . /etc/rc.d/functions
 DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
 case "$1" in
 	start)
 		stat_busy "Starting $DAEMON_NAME"
 		/sbin/shorewall-lite $OPTIONS start &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			add_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	stop)
 		stat_busy "Stopping $DAEMON_NAME"
 		/sbin/shorewall-lite stop &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			rm_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	restart|reload)
 		stat_busy "Restarting $DAEMON_NAME"
 		/sbin/shorewall-lite restart &>/dev/null
 		if [ $? -gt 0  ]; then
 			stat_fail
 		else
 			stat_done
 		fi
 		;;
 	*)
 		echo "usage: $0 {start|stop|restart}"
 esac
 exit 0
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -11,7 +11,7 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO
-. /lib/lsb/init-functions
+
 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -3,18 +3,17 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -182,8 +182,6 @@ for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 #
@@ -202,30 +200,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -274,9 +250,6 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
    gentoo)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
@@ -308,7 +281,7 @@ if [ -n "$DESTDIR" ]; then
    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -320,7 +293,7 @@ echo "Installing $Product Version $VERSION"
 # Check for ${CONFDIR}/$PRODUCT
 #
 if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -368,25 +341,24 @@ if [ -n "$DESTDIR" ]; then
 fi
 if [ -n "$INITFILE" ]; then
    if [ -f "${INITSOURCE}" ]; then
 	initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
 	install_file ${INITSOURCE} "$initfile" 0544
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
    install_file ${INITSOURCE} "$initfile" 0544
-	echo  "SysV init script $INITSOURCE installed in $initfile"
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
-    fi
+
    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
+    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
 #
 # Install the config file
 #
@@ -397,9 +369,6 @@ fi
 if [ $HOST = archlinux ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 elif [ $HOST = gentoo ]; then
    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 #
@@ -508,16 +477,13 @@ delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
-#
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
 # Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
 #
 if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
@@ -527,20 +493,20 @@ if [ ${SHAREDIR} != /usr/share ]; then
 fi
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SYSTEMD" ]; then
+    if mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
 	update-rc.d $PRODUCT enable defaults
    elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
    elif mywhich insserv; then
 	if insserv ${INITDIR}/${INITFILE} ; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
@@ -552,22 +518,10 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
 	else
 	    cant_autostart
 	fi
    elif mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#	This program is free software; you can redisribute it and/or modify
-#
+#	it under the terms of Version 2 of the GNU General Public License
-#	This program is free software; you can redistribute it and/or modify
+#	as published by the Free Software Foundation.
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.
--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite-vardir</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -56,7 +54,7 @@
        /opt/var/lib/shorewall-lite/.</para>
      </blockquote>
-      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      <para> When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
      will save its state in the <replaceable>directory</replaceable>
      specified.</para>
    </note>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -143,7 +141,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo>Administrative Commands</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -337,7 +335,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-b</option></arg>
@@ -359,7 +357,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-f</option></arg>
@@ -373,10 +371,10 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
+      choice="req"><option>classifiers|connections|config|filters|ip|ipa|zones|policies|marks</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -386,20 +384,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>event</option><arg
      choice="plain"><replaceable>event</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
@@ -413,7 +398,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -425,7 +410,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-m</option></arg>
@@ -507,9 +492,9 @@
    url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
-    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
+    VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    be no white-space between <emphasis role="bold">v</emphasis> and the
+    be no white space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>
    <para>The <emphasis>options</emphasis> may also include the letter
@@ -647,7 +632,7 @@
        <term><emphasis role="bold">forget</emphasis></term>
        <listitem>
-          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
+          <para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
          and /var/lib/shorewall-lite/save. If no
          <emphasis>filename</emphasis> is given then the file specified by
          RESTOREFILE in <ulink
@@ -705,7 +690,7 @@
          and raw table PREROUTING chains.</para>
          <para>The trace records are written to the kernel's log buffer with
-          facility = kernel and priority = warning, and they are routed from
+          faciility = kernel and priority = warning, and they are routed from
          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
          Shorewall-lite has no control over where the messages go; consult
          your logging daemon's documentation.</para>
@@ -762,7 +747,7 @@
          <para>The <replaceable>iptables match expression</replaceable> must
          be one given in the <command>iptrace</command> command being
-          canceled.</para>
+          cancelled.</para>
        </listitem>
      </varlistentry>
@@ -890,7 +875,7 @@
              <term><emphasis role="bold">config</emphasis></term>
              <listitem>
-                <para>Displays distribution-specific defaults.</para>
+                <para>Dispays distribution-specific defaults.</para>
              </listitem>
            </varlistentry>
@@ -903,24 +888,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">event</emphasis><replaceable>
              event</replaceable></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays the named
                event.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">events</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays all events.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">ip</emphasis></term>
@@ -1088,23 +1055,6 @@
    </variablelist>
  </refsect1>
  <refsect1>
    <title>EXIT STATUS</title>
    <para>In general, when a command succeeds, status 0 is returned; when the
    command fails, a non-zero status is returned.</para>
    <para>The <command>status</command> command returns exit status as
    follows:</para>
    <para>0 - Firewall is started.</para>
    <para>3 - Firewall is stopped or cleared</para>
    <para>4 - Unknown state; usually means that the firewall has never been
    started.</para>
  </refsect1>
  <refsect1>
    <title>FILES</title>
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,18 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,9 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -2,17 +2,16 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,7 +19,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -13,8 +13,8 @@ Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start
+ExecStart=/usr/sbin/shorewall-lite $OPTIONS start
-ExecStop=/sbin/shorewall-lite $OPTIONS stop
+ExecStop=/usr/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=multi-user.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -118,14 +118,14 @@ fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-elif [ -n "$INITFILE" ]; then
+elIF [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi
 if [ -f "$FIREWALL" ]; then
    if mywhich updaterc.d ; then
 	updaterc.d shorewall-lite remove
-    elif mywhich insserv ; then
+    elif if mywhich insserv ; then
        insserv -r $FIREWALL
    elif [ mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,15 +1,13 @@
 #
 # Shorewall version 4 - Audited AllowICMPs Macro
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# /usr/share/shorewall/macro.AAllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#					PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Needed ICMP types
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,15 +1,13 @@
 #
 # Shorewall version 4 - Audited DropDNSrep Macro
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# /usr/share/shorewall/macro.ADropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Late DNS Replies
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,15 +1,13 @@
 #
 # Shorewall version 4 - ADropUPnP Macro
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# /usr/share/shorewall/macro.ADropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT UPnP
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,40 +0,0 @@
 #
 # Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
 #       This macro handles ports for Samba 4 Active Directory Service
 #
 # You can comment out the ports you do not want open
 #
 # 
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
 #                               PORT(S) PORT(S) LIMIT   GROUP
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
 PARAM   -       -       tcp     3268	#LDAP GC
 PARAM   -       -       tcp     3269	#LDAP GC SSL
 PARAM   -       -       tcp     88	#Kerberos
 PARAM   -       -       udp	88
 # Use macro.DNS for DNS sevice
 PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
 PARAM   -       -       udp	445
 # Use macro.SMTP for Mail service
 PARAM   -       -       tcp     135	#RPC, EPM
 PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
 PARAM   -       -       udp	123	#Windows Time
 PARAM   -       -       tcp     464	#Kerberosb change/set password
 PARAM   -       -       udp	464
 PARAM   -       -       udp	138	#DFS, Group Policy
 PARAM   -       -       tcp     9389	#SOAP
 PARAM   -       -       tcp     2535	#MADCAP
 PARAM   -       -       udp	2535
 PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
 PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -6,10 +6,8 @@
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Needed ICMP types
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -9,9 +9,8 @@
 #
 ###############################################################################
 ?FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
 PARAM	-	-	udp	10080 ; helper=amanda
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -6,8 +6,6 @@
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -6,8 +6,6 @@
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -6,10 +6,8 @@
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -7,12 +7,9 @@
 #
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -6,10 +6,8 @@
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -6,8 +6,6 @@
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -6,11 +6,9 @@
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
-###############################################################################
+####################################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -7,9 +7,7 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -7,8 +7,6 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	tcp	6277
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -6,9 +6,7 @@
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -6,8 +6,6 @@
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -11,14 +11,12 @@
 #		Drop	net	all
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
-# Don't log 'auth' DROP
+# Don't log 'auth' REJECT
 #
-DROP	-	-	tcp	113
+REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -6,10 +6,8 @@
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Late DNS Replies
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -6,10 +6,8 @@
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT UPnP
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -28,9 +28,7 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -7,9 +7,8 @@
 #
 ###############################################################################
 ?FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
 PARAM	-	-	tcp	21 ; helper=ftp
 ?else
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -7,8 +7,6 @@
 #	your finger information to internet.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -6,10 +6,8 @@
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -7,9 +7,7 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -6,8 +6,6 @@
 #	This macro handles Git traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -6,9 +6,7 @@
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -6,8 +6,6 @@
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -6,8 +6,6 @@
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -6,8 +6,6 @@
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -6,8 +6,6 @@
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -6,8 +6,6 @@
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -7,8 +7,6 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -7,8 +7,6 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -6,8 +6,6 @@
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -6,10 +6,7 @@
 #	This macro handles Internet Printing Protocol (IPP) broadcasts.
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -23,9 +23,7 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -7,10 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -7,9 +7,8 @@
 #
 ###############################################################################
 ?FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
 PARAM	-	-	tcp	6667 ; helper=irc
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -8,10 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (plaintext).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (ssl).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -6,8 +6,6 @@
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -6,8 +6,6 @@
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,14 +0,0 @@
 #
 # Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -7,9 +7,7 @@
 #	(RFC 2661)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	389
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	636
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -6,8 +6,6 @@
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1863
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -6,8 +6,6 @@
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1433
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -12,10 +12,8 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	25
 PARAM	-	-	tcp	465
 PARAM	-	-	tcp	587
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@@ -6,8 +6,6 @@
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4949
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -6,8 +6,6 @@
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3306
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -7,8 +7,6 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	119
--- a/Shorewall/Macros/macro.NNTPS
+++ b/Shorewall/Macros/macro.NNTPS
@@ -7,8 +7,6 @@
 #	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	563
--- a/Shorewall/Macros/macro.NTP
+++ b/Shorewall/Macros/macro.NTP
@@ -7,8 +7,6 @@
 #	For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	b4acd27f87	Correct modules.xtables Signed-off-by: Tom Eastep <teastep@mint14.(none)>	2012-12-31 08:00:04 -08:00
Tom Eastep	3737412687	Correct helper validation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-30 12:51:39 -08:00
Tom Eastep	d58ef3bf8a	Back out bad merge after git migration Signed-off-by: Tom Eastep <teastep@mint14.(none)>	2012-12-30 08:59:20 -08:00