Revert "Supply sysconfig file for additional distributions"

This reverts commit 1a762c20da.
Supply sysconfig file for additional distributions
2015-12-27 16:40:32 -08:00 · 2015-12-27 16:35:22 -08:00 · 2015-12-24 09:20:42 -08:00 · 2015-12-23 09:06:43 -08:00 · 2015-12-23 08:24:00 -08:00 · 2015-12-12 08:10:34 -08:00
461 changed files with 6363 additions and 8983 deletions
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 4
+Shoreline Firewall (Shorewall) Version 5
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -28,7 +28,7 @@
 #
 # Build updates this
 #
-VERSION=4.5.2.1
+VERSION=4.6.12
 case "$BASH_VERSION" in
    [4-9].*)
@@ -91,6 +91,8 @@ for p in $@; do
    fi
 done
 cd $(dirname $0)
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
@@ -122,7 +124,6 @@ if [ -z "$vendor" ]; then
 	    params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
 	cygwin*|CYGWIN*)
 	    params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
@@ -130,7 +131,7 @@ if [ -z "$vendor" ]; then
 	*)
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
-		rcfile=shorewallrc.debian
+		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
@@ -143,28 +144,41 @@ if [ -z "$vendor" ]; then
 	    elif [ -f /etc/arch-release ] ; then
 		params[HOST]=archlinux
 		rcfile=shorewallrc.archlinux
 	    elif [ -f /etc/openwrt_release ]; then
 		params[HOST]=openwrt
 		rcfile=shorewallrc.openwrt
 	    else
 		params[HOST]=linux
 		rcfile=shorewallrc.default
 	    fi
 	    ;;
    esac
    vendor=${params[HOST]}
 elif [ $vendor = linux ]; then
    rcfile=shorewallrc.default;
 else
-    rcfile=shorewallrc.$vendor
+    if [ $vendor = linux ]; then
 	rcfile=shorewallrc.default;
    elif [ $vendor = debian -a -f /etc/debian_version ]; then
 	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
    else
 	rcfile=shorewallrc.$vendor
    fi
    if [ ! -f $rcfile ]; then
 	echo "ERROR: $vendor is not a recognized host type" >&2
 	exit 1
    elif [ $vendor = default ]; then
 	params[HOST]=linux
 	vendor=linux
    elif [[ $vendor == debian.* ]]; then
 	params[HOST]=debian
 	vendor=debian
    fi
 fi
 if [ $vendor = linux ]; then
    echo "INFO: Creating a generic Linux installation - " `date`;
 else
-    echo "INFO: Creating a ${vendor}-specific installation - " `date`;
+    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
 fi
 echo
@@ -177,6 +191,7 @@ done
 echo '#'                                                                 > shorewallrc
 echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
 echo "# rc file: $rcfile"                                               >> shorewallrc
 echo '#'                                                                >> shorewallrc
 if [ $# -gt 0 ]; then
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -31,7 +31,7 @@ use strict;
 # Build updates this
 #
 use constant {
-    VERSION => '4.5.2.1'
+    VERSION => '4.6.12'
 };
 my %params;
@@ -52,6 +52,9 @@ for ( @ARGV ) {
    $params{$pn} = $pv;
 }
 use File::Basename;
 chdir dirname($0);
 my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
@@ -68,23 +71,52 @@ unless ( defined $vendor ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' ) {
+	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
-	    $vendor = 'debian';
+	    my $init = `ls -l /sbin/init`;
 	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
    $params{HOST} =~ s/\..*//;
 }
 if ( defined $vendor ) {
-    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
+    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
-    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
+	if ( -l '/sbin/init' ) {
 	    if ( readlink('/sbin/init') =~ /systemd/ ) {
 		$rcfilename = 'shorewallrc.debian.systemd';
 	    } else {
 		$rcfilename = 'shorewallrc.debian.sysvinit';
 	    }
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } else {
 	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    }
    unless ( -f $rcfilename ) {
 	die qq("ERROR: $vendor" is not a recognized host type);
    } elsif ( $vendor eq 'default' ) {
 	$params{HOST} = $vendor = 'linux';
    } elsif ( $vendor =~ /^debian\./ ) {
 	$params{HOST} = $vendor = 'debian';
    }
 } else {
    if ( -f '/etc/debian_version' ) {
 	$vendor = 'debian';
-	$rcfilename = 'shorewallrc.debian';
+	if ( -l '/sbin/init' ) {
 	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
 		$rcfilename = 'shorewallrc.debian.systemd';
 	    } else {
 		$rcfilename = 'shorewallrc.debian.sysvinit';
 	    }
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
@@ -117,7 +149,7 @@ my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
 if ( $vendor eq 'linux' ) {
    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 } else {
-    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $vendor, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
+    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 }
 open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
@@ -141,7 +173,8 @@ my $outfile;
 open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
-printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
+printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
 print $outfile "# rc file: $rcfilename\n#\n";
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -66,15 +66,6 @@ mywhich() {
    return 2
 }
 run_install()
 {
    if ! install $*; then
 	echo
 	echo "ERROR: Failed to install $*" >&2
 	exit 1
    fi
 }
 cant_autostart()
 {
    echo
@@ -88,7 +79,20 @@ delete_file() # $1 = file to delete
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
 	if chmod $3 $2; then
 	    if [ -n "$OWNER" ]; then
 		if chown $OWNER:$GROUP $2; then
 		    return
 		fi
 	    else
 		return 0
 	    fi
 	fi
    fi
    echo "ERROR: Failed to install $2" >&2
    exit 1
 }
 require()
@@ -181,10 +185,6 @@ done
 [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
 T="-T"
 INSTALLD='-D'
 if [ -z "$BUILD" ]; then
    case $(uname) in
 	cygwin*|CYGWIN*)
@@ -226,6 +226,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=suse
 	    elif [ -f /etc/arch-release ] ; then
 		BUILD=archlinux
 	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
 		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -252,17 +254,15 @@ case $BUILD in
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
 	INSTALLD=
 	T=
 	;;
    *)
-	[ -z "$OWNER" ] && OWNER=root
+	if [ $(id -u) -eq 0 ]; then
-	[ -z "$GROUP" ] && GROUP=root
+	    [ -z "$OWNER" ] && OWNER=root
 	    [ -z "$GROUP" ] && GROUP=root
 	fi
 	;;
 esac
 OWNERSHIP="-o $OWNER -g $GROUP"
 #
 # Determine where to install the firewall script
 #
@@ -276,7 +276,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -305,7 +305,6 @@ if [ -n "$DESTDIR" ]; then
    if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
 	    OWNERSHIP=""
 	fi
    fi
 fi
@@ -407,9 +406,9 @@ fi
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
 	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	fi
    done
 fi
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,7 +1,7 @@
 #
-# Shorewall 4.5 -- /usr/share/shorewall/lib.base
+# Shorewall 5.0 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -75,6 +75,24 @@ elif [ -z "${VARDIR}" ]; then
    VARDIR="${VARLIB}/${PRODUCT}"
 fi
 #
 # Fatal Error
 #
 fatal_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 2
 }
 #
 # Not configured Error
 #
 not_configured_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 6
 }
 #
 # Conditionally produce message
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1,7 +1,7 @@
 #
-# Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
+# Shorewall 5.0 -- /usr/share/shorewall/lib.cli.
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -143,29 +143,63 @@ timed_read ()
 }
 #
-# Determine if 'syslog -C' is running
+# Determine if 'syslogd -C' or logd -S is running
 #
 syslog_circular_buffer() {
    local pid
    local tty
    local flags
-    local cputime
+    local time
    local path
    local args
    local arg
-    ps ax 2> /dev/null | while read pid tty flags cputime path args; do
+    ps w 2> /dev/null | (
-	case $path in
+	while read pid tty stat time path args; do
-	    syslogd|*/syslogd)
+	    case $path in
-		for arg in $args; do
+		syslogd|*/syslogd)
-		    if [ x$arg = x-C ]; then
+		    for arg in $args; do
-			echo Yes
+			case $arg in
-			return
+			    -C*)
-		    fi
+				return 0
-		done
+				;;
-		;;
+			esac
-	esac
+		    done
-    done
+		    ;;
 		logd|*/logd)
 		    for arg in $args; do
 			case $arg in
 			    -S*)
 				return 0
 				;;
 			esac
 		    done
 		    ;;
 	    esac
 	done
 	return 1 )
 }
 setup_logread() {
    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
    if syslog_circular_buffer; then
 	LOGFILE=logread
 	if qt mywhich tac; then
 	    g_logread="logread | tac"
 	else
 	    g_logread="logread"
 	fi
    elif [ -r $LOGFILE ]; then
 	if qt mywhich tac; then
 	    g_logread="tac $LOGFILE"
 	else
 	    g_logread="cat $LOGFILE"
 	fi
    else
 	fatal_error "LOGFILE ($LOGFILE) does not exist or is not readable!"
    fi
 }
 #
@@ -173,31 +207,59 @@ syslog_circular_buffer() {
 #
 packet_log() # $1 = number of messages
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+    if qt mywhich tac; then
-	if [ $g_family -eq 4 ]; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    if [ $g_family -eq 4 ]; then
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
 	    else
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	    fi
 	elif [ $g_family -eq 4 ]; then
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
    elif [ $g_family -eq 4 ]; then
 	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
    else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
 	    if [ $g_family -eq 4 ]; then
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
 	    else
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	    fi
 	elif [ $g_family -eq 4 ]; then
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  tail -n$1 | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  tail -n$1 | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
    fi	
 }
 search_log() # $1 = IP address to search for
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+    if qt mywhich tac; then
-        if [ $g_family -eq 4 ]; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+            if [ $g_family -eq 4 ]; then
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
 	    else
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	    fi
 	elif [ $g_family -eq 4 ]; then
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
    elif [ $g_family -eq 4 ]; then
 	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
    else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
            if [ $g_family -eq 4 ]; then
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
 	    else
 		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	    fi
 	elif [ $g_family -eq 4 ]; then
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
 	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
    fi
 }
@@ -280,17 +342,7 @@ show_bl() {
 logwatch() # $1 = timeout -- if negative, prompt each time that
 	   #		     an 'interesting' packet count changes
 {
-    if [ -z "$LOGFILE" ]; then
+    setup_logread
 	LOGFILE=/var/log/messages
 	if [ -n "$(syslog_circular_buffer)" ]; then
 	    g_logread="logread | tac"
 	elif [ -r $LOGFILE ]; then
 	    g_logread="tac $LOGFILE"
 	else
 	    fatal_error "LOGFILE ($LOGFILE) does not exist!"
 	fi
    fi
    host=$(echo $g_hostname | sed 's/\..*$//')
    oldrejects=$($g_tool -L -v -n | grep 'LOG')
@@ -388,30 +440,16 @@ do_save() {
    status=0
    if [ -f ${VARDIR}/firewall ]; then
-	if [ -n "$WORKAROUNDS" ]; then
+	if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
-	    if $iptables_save | iptablesbug | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+	    cp -f ${VARDIR}/firewall $g_restorepath
-		cp -f ${VARDIR}/firewall $g_restorepath
+	    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
-		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
+	    chmod +x $g_restorepath
-		chmod +x $g_restorepath
+	    echo "   Currently-running Configuration Saved to $g_restorepath"
-		echo "   Currently-running Configuration Saved to $g_restorepath"
+	    run_user_exit save
 		run_user_exit save
 	    else
 		rm -f ${VARDIR}/restore-$$
 		echo "   ERROR: Currently-running Configuration Not Saved" >&2
 		status=1
 	    fi
 	else
-	    if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+	    rm -f ${VARDIR}/restore-$$
-		cp -f ${VARDIR}/firewall $g_restorepath
+	    echo "   ERROR: Currently-running Configuration Not Saved" >&2
-		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
+	    status=1
 		chmod +x $g_restorepath
 		echo "   Currently-running Configuration Saved to $g_restorepath"
 		run_user_exit save
 	    else
 		rm -f ${VARDIR}/restore-$$
 		echo "   ERROR: Currently-running Configuration Not Saved" >&2
 		status=1
 	    fi
 	fi
    else
 	echo "   ERROR: ${VARDIR}/firewall does not exist" >&2
@@ -423,24 +461,11 @@ do_save() {
 	    resolve_arptables
 	    if [ -n "$arptables" ]; then
-		if [ -n "$WORKAROUNDS" ]; then
+		if ${arptables}-save > ${VARDIR}/restore-$$; then
-	            #
+		    if grep -q '^-A' ${VARDIR}/restore-$$; then
-	            # 'sed' command is a hack to work around broken arptables_jf
+			mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
-	            #
+		    else
-		    if ${arptables}-save | sed 's/-p[[:space:]]\+0\([[:digit:]]\)00\/ffff/-p 000\1\/ffff/' > ${VARDIR}/restore-$$; then
+			rm -f ${VARDIR}/restore-$$
 			if grep -q '^-A' ${VARDIR}/restore-$$; then
 			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
 			else
 			    rm -f ${VARDIR}/restore-$$
 			fi
 		    fi
 		else
 		    if ${arptables}-save > ${VARDIR}/restore-$$; then
 			if grep -q '^-A' ${VARDIR}/restore-$$; then
 			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
 			else
 			    rm -f ${VARDIR}/restore-$$
 			fi
 		    fi
 		fi
 	    else
@@ -481,28 +506,12 @@ do_save() {
 		esac
 		if [ -n "$IPSET" ]; then
-		    if [ -n "$WORKAROUNDS" ]; then
+		    if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
-			if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
+			#
-			    #
+			# Don't save an 'empty' file
-			    # The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
+			#
-			    #
+			grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 			    hack='| grep -v /31'
 			else
 			    hack=
 			fi
 			if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
 			    #
 			    # Don't save an 'empty' file
 			    #
 			    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 			fi
 		    fi
 		elif eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
 		    #
 		    # Don't save an 'empty' file
 		    #
 		    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 		fi
 		;;
 	    [Nn]o|ipv4|ipv6)
@@ -1012,8 +1021,6 @@ show_command() {
    case "$1" in
 	connections)
 	    [ $# -gt 1 ] && usage 1
 	    if [ $g_family -eq 4 ]; then
 		if [ -d /proc/sys/net/netfilter/ ]; then
 		    local count
@@ -1028,8 +1035,10 @@ show_command() {
 		echo
 		if qt mywhich conntrack ; then
-		    conntrack -f ipv${g_family} -L | show_connections_filter
+		    shift
 		    conntrack -f ipv4 -L $@ | show_connections_filter
 		else
 		    [ $# -gt 1 ] && usage 1
 		    if [ -f /proc/net/ip_conntrack ]; then
 			cat /proc/net/ip_conntrack | show_connections_filter
 		    else
@@ -1037,15 +1046,19 @@ show_command() {
 		    fi
 	        fi
 	    elif qt mywhich conntrack ; then
 		shift
 		echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 		echo
-		conntrack -f ipv6 -L | show_connections_filter
+		conntrack -f ipv6 -L $@ | show_connections_filter
 	    else
-		local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+		[ $# -gt 1 ] && usage 1
-		local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+		if [ -f /proc/sys/net/netfilter/nf_conntrack_count -a -f /proc/sys/net/nf_conntrack ]; then
-		echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
+		    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
-		echo
+		    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
-		grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
+		    echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
 		    echo
 		    grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
 		fi
 	    fi
 	    ;;
 	nat)
@@ -1079,17 +1092,7 @@ show_command() {
 	log)
 	    [ $# -gt 2 ] && usage 1
-	    if [ -z "$LOGFILE" ]; then
+	    setup_logread
 		LOGFILE=/var/log/messages
 		if [ -n "$(syslog_circular_buffer)" ]; then
 		    g_logread="logread | tac"
 		elif [ -r $LOGFILE ]; then
 		    g_logread="tac $LOGFILE"
 		else
 		    fatal_error "LOGFILE ($LOGFILE) does not exist!"
 		fi
 	    fi
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
@@ -1468,17 +1471,7 @@ do_dump_command() {
 	esac
    done
-    if [ -z "$LOGFILE" ]; then
+    setup_logread
 	LOGFILE=/var/log/messages
 	if [ -n "$(syslog_circular_buffer)" ]; then
 	    g_logread="logread | tac"
 	elif [ -r $LOGFILE ]; then
 	    g_logread="tac $LOGFILE"
 	else
 	    fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
 	fi
    fi
    g_ipt_options="$g_ipt_options $g_ipt_options1"
@@ -1544,7 +1537,9 @@ do_dump_command() {
 	heading "Conntrack Table"
    fi
-    if [ $g_family -eq 4 ]; then
+    if qt mywhich conntrack; then
 	conntrack -f ipv${g_family} -L 2> /dev/null
    elif [ $g_family -eq 4 ]; then
    	[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
    else
 	grep '^ipv6' /proc/net/nf_conntrack
@@ -1631,7 +1626,7 @@ do_dump_command() {
    echo
-    ss -${g_family}tunap
+    qt mywhich ss && ss -${g_family}tunap || { qt mywhich netstat && netatat -tunap; }
    if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
@@ -3534,10 +3529,34 @@ noiptrace_command() {
 	fatal_error "$g_product is not started"
    fi
 }
 #
-# Set the configuration variables from shorewall-lite.conf
+# Verify that we have a compiled firewall script
 #
 verify_firewall_script() {
    if [ ! -f $g_firewall ]; then
 	echo "   ERROR: $g_product is not properly installed" >&2
 	if [ -L $g_firewall ]; then
 	    echo "          $g_firewall is a symbolic link to a" >&2
 	    echo "          non-existant file" >&2
 	else
 	    echo "          The file $g_firewall does not exist" >&2
 	fi
 	exit 2
    fi
 }
 ################################################################################
 # The remaining functions are used by the Lite cli - they are overloaded by
 # the Standard CLI by loading lib.cli-std
 ################################################################################
 #
 # Set the configuration variables from shorewall[6]-lite.conf.
 #
 get_config() {
    local config
    local lib
    ensure_config_path
@@ -3559,15 +3578,7 @@ get_config() {
    [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
+    setup_logread
    if ( ps ax 2> /dev/null | grep -v grep |  qt grep 'syslogd.*-C' ) ; then
 	g_logread="logread | tac"
    elif [ -r $LOGFILE ]; then
 	g_logread="tac $LOGFILE"
    else
 	fatal_error "LOGFILE ($LOGFILE) does not exist!"
    fi
    #
    # See if we have a real version of "tail" -- use separate redirection so
    # that ash (aka /bin/sh on LRP) doesn't crap
@@ -3629,7 +3640,13 @@ get_config() {
 	VERBOSITY=2
    fi
-    g_hostname=$(hostname 2> /dev/null)
+    if qt mywhich hostname; then
 	g_hostname=$(hostname 2> /dev/null)
    elif qt mywhich uname; then
 	g_hostname=$(uname -n 2> /dev/null)
    else
 	g_hostname=localhost
    fi
    if [ -n "$IPSET" ]; then
 	case "$IPSET" in
@@ -3669,29 +3686,11 @@ get_config() {
    g_loopback=$(find_loopback_interfaces)
    lib=$(find_file lib.cli-user)
    [ -f $lib ] && . $lib
 }
 #
 # Verify that we have a compiled firewall script
 #
 verify_firewall_script() {
    if [ ! -f $g_firewall ]; then
 	echo "   ERROR: $g_product is not properly installed" >&2
 	if [ -L $g_firewall ]; then
 	    echo "          $g_firewall is a symbolic link to a" >&2
 	    echo "          non-existant file" >&2
 	else
 	    echo "          The file $g_firewall does not exist" >&2
 	fi
 	exit 2
    fi
 }
 ################################################################################
 # The remaining functions are used by the Lite cli - they are overloaded by
 # the Standard CLI by loading lib.cli-std
 ################################################################################
 #
 # Start Command Executor
 #
@@ -3783,7 +3782,7 @@ start_command() {
 }
 #
-# Restart Command Executor
+# Reload/Restart Command Executor
 #
 restart_command() {
    local finished
@@ -3842,11 +3841,11 @@ restart_command() {
    [ -n "$g_nolock" ] || mutex_on
    if [ -x ${VARDIR}/firewall ]; then
-	run_it ${VARDIR}/firewall $g_debugging restart
+	run_it ${VARDIR}/firewall $g_debugging $COMMAND
 	rc=$?
    else
 	error_message "${VARDIR}/firewall is missing or is not executable"
-	logger -p kern.err "ERROR:$g_product restart failed"
+	logger -p kern.err "ERROR:$g_product $COMMAND failed"
 	rc=6
    fi
@@ -3862,6 +3861,12 @@ run_command() {
    fi
 }
 #
 # Echo the parameters if product is Shorewall or Shorewall6
 #
 ecko() {
    [ -z "$g_lite" ] && echo "$@"
 }
 #
 # Give Usage Information
 #
@@ -3871,13 +3876,16 @@ usage() # $1 = exit status
    echo "where <command> is one of:"
    echo "   add <interface>[:<host-list>] ... <zone>"
    echo "   allow <address> ..."
    ecko "   [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ -i ] [ <directory> ]"
    echo "   clear"
    ecko "   [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ -i ] [ <directory name> ] [ <path name> ]"
    echo "   close <source> <dest> [ <protocol> [ <port> ] ]" 
    echo "   delete <interface>[:<host-list>] ... <zone>"
    echo "   disable <interface>"
    echo "   drop <address> ..."
    echo "   dump [ -x ] [ -l ] [ -m ]"
    echo "   enable <interface>"
    ecko "   export [ <directory1> ] [<user>@]<system>[:<directory2>]"
    echo "   forget [ <file name> ]"
    echo "   help"
@@ -3887,21 +3895,53 @@ usage() # $1 = exit status
 	echo "   iprange <address>-<address>"
    fi
    if [ $g_family -eq 4 ]; then
 	echo "   iptrace <iptables match expression>"
    else
 	echo "   iptrace <ip6tables match expression>"
    fi
    ecko "   load [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
    echo "   logdrop <address> ..."
    echo "   logreject <address> ..."
    echo "   logwatch [<refresh interval>]"
    if [ $g_family -eq 4 ]; then
 	echo "   noiptrace <iptables match expression>"
    else
 	echo "   noiptrace <ip6tables match expression>"
    fi
    echo "   open <source> <dest> [ <protocol> [ <port> ] ]" 
    echo "   reject <address> ..."
    echo "   reenable <interface>"
    ecko "   refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
    echo "   reject <address> ..."
    ecko "   reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
    if [ -z "$g_lite" ]; then
 	echo "   remote-reload [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
 	echo "   remote-restart [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
 	echo "   remote-start [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
    fi
    echo "   reset [ <chain> ... ]"
-    echo "   restart [ -n ] [ -p ] [ -f ] [ -C ] [ <directory> ]"
+
    if [ -n "$g_lite" ]; then
 	echo "   restart [ -n ] [ -p ] [ -f ] [ -C ] [ <directory> ]"
    else
 	echo "   restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ -C ] [ <directory> ]"
    fi
    echo "   restore [ -n ] [ -p ] [ -C ] [ <file name> ]"
    echo "   run <command> [ <parameter> ... ]"
    ecko "   safe-restart [ -t <timeout> ] [ <directory> ]"
    ecko "   safe-start [ -t <timeout> ] [ <directory> ]"
    echo "   save [ -C ] [ <file name> ]"
    echo "   savesets"
    echo "   [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
-    echo "   [ show | list | ls ] [ -f ] capabilities"
+    ecko "   [ show | list | ls ] actions"
    echo "   [ show | list | ls ] arptables"
    echo "   [ show | list | ls ] [ -f ] capabilities"
    echo "   [ show | list | ls ] [ -x ] {bl|blacklists}"
    echo "   [ show | list | ls ] classifiers"
    echo "   [ show | list | ls ] config"
@@ -3917,6 +3957,8 @@ usage() # $1 = exit status
    echo "   [ show | list | ls ] [ -m ] log [<regex>]"
    echo "   [ show | list | ls ] [ -x ] mangle|nat|raw|rawpost"
    ecko "   [ show | list | ls ] macro <macro>"
    ecko "   [ show | list | ls ] macros"
    echo "   [ show | list | ls ] nfacct"
    echo "   [ show | list | ls ] opens"
    echo "   [ show | list | ls ] policies"
@@ -3924,9 +3966,17 @@ usage() # $1 = exit status
    echo "   [ show | list | ls ] tc [ device ]"
    echo "   [ show | list | ls ] vardir"
    echo "   [ show | list | ls ] zones"
-    echo "   start [ -f ] [ -p ] [ -C ] [ <directory> ]"
+
-    echo "   stop"
+    if [ -n "$g_lite" ]; then
 	echo "   start [ -f ] [ -p ] [ -C ] [ <directory> ]"
    else
 	echo "   start [ -f ] [ -n ] [ -p ] [ -c ] [ -T ] [ -i ] [ -C ] [ <directory> ]"
    fi
    echo "   status [ -i ]"
    echo "   stop"
    ecko "   try <directory> [ <timeout> ]"
    ecko "   update [ -a ] [ -b ] [ -r ] [ -T ]  [ -D ] [ -i ] [-t] [-s] [-n] [-A] [ <directory> ]"
    echo "   version [ -a ]"
    echo
    exit $1
@@ -3964,7 +4014,6 @@ shorewall_cli() {
    g_refreshchains=:none:
    g_confess=
    g_update=
    g_convert=
    g_annotate=
    g_recovering=
    g_timestamp=
@@ -3973,11 +4022,10 @@ shorewall_cli() {
    g_conditional=
    g_file=
    g_doing="Compiling"
    g_directives=
    g_inline=
    g_tcrules=
    g_counters=
    g_loopback=
    g_compiled=
    VERBOSE=
    VERBOSITY=1
@@ -4156,7 +4204,7 @@ shorewall_cli() {
 	    run_it $g_firewall $g_debugging reset $@
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
-	restart)
+	reload|restart)
 	    get_config Yes Yes
 	    shift
 	    restart_command $@
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,7 +1,7 @@
 #
-# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
+# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -33,7 +33,7 @@ startup_error() # $* = Error Message
    echo "   ERROR: $@: Firewall state not changed" >&2
    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
    fi
@@ -50,7 +50,7 @@ startup_error() # $* = Error Message
    esac
    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
 	case $COMMAND in
 	    start)
@@ -71,117 +71,35 @@ startup_error() # $* = Error Message
 }
 #
-# Fatal Error
+# Create the required option string and run the passed script using
 #
 fatal_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 2
 }
 #
 # Not configured Error
 #
 not_configured_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 6
 }
 #
 # Get the Shorewall version of the passed script
 #
 get_script_version() { # $1 = script
    local temp
    local version
    local ifs
    local digits
    local verbosity
    verbosity="$VERBOSITY"
    VERBOSITY=0
    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )
    if [ -z "$temp" ]; then
 	version=0
    else
 	ifs=$IFS
 	IFS=.
 	temp=$(echo $temp)
 	IFS=$ifs
 	digits=0
 	for temp in $temp; do
 	    version=${version}$(printf '%02d' $temp)
 	    digits=$(($digits + 1))
 	    [ $digits -eq 3 ] && break
 	done
    fi
    echo $version
    VERBOSITY="$verbosity"
 }
 #
 # Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
    local script
    local options
    local version
    export VARDIR
    script=$1
    shift
-    version=$(get_script_version $script)
+    if [ x$1 = xtrace -o x$1 = xdebug ]; then
-
+	options="$1 -"
-    if [ $version -lt 040408 ]; then
+	shift;
 	#
 	# Old script that doesn't understand 4.4.8 script options
 	#
 	export RESTOREFILE
 	export VERBOSITY
 	export NOROUTES=$g_noroutes
 	export PURGE=$g_purge
 	export TIMESTAMP=$g_timestamp
 	export RECOVERING=$g_recovering
 	case "$g_program" in
 	    *-lite)
 		#
 		# Shorewall Lite
 		#
 		export LOGFORMAT
 		export IPTABLES
 		;;
 	esac
    else
-	#
+	options='-'
 	# 4.4.8 or later -- no additional exports required
 	#
 	if [ x$1 = xtrace -o x$1 = xdebug ]; then
 	    options="$1 -"
 	    shift;
 	else
 	    options='-'
 	fi
 	[ -n "$g_noroutes" ]   && options=${options}n
 	[ -n "$g_timestamp" ]  && options=${options}t
 	[ -n "$g_purge" ]      && options=${options}p
 	[ -n "$g_recovering" ] && options=${options}r
 	[ -n "$g_counters" ]   && options=${options}c
 	options="${options}V $VERBOSITY"
 	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    fi
    [ -n "$g_noroutes" ]   && options=${options}n
    [ -n "$g_timestamp" ]  && options=${options}t
    [ -n "$g_purge" ]      && options=${options}p
    [ -n "$g_recovering" ] && options=${options}r
    [ -n "$g_counters" ]   && options=${options}c
    options="${options}V $VERBOSITY"
    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    $SHOREWALL_SHELL $script $options $@
 }
@@ -398,6 +316,7 @@ reload_kernel_modules() {
    local moduleloader
    moduleloader=modprobe
    local uname
    local extras
    if ! qt mywhich modprobe; then
 	moduleloader=insmod
@@ -405,9 +324,25 @@ reload_kernel_modules() {
    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
-    [ -z "$MODULESDIR" ] && \
+    if [ -n "$MODULESDIR" ]; then
-	uname=$(uname -r) && \
+	case "$MODULESDIR" in
 	    +*)
 		extras="$MODULESDIR"
 		extras=${extras#+}
 		MODULESDIR=
 		;;
 	esac
    fi
    if [ -z "$MODULESDIR" ]; then
 	uname=$(uname -r)
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
 	if [ -n "$extras" ]; then
 	    for directory in $(split "$extras"); do
 		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
 	    done
 	fi
    fi
    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
@@ -437,6 +372,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    local savemoduleinfo
    savemoduleinfo=${1:-Yes} # So old compiled scripts still work
    local uname
    local extras
    if ! qt mywhich modprobe; then
 	moduleloader=insmod
@@ -444,9 +380,25 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
-    [ -z "$MODULESDIR" ] && \
+    if [ -n "$MODULESDIR" ]; then
-	uname=$(uname -r) && \
+	case "$MODULESDIR" in
 	    +*)
 		extras="$MODULESDIR"
 		extras=${extras#+}
 		MODULESDIR=
 		;;
 	esac
    fi
    if [ -z "$MODULESDIR" ]; then
 	uname=$(uname -r)
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
 	if [ -n "$extras" ]; then
 	    for directory in $(split "$extras"); do
 		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
 	    done
 	fi
    fi
    for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@@ -581,9 +533,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name
+chain_exists() # $1 = chain name, $2 = table name (optional)
 {
-    qt1 $g_tool -L $1 -n
+    qt1 $g_tool -t ${2:-filter} -L $1 -n
 }
 #
@@ -791,12 +743,15 @@ mutex_on()
    local lockf
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    local lockd
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
    if [ $MUTEX_TIMEOUT -gt 0 ]; then
-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+	lockd=$(dirname $LOCKFILE)
 	[ -d "$lockd" ] || mkdir -p "$lockd"
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
@@ -816,6 +771,11 @@ mutex_on()
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
            chmod u+w ${lockf}
            echo $$ > ${lockf}
            chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 4.5 rc file
+# Apple OS X Shorewall 5.0 rc file
 #
 BUILD=apple
 HOST=apple
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 4.5 rc file
+# Arch Linux Shorewall 5.0 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 4.5 rc file
+# Cygwin Shorewall 5.0 rc file
 #
 BUILD=cygwin
 HOST=cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -0,0 +1,23 @@
 #
 # Debian Shorewall 4.5 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
 PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
 CONFDIR=/etc				#Directory where subsystem configurations are installed
 SBINDIR=/sbin				#Directory where system administration programs are installed
 MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
 INITDIR=				#Directory where SysV init scripts are installed.
 INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
 ANNOTATED=				#If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -15,9 +15,9 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,5 +1,5 @@
 #
-# Default Shorewall 4.5 rc file
+# Default Shorewall 5.0 rc file
 #
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -0,0 +1,26 @@
 #
 # Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
 #
 # Input: host=openwrt
 #
 HOST=openwrt
 PREFIX=/usr                             
 SHAREDIR=${PREFIX}/share                
 LIBEXECDIR=${PREFIX}/share              
 PERLLIBDIR=${PREFIX}/share/shorewall    
 CONFDIR=/etc                            
 SBINDIR=/sbin                           
 MANDIR=${PREFIX}/man                    
 INITDIR=/etc/init.d                     
 INITSOURCE=init.openwrt.sh
 INITFILE=$PRODUCT                       
 AUXINITSOURCE=
 AUXINITFILE=
 SERVICEDIR=                             
 SERVICEFILE=                            
 SYSCONFFILE=default.openwrt
 SYSCONFDIR=${CONFDIR}/sysconfig
 SPARSE=                                 
 ANNOTATED=                              
 VARLIB=/lib
 VARDIR=${VARLIB}/$PRODUCT               
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 4.5 rc file
+# RedHat/FedoraShorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 4.5 rc file
+# Slackware Shorewall 5.0 rc file
 #
 BUILD=slackware
 HOST=slackware
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 4.5 rc file
+# SuSE Shorewall 5.0 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -38,7 +38,7 @@
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
+# 3 - unimplemented feature
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -397,6 +397,7 @@ if [ $HOST = debian ]; then
 	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
 	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
 	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
    fi
    IFUPDOWN=ifupdown.debian.sh
@@ -490,7 +491,11 @@ esac
 if [ -z "$DESTDIR" ]; then
    if [ $configure -eq 1 -a -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
+	    if [ -n "$SERVICEDIR" ]; then
 		if systemctl enable ${PRODUCT}.service; then
                    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif mywhich insserv; then
 		if insserv ${INITDIR}/shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
@@ -554,7 +559,7 @@ fi
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
-if [ -f ${DESTDIR}/etc/ppp ]; then
+if [ -d ${DESTDIR}/etc/ppp ]; then
    case $HOST in
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,5 +1,5 @@
 #!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -6,7 +6,6 @@
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network.target
 Conflicts=iptables.service ip6tables.service firewalld.service
 [Service]
 Type=oneshot
--- a/Shorewall-init/shorewall-init.service.214
+++ b/Shorewall-init/shorewall-init.service.214
@@ -7,7 +7,6 @@
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
--- a/Shorewall-init/shorewall-init.service.214.debian
+++ b/Shorewall-init/shorewall-init.service.214.debian
@@ -0,0 +1,21 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/shorewall-init.service.debian
+++ b/Shorewall-init/shorewall-init.service.debian
@@ -0,0 +1,20 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -174,9 +174,13 @@ if [ -f "$INITSCRIPT" ]; then
    remove_file $INITSCRIPT
 fi
-if [ -n "$SYSTEMD" ]; then
+if [ -z "${SERVICEDIR}" ]; then
    SERVICEDIR="$SYSTEMD"
 fi
 if [ -n "$SERVICEDIR" ]; then
    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
-    rm -f $SYSTEMD/shorewall-init.service
+    rm -f $SERVICEDIR/shorewall-init.service
 fi
 [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
@@ -202,8 +206,10 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
    for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	if [ -f ${CONFDIR}/ppp/$file ]; then
-	    remove_file ${CONFDIR}/ppp/$FILE
+	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
 		remove_file ${CONFDIR}/ppp/$FILE
 	    fi
 	fi
    done
 fi
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -1,5 +1,5 @@
 #
-# Shorewall Lite version 4.1 - Default Config Path
+# Shorewall Lite version 5 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #
--- a/Shorewall-lite/default.openwrt
+++ b/Shorewall-lite/default.openwrt
@@ -0,0 +1,25 @@
 # sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
 # startup option(default "-vvv")
 OPTIONS=
 # change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
 START=50
 # change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
 STOP=
 # option to pass when shorewall start is executed
 STARTOPTIONS=
 # option to pass when shorewall restart is executed
 RESTARTOPTIONS=
 # option to pass when shorewall reload is executed
 RELOADOPTIONS=
 # option to pass when shorewall stop is executed
 STOPOPTIONS=
 # option to pass when shorewall status is executed
 STATUSOPTIONS=
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -0,0 +1,98 @@
 #!/bin/sh /etc/rc.common
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
 #
 #	Commands are:
 #
 #	   shorewall-lite start			  Starts the firewall
 #	   shorewall-lite restart		  Restarts the firewall
 #	   shorewall-lite reload		  Reload the firewall
 #						  (same as restart)
 #	   shorewall-lite stop			  Stops the firewall
 #	   shorewall-lite status		  Displays firewall status
 #
 # description: Packet filtering firewall
 # openwrt stuph
 # start and stop runlevel variable
 #START=21
 #STOP=91
 # variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument
 EXTRA_COMMANDS="status"
 EXTRA_HELP="Displays shorewall status"
 ################################################################################
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-vvv"
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
    . ${SYSCONFDIR}/shorewall-lite
 fi
 START=${START:-21}
 STOP=${STOP:-91}
 SHOREWALL_INIT_SCRIPT=1
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
 # arg1 of init script is arg2 when rc.common is sourced; set to action variable
 command="$action"
 start() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STARTOPTIONS:-$@}
 }
 boot() {
 local command="start"
 start
 }
 restart() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RESTARTOPTIONS:-$@}
 }
 reload() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RELOADOPTION:-$@}
 }
 stop() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STOPOPTIONS:-$@}
 }
 status() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STATUSOPTIONS:-$@}
 }
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -67,15 +67,6 @@ mywhich() {
    return 2
 }
 run_install()
 {
    if ! install $*; then
 	echo
 	echo "ERROR: Failed to install $*" >&2
 	exit 1
    fi
 }
 cant_autostart()
 {
    echo
@@ -89,7 +80,28 @@ delete_file() # $1 = file to delete
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
 	if chmod $3 $2; then
 	    if [ -n "$OWNER" ]; then
 		if chown $OWNER:$GROUP $2; then
 		    return
 		fi
 	    else
 		return 0
 	    fi
 	fi
    fi
    echo "ERROR: Failed to install $2" >&2
    exit 1
 }
 make_directory() # $1 = directory , $2 = mode
 {
    mkdir -p $1
    chmod 755 $1
    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
 }
 require()
@@ -187,7 +199,7 @@ elif [ -z "${VARDIR}" ]; then
    VARDIR=${VARLIB}/${PRODUCT}
 fi
-for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
@@ -201,8 +213,6 @@ PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 # Determine where to install the firewall script
 #
 cygwin=
 INSTALLD='-D'
 T='-T'
 if [ -z "$BUILD" ]; then
    case $(uname) in
@@ -245,6 +255,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=slackware
 	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
 	    elif [ -f ${CONFDIR}/openwrt_release ]; then
 		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -260,16 +272,16 @@ case $BUILD in
    apple)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
 	INSTALLD=
 	T=
 	;;
    *)
-	[ -z "$OWNER" ] && OWNER=root
+	if [ $(id -u) -eq 0 ]; then
-	[ -z "$GROUP" ] && GROUP=root
+	    [ -z "$OWNER" ] && OWNER=root
 	    [ -z "$GROUP" ] && GROUP=root
 	fi
 	;;
 esac
-OWNERSHIP="-o $OWNER -g $GROUP"
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
 [ -n "$HOST" ] || HOST=$BUILD
@@ -300,6 +312,9 @@ case "$HOST" in
    suse)
 	echo "Installing Suse-specific configuration..."
 	;;
    openwrt)
 	echo "Installing OpenWRT-specific configuration..."
 	;;
    linux)
 	;;
    *)
@@ -316,8 +331,9 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
    fi
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
+    make_directory ${DESTDIR}${SBINDIR} 755
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+    make_directory ${DESTDIR}${INITDIR} 755
 else
    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
@@ -357,7 +373,7 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
-[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
@@ -399,7 +415,7 @@ fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
 fi
@@ -421,9 +437,9 @@ fi
 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
+install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
-[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
+[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
 echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 #
@@ -438,7 +454,7 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
 for f in lib.* ; do
    if [ -f $f ]; then
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
    fi
 done
@@ -451,7 +467,7 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -461,17 +477,17 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 #
 if [ -f modules ]; then
-    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 if [ -f helpers ]; then
-    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
@@ -482,17 +498,17 @@ done
 if [ -d manpages ]; then
    cd manpages
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
    done
    for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
    done
@@ -502,7 +518,7 @@ if [ -d manpages ]; then
 fi
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
@@ -533,13 +549,13 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
 fi
 if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
@@ -587,6 +603,13 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	else
 	    cant_autostart
 	fi
    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
 	/etc/init.d/$PRODUCT enable
 	if /etc/init.d/$PRODUCT enabled; then
            echo "$PRODUCT will start automatically at boot"
 	else
            cant_autostart
 	fi
    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
 	cant_autostart
    fi
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -329,6 +329,21 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>reload</option></arg>
      <arg><option>-n</option></arg>
      <arg><option>-p</option><arg><option>-C</option></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -708,6 +723,7 @@
          <para>If <option>-f</option> is given, the command will be processed
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
          role="bold">reload</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
@@ -1026,6 +1042,32 @@
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
        [-<option>C</option>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.0, <emphasis
          role="bold">reload</emphasis> is similar to <emphasis
          role="bold">shorewall-lite start</emphasis> except that it assumes
          that the firewall is already started. Existing connections are
          maintained.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
        ...]</emphasis><acronym/></term>
@@ -1043,9 +1085,10 @@
        [-<option>C</option>]</term>
        <listitem>
-          <para>Restart is similar to <emphasis role="bold">shorewall-lite
+          <para>Beginning with Shorewall 5.0.0, this command performs a true
-          start</emphasis> except that it assumes that the firewall is already
+          restart. The firewall is completely stopped as if a
-          started. Existing connections are maintained.</para>
+          <command>stop</command> command had been issued then it is started
          again.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
@@ -1243,11 +1286,19 @@
            </varlistentry>
            <varlistentry>
-              <term><emphasis role="bold">connections</emphasis></term>
+              <term><emphasis role="bold">connections
              [<replaceable>filter_parameter</replaceable>
              ...]</emphasis></term>
              <listitem>
                <para>Displays the IP connections currently being tracked by
                the firewall.</para>
                <para>If the <command>conntrack</command> utility is
                installed, beginning with Shorewall 4.6.11 the set of
                connections displayed can be limited by including conntrack
                filter parameters (-p , -s, --dport, etc). See conntrack(8)
                for details.</para>
              </listitem>
            </varlistentry>
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -0,0 +1,23 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -168,7 +168,15 @@ if [ $configure -eq 1 ]; then
 fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    if [ $HOST = openwrt ]; then
 	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
 	    /etc/init.d/shorewall-lite disable
 	fi
 	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
    else
 	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
    fi
 elif [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi
@@ -187,9 +195,11 @@ if [ -f "$FIREWALL" ]; then
    remove_file $FIREWALL
 fi
-if [ -n "$SYSTEMD" ]; then
+[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"
 if [ -n "$SERVICEDIR" ]; then
    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
-    rm -f $SYSTEMD/shorewall-lite.service
+    rm -f $SERVICEDIR/shorewall-lite.service
 fi
 rm -f ${SBINDIR}/shorewall-lite
@@ -199,6 +209,7 @@ rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXECDIR}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
 rm -f  ${SYSCONFDIR}/shorewall-lite
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 4
+Shoreline Firewall (Shorewall) Version 5
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - AMQP Macro
+# Shorewall - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #
 #	This macro handles AMQP traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Audited AllowICMPs Macro
+# Shorewall - Audited AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.A_AllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Audited DropDNSrep Macro
+# Shorewall - Audited DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.A_DropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - ADropUPnP Macro
+# Shorewall - ADropUPnP Macro
 #
 # /usr/share/shorewall/macro.A_DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Samba 4 Macro
+# Shorewall - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
@@ -9,8 +9,6 @@
 #
 #
 ###############################################################################
 ?FORMAT 2 
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM   -       -       tcp     389 	#LDAP services
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - AllowICMPs Macro
+# Shorewall - AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.AllowICMPs
 #
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Amanda Macro
+# Shorewall - Amanda Macro
 #
 # /usr/share/shorewall/macro.Amanda
 #
@@ -8,8 +8,6 @@
 #	files from those nodes.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Auth Macro
+# Shorewall - Auth Macro
 #
 # /usr/share/shorewall/macro.Auth
 #
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - BGP Macro
+# Shorewall - BGP Macro
 #
 # /usr/share/shorewall/macro.BGP
 #
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - blacklist Macro
+# Shorewall - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - BitTorrent Macro
+# Shorewall - BitTorrent Macro
 #
 # /usr/share/shorewall/macro.BitTorrent
 #
@@ -9,8 +9,6 @@
 #	BitTorrent32 macro.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - BitTorrent 3.2 Macro
+# Shorewall - BitTorrent 3.2 Macro
 #
 # /usr/share/shorewall/macro.BitTorrent32
 #
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - CVS Macro
+# Shorewall - CVS Macro
 #
 # /usr/share/shorewall/macro.CVS
 #
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Citrix/ICA Macro
+# Shorewall - Citrix/ICA Macro
 #
 # /usr/share/shorewall/macro.Citrix
 #
@@ -7,8 +7,6 @@
 #	ICA Session Reliability)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - DAAP Macro
+# Shorewall - DAAP Macro
 #
 # /usr/share/shorewall/macro.DAAP
 #
@@ -7,8 +7,6 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - DCC Macro
+# Shorewall - DCC Macro
 #
 # /usr/share/shorewall/macro.DCC
 #
@@ -7,8 +7,6 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - DHCPfwd Macro
+# Shorewall - DHCPfwd Macro
 #
 # /usr/share/shorewall/macro.DHCPfwd
 #
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - DNS Macro
+# Shorewall - DNS Macro
 #
 # /usr/share/shorewall/macro.DNS
 #
 #	This macro handles DNS traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Distcc Macro
+# Shorewall - Distcc Macro
 #
 # /usr/share/shorewall/macro.Distcc
 #
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Drop Macro
+# Shorewall - Drop Macro
 #
 # /usr/share/shorewall/macro.Drop
 #
@@ -11,8 +11,6 @@
 #		Drop	net	all
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - DropDNSrep Macro
+# Shorewall - DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.DropDNSrep
 #
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - DropUPnP Macro
+# Shorewall - DropUPnP Macro
 #
 # /usr/share/shorewall/macro.DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Edonkey Macro
+# Shorewall - Edonkey Macro
 #
 # /usr/share/shorewall/macro.Edonkey
 #
@@ -28,8 +28,6 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - FTP Macro
+# Shorewall - FTP Macro
 #
 # /usr/share/shorewall/macro.FTP
 #
 #	This macro handles FTP traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Finger Macro
+# Shorewall - Finger Macro
 #
 # /usr/share/shorewall/macro.Finger
 #
@@ -7,8 +7,6 @@
 #	your finger information to internet.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - GNUnet Macro
+# Shorewall - GNUnet Macro
 #
 # /usr/share/shorewall/macro.GNUnet
 #
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - GRE Macro
+# Shorewall - GRE Macro
 #
 # /usr/share/shorewall/macro.GRE
 #
@@ -7,8 +7,6 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Git Macro
+# Shorewall - Git Macro
 #
 # /usr/share/shorewall/macro.Git
 #
 #	This macro handles Git traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Gnutella Macro
+# Shorewall - Gnutella Macro
 #
 # /usr/share/shorewall/macro.Gnutella
 #
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Citrix/Goto Meeting macro
+# Shorewall - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter
@@ -7,8 +7,6 @@
 #       Assumes that ports 80 and 443 are already open
 #       If needed, use the macros that open Http and Https to reduce redundancy
 ####################################################################################
 ?FORMAT 2
 ####################################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - HKP Macro
+# Shorewall - HKP Macro
 #
 # /usr/share/shorewall/macro.HKP
 #
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - HTTP Macro
+# Shorewall - HTTP Macro
 #
 # /usr/share/shorewall/macro.HTTP
 #
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - HTTPS Macro
+# Shorewall - HTTPS Macro
 #
 # /usr/share/shorewall/macro.HTTPS
 #
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - ICPV2 Macro
+# Shorewall - ICPV2 Macro
 #
 # /usr/share/shorewall/macro.ICPV2
 #
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - ICQ Macro
+# Shorewall - ICQ Macro
 #
 # /usr/share/shorewall/macro.ICQ
 #
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - ILO Macro
+# Shorewall - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #
@@ -8,8 +8,6 @@
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3002		# Raw serial data
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IMAP Macro
+# Shorewall - IMAP Macro
 #
 # /usr/share/shorewall/macro.IMAP
 #
@@ -7,8 +7,6 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IMAPS Macro
+# Shorewall - IMAPS Macro
 #
 # /usr/share/shorewall/macro.IMAPS
 #
@@ -7,8 +7,6 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - IPIP Macro
+# Shorewall - IPIP Macro
 #
 # /usr/share/shorewall/macro.IPIP
 #
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IPMI Macro
+# Shorewall - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #
@@ -9,8 +9,6 @@
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	623		# RMCP
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 3.2 - IPP Macro
+# Shorewall - IPP Macro
 #
 # /usr/share/shorewall/macro.IPP
 #
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IPP Broadcast Macro
+# Shorewall - IPP Broadcast Macro
 #
 # /usr/share/shorewall/macro.IPPbrd
 #
@@ -8,8 +8,6 @@
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IPPserver Macro
+# Shorewall - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #
@@ -23,8 +23,6 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - IPsec Macro
+# Shorewall - IPsec Macro
 #
 # /usr/share/shorewall/macro.IPsec
 #
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - IPsecah Macro
+# Shorewall - IPsecah Macro
 #
 # /usr/share/shorewall/macro.IPsecah
 #
@@ -7,8 +7,6 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - IPsecnat Macro
+# Shorewall - IPsecnat Macro
 #
 # /usr/share/shorewall/macro.IPsecnat
 #
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 IRC Macro
+# Shorewall IRC Macro
 #
 # /usr/share/shorewall/macro.IRC
 #
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - JAP Macro
+# Shorewall - JAP Macro
 #
 # /usr/share/shorewall/macro.JAP
 #
@@ -8,8 +8,6 @@
 #	to browse anonymously!
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
--- a/Shorewall/Macros/macro.Jabber
+++ b/Shorewall/Macros/macro.Jabber
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Jabber Macro
+# Shorewall - Jabber Macro
 #
 # /usr/share/shorewall/macro.Jabber
 #
 #	This macro accepts Jabber traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - JabberPlain Macro
+# Shorewall - JabberPlain Macro
 #
 # /usr/share/shorewall/macro.JabberPlain
 #
@@ -7,8 +7,6 @@
 #	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 Jabber
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - JabberSecure (SSL) Macro
+# Shorewall - JabberSecure (SSL) Macro
 #
 # /usr/share/shorewall/macro.JabberSecure
 #
@@ -8,8 +8,6 @@
 #	Jabber macro instead.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -1,13 +1,11 @@
 #
-# Shorewall version 3.4 - Jabberd (server intercommunication)
+# Shorewall - Jabberd (server intercommunication)
 #
 # /usr/share/shorewall/macro.Jabberd
 #
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -1,13 +1,11 @@
 #
-# Shorewall version 3.2 - Jetdirect Macro
+# Shorewall - Jetdirect Macro
 #
 # /usr/share/shorewall/macro.Jetdirect
 #
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Kerberos Macro
+# Shorewall - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - L2TP Macro
+# Shorewall - L2TP Macro
 #
 # /usr/share/shorewall/macro.L2TP
 #
@@ -7,8 +7,6 @@
 #	(RFC 2661)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - LDAP Macro
+# Shorewall - LDAP Macro
 #
 # /usr/share/shorewall/macro.LDAP
 #
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	389
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - LDAPS Macro
+# Shorewall - LDAPS Macro
 #
 # /usr/share/shorewall/macro.LDAPS
 #
@@ -11,8 +11,6 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	636
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - MSNP Macro
+# Shorewall - MSNP Macro
 #
 # /usr/share/shorewall/macro.MSNP
 #
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1863
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -1,13 +1,12 @@
 #
-# Shorewall version 4 - MSSQL Macro
+# Shorewall - MSSQL Macro
 #
 # /usr/share/shorewall/macro.MSSQL
 #
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Mail Macro
+# Shorewall - Mail Macro
 #
 # /usr/share/shorewall/macro.Mail
 #
@@ -12,8 +12,6 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	25
--- a/Shorewall/Macros/macro.MongoDB
+++ b/Shorewall/Macros/macro.MongoDB
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - MongoDB Macro
+# Shorewall - MongoDB Macro
 #
 # /usr/share/shorewall/macro.MongoDB
 #
 #	This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	27017
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - Munin Macro
+# Shorewall - Munin Macro
 #
 # /usr/share/shorewall/macro.Munin
 #
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4949
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -1,13 +1,11 @@
 #
-# Shorewall version 4 - MySQL Macro
+# Shorewall - MySQL Macro
 #
 # /usr/share/shorewall/macro.MySQL
 #
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3306
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 NNTP Macro
+# Shorewall NNTP Macro
 #
 # /usr/share/shorewall/macro.NNTP
 #
@@ -7,8 +7,6 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	119
--- a/Show More
+++ b/Show More