Add some decimal->hex convertions in routing rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Deprecate the current TPROXY implementation.
2012-05-10 11:11:15 -07:00 · 2012-05-10 11:02:08 -07:00 · 2012-05-10 07:29:59 -07:00
463 changed files with 11909 additions and 38162 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,17 +1,16 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure [ <option>=<setting> ] ...
 #
@@ -76,11 +76,14 @@ for p in $@; do
 		    pn=HOST
 		    ;;
 		SHAREDSTATEDIR)
-		    pn=VARLIB
+		    pn=VARDIR
 		    ;;
 		DATADIR)
 		    pn=SHAREDIR
 		    ;;
+		SYSCONFDIR)
+		    pn=CONFDIR
+		    ;;
 	    esac

 	    params[${pn}]="${pv}"
@@ -93,38 +96,15 @@ done

 vendor=${params[HOST]}

-if [ -z "$vendor" ]; then
-    if [ -f /etc/os-release ]; then
-	eval $(cat /etc/os-release | grep ^ID=)
-
-	case $ID in
-	    fedora)
-		vendor=redhat
-		;;
-	    debian|ubuntu)
-		vendor=debian
-		;;
-	    opensuse)
-		vendor=suse
-		;;
-	    *)
-		vendor="$ID"
-		;;
-	esac
-
-	params[HOST]="$vendor"
-    fi
-fi
-
 if [ -z "$vendor" ]; then
    case `uname` in
 	Darwin)
-	    params[HOST]=apple
+	    $params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;

-	cygwin*|CYGWIN*)
-	    params[HOST]=cygwin
+	cygwin*)
+	    $params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
 	    ;;
 	*)
@@ -152,7 +132,7 @@ if [ -z "$vendor" ]; then

    vendor=${params[HOST]}
 elif [ $vendor = linux ]; then
-    rcfile=shorewallrc.default;
+    rcfile=$shorewallrc.default;
 else
    rcfile=shorewallrc.$vendor
    if [ ! -f $rcfile ]; then
@@ -184,17 +164,6 @@ if [ $# -gt 0 ]; then
    echo '#'           >> shorewallrc
 fi

-if [ -n "${options[VARLIB]}" ]; then
-    if [ -z "${options[VARDIR]}" ]; then
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-elif [ -n "${options[VARDIR]}" ]; then
-    if [ -z "{$options[VARLIB]}" ]; then
-	options[VARLIB]=${options[VARDIR]}
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-fi
-
 for on in \
    HOST \
    PREFIX \
@@ -210,12 +179,9 @@ for on in \
    AUXINITSOURCE \
    AUXINITFILE \
    SYSTEMD \
-    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
-    SPARSE \
    ANNOTATED \
-    VARLIB \
    VARDIR
 do
    echo "$on=${options[${on}]}"
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -2,16 +2,15 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure.pl <option>=<setting> ...
 #
@@ -38,8 +38,9 @@ my %params;
 my %options;

 my %aliases = ( VENDOR         => 'HOST',
-		SHAREDSTATEDIR => 'VARLIB',
-		DATADIR        => 'SHAREDIR' );
+		SHAREDSTATEDIR => 'VARDIR',
+		DATADIR        => 'SHAREDIR',
+		SYSCONFDIR     => 'CONFDIR' );

 for ( @ARGV ) {
    die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
@@ -56,28 +57,6 @@ my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;

-unless ( defined $vendor ) {
-    if ( -f '/etc/os-release' ) {
-	my $id = `cat /etc/os-release | grep ^ID=`;
-
-	chomp $id;
-
-	$id =~ s/ID=//;
-	
-	if ( $id eq 'fedora' ) {
-	    $vendor = 'redhat';
-	} elsif ( $id eq 'opensuse' ) {
-	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' ) {
-	    $vendor = 'debian';
-	} else {
-	    $vendor = $id;
-	}
-    }
-
-    $params{HOST} = $vendor;
-}
-
 if ( defined $vendor ) {
    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
@@ -145,15 +124,6 @@ printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d

 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;

-if ( $options{VARLIB} ) {
-    unless ( $options{VARDIR} ) {
-	$options{VARDIR} = '${VARLIB}/${PRODUCT}';
-    }
-} elsif ( $options{VARDIR} ) {
-    $options{VARLIB} = $options{VARDIR};
-    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
-}
-
 for ( qw/ HOST
 	  PREFIX
 	  SHAREDIR
@@ -168,12 +138,9 @@ for ( qw/ HOST
 	  AUXINITSOURCE
 	  AUXINITFILE
 	  SYSTEMD
-          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
-	  SPARSE
 	  ANNOTATED
-	  VARLIB
 	  VARDIR / ) {

    my $val = $options{$_} || '';
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

 VERSION=xxx #The Build script inserts the actual version
@@ -164,18 +164,7 @@ else
    usage 1
 fi

-update=0
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=1
-elif [ -z "${VARDIR}" ]; then
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=2
-fi
-
-for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
    require $var
 done

@@ -194,30 +183,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
-
-		case $ID in
-		    fedora)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
+	    if [ -f /etc/debian_version ]; then
 		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -276,7 +243,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|redhat|slackware|archlinux|linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -347,7 +314,7 @@ if [ -n "${INITFILE}" ]; then
    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
 	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
    fi
 fi
 #
@@ -379,24 +346,7 @@ ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion

-if [ -z "${DESTDIR}" ]; then
-    if [ $update -ne 0 ]; then
-	echo "Updating $file - original saved in $file.bak"
-
-	cp $file $file.bak
-
-	echo '#'                                             >> $file
-	echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
-	echo '#'                                             >> $file
-
-	[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
-
-	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
-    fi
-fi
-
-[ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
-
+[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc

 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc

--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,13 +17,18 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# This library contains the code common to all Shorewall components except the
-# generated scripts.
+# This library contains the code common to all Shorewall components.
+#
+# - It is loaded by /sbin/shorewall.
+# - It is released as part of Shorewall[6] Lite where it is used by /sbin/shorewall[6]-lite
+#   and /usr/share/shorewall[6]-lite/shorecap.
 #

-SHOREWALL_LIBVERSION=40509
+SHOREWALL_LIBVERSION=40502
+SHOREWALL_CAPVERSION=40502

 [ -n "${g_program:=shorewall}" ]

@@ -34,7 +38,11 @@ if [ -z "$g_readrc" ]; then
    #
    . /usr/share/shorewall/shorewallrc

+    g_libexec="$LIBEXECDIR"
    g_sharedir="$SHAREDIR"/$g_program
+    g_sbindir="$SBINDIR"
+    g_perllib="$PERLLIBDIR"
+    g_vardir="$VARDIR"
    g_confdir="$CONFDIR"/$g_program
    g_readrc=1
 fi
@@ -45,13 +53,13 @@ case $g_program in
    shorewall)
 	g_product="Shorewall"
 	g_family=4
-	g_tool=iptables
+	g_tool=
 	g_lite=
 	;;
    shorewall6)
 	g_product="Shorewall6"
 	g_family=6
-	g_tool=ip6tables
+	g_tool=
 	g_lite=
 	;;
    shorewall-lite)
@@ -68,12 +76,7 @@ case $g_program in
 	;;
 esac

-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/$g_program
-elif [ -z "${VARDIR}" ]; then
-    VARDIR="${VARLIB}/${PRODUCT}"
-fi
+VARDIR=${VARDIR}/${g_program}

 #
 # Conditionally produce message
@@ -127,6 +130,71 @@ combine_list()
    echo $o
 }

+#
+# Call this function to assert mutual exclusion with Shorewall. If you invoke the
+# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
+# the first argument. Example "shorewall nolock refresh"
+#
+# This function uses the lockfile utility from procmail if it exists.
+# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
+# behavior of lockfile.
+#
+mutex_on()
+{
+    local try
+    try=0
+    local lockf
+    lockf=${LOCKFILE:=${VARDIR}/lock}
+    local lockpid
+
+    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
+
+    if [ $MUTEX_TIMEOUT -gt 0 ]; then
+
+	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+
+	if [ -f $lockf ]; then
+	    lockpid=`cat ${lockf} 2> /dev/null`
+	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} removed"
+	    elif ! qt ps p ${lockpid}; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
+	    fi
+	fi
+
+	if qt mywhich lockfile; then
+	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
+	    chmod u+w ${lockf}
+	    echo $$ > ${lockf}
+	    chmod u-w ${lockf}
+	else
+	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
+		sleep 1
+		try=$((${try} + 1))
+	    done
+
+	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
+	        # Create the lockfile
+		echo $$ > ${lockf}
+	    else
+		echo "Giving up on lock file ${lockf}" >&2
+	    fi
+	fi
+    fi
+}
+
+#
+# Call this function to release mutual exclusion
+#
+mutex_off()
+{
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
+}
+
+[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
+
 #
 # Validate an IP address
 #
@@ -255,8 +323,6 @@ ip_range_explicit() {
    done
 }

-[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
-
 #
 # Netmask to VLSM
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated
@@ -65,7 +65,6 @@ startup_error() # $* = Error Message
 	esac
    fi

-    mutex_off
    kill $$
    exit 2
 }
@@ -85,7 +84,7 @@ get_script_version() { # $1 = script

    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )

-    if [ -z "$temp" ]; then
+    if [ $? -ne 0 ]; then
 	version=0
    else
 	ifs=$IFS
@@ -273,11 +272,8 @@ shorewall6_is_started() {
 # Echos the fully-qualified name of the calling shell program
 #
 my_pathname() {
-    local pwd
-    pwd=$PWD
    cd $(dirname $0)
    echo $PWD/$(basename $0)
-    cd $pwd
 }

 #
@@ -605,7 +601,7 @@ find_first_interface_address() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# If there wasn't one, bail out now
 	#
@@ -634,7 +630,7 @@ find_first_interface_address_if_any() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
 	# along with everything else on the line
@@ -680,11 +676,7 @@ find_file()
 		fi
 	    done

-	    if [ -n "$g_shorewalldir" ]; then
-		echo ${g_shorewalldir}/$1
-	    else
-		echo ${g_confdir}/$1
-	    fi
+	    echo ${g_confdir}/$1
 	    ;;
    esac
 }
@@ -725,69 +717,3 @@ truncate() # $1 = length
 {
    cut -b -${1}
 }
-
-#
-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall nolock refresh"
-#
-# This function uses the lockfile utility from procmail if it exists.
-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
-# behavior of lockfile.
-#
-mutex_on()
-{
-    local try
-    try=0
-    local lockf
-    lockf=${LOCKFILE:=${VARDIR}/lock}
-    local lockpid
-
-    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-
-    if [ $MUTEX_TIMEOUT -gt 0 ]; then
-
-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-
-	if [ -f $lockf ]; then
-	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} removed"
-	    elif [ $lockpid -eq $$ ]; then
-                return 0
-	    elif ! qt ps p ${lockpid}; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
-	    fi
-	fi
-
-	if qt mywhich lockfile; then
-	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
-	    chmod u+w ${lockf}
-	    echo $$ > ${lockf}
-	    chmod u-w ${lockf}
-	else
-	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
-		sleep 1
-		try=$((${try} + 1))
-	    done
-
-	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
-	        # Create the lockfile
-		echo $$ > ${lockf}
-	    else
-		echo "Giving up on lock file ${lockf}" >&2
-	    fi
-	fi
-    fi
-}
-
-#
-# Call this function to release mutual exclusion
-#
-mutex_off()
-{
-    rm -f ${LOCKFILE:=${VARDIR}/lock}
-}
-
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -15,7 +15,6 @@ INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
 SYSTEMD=                               #Unused on OS X
-SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                        #Unused on OS X
+VARDIR=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,22 +1,20 @@
 #
-# Arch Linux Shorewall 4.5 rc file
+# Archlinux Shorewall 4.5 rc file
 #
-BUILD=                                 #Default is to detect the build system
+BUILD=archlinux
 HOST=archlinux
 PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/sbin                      #Directory where system administration programs are installed
+SBINDIR=/sbin                          #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
+INITDIR=/etc/rc.d                      #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                      #Name of the product's installed SysV init script
+INITSOURCE=init.sh                     #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSTEMD=                               #Directory where .service files are installed (systems running systemd only)
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                        #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
+VARDIR=/var/lib                        #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -15,7 +15,6 @@ INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
 SYSTEMD=                              #Unused on Cygwin
-SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                       #Unused on Cygwin
+VARDIR=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -15,9 +15,7 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -10,14 +10,12 @@ PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl mod
 CONFDIR=/etc                            #Directory where subsystem configurations are installed
 SBINDIR=/sbin                           #Directory where system administration programs are installed
 MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITDIR=etc/init.d                      #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -16,8 +16,6 @@ INITSOURCE=init.fedora.sh               #Name of the distributed file to be inst
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
-SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -16,9 +16,7 @@ AUXINITFILE=rc.firewall                    #Name of the product's installed SysV
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
 SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
 ANNOTATED=                                 #If non-empty, install annotated configuration files
-VARLIB=/var/lib                            #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
+VARDIR=/var/lib                            #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -12,12 +12,10 @@ SBINDIR=/sbin                                         #Directory where system ad
 MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
 INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                                     #Name of the product's SysV init script
-INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.sh                                    #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
 SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFFILE=                                          #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                                       #Directory where persistent product data is stored.
-VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
+VARDIR=/var/lib                                       #Directory where persistent product data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,18 +2,17 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -1,135 +0,0 @@
-#!/bin/sh
-#
-# Debian ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT compile
-	fi
-    fi
-}
-
-Debian_ppp() {
-    NEWPRODUCTS=
-    INTERFACE="$1"
-
-    case $0 in
-	/etc/ppp/ip-*)
-	    #
-	    # IPv4
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall|shorewall-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	/etc/ppp/ipv6-*)
-	    #
-	    # IPv6
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall6|shorewall6-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	*)
-	    exit 0
-	    ;;
-    esac
-
-    PRODUCTS="$NEWPRODUCTS"
-
-    case $0 in
-	*up/*)
-	    COMMAND=up
-	    ;;
-	*)
-	    COMMAND=down
-	    ;;
-    esac
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-case $0 in
-    /etc/ppp*)
-	#
-	# Debian ppp
-	#
-	Debian_ppp
-	;;
-    *)
-        #
-        # Debian ifupdown system
-        #
-	INTERFACE="$IFACE"
-
-	if [ "$MODE" = start ]; then
-	    COMMAND=up
-	elif [ "$MODE" = stop ]; then
-	    COMMAND=down
-	else
-	    exit 0
-	fi
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -1,111 +0,0 @@
-#!/bin/sh
-#
-# Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-# Get startup options (override default)
-OPTIONS=
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ ! -x "$STATEDIR/firewall" ]; then
-	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT $OPTIONS compile
-	fi
-    fi
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-	INTERFACE="$1"
-
-	case $0 in
-	    *ip-up.local)
-		COMMAND=up
-		;;
-	    *ip-down.local)
-		COMMAND=down
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-    *)
-	#
-	# RedHat ifup/down system
-	#
-	INTERFACE="$1"
-    
-	case $0 in 
-	    *ifup*)
-		COMMAND=up
-		;;
-	    *ifdown*)
-		COMMAND=down
-		;;
-	    *dispatcher.d*)
-		COMMAND="$2"
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x "$STATEDIR/firewall" ]; then
-	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
-	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# SuSE ifupdown script for Shorewall-based products
+# ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -22,22 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT compile
-	fi
-    fi
-}
-
-SuSE_ppp() {
+Debian_SuSE_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"

@@ -99,48 +84,122 @@ fi

 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0

-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-        #
-	# SUSE ppp
-	#
-	SuSE_ppp
-	;;
+if [ -f /etc/debian_version ]; then
+    case $0 in
+	/etc/ppp*)
+	    #
+	    # Debian ppp
+	    #
+	    Debian_SuSE_ppp
+	    ;;
 	
-    *)
-        #
-        # SuSE ifupdown system
-        #
-	INTERFACE="$2"
+	*)
+            #
+            # Debian ifupdown system
+            #
+	    INTERFACE="$IFACE"

-	case $0 in
-	    *dispatcher.d*)
-		INTERFACE="$1"
-		COMMAND="$2"
-		;;
-	    *if-up.d*)
+	    if [ "$MODE" = start ]; then
 		COMMAND=up
-		;;
-	    *if-down.d*)
+	    elif [ "$MODE" = stop ]; then
 		COMMAND=down
-		;;
-	    *)
+	    else
 		exit 0
-		;;
-	esac
-	;;
-esac
+	    fi

-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+	    case "$PHASE" in
+		pre-*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+elif [ -f /etc/SuSE-release ]; then
+    case $0 in
+	/etc/ppp*)
+	    #
+	    # SUSE ppp
+	    #
+	    Debian_SuSE_ppp
+	    ;;
+	
+	*)
+            #
+            # SuSE ifupdown system
+            #
+	    INTERFACE="$2"
+
+	    case $0 in
+		*if-up.d*)
+		    COMMAND=up
+		    ;;
+		*if-down.d*)
+		    COMMAND=down
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+else
+    #
+    # Assume RedHat/Fedora/CentOS/Foobar/...
+    #
+    case $0 in
+	/etc/ppp*)
+	    INTERFACE="$1"
+
+	    case $0 in
+		*ip-up.local)
+		    COMMAND=up
+		    ;;
+		*ip-down.local)
+		    COMMAND=down
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+	*)
+	    #
+	    # RedHat ifup/down system
+	    #
+	    INTERFACE="$1"
+    
+	    case $0 in 
+		*ifup*)
+		    COMMAND=up
+		    ;;
+		*ifdown*)
+		    COMMAND=down
+		    ;;
+		*dispatcher.d*)
+		    COMMAND="$2"
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+fi

 for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    #
+    # For backward compatibility, lib.base appends the product name to VARDIR
+    # Save it here and restore it below
+    #
+    save_vardir=${VARDIR}
+    if [ -x $VARDIR/$PRODUCT/firewall ]; then
+	  ( . ${SHAREDIR}/shorewall/lib.base
+	    mutex_on
+	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
+	    mutex_off
+	  )
    fi
+    VARDIR=${save_vardir}
 done

 exit 0
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -36,8 +36,6 @@
 #                    bringing up the network
 ### END INIT INFO

-. /lib/lsb/init-functions
-
 export VERBOSITY=0

 if [ "$(id -u)" != "0" ]
@@ -52,30 +50,16 @@ echo_notdone () {
 }

 not_configured () {
-    echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
-    then
-	echo ""
-	echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
-    echo "#################"
-    exit 0
-}
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
-    fi
+	echo "#### WARNING ####"
+	echo "the firewall won't be initialized unless it is configured"
+	if [ "$1" != "stop" ]
+	then
+		echo ""
+		echo "Please read about Debian specific customization in"
+		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+	fi
+	echo "#################"
+	exit 0
 }

 #
@@ -86,38 +70,39 @@ setstatedir() {
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-    . $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
-    then
-	not_configured
-    fi
+	. $SYSCONFDIR/shorewall-init
+	if [ -z "$PRODUCTS" ]
+	then
+		not_configured
+	fi
 else
-    not_configured
+	not_configured
 fi

 # Initialize the firewall
 shorewall_start () {
-  local PRODUCT
-  local STATEDIR
+  local product
+  local VARDIR

  echo -n "Initializing \"Shorewall-based firewalls\": "
-
-  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-          #
+  for product in $PRODUCTS; do
+      VARDIR=/var/lib/$product
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
+      if [ -x ${VARDIR}/firewall ]; then
+	  #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || echo_notdone
-	      else
-		  echo_notdone
+	      . /usr/share/$product/lib.base
+	      #
+	      # Get mutex so the firewall state is stable
+	      #
+	      mutex_on
+	      if ! ${VARDIR}/firewall status > /dev/null 2>&1; then
+		  ${VARDIR}/firewall stop || echo_notdone
 	      fi
+	      mutex_off
 	  )
-      else
-	  echo echo_notdone
      fi
  done

@@ -128,15 +113,19 @@ shorewall_start () {

 # Clear the firewall
 shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
+  local product
+  local VARDIR

  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || echo_notdone
+  for product in $PRODUCTS; do
+      VARDIR=/var/lib/$product
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
+      if [ -x ${VARDIR}/firewall ]; then
+	  ( . /usr/share/$product/lib.base
+	    mutex_on
+	    ${VARDIR}/firewall clear || echo_notdone
+	    mutex_off
+	  )
      fi
  done

@@ -155,7 +144,7 @@ case "$1" in
  reload|force-reload)
     ;;
  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
     exit 1
 esac

--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -14,8 +14,13 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #determine where the files were installed
-
-. /usr/share/shorewall/shorewallrc
+if [ -f ~/.shorewallrc ]; then
+    . ~/.shorewallrc || exit 1
+else
+    SBINDIR=/sbin
+    SYSCONFDIR=/etc/default
+    VARDIR=/var/lib
+fi

 prog="shorewall-init"
 logger="logger -i -t $prog"
@@ -35,26 +40,10 @@ else
    exit 6
 fi

-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
-	${SBINDIR}/$PRODUCT $OPTIONS compile -c
-    else
-	return 0
-    fi
-}
-
 # Initialize the firewall
 start () {
-    local PRODUCT
-    local STATEDIR
+    local product
+    local vardir

    if [ -z "$PRODUCTS" ]; then
 	echo "No firewalls configured for shorewall-init"
@@ -63,26 +52,15 @@ start () {
    fi

    echo -n "Initializing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
+    for product in $PRODUCTS; do
+	if [ -x ${VARDIR}/$product/firewall ]; then
+	    ${VARDIR}/$product/firewall stop 2>&1 | $logger
+	    retval=${PIPESTATUS[0]}
+	    [ retval -ne 0 ] && break
 	fi
    done

-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	touch $lockfile 
 	success
    else
@@ -94,30 +72,19 @@ start () {

 # Clear the firewall
 stop () {
-    local PRODUCT
-    local STATEDIR
+    local product
+    local vardir

    echo -n "Clearing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
+    for product in $PRODUCTS; do
+	if [ -x ${VARDIR}/$product/firewall ]; then
+	    ${VARDIR}/$product/firewall clear 2>&1 | $logger
+	    retval=${PIPESTATUS[0]}
+	    [ retval -ne 0 ] && break
 	fi
    done

-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	rm -f $lockfile
 	success
    else
@@ -140,15 +107,19 @@ case "$1" in
 	status_q || exit 0
 	$1
 	;;
-    restart|reload|force-reload|condrestart|try-restart)
+    restart|reload|force-reload)
 	echo "Not implemented"
 	exit 3
 	;;
+    condrestart|try-restart)
+	echo "Not implemented"
+	exit 3
+        ;;
    status)
 	status $prog
 	;;
  *)
-	echo "Usage: $0 {start|stop|status}"
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 esac

--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,24 +1,22 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -60,34 +58,16 @@ fi
 #
 . /usr/share/shorewall/shorewallrc

-# Locate the current PRODUCT's statedir
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-	fi
-    fi
-}
-
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
+	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@@ -102,14 +82,12 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
+      if [ -x ${VARDIR}/firewall ]; then
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done

--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,149 +0,0 @@
-#! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#       Complete documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#
-### BEGIN INIT INFO
-# Provides: shorewall-init
-# Required-Start: $local_fs
-# Required-Stop:  $local_fs
-# Default-Start:  2 3 5
-# Default-Stop:   0 1 6
-# Short-Description: Initialize the firewall at boot time
-# Description:       Place the firewall in a safe state at boot time
-#                    prior to bringing up the network.  
-### END INIT INFO
-
-#Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-
-if [ "$(id -u)" != "0" ]
-then
-  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 4
-fi
-
-# check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]
-then
-    . /etc/sysconfig/shorewall-init
-
-    if [ -z "$PRODUCTS" ]
-    then
-	echo "No PRODUCTS configured"
-	exit 6
-    fi
-else
-    echo "/etc/sysconfig/shorewall-init not found"
-    exit 6
-fi
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
-    fi
-}
-
-# Initialize the firewall
-shorewall_start () {
-  local PRODUCT
-  local STATEDIR
-
-  echo -n "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x $STATEDIR/firewall ]; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
-	  fi
-      else
-	  exit 6
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-}
-
-# Clear the firewall
-shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
-
-  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
-      else
-	  exit 6
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" ]; then
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      fi
-  fi
-}
-
-case "$1" in
-    start)
-	shorewall_start
-	;;
-    stop)
-	shorewall_stop
-	;;
-    reload|forced-reload)
-	;;
-    *)
-	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-	exit 1
-	;;
-esac
-
-exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,25 +2,21 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -63,6 +59,7 @@ mywhich() {

    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
+	    echo $dir/$1
 	    return 0
 	fi
    done
@@ -102,8 +99,6 @@ PRODUCT=shorewall-init
 #
 # Parse the run line
 #
-T='-T'
-
 finished=0

 while [ $finished -eq 0 ] ; do
@@ -165,14 +160,7 @@ else
    usage 1
 fi

-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
-fi
-
-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
    require $var
 done

@@ -187,29 +175,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID=)
-
-		case $ID in
-		    fedora)
-			BUILD=redhat
-			;;
-		    debian|ubuntu)
-			BUILD=debian
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
+	    if [ -f /etc/debian_version ]; then
 		BUILD=debian
-	    elif [ -f /etc/ubuntu_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -232,7 +199,7 @@ case $BUILD in
    apple)
 	T=
 	;;
-    debian|gentoo|redhat|suse|slackware|archlinux)
+    debian|redhat|suse|slackware|archlinux)
 	;;
    *)
 	[ -n "$BUILD" ] && echo "ERROR: Unknown BUILD environment ($BUILD)" >&2 || echo "ERROR: Unknown BUILD environment"
@@ -248,10 +215,7 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
-    redhat)
+    redhat|redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
    slackware)
@@ -262,12 +226,11 @@ case "$HOST" in
 	echo "Shorewall-init is currently not supported on Arch Linux" >&2
 	exit 1
 	;;
-    suse)
+    suse|suse)
 	echo "Installing SuSE-specific configuration..."
 	;;
    linux)
 	echo "ERROR: Shorewall-init is not supported on this system" >&2
-	exit 1
 	;;
    *)
 	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
@@ -297,11 +260,6 @@ else
    first_install="Yes"
 fi

-if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
-fi
-
 #
 # Install the Firewall Script
 #
@@ -313,7 +271,7 @@ if [ -n "$INITFILE" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
    fi

-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
+    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi

 #
@@ -321,51 +279,40 @@ fi
 #
 if [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi

 #
 # Create /usr/share/shorewall-init if needed
 #
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
-chmod 755 ${DESTDIR}${SHAREDIR}/shorewall-init
-
-#
-# Install logrotate file
-#
-if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
-    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
-fi
+mkdir -p ${DESTDIR}/usr/share/shorewall-init
+chmod 755 ${DESTDIR}/usr/share/shorewall-init

 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
-chmod 644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
+echo "$VERSION" > ${DESTDIR}/usr/share/shorewall-init/version
+chmod 644 ${DESTDIR}/usr/share/shorewall-init/version

 #
 # Remove and create the symbolic link to the init script
 #
 if [ -z "$DESTDIR" ]; then
-    rm -f ${SHAREDIR}/shorewall-init/init
+    rm -f /usr/share/shorewall-init/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
 fi

 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
 	mkdir -p ${DESTDIR}/etc/network/if-up.d/
-	mkdir -p ${DESTDIR}/etc/network/if-down.d/
+	mkdir -p ${DESTDIR}/etc/network/if-post-down.d/
    fi

    if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
@@ -375,8 +322,6 @@ if [ $HOST = debian ]; then

 	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
    fi
-
-    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
@@ -385,30 +330,24 @@ else
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
-	    elif [ $HOST = gentoo ]; then
-		# Gentoo does not support if-{up,down}.d
-		/bin/true
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi

-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-	run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT
-	echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-    fi
-
-    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
+    fi 
 fi

 #
 # Install the ifupdown script
 #

-cp $IFUPDOWN ifupdown
+cp ifupdown.sh ifupdown

-[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
+d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown

 mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init

@@ -421,7 +360,6 @@ fi
 case $HOST in
    debian)
 	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
 	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	;;
    suse)
@@ -431,23 +369,11 @@ case $HOST in
 	fi
 	;;
    redhat)
-	if [ -z "$DESTDIR" ]; then
-	    install_local=
-
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
-		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-		else
-		    install_local=Yes
-		fi
-	    else
-		install_local=Yes
-	    fi
-
-	    if [ -n "$install_local" ]; then
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
-	    fi
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
+	elif [ -z "$DESTDIR" ]; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	fi
 	;;
 esac
@@ -455,29 +381,13 @@ esac
 if [ -z "$DESTDIR" ]; then
    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
-		if insserv ${INITDIR}/shorewall-init; then
-		    echo "Shorewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif mywhich update-rc.d ; then
-		if update-rc.d $PRODUCT enable; then
-		    echo "$PRODUCT will start automatically at boot"
-		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		else
-		    cant_autostart
-		fi
-	    else
-		cant_autostart
-	    fi
-	elif [ $HOST = gentoo ]; then
-	    # On Gentoo, a service must be enabled manually by the user,
-	    # not by the installer
-	    /bin/true
+	    
+	    update-rc.d shorewall-init defaults
+
+	    echo "Shorewall Init will start automatically at boot"
 	else
 	    if [ -n "$SYSTEMD" ]; then
-		if systemctl enable shorewall-init.service; then
+		if systemctl enable shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
@@ -534,7 +444,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	    for file in ip-up.local ip-down.local; do
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
+		    if fgrep -q Shorewall-based $FILE ; then
 			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
--- a/Shorewall-init/logrotate
+++ b/Shorewall-init/logrotate
@@ -1,5 +0,0 @@
-/var/log/shorewall-ifupdown.log {
-  missingok
-  notifempty
-  create 0600 root root
-}
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,42 +1,28 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #########################################################################################
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
-    fi
-}
-
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
@@ -50,32 +36,21 @@ if [ -f "$SYSCONFDIR/shorewall-init" ]; then
 	exit 1
    fi
 else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
    exit 1
 fi

 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-          #
-	  # Run in a sub-shell to avoid name collisions
-	  #
-	  (
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
-	      else
-		  exit 1
-	      fi
-	  )
-      else
-	  exit 1
+      if [ -x ${VARDIR}/firewall ]; then
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	      ${VARDIR}/firewall stop || exit 1
+	  fi
      fi
  done

@@ -89,14 +64,14 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
-
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done

--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -16,11 +16,3 @@ IFUPDOWN=0
 # during 'start' and will save them there during 'stop'.
 #
 SAVE_IPSETS=""
-#
-# Where Up/Down events get logged
-#
-LOGFILE=/var/log/shorewall-ifupdown.log
-
-# Startup options - set verbosity to 0 (minimal reporting)
-OPTIONS="-V0"
-
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
@@ -140,7 +140,6 @@ remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall

 remove_file ${CONFDIR}/network/if-up.d/shorewall
 remove_file ${CONFDIR}/network/if-down.d/shorewall
-remove_file ${CONFDIR}/network/if-post-down.d/shorewall

 remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
@@ -153,7 +152,7 @@ if [ -d ${CONFDIR}/ppp ]; then
    done

    for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
 	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
    done
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -4,4 +4,4 @@
 # /usr/share/shorewall-lite/configpath
 #

-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+OPTIONS="-f"
+
+if [ -f /etc/sysconfig/shorewall ] ; then
+	. /etc/sysconfig/shorewall
+elif [ -f /etc/default/shorewall ] ; then
+	. /etc/default/shorewall
+fi
+
+# if you want to override options, do so in /etc/sysconfig/shorewall or
+# in /etc/default/shorewall --
+# i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
+
+case "$1" in
+	start)
+		stat_busy "Starting $DAEMON_NAME"
+		/sbin/shorewall-lite $OPTIONS start &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			add_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+
+	stop)
+		stat_busy "Stopping $DAEMON_NAME"
+		/sbin/shorewall-lite stop &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			rm_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+	restart|reload)
+		stat_busy "Restarting $DAEMON_NAME"
+		/sbin/shorewall-lite restart &>/dev/null
+		if [ $? -gt 0  ]; then
+			stat_fail
+		else
+			stat_done
+		fi
+		;;
+
+	*)
+		echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
+
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -11,7 +11,7 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO

-. /lib/lsb/init-functions
+

 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -3,18 +3,17 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -1,92 +0,0 @@
-#!/bin/sh
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#	On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#	If an error occurs while starting or restarting the firewall, the
-#	firewall is automatically stopped.
-#
-#	Commands are:
-#
-#	   shorewall start			  Starts the firewall
-#	   shorewall restart			  Restarts the firewall
-#	   shorewall reload			  Reload the firewall
-#						  (same as restart)
-#	   shorewall stop			  Stops the firewall
-#	   shorewall status			  Displays firewall status
-#
-
-
-### BEGIN INIT INFO
-# Provides:	  shorewall-lite
-# Required-Start: $network $remote_fs
-# Required-Stop:  
-# Default-Start:  2 3 5
-# Default-Stop:	  0 1 6
-# Description:	  starts and stops the shorewall firewall
-# Short-Description: Packet filtering firewall
-### END INIT INFO
-
-################################################################################
-# Give Usage Information						       #
-################################################################################
-usage() {
-    echo "Usage: $0 start|stop|reload|restart|status"
-    exit 1
-}
-
-################################################################################
-# Get startup options (override default)
-################################################################################
-OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
-fi
-
-SHOREWALL_INIT_SCRIPT=1
-
-################################################################################
-# E X E C U T I O N    B E G I N S   H E R E				       #
-################################################################################
-command="$1"
-
-case "$command" in
-    start)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
-	;;
-    restart|reload)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
-	;;
-    status|stop)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
-	;;
-    *)
-	usage
-	;;
-esac
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

 VERSION=xxx #The Build script inserts the actual version
@@ -171,19 +171,10 @@ else
    usage 1
 fi

-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
-fi
-
-for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
    require $var
 done

-[ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
-
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}

 #
@@ -191,6 +182,7 @@ PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 #
 cygwin=
 INSTALLD='-D'
+INITFILE=$PRODUCT
 T='-T'

 if [ -z "$BUILD" ]; then
@@ -202,30 +194,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
-
-		case $ID in
-		    fedora)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f ${CONFDIR}/debian_version ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -274,9 +244,6 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
@@ -286,10 +253,7 @@ case "$HOST" in
    archlinux)
 	echo "Installing ArchLinux-specific configuration..."
 	;;
-    suse)
-	echo "Installing Suse-specific configuration..."
-	;;
-    linux)
+    linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -307,11 +271,21 @@ if [ -n "$DESTDIR" ]; then

    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+
+    if [ -n "$SYSTEMD" ]; then
+	mkdir -p ${DESTDIR}/lib/systemd/system
+	INITFILE=
+    fi
 else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
+
+    if [ -f /lib/systemd/system ]; then
+	SYSTEMD=Yes
+	INITFILE=
+    fi
 fi

 echo "Installing $Product Version $VERSION"
@@ -320,7 +294,7 @@ echo "Installing $Product Version $VERSION"
 # Check for ${CONFDIR}/$PRODUCT
 #
 if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -329,8 +303,8 @@ if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
 	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 else
    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${SHAREDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${VARDIR}
+    rm -rf ${DESTDIR}/usr/share/$PRODUCT
+    rm -rf ${DESTDIR}/var/lib/$PRODUCT
    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
 fi

@@ -353,9 +327,9 @@ echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 # Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
 mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
+mkdir -p ${DESTDIR}/usr/share/$PRODUCT
 mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${VARDIR}
+mkdir -p ${DESTDIR}/var/lib/$PRODUCT

 chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
 chmod 755 ${DESTDIR}/usr/share/$PRODUCT
@@ -368,25 +342,22 @@ if [ -n "$DESTDIR" ]; then
 fi

 if [ -n "$INITFILE" ]; then
-    if [ -f "${INITSOURCE}" ]; then
-	initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
-	install_file ${INITSOURCE} "$initfile" 0544

-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
+    install_file ${INITSOURCE} "$initfile" 0544

-	echo  "SysV init script $INITSOURCE installed in $initfile"
-    fi
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+
+    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
-    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
+    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
+
 #
 # Install the config file
 #
@@ -397,9 +368,6 @@ fi

 if [ $HOST = archlinux ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
-elif [ $HOST = gentoo ]; then
-    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
-    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi

 #
@@ -435,7 +403,6 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #

 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap

 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -508,16 +475,13 @@ delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup

-#
-# Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
-#
-if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi

-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi

@@ -527,20 +491,20 @@ if [ ${SHAREDIR} != /usr/share ]; then
 fi

 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SYSTEMD" ]; then
-	if systemctl enable ${PRODUCT}.service; then
+    if mywhich update-rc.d ; then
+	echo "$PRODUCT will start automatically at boot"
+	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
+	touch /var/log/$PRODUCT-init.log
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
+	update-rc.d $PRODUCT enable defaults
+    elif [ -n "$SYSTEMD" ]; then
+	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"
 	fi
    elif mywhich insserv; then
 	if insserv ${INITDIR}/${INITFILE} ; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
-	    fi
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 	else
 	    cant_autostart
 	fi
@@ -552,22 +516,10 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
 	else
 	    cant_autostart
 	fi
-    elif mywhich update-rc.d ; then
-	echo "$PRODUCT will start automatically at boot"
-	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
-	    fi
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	else
 	    cant_autostart
 	fi
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	This program is free software; you can redisribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.

--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite-vardir</refentrytitle>

    <manvolnum>5</manvolnum>
-
-    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -56,7 +54,7 @@
        /opt/var/lib/shorewall-lite/.</para>
      </blockquote>

-      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      <para> When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
      will save its state in the <replaceable>directory</replaceable>
      specified.</para>
    </note>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>

    <manvolnum>5</manvolnum>
-
-    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -143,7 +141,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
        </listitem>
      </varlistentry>

--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite</refentrytitle>

    <manvolnum>8</manvolnum>
-
-    <refmiscinfo>Administrative Commands</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -337,9 +335,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
-
-      <arg><option>-b</option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-x</option></arg>

@@ -359,7 +355,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-f</option></arg>

@@ -373,10 +369,10 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
+      choice="req"><option>classifiers|connections|config|filters|ip|ipa|zones|policies|marks</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -386,20 +382,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
-
-      <arg choice="plain"><option>event</option><arg
-      choice="plain"><replaceable>event</replaceable></arg></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-x</option></arg>

@@ -413,7 +396,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -425,7 +408,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-m</option></arg>

@@ -507,9 +490,9 @@
    url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
-    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
+    VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    be no white-space between <emphasis role="bold">v</emphasis> and the
+    be no white space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>

    <para>The <emphasis>options</emphasis> may also include the letter
@@ -647,7 +630,7 @@
        <term><emphasis role="bold">forget</emphasis></term>

        <listitem>
-          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
+          <para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
          and /var/lib/shorewall-lite/save. If no
          <emphasis>filename</emphasis> is given then the file specified by
          RESTOREFILE in <ulink
@@ -705,7 +688,7 @@
          and raw table PREROUTING chains.</para>

          <para>The trace records are written to the kernel's log buffer with
-          facility = kernel and priority = warning, and they are routed from
+          faciility = kernel and priority = warning, and they are routed from
          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
          Shorewall-lite has no control over where the messages go; consult
          your logging daemon's documentation.</para>
@@ -762,7 +745,7 @@

          <para>The <replaceable>iptables match expression</replaceable> must
          be one given in the <command>iptrace</command> command being
-          canceled.</para>
+          cancelled.</para>
        </listitem>
      </varlistentry>

@@ -858,12 +841,6 @@
                Netfilter table to display. The default is <emphasis
                role="bold">filter</emphasis>.</para>

-                <para>The <emphasis role="bold">-b</emphasis> ('brief') option
-                causes rules which have not been used (i.e. which have zero
-                packet and byte counts) to be omitted from the output. Chains
-                with no rules displayed are also omitted from the
-                output.</para>
-
                <para>The <emphasis role="bold">-l</emphasis> option causes
                the rule number for each Netfilter rule to be
                displayed.</para>
@@ -890,7 +867,7 @@
              <term><emphasis role="bold">config</emphasis></term>

              <listitem>
-                <para>Displays distribution-specific defaults.</para>
+                <para>Dispays distribution-specific defaults.</para>
              </listitem>
            </varlistentry>

@@ -903,24 +880,6 @@
              </listitem>
            </varlistentry>

-            <varlistentry>
-              <term><emphasis role="bold">event</emphasis><replaceable>
-              event</replaceable></term>
-
-              <listitem>
-                <para>Added in Shorewall 4.5.19. Displays the named
-                event.</para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
-              <term><emphasis role="bold">events</emphasis></term>
-
-              <listitem>
-                <para>Added in Shorewall 4.5.19. Displays all events.</para>
-              </listitem>
-            </varlistentry>
-
            <varlistentry>
              <term><emphasis role="bold">ip</emphasis></term>

@@ -1088,23 +1047,6 @@
    </variablelist>
  </refsect1>

-  <refsect1>
-    <title>EXIT STATUS</title>
-
-    <para>In general, when a command succeeds, status 0 is returned; when the
-    command fails, a non-zero status is returned.</para>
-
-    <para>The <command>status</command> command returns exit status as
-    follows:</para>
-
-    <para>0 - Firewall is started.</para>
-
-    <para>3 - Firewall is stopped or cleared</para>
-
-    <para>4 - Unknown state; usually means that the firewall has never been
-    started.</para>
-  </refsect1>
-
  <refsect1>
    <title>FILES</title>

--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,18 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,9 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
@@ -44,19 +45,17 @@
 #    used during firewall compilation, then the generated firewall program will likewise not
 #    require Shorewall to be installed.

-
+SHAREDIR=/usr/share/shorewall-lite
+VARDIR=/var/lib/shorewall-lite
+CONFDIR=/etc/shorewall-lite
 g_program=shorewall-lite
+g_product="Shorewall Lite"
+g_family=4
+g_base=shorewall
+g_basedir=/usr/share/shorewall-lite

-#
-# This is modified by the installer when ${SHAREDIR} != /usr/share
-#
-. /usr/share/shorewall/shorewallrc
-
-g_sharedir="$SHAREDIR"/shorewall-lite
-g_confdir="$CONFDIR"/shorewall-lite
-g_readrc=1
-
-. ${SHAREDIR}/shorewall/lib.cli
+. /usr/share/shorewall-lite/lib.base
+. /usr/share/shorewall/lib.cli
 . /usr/share/shorewall-lite/configpath

 [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -2,17 +2,16 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,20 +19,23 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
 ################################################################################################
-PRODUCT=shorewall-lite
+g_program=shorewall-lite

 #
 # This is modified by the installer when ${SHAREDIR} != /usr/share
 #
 . /usr/share/shorewall/shorewallrc

-g_program=$PRODUCT
+g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"/shorewall-lite
+g_sbindir="$SBINDIR"
+g_vardir="$VARDIR"
 g_confdir="$CONFDIR"/shorewall-lite
 g_readrc=1

--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
@@ -118,14 +118,14 @@ fi

 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-elif [ -n "$INITFILE" ]; then
+elIF [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi

 if [ -f "$FIREWALL" ]; then
    if mywhich updaterc.d ; then
 	updaterc.d shorewall-lite remove
-    elif mywhich insserv ; then
+    elif if mywhich insserv ; then
        insserv -r $FIREWALL
    elif [ mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,17 +1,15 @@
 #
 # Shorewall version 4 - Audited AllowICMPs Macro
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# /usr/share/shorewall/macro.AAllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#					PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types

 A_ACCEPT       -	-	icmp	fragmentation-needed
 A_ACCEPT       -	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - Audited DropDNSrep Macro
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# /usr/share/shorewall/macro.ADropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies

 A_DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - ADropUPnP Macro
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# /usr/share/shorewall/macro.ADropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT UPnP
+COMMENT UPnP

 A_DROP	-	-	udp	1900
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,40 +0,0 @@
-#
-# Shorewall version 4 - Samba 4 Macro
-#
-# /usr/share/shorewall/macro.ActiveDir
-#
-#       This macro handles ports for Samba 4 Active Directory Service
-#
-# You can comment out the ports you do not want open
-#
-# 
-###############################################################################
-#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
-#                               PORT(S) PORT(S) LIMIT   GROUP
-PARAM   -       -       tcp     389 	#LDAP services
-PARAM   -       -       udp	389  
-PARAM   -       -       tcp     636	#LDAP SSL
-PARAM   -       -       tcp     3268	#LDAP GC
-PARAM   -       -       tcp     3269	#LDAP GC SSL
-PARAM   -       -       tcp     88	#Kerberos
-PARAM   -       -       udp	88
-
-# Use macro.DNS for DNS sevice
-
-PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
-PARAM   -       -       udp	445
-
-# Use macro.SMTP for Mail service
-
-PARAM   -       -       tcp     135	#RPC, EPM
-PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
-PARAM   -       -       udp	123	#Windows Time
-PARAM   -       -       tcp     464	#Kerberosb change/set password
-PARAM   -       -       udp	464
-PARAM   -       -       udp	138	#DFS, Group Policy
-PARAM   -       -       tcp     9389	#SOAP
-PARAM   -       -       tcp     2535	#MADCAP
-PARAM   -       -       udp	2535
-PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
-PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
-  
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -6,12 +6,10 @@
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types

 DEFAULT ACCEPT
 PARAM	-	-	icmp	fragmentation-needed
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -8,17 +8,9 @@
 #	files from those nodes.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
- PARAM	-	-	udp	10080 ; helper=amanda
-?else
- PARAM	-	-	udp	10080
-?endif
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	udp	10080
 PARAM	-	-	tcp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -6,8 +6,6 @@
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -6,8 +6,6 @@
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -6,12 +6,10 @@
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?if $BLACKLIST_LOGLEVEL
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+?IF $BLACKLIST_LOGLEVEL
 blacklog
-?else
+?ELSE
 $BLACKLIST_DISPOSITION
-?endif
+?ENDIF
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -7,12 +7,9 @@
 #
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
-#
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -6,10 +6,8 @@
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -6,8 +6,6 @@
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -6,11 +6,9 @@
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
-###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+####################################################################################
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -7,9 +7,7 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -7,8 +7,6 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	6277
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -6,9 +6,7 @@
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -6,8 +6,6 @@
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -11,14 +11,12 @@
 #		Drop	net	all
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #
-# Don't log 'auth' DROP
+# Don't log 'auth' REJECT
 #
-DROP	-	-	tcp	113
+REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -6,12 +6,10 @@
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies

 DEFAULT DROP
 PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -6,12 +6,10 @@
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT UPnP
+COMMENT UPnP

 DEFAULT DROP
 PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -28,9 +28,7 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -6,12 +6,6 @@
 #	This macro handles FTP traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
- PARAM	-	-	tcp	21 ; helper=ftp
-?else
- PARAM	-	-	tcp	21
-?endif
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	21
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -7,8 +7,6 @@
 #	your finger information to internet.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -6,10 +6,8 @@
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -7,9 +7,7 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -6,8 +6,6 @@
 #	This macro handles Git traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -6,9 +6,7 @@
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -6,8 +6,6 @@
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -6,8 +6,6 @@
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -6,8 +6,6 @@
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -6,8 +6,6 @@
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -6,8 +6,6 @@
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -7,8 +7,6 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -7,8 +7,6 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -6,8 +6,6 @@
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -6,10 +6,7 @@
 #	This macro handles Internet Printing Protocol (IPP) broadcasts.
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
-#
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -23,9 +23,7 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -7,10 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -6,13 +6,6 @@
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
- PARAM	-	-	tcp	6667 ; helper=irc
-?else
- PARAM	-	-	tcp	6667
-?endif
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	6667
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -8,10 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (plaintext).
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (ssl).
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -6,8 +6,6 @@
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -6,8 +6,6 @@
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,14 +0,0 @@
-#
-# Shorewall version 4 - Kerberos Macro
-#
-# /usr/share/shorewall/macro.Kerberos
-#
-#	This macro handles Kerberos traffic.
-#
-###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	88
-PARAM	-	-	udp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -7,9 +7,7 @@
 #	(RFC 2661)
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	389
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	636
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -6,8 +6,6 @@
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	1863
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - MSSQL Macro
-#
-# /usr/share/shorewall/macro.MSSQL
-#
-#	This macro handles MSSQL (Microsoft SQL Server)
-#
-###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	1433
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -12,10 +12,8 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	25
 PARAM	-	-	tcp	465
 PARAM	-	-	tcp	587
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@@ -6,8 +6,6 @@
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	4949
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -6,8 +6,6 @@
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3306
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -7,8 +7,6 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	119
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	746a363d41	Add some decimal->hex convertions in routing rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 11:11:15 -07:00
Tom Eastep	6e5b07c804	Deprecate the current TPROXY implementation. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 11:02:08 -07:00
Tom Eastep	865078f925	Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 07:29:59 -07:00