Allow WHITELIST in IPv6

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Fix NFLOG/ULOG implementation.
2012-11-24 08:24:11 -08:00 · 2012-11-23 12:24:13 -08:00 · 2012-11-23 11:53:02 -08:00 · 2012-11-23 11:48:10 -08:00 · 2012-11-23 11:47:33 -08:00 · 2012-11-23 07:46:53 -08:00
430 changed files with 8840 additions and 25733 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,17 +1,16 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure [ <option>=<setting> ] ...
 #
@@ -93,38 +93,15 @@ done
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
    if [ -f /etc/os-release ]; then
 	eval $(cat /etc/os-release | grep ^ID=)
 	case $ID in
 	    fedora|rhel)
 		vendor=redhat
 		;;
 	    debian|ubuntu)
 		vendor=debian
 		;;
 	    opensuse)
 		vendor=suse
 		;;
 	    *)
 		vendor="$ID"
 		;;
 	esac
 	params[HOST]="$vendor"
    fi
 fi
 if [ -z "$vendor" ]; then
    case `uname` in
 	Darwin)
-	    params[HOST]=apple
+	    $params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
-	cygwin*|CYGWIN*)
+	cygwin*)
-	    params[HOST]=cygwin
+	    $params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
 	    ;;
 	*)
@@ -210,7 +187,6 @@ for on in \
    AUXINITSOURCE \
    AUXINITFILE \
    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
    SPARSE \
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -2,16 +2,15 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure.pl <option>=<setting> ...
 #
@@ -56,28 +56,6 @@ my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
 unless ( defined $vendor ) {
    if ( -f '/etc/os-release' ) {
 	my $id = `cat /etc/os-release | grep ^ID=`;
 	chomp $id;
 	$id =~ s/ID=//;
 	if ( $id eq 'fedora' || $id eq 'rhel' ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
 	} elsif ( $id eq 'ubuntu' ) {
 	    $vendor = 'debian';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
 }
 if ( defined $vendor ) {
    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
@@ -168,7 +146,6 @@ for ( qw/ HOST
 	  AUXINITSOURCE
 	  AUXINITFILE
 	  SYSTEMD
          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
 	  SPARSE
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -194,30 +194,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -276,7 +254,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|redhat|slackware|archlinux|linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -347,7 +325,7 @@ if [ -n "${INITFILE}" ]; then
    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
 	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
    fi
 fi
 #
@@ -393,13 +371,12 @@ if [ -z "${DESTDIR}" ]; then
 	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
    fi
    [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 fi
 [ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
 	if [ $BUILD != apple ]; then
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components except the
 # generated scripts.
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated
@@ -65,7 +65,6 @@ startup_error() # $* = Error Message
 	esac
    fi
    mutex_off
    kill $$
    exit 2
 }
@@ -273,11 +272,8 @@ shorewall6_is_started() {
 # Echos the fully-qualified name of the calling shell program
 #
 my_pathname() {
    local pwd
    pwd=$PWD
    cd $(dirname $0)
    echo $PWD/$(basename $0)
    cd $pwd
 }
 #
@@ -605,7 +601,7 @@ find_first_interface_address() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# If there wasn't one, bail out now
 	#
@@ -634,7 +630,7 @@ find_first_interface_address_if_any() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
 	# along with everything else on the line
@@ -680,11 +676,7 @@ find_file()
 		fi
 	    done
-	    if [ -n "$g_shorewalldir" ]; then
+	    echo ${g_confdir}/$1
 		echo ${g_shorewalldir}/$1
 	    else
 		echo ${g_confdir}/$1
 	    fi
 	    ;;
    esac
 }
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -15,7 +15,6 @@ INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
 SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,22 +1,21 @@
 #
-# Arch Linux Shorewall 4.5 rc file
+# Archlinux Shorewall 4.5 rc file
 #
-BUILD=                                 #Default is to detect the build system
+BUILD=archlinux
 HOST=archlinux
 PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/sbin                      #Directory where system administration programs are installed
+SBINDIR=/sbin                          #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
+INITDIR=/etc/rc.d                      #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
+INITFILE=$PRODUCT                      #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.sh                     #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                               #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -15,7 +15,6 @@ INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
 SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -15,7 +15,6 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -15,7 +15,6 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -16,7 +16,6 @@ INITSOURCE=init.fedora.sh               #Name of the distributed file to be inst
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -16,7 +16,6 @@ AUXINITFILE=rc.firewall                    #Name of the product's installed SysV
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
 SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
 ANNOTATED=                                 #If non-empty, install annotated configuration files
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -15,8 +15,7 @@ INITFILE=$PRODUCT                                     #Name of the product's Sys
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
 SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=                                          #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                                       #Directory where persistent product data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,18 +2,17 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -1,135 +0,0 @@
 #!/bin/sh
 #
 # Debian ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
 Debian_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
    case $0 in
 	/etc/ppp/ip-*)
 	    #
 	    # IPv4
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall|shorewall-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	/etc/ppp/ipv6-*)
 	    #
 	    # IPv6
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall6|shorewall6-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	*)
 	    exit 0
 	    ;;
    esac
    PRODUCTS="$NEWPRODUCTS"
    case $0 in
 	*up/*)
 	    COMMAND=up
 	    ;;
 	*)
 	    COMMAND=down
 	    ;;
    esac
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 case $0 in
    /etc/ppp*)
 	#
 	# Debian ppp
 	#
 	Debian_ppp
 	;;
    *)
        #
        # Debian ifupdown system
        #
 	INTERFACE="$IFACE"
 	if [ "$MODE" = start ]; then
 	    COMMAND=up
 	elif [ "$MODE" = stop ]; then
 	    COMMAND=down
 	else
 	    exit 0
 	fi
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x $VARLIB/$PRODUCT/firewall ]; then
 	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -1,111 +0,0 @@
 #!/bin/sh
 #
 # Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Get startup options (override default)
 OPTIONS=
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x "$STATEDIR/firewall" ]; then
 	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT $OPTIONS compile
 	fi
    fi
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 PHASE=''
 case $0 in
    /etc/ppp*)
 	INTERFACE="$1"
 	case $0 in
 	    *ip-up.local)
 		COMMAND=up
 		;;
 	    *ip-down.local)
 		COMMAND=down
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
    *)
 	#
 	# RedHat ifup/down system
 	#
 	INTERFACE="$1"
 	case $0 in 
 	    *ifup*)
 		COMMAND=up
 		;;
 	    *ifdown*)
 		COMMAND=down
 		;;
 	    *dispatcher.d*)
 		COMMAND="$2"
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x "$STATEDIR/firewall" ]; then
 	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
 	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# SuSE ifupdown script for Shorewall-based products
+# ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -37,7 +37,7 @@ setstatedir() {
    fi
 }
-SuSE_ppp() {
+Debian_SuSE_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
@@ -99,39 +99,105 @@ fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-PHASE=''
+if [ -f /etc/debian_version ]; then
-
+    case $0 in
-case $0 in
+	/etc/ppp*)
-    /etc/ppp*)
+	    #
-        #
+	    # Debian ppp
-	# SUSE ppp
+	    #
-	#
+	    Debian_SuSE_ppp
-	SuSE_ppp
+	    ;;
 	;;
-    *)
+	*)
-        #
+            #
-        # SuSE ifupdown system
+            # Debian ifupdown system
-        #
+            #
-	INTERFACE="$2"
+	    INTERFACE="$IFACE"
-	case $0 in
+	    if [ "$MODE" = start ]; then
 	    *dispatcher.d*)
 		INTERFACE="$1"
 		COMMAND="$2"
 		;;
 	    *if-up.d*)
 		COMMAND=up
-		;;
+	    elif [ "$MODE" = stop ]; then
 	    *if-down.d*)
 		COMMAND=down
-		;;
+	    else
 	    *)
 		exit 0
-		;;
+	    fi
-	esac
+	    ;;
-	;;
+    esac
-esac
+elif [ -f /etc/SuSE-release ]; then
    PHASE=''
    case $0 in
 	/etc/ppp*)
 	    #
 	    # SUSE ppp
 	    #
 	    Debian_SuSE_ppp
 	    ;;
 	*)
            #
            # SuSE ifupdown system
            #
 	    INTERFACE="$2"
 	    case $0 in
 		*if-up.d*)
 		    COMMAND=up
 		    ;;
 		*if-down.d*)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 else
    #
    # Assume RedHat/Fedora/CentOS/Foobar/...
    #
    PHASE=''
    case $0 in
 	/etc/ppp*)
 	    INTERFACE="$1"
 	    case $0 in
 		*ip-up.local)
 		    COMMAND=up
 		    ;;
 		*ip-down.local)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
 	*)
 	    #
 	    # RedHat ifup/down system
 	    #
 	    INTERFACE="$1"
 	    case $0 in 
 		*ifup*)
 		    COMMAND=up
 		    ;;
 		*ifdown*)
 		    COMMAND=down
 		    ;;
 		*dispatcher.d*)
 		    COMMAND="$2"
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 fi
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -36,8 +36,6 @@
 #                    bringing up the network
 ### END INIT INFO
 . /lib/lsb/init-functions
 export VERBOSITY=0
 if [ "$(id -u)" != "0" ]
@@ -52,16 +50,16 @@ echo_notdone () {
 }
 not_configured () {
-    echo "#### WARNING ####"
+	echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
+	echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
+	if [ "$1" != "stop" ]
-    then
+	then
-	echo ""
+		echo ""
-	echo "Please read about Debian specific customization in"
+		echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
+	fi
-    echo "#################"
+	echo "#################"
-    exit 0
+	exit 0
 }
 # set the STATEDIR variable
@@ -73,8 +71,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
@@ -83,16 +83,18 @@ setstatedir() {
 #
 . /usr/share/shorewall/shorewallrc
 vardir=$VARDIR
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-    . $SYSCONFDIR/shorewall-init
+	. $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
+	if [ -z "$PRODUCTS" ]
-    then
+	then
-	not_configured
+		not_configured
-    fi
+	fi
 else
-    not_configured
+	not_configured
 fi
 # Initialize the firewall
@@ -101,23 +103,24 @@ shorewall_start () {
  local STATEDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ ! -x ${VARDIR}/$PRODUCT/firewall ]; then
-          #
+	  if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	  #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
-	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
+	      if ! ${VARDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || echo_notdone
+		  ${VARDIR}/$PRODUCT/firewall stop || echo_notdone
 	      else
 		  echo_notdone
 	      fi
 	  )
      else
 	  echo echo_notdone
      fi
  done
@@ -129,14 +132,20 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ ! -x ${VARDIR}/$PRODUCT/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || echo_notdone
+	  if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	  ${VARDIR}/$PRODUCT/firewall clear || echo_notdone
      fi
  done
@@ -155,7 +164,7 @@ case "$1" in
  reload|force-reload)
     ;;
  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
     exit 1
 esac
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -24,6 +24,8 @@ lockfile="/var/lock/subsys/shorewall-init"
 # Source function library.
 . /etc/rc.d/init.d/functions
 vardir=$VARDIR
 # Get startup options (override default)
 OPTIONS=
@@ -44,17 +46,17 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT $OPTIONS compile -c
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-    else
+	    ${SBINDIR}/$PRODUCT compile
-	return 0
+	fi
    fi
 }
 # Initialize the firewall
 start () {
    local PRODUCT
-    local STATEDIR
+    local vardir
    if [ -z "$PRODUCTS" ]; then
 	echo "No firewalls configured for shorewall-init"
@@ -63,26 +65,23 @@ start () {
    fi
    echo -n "Initializing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
-	if [ $retval -eq 0 ]; then
+	if [ ! -x ${VARDIR}/firewall ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
+	    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
+		${SBINDIR}/$PRODUCT compile
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
-	else
+	fi
-	    break
+
 	if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	    ${VARDIR}/$PRODUCT/firewall stop 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ $retval -ne 0 ] && break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	touch $lockfile 
 	success
    else
@@ -95,29 +94,26 @@ start () {
 # Clear the firewall
 stop () {
    local PRODUCT
-    local STATEDIR
+    local vardir
    echo -n "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
-	if [ $retval -eq 0 ]; then
+	if [ ! -x ${VARDIR}/firewall ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
+	    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
+		${SBINDIR}/$PRODUCT compile
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
-	else
+	fi
-	    break
+
 	if [ -x ${VARDIR}/$PRODUCT/firewall ]; then
 	    ${VARDIR}/$PRODUCT/firewall clear 2>&1 | $logger
 	    retval=${PIPESTATUS[0]}
 	    [ $retval -ne 0 ] && break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	rm -f $lockfile
 	success
    else
@@ -148,7 +144,7 @@ case "$1" in
 	status $prog
 	;;
  *)
-	echo "Usage: $0 {start|stop|status}"
+	echo "Usage: /etc/init.d/shorewall-init {start|stop|status}"
 	exit 1
 esac
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,24 +1,22 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#       it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#       as published by the Free Software Foundation.
 #       option, any later version.
 #
-#	This program is distributed in the hope that it will be useful,
+#       This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
+#       GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -71,7 +69,7 @@ setstatedir() {
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+	    ${SBINDIR}/$PRODUCT compile $STATEDIR/firewall
 	fi
    fi
 }
@@ -87,7 +85,7 @@ shorewall_start () {
      if [ -x ${STATEDIR}/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
+	      ${STATEDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@@ -102,14 +100,20 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
-      if [ -x ${STATEDIR}/firewall ]; then
+      if [ ! -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
+	  if [ $PRODUCT = shorewall -o $product = shorewall6 ]; then
 	      ${SBINDIR}/$PRODUCT compile
 	  fi
      fi
      if [ -x ${VARDIR}/firewall ]; then
 	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -34,35 +34,22 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #Return values acc. to LSB for all commands but status:
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
 # 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
 # 7 - program is not running
 if [ "$(id -u)" != "0" ]
 then
  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 4
+  exit 1
 fi
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]
 then
-    . /etc/sysconfig/shorewall-init
+	. /etc/sysconfig/shorewall-init
-
+	if [ -z "$PRODUCTS" ]
-    if [ -z "$PRODUCTS" ]
+	then
-    then
+		exit 0
-	echo "No PRODUCTS configured"
+	fi
 	exit 6
    fi
 else
-    echo "/etc/sysconfig/shorewall-init not found"
+	exit 0
    exit 6
 fi
 #
@@ -79,8 +66,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
@@ -95,16 +84,16 @@ shorewall_start () {
      if [ -x $STATEDIR/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
+	      $STATEDIR/$PRODUCT/firewall stop || echo_notdone
 	  fi
      else
 	  exit 6
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 # Clear the firewall
@@ -117,9 +106,7 @@ shorewall_stop () {
      setstatedir
      if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
+	  ${STATEDIR}/firewall clear || exit 1
      else
 	  exit 6
      fi
  done
@@ -129,21 +116,20 @@ shorewall_stop () {
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      fi
  fi
  return 0
 }
 case "$1" in
-    start)
+  start)
-	shorewall_start
+     shorewall_start
-	;;
+     ;;
-    stop)
+  stop)
-	shorewall_stop
+     shorewall_stop
-	;;
+     ;;
-    reload|forced-reload)
+  *)
-	;;
+     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-    *)
+     exit 1
 	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 	;;
 esac
 exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,25 +2,21 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -63,6 +59,7 @@ mywhich() {
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    echo $dir/$1
 	    return 0
 	fi
    done
@@ -102,8 +99,6 @@ PRODUCT=shorewall-init
 #
 # Parse the run line
 #
 T='-T'
 finished=0
 while [ $finished -eq 0 ] ; do
@@ -187,29 +182,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID=)
 		case $ID in
 		    fedora)
 			BUILD=redhat
 			;;
 		    debian|ubuntu)
 			BUILD=debian
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/ubuntu_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -232,7 +206,7 @@ case $BUILD in
    apple)
 	T=
 	;;
-    debian|gentoo|redhat|suse|slackware|archlinux)
+    debian|redhat|suse|slackware|archlinux)
 	;;
    *)
 	[ -n "$BUILD" ] && echo "ERROR: Unknown BUILD environment ($BUILD)" >&2 || echo "ERROR: Unknown BUILD environment"
@@ -248,10 +222,7 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
-    gentoo)
+    redhat|redhat)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
    slackware)
@@ -262,12 +233,11 @@ case "$HOST" in
 	echo "Shorewall-init is currently not supported on Arch Linux" >&2
 	exit 1
 	;;
-    suse)
+    suse|suse)
 	echo "Installing SuSE-specific configuration..."
 	;;
    linux)
 	echo "ERROR: Shorewall-init is not supported on this system" >&2
 	exit 1
 	;;
    *)
 	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
@@ -313,7 +283,7 @@ if [ -n "$INITFILE" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
    fi
-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
+    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 #
@@ -321,16 +291,14 @@ fi
 #
 if [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/shorewall-init.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
@@ -375,8 +343,6 @@ if [ $HOST = debian ]; then
 	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
    fi
    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
@@ -385,28 +351,22 @@ else
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
-	run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
-	echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+    fi 
    fi
    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
 fi
 #
 # Install the ifupdown script
 #
-cp $IFUPDOWN ifupdown
+cp ifupdown.sh ifupdown
 [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
@@ -431,23 +391,11 @@ case $HOST in
 	fi
 	;;
    redhat)
-	if [ -z "$DESTDIR" ]; then
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
-	    install_local=
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-
+	elif [ -z "$DESTDIR" ]; then
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 		else
 		    install_local=Yes
 		fi
 	    else
 		install_local=Yes
 	    fi
 	    if [ -n "$install_local" ]; then
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	    fi
 	fi
 	;;
 esac
@@ -455,26 +403,10 @@ esac
 if [ -z "$DESTDIR" ]; then
    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
+	    
-		if insserv ${INITDIR}/shorewall-init; then
+	    update-rc.d shorewall-init enable
-		    echo "Shorewall Init will start automatically at boot"
+
-		else
+	    echo "Shorewall Init will start automatically at boot"
 		    cant_autostart
 		fi
 	    elif mywhich update-rc.d ; then
 		if update-rc.d $PRODUCT enable; then
 		    echo "$PRODUCT will start automatically at boot"
 		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		else
 		    cant_autostart
 		fi
 	    else
 		cant_autostart
 	    fi
 	elif [ $HOST = gentoo ]; then
 	    # On Gentoo, a service must be enabled manually by the user,
 	    # not by the installer
 	    /bin/true
 	else
 	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable shorewall-init.service; then
@@ -534,7 +466,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	    for file in ip-up.local ip-down.local; do
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
+		    if fgrep -q Shorewall-based $FILE ; then
 			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,42 +1,28 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
    fi
 }
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
@@ -50,32 +36,21 @@ if [ -f "$SYSCONFDIR/shorewall-init" ]; then
 	exit 1
    fi
 else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
    exit 1
 fi
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if [ -x ${VARDIR}/firewall ]; then
-
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+	      ${VARDIR}/firewall stop || exit 1
-          #
+	  fi
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
      else
 	  exit 1
      fi
  done
@@ -89,14 +64,14 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      VARDIR=/var/lib/$PRODUCT
-
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
-      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -21,6 +21,3 @@ SAVE_IPSETS=""
 #
 LOGFILE=/var/log/shorewall-ifupdown.log
 # Startup options - set verbosity to 0 (minimal reporting)
 OPTIONS="-V0"
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -140,7 +140,6 @@ remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
 remove_file ${CONFDIR}/network/if-up.d/shorewall
 remove_file ${CONFDIR}/network/if-down.d/shorewall
 remove_file ${CONFDIR}/network/if-post-down.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
@@ -153,7 +152,7 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
    for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
 	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
    done
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -4,4 +4,4 @@
 # /usr/share/shorewall-lite/configpath
 #
-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -0,0 +1,58 @@
 #!/bin/bash
 OPTIONS="-f"
 if [ -f /etc/sysconfig/shorewall ] ; then
 	. /etc/sysconfig/shorewall
 elif [ -f /etc/default/shorewall ] ; then
 	. /etc/default/shorewall
 fi
 # if you want to override options, do so in /etc/sysconfig/shorewall or
 # in /etc/default/shorewall --
 # i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
 . /etc/rc.conf
 . /etc/rc.d/functions
 DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
 case "$1" in
 	start)
 		stat_busy "Starting $DAEMON_NAME"
 		/sbin/shorewall-lite $OPTIONS start &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			add_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	stop)
 		stat_busy "Stopping $DAEMON_NAME"
 		/sbin/shorewall-lite stop &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			rm_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	restart|reload)
 		stat_busy "Restarting $DAEMON_NAME"
 		/sbin/shorewall-lite restart &>/dev/null
 		if [ $? -gt 0  ]; then
 			stat_fail
 		else
 			stat_done
 		fi
 		;;
 	*)
 		echo "usage: $0 {start|stop|restart}"
 esac
 exit 0
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -11,7 +11,7 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO
-. /lib/lsb/init-functions
+
 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -3,18 +3,17 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -182,8 +182,6 @@ for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 #
@@ -202,30 +200,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -274,9 +250,6 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
    gentoo)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
@@ -308,7 +281,7 @@ if [ -n "$DESTDIR" ]; then
    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -320,7 +293,7 @@ echo "Installing $Product Version $VERSION"
 # Check for ${CONFDIR}/$PRODUCT
 #
 if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -368,25 +341,24 @@ if [ -n "$DESTDIR" ]; then
 fi
 if [ -n "$INITFILE" ]; then
    if [ -f "${INITSOURCE}" ]; then
 	initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
 	install_file ${INITSOURCE} "$initfile" 0544
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
    install_file ${INITSOURCE} "$initfile" 0544
-	echo  "SysV init script $INITSOURCE installed in $initfile"
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
-    fi
+
    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
 #
 if [ -n "$SYSTEMD" ]; then
    mkdir -p ${DESTDIR}${SYSTEMD}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
+    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
 #
 # Install the config file
 #
@@ -397,9 +369,6 @@ fi
 if [ $HOST = archlinux ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 elif [ $HOST = gentoo ]; then
    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 #
@@ -508,16 +477,13 @@ delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
-#
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
 # Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
 #
 if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
@@ -527,20 +493,20 @@ if [ ${SHAREDIR} != /usr/share ]; then
 fi
 if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SYSTEMD" ]; then
+    if mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
 	update-rc.d $PRODUCT enable defaults
    elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
    elif mywhich insserv; then
 	if insserv ${INITDIR}/${INITFILE} ; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
@@ -552,22 +518,10 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
 	else
 	    cant_autostart
 	fi
    elif mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#	This program is free software; you can redisribute it and/or modify
-#
+#	it under the terms of Version 2 of the GNU General Public License
-#	This program is free software; you can redistribute it and/or modify
+#	as published by the Free Software Foundation.
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.
--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite-vardir</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -56,7 +54,7 @@
        /opt/var/lib/shorewall-lite/.</para>
      </blockquote>
-      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      <para> When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
      will save its state in the <replaceable>directory</replaceable>
      specified.</para>
    </note>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -143,7 +141,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo>Administrative Commands</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -337,7 +335,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-b</option></arg>
@@ -359,7 +357,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-f</option></arg>
@@ -373,10 +371,10 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
+      choice="req"><option>classifiers|connections|config|filters|ip|ipa|zones|policies|marks</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -386,20 +384,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>event</option><arg
      choice="plain"><replaceable>event</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
@@ -413,7 +398,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -425,7 +410,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="opt"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-m</option></arg>
@@ -507,9 +492,9 @@
    url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
-    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
+    VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    be no white-space between <emphasis role="bold">v</emphasis> and the
+    be no white space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>
    <para>The <emphasis>options</emphasis> may also include the letter
@@ -647,7 +632,7 @@
        <term><emphasis role="bold">forget</emphasis></term>
        <listitem>
-          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
+          <para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
          and /var/lib/shorewall-lite/save. If no
          <emphasis>filename</emphasis> is given then the file specified by
          RESTOREFILE in <ulink
@@ -705,7 +690,7 @@
          and raw table PREROUTING chains.</para>
          <para>The trace records are written to the kernel's log buffer with
-          facility = kernel and priority = warning, and they are routed from
+          faciility = kernel and priority = warning, and they are routed from
          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
          Shorewall-lite has no control over where the messages go; consult
          your logging daemon's documentation.</para>
@@ -762,7 +747,7 @@
          <para>The <replaceable>iptables match expression</replaceable> must
          be one given in the <command>iptrace</command> command being
-          canceled.</para>
+          cancelled.</para>
        </listitem>
      </varlistentry>
@@ -890,7 +875,7 @@
              <term><emphasis role="bold">config</emphasis></term>
              <listitem>
-                <para>Displays distribution-specific defaults.</para>
+                <para>Dispays distribution-specific defaults.</para>
              </listitem>
            </varlistentry>
@@ -903,24 +888,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">event</emphasis><replaceable>
              event</replaceable></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays the named
                event.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">events</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays all events.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">ip</emphasis></term>
@@ -1088,23 +1055,6 @@
    </variablelist>
  </refsect1>
  <refsect1>
    <title>EXIT STATUS</title>
    <para>In general, when a command succeeds, status 0 is returned; when the
    command fails, a non-zero status is returned.</para>
    <para>The <command>status</command> command returns exit status as
    follows:</para>
    <para>0 - Firewall is started.</para>
    <para>3 - Firewall is stopped or cleared</para>
    <para>4 - Unknown state; usually means that the firewall has never been
    started.</para>
  </refsect1>
  <refsect1>
    <title>FILES</title>
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,18 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,9 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -2,17 +2,16 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,7 +19,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -13,8 +13,8 @@ Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start
+ExecStart=/usr/sbin/shorewall-lite $OPTIONS start
-ExecStop=/sbin/shorewall-lite $OPTIONS stop
+ExecStop=/usr/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=multi-user.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -118,14 +118,14 @@ fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-elif [ -n "$INITFILE" ]; then
+elIF [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi
 if [ -f "$FIREWALL" ]; then
    if mywhich updaterc.d ; then
 	updaterc.d shorewall-lite remove
-    elif mywhich insserv ; then
+    elif if mywhich insserv ; then
        insserv -r $FIREWALL
    elif [ mywhich chkconfig ; then
 	chkconfig --del $(basename $FIREWALL)
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,17 +1,15 @@
 #
 # Shorewall version 4 - Audited AllowICMPs Macro
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# /usr/share/shorewall/macro.AAllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#					PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types
 A_ACCEPT       -	-	icmp	fragmentation-needed
 A_ACCEPT       -	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - Audited DropDNSrep Macro
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# /usr/share/shorewall/macro.ADropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies
 A_DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - ADropUPnP Macro
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# /usr/share/shorewall/macro.ADropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT UPnP
+COMMENT UPnP
 A_DROP	-	-	udp	1900
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,40 +0,0 @@
 #
 # Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
 #       This macro handles ports for Samba 4 Active Directory Service
 #
 # You can comment out the ports you do not want open
 #
 # 
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
 #                               PORT(S) PORT(S) LIMIT   GROUP
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
 PARAM   -       -       tcp     3268	#LDAP GC
 PARAM   -       -       tcp     3269	#LDAP GC SSL
 PARAM   -       -       tcp     88	#Kerberos
 PARAM   -       -       udp	88
 # Use macro.DNS for DNS sevice
 PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
 PARAM   -       -       udp	445
 # Use macro.SMTP for Mail service
 PARAM   -       -       tcp     135	#RPC, EPM
 PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
 PARAM   -       -       udp	123	#Windows Time
 PARAM   -       -       tcp     464	#Kerberosb change/set password
 PARAM   -       -       udp	464
 PARAM   -       -       udp	138	#DFS, Group Policy
 PARAM   -       -       tcp     9389	#SOAP
 PARAM   -       -       tcp     2535	#MADCAP
 PARAM   -       -       udp	2535
 PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
 PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -6,12 +6,10 @@
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types
 DEFAULT ACCEPT
 PARAM	-	-	icmp	fragmentation-needed
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -8,10 +8,9 @@
 #	files from those nodes.
 #
 ###############################################################################
-?FORMAT 2
+FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
 PARAM	-	-	udp	10080 ; helper=amanda
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -6,8 +6,6 @@
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -6,8 +6,6 @@
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -6,10 +6,8 @@
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -7,12 +7,9 @@
 #
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -6,10 +6,8 @@
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -6,8 +6,6 @@
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -6,11 +6,9 @@
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
-###############################################################################
+####################################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -7,9 +7,7 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -7,8 +7,6 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	tcp	6277
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -6,9 +6,7 @@
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -6,8 +6,6 @@
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -11,14 +11,12 @@
 #		Drop	net	all
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
-# Don't log 'auth' DROP
+# Don't log 'auth' REJECT
 #
-DROP	-	-	tcp	113
+REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -6,12 +6,10 @@
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies
 DEFAULT DROP
 PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -6,12 +6,10 @@
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT UPnP
+COMMENT UPnP
 DEFAULT DROP
 PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -28,9 +28,7 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -6,10 +6,9 @@
 #	This macro handles FTP traffic.
 #
 ###############################################################################
-?FORMAT 2
+FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
 PARAM	-	-	tcp	21 ; helper=ftp
 ?else
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -7,8 +7,6 @@
 #	your finger information to internet.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -6,10 +6,8 @@
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -7,9 +7,7 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -6,8 +6,6 @@
 #	This macro handles Git traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -6,9 +6,7 @@
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -6,8 +6,6 @@
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -6,8 +6,6 @@
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -6,8 +6,6 @@
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -6,8 +6,6 @@
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -6,8 +6,6 @@
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -7,8 +7,6 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -7,8 +7,6 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -6,8 +6,6 @@
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -6,10 +6,7 @@
 #	This macro handles Internet Printing Protocol (IPP) broadcasts.
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -23,9 +23,7 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -7,10 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -6,10 +6,9 @@
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-?FORMAT 2
+FORMAT 2
-###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
 PARAM	-	-	tcp	6667 ; helper=irc
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -8,10 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (plaintext).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (ssl).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -6,8 +6,6 @@
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -6,8 +6,6 @@
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,14 +0,0 @@
 #
 # Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -7,9 +7,7 @@
 #	(RFC 2661)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	389
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	636
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -6,8 +6,6 @@
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1863
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -6,8 +6,6 @@
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1433
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -12,10 +12,8 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	25
 PARAM	-	-	tcp	465
 PARAM	-	-	tcp	587
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@@ -6,8 +6,6 @@
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4949
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -6,8 +6,6 @@
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3306
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -7,8 +7,6 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	119
--- a/Shorewall/Macros/macro.NNTPS
+++ b/Shorewall/Macros/macro.NNTPS
@@ -7,8 +7,6 @@
 #	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	563
--- a/Shorewall/Macros/macro.NTP
+++ b/Shorewall/Macros/macro.NTP
@@ -7,8 +7,6 @@
 #	For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	0753442c3f	Allow WHITELIST in IPv6 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-24 08:24:11 -08:00
Tom Eastep	182cba3412	Fix NFLOG/ULOG implementation. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 12:24:13 -08:00
Tom Eastep	65841ad294	Make NFLOG and ULOG built-ins. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 11:53:02 -08:00
Tom Eastep	c7361743ef	Enable 'debug' on the try, stop and clear commands. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 11:48:10 -08:00
Tom Eastep	524620504e	Handle 'fw' correctly in the SOURCE column of the stoppedrules file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 11:47:33 -08:00
Tom Eastep	ede446d2e5	Delete NFLOG hack. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 07:46:53 -08:00
Tom Eastep	d1861a8c9d	Purge %renamed before each table is processed. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 07:23:14 -08:00
Tom Eastep	27090290a2	Apply Tuomo Soini's fix for RHEL5 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-21 10:27:42 -08:00
Tom Eastep	713d243245	Revert "Fix RHEL5 issue with route marking." This reverts commit `ee125cc77f`.	2012-11-21 10:21:50 -08:00
Tom Eastep	ee125cc77f	Fix RHEL5 issue with route marking. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-21 08:50:57 -08:00
Tom Eastep	d9c351ae24	Recomment disabling route filtering on fallback interfaces. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-20 12:44:08 -08:00
Tom Eastep	8462d6b404	Correct handling of unknown interfaces in TC. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-20 12:30:33 -08:00
Tom Eastep	e96f6ee9a6	Another correction to CHECKSUM detection. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-20 12:30:17 -08:00
Tom Eastep	3d545b0df4	Correct the compiler's CHECKSUM detection Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-20 12:30:09 -08:00