Add some decimal->hex convertions in routing rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Deprecate the current TPROXY implementation.
2012-05-10 11:11:15 -07:00 · 2012-05-10 11:02:08 -07:00 · 2012-05-10 07:29:59 -07:00
538 changed files with 13012 additions and 42785 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,17 +1,16 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure [ <option>=<setting> ] ...
 #
@@ -76,11 +76,14 @@ for p in $@; do
 		    pn=HOST
 		    ;;
 		SHAREDSTATEDIR)
-		    pn=VARLIB
+		    pn=VARDIR
 		    ;;
 		DATADIR)
 		    pn=SHAREDIR
 		    ;;
 		SYSCONFDIR)
 		    pn=CONFDIR
 		    ;;
 	    esac
 	    params[${pn}]="${pv}"
@@ -93,38 +96,15 @@ done
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
    if [ -f /etc/os-release ]; then
 	eval $(cat /etc/os-release | grep ^ID=)
 	case $ID in
 	    fedora|rhel)
 		vendor=redhat
 		;;
 	    debian|ubuntu)
 		vendor=debian
 		;;
 	    opensuse)
 		vendor=suse
 		;;
 	    *)
 		vendor="$ID"
 		;;
 	esac
 	params[HOST]="$vendor"
    fi
 fi
 if [ -z "$vendor" ]; then
    case `uname` in
 	Darwin)
-	    params[HOST]=apple
+	    $params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
-	cygwin*|CYGWIN*)
+	cygwin*)
-	    params[HOST]=cygwin
+	    $params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
 	    ;;
 	*)
@@ -152,7 +132,7 @@ if [ -z "$vendor" ]; then
    vendor=${params[HOST]}
 elif [ $vendor = linux ]; then
-    rcfile=shorewallrc.default;
+    rcfile=$shorewallrc.default;
 else
    rcfile=shorewallrc.$vendor
    if [ ! -f $rcfile ]; then
@@ -184,21 +164,6 @@ if [ $# -gt 0 ]; then
    echo '#'           >> shorewallrc
 fi
 if [ -n "${options[VARLIB]}" ]; then
    if [ -z "${options[VARDIR]}" ]; then
 	options[VARDIR]='${VARLIB}/${PRODUCT}'
    fi
 elif [ -n "${options[VARDIR]}" ]; then
    if [ -z "{$options[VARLIB]}" ]; then
 	options[VARLIB]=${options[VARDIR]}
 	options[VARDIR]='${VARLIB}/${PRODUCT}'
    fi
 fi
 if [ -z "${options[SERVICEDIR]}" ]; then
    options[SERVICEDIR]="${options[SYSTEMD]}"
 fi
 for on in \
    HOST \
    PREFIX \
@@ -213,13 +178,10 @@ for on in \
    INITFILE \
    AUXINITSOURCE \
    AUXINITFILE \
-    SERVICEDIR \
+    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
    SPARSE \
    ANNOTATED \
    VARLIB \
    VARDIR
 do
    echo "$on=${options[${on}]}"
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -2,16 +2,15 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure.pl <option>=<setting> ...
 #
@@ -38,8 +38,9 @@ my %params;
 my %options;
 my %aliases = ( VENDOR         => 'HOST',
-		SHAREDSTATEDIR => 'VARLIB',
+		SHAREDSTATEDIR => 'VARDIR',
-		DATADIR        => 'SHAREDIR' );
+		DATADIR        => 'SHAREDIR',
 		SYSCONFDIR     => 'CONFDIR' );
 for ( @ARGV ) {
    die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
@@ -56,28 +57,6 @@ my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
 unless ( defined $vendor ) {
    if ( -f '/etc/os-release' ) {
 	my $id = `cat /etc/os-release | grep ^ID=`;
 	chomp $id;
 	$id =~ s/ID=//;
 	if ( $id eq 'fedora' || $id eq 'rhel' ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
 	} elsif ( $id eq 'ubuntu' ) {
 	    $vendor = 'debian';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
 }
 if ( defined $vendor ) {
    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
@@ -100,7 +79,7 @@ if ( defined $vendor ) {
    } elsif ( `uname` =~ '^Darwin' ) {
 	$vendor = 'apple';
 	$rcfilename = 'shorewallrc.apple';
-    } elsif ( `uname` =~ /^Cygwin/i ) {
+    } elsif ( `uname` =~ '^Cygwin' ) {
 	$vendor = 'cygwin';
 	$rcfilename = 'shorewallrc.cygwin';
    } else {
@@ -145,17 +124,6 @@ printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
 if ( $options{VARLIB} ) {
    unless ( $options{VARDIR} ) {
 	$options{VARDIR} = '${VARLIB}/${PRODUCT}';
    }
 } elsif ( $options{VARDIR} ) {
    $options{VARLIB} = $options{VARDIR};
    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
 }
 $options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
 for ( qw/ HOST
 	  PREFIX
 	  SHAREDIR
@@ -169,13 +137,10 @@ for ( qw/ HOST
 	  INITFILE
 	  AUXINITSOURCE
 	  AUXINITFILE
-	  SERVICEDIR
+	  SYSTEMD
 	  SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
 	  SPARSE
 	  ANNOTATED
 	  VARLIB
 	  VARDIR / ) {
    my $val = $options{$_} || '';
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -164,18 +164,7 @@ else
    usage 1
 fi
-update=0
+for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
 if [ -z "${VARLIB}" ]; then
    VARLIB=${VARDIR}
    VARDIR="${VARLIB}/${PRODUCT}"
    update=1
 elif [ -z "${VARDIR}" ]; then
    VARDIR="${VARLIB}/${PRODUCT}"
    update=2
 fi
 for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
@@ -187,37 +176,15 @@ INSTALLD='-D'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora|rhel|centos|foobar)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -276,7 +243,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|redhat|slackware|archlinux|linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -329,13 +296,9 @@ if [ -n "${SYSCONFDIR}" ]; then
    chmod 755 ${DESTDIR}${SYSCONFDIR}
 fi
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "${SYSTEMD}" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
-fi
+    chmod 755 ${DESTDIR}${SYSTEMD}
 if [ -n "${SERVICEDIR}" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    chmod 755 ${DESTDIR}${SERVICEDIR}
 fi
 mkdir -p ${DESTDIR}${SBINDIR}
@@ -351,7 +314,7 @@ if [ -n "${INITFILE}" ]; then
    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
 	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
    fi
 fi
 #
@@ -383,24 +346,7 @@ ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-if [ -z "${DESTDIR}" ]; then
+[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
    if [ $update -ne 0 ]; then
 	echo "Updating $file - original saved in $file.bak"
 	cp $file $file.bak
 	echo '#'                                             >> $file
 	echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
 	echo '#'                                             >> $file
 	[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
 	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
    fi
 fi
 [ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,13 +17,18 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# This library contains the code common to all Shorewall components except the
+# This library contains the code common to all Shorewall components.
-# generated scripts.
+#
 # - It is loaded by /sbin/shorewall.
 # - It is released as part of Shorewall[6] Lite where it is used by /sbin/shorewall[6]-lite
 #   and /usr/share/shorewall[6]-lite/shorecap.
 #
-SHOREWALL_LIBVERSION=40509
+SHOREWALL_LIBVERSION=40502
 SHOREWALL_CAPVERSION=40502
 [ -n "${g_program:=shorewall}" ]
@@ -34,7 +38,11 @@ if [ -z "$g_readrc" ]; then
    #
    . /usr/share/shorewall/shorewallrc
    g_libexec="$LIBEXECDIR"
    g_sharedir="$SHAREDIR"/$g_program
    g_sbindir="$SBINDIR"
    g_perllib="$PERLLIBDIR"
    g_vardir="$VARDIR"
    g_confdir="$CONFDIR"/$g_program
    g_readrc=1
 fi
@@ -45,13 +53,13 @@ case $g_program in
    shorewall)
 	g_product="Shorewall"
 	g_family=4
-	g_tool=iptables
+	g_tool=
 	g_lite=
 	;;
    shorewall6)
 	g_product="Shorewall6"
 	g_family=6
-	g_tool=ip6tables
+	g_tool=
 	g_lite=
 	;;
    shorewall-lite)
@@ -68,12 +76,7 @@ case $g_program in
 	;;
 esac
-if [ -z "${VARLIB}" ]; then
+VARDIR=${VARDIR}/${g_program}
    VARLIB=${VARDIR}
    VARDIR=${VARLIB}/$g_program
 elif [ -z "${VARDIR}" ]; then
    VARDIR="${VARLIB}/${PRODUCT}"
 fi
 #
 # Conditionally produce message
@@ -127,6 +130,71 @@ combine_list()
    echo $o
 }
 #
 # Call this function to assert mutual exclusion with Shorewall. If you invoke the
 # /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
 # the first argument. Example "shorewall nolock refresh"
 #
 # This function uses the lockfile utility from procmail if it exists.
 # Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
 # behavior of lockfile.
 #
 mutex_on()
 {
    local try
    try=0
    local lockf
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
    if [ $MUTEX_TIMEOUT -gt 0 ]; then
 	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
 	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} removed"
 	    elif ! qt ps p ${lockpid}; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 	    fi
 	fi
 	if qt mywhich lockfile; then
 	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
 		try=$((${try} + 1))
 	    done
 	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
 	        # Create the lockfile
 		echo $$ > ${lockf}
 	    else
 		echo "Giving up on lock file ${lockf}" >&2
 	    fi
 	fi
    fi
 }
 #
 # Call this function to release mutual exclusion
 #
 mutex_off()
 {
    rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
 [ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
 #
 # Validate an IP address
 #
@@ -255,8 +323,6 @@ ip_range_explicit() {
    done
 }
 [ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
 #
 # Netmask to VLSM
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated
@@ -65,7 +65,6 @@ startup_error() # $* = Error Message
 	esac
    fi
    mutex_off
    kill $$
    exit 2
 }
@@ -85,7 +84,7 @@ get_script_version() { # $1 = script
    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )
-    if [ -z "$temp" ]; then
+    if [ $? -ne 0 ]; then
 	version=0
    else
 	ifs=$IFS
@@ -157,7 +156,6 @@ run_it() {
 	[ -n "$g_timestamp" ]  && options=${options}t
 	[ -n "$g_purge" ]      && options=${options}p
 	[ -n "$g_recovering" ] && options=${options}r
 	[ -n "$g_counters" ]   && options=${options}c
 	options="${options}V $VERBOSITY"
@@ -173,7 +171,6 @@ run_it() {
 error_message() # $* = Error Message
 {
   echo "   $@" >&2
   return 1
 }
 #
@@ -275,11 +272,8 @@ shorewall6_is_started() {
 # Echos the fully-qualified name of the calling shell program
 #
 my_pathname() {
    local pwd
    pwd=$PWD
    cd $(dirname $0)
    echo $PWD/$(basename $0)
    cd $pwd
 }
 #
@@ -607,7 +601,7 @@ find_first_interface_address() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# If there wasn't one, bail out now
 	#
@@ -636,7 +630,7 @@ find_first_interface_address_if_any() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
 	# along with everything else on the line
@@ -645,24 +639,6 @@ find_first_interface_address_if_any() # $1 = interface
    fi
 }
 #
 #Determines if the passed interface is a loopback interface
 #
 loopback_interface() { #$1 = Interface name
    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
 }
 #
 # Find Loopback Interfaces
 #
 find_loopback_interfaces() {
    local interfaces
    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
    [ -n "$interfaces" ] && echo $interfaces || echo lo
 }
 #
 # Internal version of 'which'
 #
@@ -700,11 +676,7 @@ find_file()
 		fi
 	    done
-	    if [ -n "$g_shorewalldir" ]; then
+	    echo ${g_confdir}/$1
 		echo ${g_shorewalldir}/$1
 	    else
 		echo ${g_confdir}/$1
 	    fi
 	    ;;
    esac
 }
@@ -745,69 +717,3 @@ truncate() # $1 = length
 {
    cut -b -${1}
 }
 #
 # Call this function to assert mutual exclusion with Shorewall. If you invoke the
 # /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
 # the first argument. Example "shorewall nolock refresh"
 #
 # This function uses the lockfile utility from procmail if it exists.
 # Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
 # behavior of lockfile.
 #
 mutex_on()
 {
    local try
    try=0
    local lockf
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
    if [ $MUTEX_TIMEOUT -gt 0 ]; then
 	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
 	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} removed"
 	    elif [ $lockpid -eq $$ ]; then
                return 0
 	    elif ! qt ps p ${lockpid}; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 	    fi
 	fi
 	if qt mywhich lockfile; then
 	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
 		try=$((${try} + 1))
 	    done
 	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
 	        # Create the lockfile
 		echo $$ > ${lockf}
 	    else
 		echo "Giving up on lock file ${lockf}" >&2
 	    fi
 	fi
    fi
 }
 #
 # Call this function to release mutual exclusion
 #
 mutex_off()
 {
    rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -14,8 +14,7 @@ INITDIR=                               #Unused on OS X
 INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
-SERVICEDIR=                            #Unused on OS X
+SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                        #Unused on OS X
+VARDIR=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,22 +1,20 @@
 #
-# Arch Linux Shorewall 4.5 rc file
+# Archlinux Shorewall 4.5 rc file
 #
-BUILD=                                 #Default is to detect the build system
+BUILD=archlinux
 HOST=archlinux
 PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/bin                       #Directory where system administration programs are installed
+SBINDIR=/sbin                          #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
+INITDIR=/etc/rc.d                      #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
+INITFILE=$PRODUCT                      #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.sh                     #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                               #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                        #Directory where product variable data is stored.
+VARDIR=/var/lib                        #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -14,8 +14,7 @@ INITDIR=/etc/init.d                   #Unused on Cygwin
 INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
-SERVICEDIR=                           #Unused on Cygwin
+SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                       #Unused on Cygwin
+VARDIR=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -15,9 +15,7 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -10,14 +10,12 @@ PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl mod
 CONFDIR=/etc                            #Directory where subsystem configurations are installed
 SBINDIR=/sbin                           #Directory where system administration programs are installed
 MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITDIR=etc/init.d                      #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -14,10 +14,8 @@ INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
+VARDIR=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -15,10 +15,8 @@ AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be i
 AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
 ANNOTATED=                                 #If non-empty, install annotated configuration files
-VARLIB=/var/lib                            #Directory where product variable data is stored.
+VARDIR=/var/lib                            #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -8,16 +8,14 @@ CONFDIR=/etc                                          #Directory where subsystem
 SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
-SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
+SBINDIR=/sbin                                         #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
 INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                                     #Name of the product's SysV init script
-INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.sh                                    #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SYSCONFFILE=                                          #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                                       #Directory where persistent product data is stored.
+VARDIR=/var/lib                                       #Directory where persistent product data is stored.
 VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,18 +2,17 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -1,135 +0,0 @@
 #!/bin/sh
 #
 # Debian ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
 Debian_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
    case $0 in
 	/etc/ppp/ip-*)
 	    #
 	    # IPv4
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall|shorewall-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	/etc/ppp/ipv6-*)
 	    #
 	    # IPv6
 	    #
 	    for product in $PRODUCTS; do
 		case $product in
 		    shorewall6|shorewall6-lite)
 			NEWPRODUCTS="$NEWPRODUCTS $product";
 			;;
 		esac
 	    done
 	    ;;
 	*)
 	    exit 0
 	    ;;
    esac
    PRODUCTS="$NEWPRODUCTS"
    case $0 in
 	*up/*)
 	    COMMAND=up
 	    ;;
 	*)
 	    COMMAND=down
 	    ;;
    esac
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 case $0 in
    /etc/ppp*)
 	#
 	# Debian ppp
 	#
 	Debian_ppp
 	;;
    *)
        #
        # Debian ifupdown system
        #
 	INTERFACE="$IFACE"
 	if [ "$MODE" = start ]; then
 	    COMMAND=up
 	elif [ "$MODE" = stop ]; then
 	    COMMAND=down
 	else
 	    exit 0
 	fi
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x $VARLIB/$PRODUCT/firewall ]; then
 	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -1,111 +0,0 @@
 #!/bin/sh
 #
 # Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Get startup options (override default)
 OPTIONS=
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ ! -x "$STATEDIR/firewall" ]; then
 	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT $OPTIONS compile
 	fi
    fi
 }
 IFUPDOWN=0
 PRODUCTS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
    . /etc/sysconfig/shorewall-init
 fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
 PHASE=''
 case $0 in
    /etc/ppp*)
 	INTERFACE="$1"
 	case $0 in
 	    *ip-up.local)
 		COMMAND=up
 		;;
 	    *ip-down.local)
 		COMMAND=down
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
    *)
 	#
 	# RedHat ifup/down system
 	#
 	INTERFACE="$1"
 	case $0 in 
 	    *ifup*)
 		COMMAND=up
 		;;
 	    *ifdown*)
 		COMMAND=down
 		;;
 	    *dispatcher.d*)
 		COMMAND="$2"
 		;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    setstatedir
    if [ -x "$STATEDIR/firewall" ]; then
 	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
 	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
    fi
 done
 exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# SuSE ifupdown script for Shorewall-based products
+# ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -22,22 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-setstatedir() {
+Debian_SuSE_ppp() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT compile
 	fi
    fi
 }
 SuSE_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"
@@ -99,48 +84,122 @@ fi
 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-PHASE=''
+if [ -f /etc/debian_version ]; then
-
+    case $0 in
-case $0 in
+	/etc/ppp*)
-    /etc/ppp*)
+	    #
-        #
+	    # Debian ppp
-	# SUSE ppp
+	    #
-	#
+	    Debian_SuSE_ppp
-	SuSE_ppp
+	    ;;
 	;;
-    *)
+	*)
-        #
+            #
-        # SuSE ifupdown system
+            # Debian ifupdown system
-        #
+            #
-	INTERFACE="$2"
+	    INTERFACE="$IFACE"
-	case $0 in
+	    if [ "$MODE" = start ]; then
 	    *dispatcher.d*)
 		INTERFACE="$1"
 		COMMAND="$2"
 		;;
 	    *if-up.d*)
 		COMMAND=up
-		;;
+	    elif [ "$MODE" = stop ]; then
 	    *if-down.d*)
 		COMMAND=down
-		;;
+	    else
 	    *)
 		exit 0
-		;;
+	    fi
 	esac
 	;;
 esac
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+	    case "$PHASE" in
 		pre-*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 elif [ -f /etc/SuSE-release ]; then
    case $0 in
 	/etc/ppp*)
 	    #
 	    # SUSE ppp
 	    #
 	    Debian_SuSE_ppp
 	    ;;
 	*)
            #
            # SuSE ifupdown system
            #
 	    INTERFACE="$2"
 	    case $0 in
 		*if-up.d*)
 		    COMMAND=up
 		    ;;
 		*if-down.d*)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 else
    #
    # Assume RedHat/Fedora/CentOS/Foobar/...
    #
    case $0 in
 	/etc/ppp*)
 	    INTERFACE="$1"
 	    case $0 in
 		*ip-up.local)
 		    COMMAND=up
 		    ;;
 		*ip-down.local)
 		    COMMAND=down
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
 	*)
 	    #
 	    # RedHat ifup/down system
 	    #
 	    INTERFACE="$1"
 	    case $0 in 
 		*ifup*)
 		    COMMAND=up
 		    ;;
 		*ifdown*)
 		    COMMAND=down
 		    ;;
 		*dispatcher.d*)
 		    COMMAND="$2"
 		    ;;
 		*)
 		    exit 0
 		    ;;
 	    esac
 	    ;;
    esac
 fi
 for PRODUCT in $PRODUCTS; do
-    setstatedir
+    #
-
+    # For backward compatibility, lib.base appends the product name to VARDIR
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
+    # Save it here and restore it below
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    #
    save_vardir=${VARDIR}
    if [ -x $VARDIR/$PRODUCT/firewall ]; then
 	  ( . ${SHAREDIR}/shorewall/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
 	    mutex_off
 	  )
    fi
    VARDIR=${save_vardir}
 done
 exit 0
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -36,8 +36,6 @@
 #                    bringing up the network
 ### END INIT INFO
 . /lib/lsb/init-functions
 export VERBOSITY=0
 if [ "$(id -u)" != "0" ]
@@ -52,30 +50,16 @@ echo_notdone () {
 }
 not_configured () {
-    echo "#### WARNING ####"
+	echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
+	echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
+	if [ "$1" != "stop" ]
-    then
+	then
-	echo ""
+		echo ""
-	echo "Please read about Debian specific customization in"
+		echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
+	fi
-    echo "#################"
+	echo "#################"
-    exit 0
+	exit 0
 }
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
    fi
 }
 #
@@ -86,87 +70,67 @@ setstatedir() {
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-    . $SYSCONFDIR/shorewall-init
+	. $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
+	if [ -z "$PRODUCTS" ]
-    then
+	then
-	not_configured
+		not_configured
-    fi
+	fi
 else
-    not_configured
+	not_configured
 fi
 # Initialize the firewall
 shorewall_start () {
-  local PRODUCT
+  local product
-  local STATEDIR
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
-
+  for product in $PRODUCTS; do
-  for PRODUCT in $PRODUCTS; do
+      VARDIR=/var/lib/$product
-      setstatedir
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
-
+      if [ -x ${VARDIR}/firewall ]; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	  #
          #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
-	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+	      . /usr/share/$product/lib.base
-		  ${STATEDIR}/firewall ${OPTIONS} stop || echo_notdone
+	      #
-	      else
+	      # Get mutex so the firewall state is stable
-		  echo_notdone
+	      #
 	      mutex_on
 	      if ! ${VARDIR}/firewall status > /dev/null 2>&1; then
 		  ${VARDIR}/firewall stop || echo_notdone
 	      fi
 	      mutex_off
 	  )
      else
 	  echo_notdone
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      echo -n "Restoring ipsets: "
      if ! ipset -R < "$SAVE_IPSETS"; then
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
 # Clear the firewall
 shorewall_stop () {
-  local PRODUCT
+  local product
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
+  for product in $PRODUCTS; do
-      setstatedir
+      VARDIR=/var/lib/$product
-
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
-      if [ -x ${STATEDIR}/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || echo_notdone
+	  ( . /usr/share/$product/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall clear || echo_notdone
 	    mutex_off
 	  )
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" ]; then
      echo "Saving ipsets: "
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
@@ -180,7 +144,7 @@ case "$1" in
  reload|force-reload)
     ;;
  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
     exit 1
 esac
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -14,8 +14,13 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #determine where the files were installed
-
+if [ -f ~/.shorewallrc ]; then
-. /usr/share/shorewall/shorewallrc
+    . ~/.shorewallrc || exit 1
 else
    SBINDIR=/sbin
    SYSCONFDIR=/etc/default
    VARDIR=/var/lib
 fi
 prog="shorewall-init"
 logger="logger -i -t $prog"
@@ -35,26 +40,10 @@ else
    exit 6
 fi
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	${SBINDIR}/$PRODUCT $OPTIONS compile -c
    else
 	return 0
    fi
 }
 # Initialize the firewall
 start () {
-    local PRODUCT
+    local product
-    local STATEDIR
+    local vardir
    if [ -z "$PRODUCTS" ]; then
 	echo "No firewalls configured for shorewall-init"
@@ -63,26 +52,15 @@ start () {
    fi
    echo -n "Initializing \"Shorewall-based firewalls\": "
-
+    for product in $PRODUCTS; do
-    for PRODUCT in $PRODUCTS; do
+	if [ -x ${VARDIR}/$product/firewall ]; then
-	setstatedir
+	    ${VARDIR}/$product/firewall stop 2>&1 | $logger
-	retval=$?
+	    retval=${PIPESTATUS[0]}
-
+	    [ retval -ne 0 ] && break
 	if [ $retval -eq 0 ]; then
 	    if [ -x "${STATEDIR}/firewall" ]; then
 		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	touch $lockfile 
 	success
    else
@@ -94,30 +72,19 @@ start () {
 # Clear the firewall
 stop () {
-    local PRODUCT
+    local product
-    local STATEDIR
+    local vardir
    echo -n "Clearing \"Shorewall-based firewalls\": "
-
+    for product in $PRODUCTS; do
-    for PRODUCT in $PRODUCTS; do
+	if [ -x ${VARDIR}/$product/firewall ]; then
-	setstatedir
+	    ${VARDIR}/$product/firewall clear 2>&1 | $logger
-	retval=$?
+	    retval=${PIPESTATUS[0]}
-
+	    [ retval -ne 0 ] && break
 	if [ $retval -eq 0 ]; then
 	    if [ -x "${STATEDIR}/firewall" ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    break
 	fi
    done
-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	rm -f $lockfile
 	success
    else
@@ -140,15 +107,19 @@ case "$1" in
 	status_q || exit 0
 	$1
 	;;
-    restart|reload|force-reload|condrestart|try-restart)
+    restart|reload|force-reload)
 	echo "Not implemented"
 	exit 3
 	;;
    condrestart|try-restart)
 	echo "Not implemented"
 	exit 3
        ;;
    status)
 	status $prog
 	;;
  *)
-	echo "Usage: $0 {start|stop|status}"
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 esac
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,24 +1,22 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#       it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#       as published by the Free Software Foundation.
 #       option, any later version.
 #
-#	This program is distributed in the hope that it will be useful,
+#       This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
+#       GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -60,34 +58,16 @@ fi
 #
 . /usr/share/shorewall/shorewallrc
 # Locate the current PRODUCT's statedir
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
 	fi
    fi
 }
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if [ -x ${VARDIR}/firewall ]; then
      if [ -x ${STATEDIR}/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
+	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@@ -102,14 +82,12 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if [ -x ${VARDIR}/firewall ]; then
-
+	  ${VARDIR}/firewall clear || exit 1
      if [ -x ${STATEDIR}/firewall ]; then
 	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
      fi
  done
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,149 +0,0 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
 #       This program is distributed in the hope that it will be useful,
 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #
 ### BEGIN INIT INFO
 # Provides: shorewall-init
 # Required-Start: $local_fs
 # Required-Stop:  $local_fs
 # Default-Start:  2 3 5
 # Default-Stop:   0 1 6
 # Short-Description: Initialize the firewall at boot time
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.  
 ### END INIT INFO
 #Return values acc. to LSB for all commands but status:
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
 # 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
 # 7 - program is not running
 if [ "$(id -u)" != "0" ]
 then
  echo "You must be root to start, stop or restart \"Shorewall \"."
  exit 4
 fi
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]
 then
    . /etc/sysconfig/shorewall-init
    if [ -z "$PRODUCTS" ]
    then
 	echo "No PRODUCTS configured"
 	exit 6
    fi
 else
    echo "/etc/sysconfig/shorewall-init not found"
    exit 6
 fi
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
    fi
 }
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
  local STATEDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
      if [ -x $STATEDIR/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
 	  fi
      else
 	  exit 6
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
 }
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
  local STATEDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      setstatedir
      if [ -x ${STATEDIR}/firewall ]; then
 	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
      else
 	  exit 6
      fi
  done
  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      fi
  fi
 }
 case "$1" in
    start)
 	shorewall_start
 	;;
    stop)
 	shorewall_stop
 	;;
    reload|forced-reload)
 	;;
    *)
 	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 	;;
 esac
 exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,25 +2,21 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -35,7 +31,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -64,6 +59,7 @@ mywhich() {
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    echo $dir/$1
 	    return 0
 	fi
    done
@@ -103,15 +99,10 @@ PRODUCT=shorewall-init
 #
 # Parse the run line
 #
 T='-T'
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-    option="$1"
+    case "$1" in
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -124,10 +115,6 @@ while [ $finished -eq 0 ] ; do
 			echo "Shorewall-init Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -173,19 +160,10 @@ else
    usage 1
 fi
-if [ -z "${VARLIB}" ]; then
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
    VARLIB=${VARDIR}
    VARDIR=${VARLIB}/${PRODUCT}
 elif [ -z "${VARDIR}" ]; then
    VARDIR=${VARLIB}/${PRODUCT}
 fi
 for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "$SANDBOX" ] && configure=0
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 if [ -z "$BUILD" ]; then
@@ -197,29 +175,8 @@ if [ -z "$BUILD" ]; then
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f /etc/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID=)
 		case $ID in
 		    fedora|rhel|centos|foobar)
 			BUILD=redhat
 			;;
 		    debian|ubuntu)
 			BUILD=debian
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f /etc/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/ubuntu_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -242,7 +199,7 @@ case $BUILD in
    apple)
 	T=
 	;;
-    debian|gentoo|redhat|suse|slackware|archlinux)
+    debian|redhat|suse|slackware|archlinux)
 	;;
    *)
 	[ -n "$BUILD" ] && echo "ERROR: Unknown BUILD environment ($BUILD)" >&2 || echo "ERROR: Unknown BUILD environment"
@@ -258,10 +215,7 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
-    gentoo)
+    redhat|redhat)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
    slackware)
@@ -272,12 +226,11 @@ case "$HOST" in
 	echo "Shorewall-init is currently not supported on Arch Linux" >&2
 	exit 1
 	;;
-    suse)
+    suse|suse)
 	echo "Installing SuSE-specific configuration..."
 	;;
    linux)
 	echo "ERROR: Shorewall-init is not supported on this system" >&2
 	exit 1
 	;;
    *)
 	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
@@ -307,16 +260,10 @@ else
    first_install="Yes"
 fi
 if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
 fi
 #
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
    mkdir -p ${DESTDIR}${INITDIR}
    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
@@ -324,84 +271,57 @@ if [ -n "$INITFILE" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
    fi
-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
+    echo  "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
-fi
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
-
+    echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
-if [ -n "$SERVICEDIR" ]; then
+    if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
 #
 # Create /usr/share/shorewall-init if needed
 #
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
+mkdir -p ${DESTDIR}/usr/share/shorewall-init
-chmod 755 ${DESTDIR}${SHAREDIR}/shorewall-init
+chmod 755 ${DESTDIR}/usr/share/shorewall-init
 #
 # Install logrotate file
 #
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
+echo "$VERSION" > ${DESTDIR}/usr/share/shorewall-init/version
-chmod 644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
+chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
 #
 # Remove and create the symbolic link to the init script
 #
 if [ -z "$DESTDIR" ]; then
-    rm -f ${SHAREDIR}/shorewall-init/init
+    rm -f /usr/share/shorewall-init/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
 fi
 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
 	mkdir -p ${DESTDIR}/etc/network/if-up.d/
 	mkdir -p ${DESTDIR}/etc/network/if-down.d/
 	mkdir -p ${DESTDIR}/etc/network/if-post-down.d/
    elif [ $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
    fi
-    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
+    if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
 	    mkdir ${DESTDIR}/etc/default
 	fi
-	if [ $configure -eq 1 ]; then
+	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
 	    install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
 	else
 	    mkdir -p ${DESTDIR}${CONFDIR}/default
 	    install_file sysconfig ${DESTDIR}${CONFDIR}/default/shorewall-init 0644
 	fi
    fi
    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
@@ -409,116 +329,65 @@ else
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
 		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    else
 		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
+    if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
-	run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT
+	install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
-	echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+    fi 
    fi
    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
 fi
 #
 # Install the ifupdown script
 #
-cp $IFUPDOWN ifupdown
+cp ifupdown.sh ifupdown
-[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
+d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
 mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    if [ $configure -eq 1 ]; then
+    install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
 	install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
    else
 	mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
 	install_file ifupdown ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall 0544
    fi
 fi
 case $HOST in
    debian)
-	if [ $configure -eq 1 ]; then
+	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	else
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
 	fi
 	;;
    suse)
 	if [ -z "$RPM" ]; then
 	    if [ $configure -eq 0 ]; then
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
 	    fi
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
 	fi
 	;;
    redhat)
-	if [ -z "$DESTDIR" ]; then
+	if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
-	    install_local=
+	    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-
+	elif [ -z "$DESTDIR" ]; then
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
+	    install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
 		else
 		    install_local=Yes
 		fi
 	    else
 		install_local=Yes
 	    fi
 	    if [ -n "$install_local" ]; then
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
 		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
 	    fi
 	fi
 	;;
 esac
 if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
+	    
-		if insserv ${INITDIR}/shorewall-init; then
+	    update-rc.d shorewall-init defaults
-		    echo "Shorewall Init will start automatically at boot"
+
-		else
+	    echo "Shorewall Init will start automatically at boot"
 		    cant_autostart
 		fi
 	    elif mywhich update-rc.d ; then
 		if update-rc.d $PRODUCT enable; then
 		    echo "$PRODUCT will start automatically at boot"
 		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		else
 		    cant_autostart
 		fi
 	    else
 		cant_autostart
 	    fi
 	elif [ $HOST = gentoo ]; then
 	    # On Gentoo, a service must be enabled manually by the user,
 	    # not by the installer
 	    /bin/true
 	else
-	    if [ -n "$SERVICEDIR" ]; then
+	    if [ -n "$SYSTEMD" ]; then
-		if systemctl enable shorewall-init.service; then
+		if systemctl enable shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
@@ -546,7 +415,7 @@ if [ -z "$DESTDIR" ]; then
 	fi
    fi
 else
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
@@ -575,7 +444,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
 	    for file in ip-up.local ip-down.local; do
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
+		    if fgrep -q Shorewall-based $FILE ; then
 			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
--- a/Shorewall-init/logrotate
+++ b/Shorewall-init/logrotate
@@ -1,5 +0,0 @@
 /var/log/shorewall-ifupdown.log {
  missingok
  notifempty
  create 0600 root root
 }
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,42 +1,28 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
    fi
 }
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
@@ -50,33 +36,21 @@ if [ -f "$SYSCONFDIR/shorewall-init" ]; then
 	exit 1
    fi
 else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
    exit 1
 fi
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      if [ -x ${VARDIR}/firewall ]; then
-
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
-      if [ -x ${STATEDIR}/firewall ]; then
+	      ${VARDIR}/firewall stop || exit 1
-          #
+	  fi
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
 	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
      else
          echo ERROR:  ${STATEDIR}/firewall does not exist or is not executable!
 	  exit 1
      fi
  done
@@ -90,14 +64,14 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      setstatedir
+      VARDIR=/var/lib/$PRODUCT
-
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
-      if [ -x ${STATEDIR}/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -1,20 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
-Description=Shorewall IPv4 firewall (bootup security)
+Description=Shorewall IPv4 firewall
 After=syslog.target
 Before=network.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
+ExecStart=/sbin/shorewall-init $OPTIONS start
-ExecStop=/sbin/shorewall-init stop
+ExecStop=/sbin/shorewall-init $OPTIONS stop
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-init/shorewall-init.service.214
+++ b/Shorewall-init/shorewall-init.service.214
@@ -1,21 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -16,11 +16,3 @@ IFUPDOWN=0
 # during 'start' and will save them there during 'stop'.
 #
 SAVE_IPSETS=""
 #
 # Where Up/Down events get logged
 #
 LOGFILE=/var/log/shorewall-ifupdown.log
 # Startup options - set verbosity to 0 (minimal reporting)
 OPTIONS="-V0"
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -1,25 +1,25 @@
-#!/bin/sh
+\#!/bin/sh
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -69,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -150,29 +114,22 @@ fi
 echo "Uninstalling Shorewall Init $VERSION"
 [ -n "$SANDBOX" ] && configure=0
 INITSCRIPT=${CONFDIR}/init.d/shorewall-init
 if [ -f "$INITSCRIPT" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-init remove
-	    updaterc.d shorewall-init remove
+    elif mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $INITSCRIPT
-            insserv -r $INITSCRIPT
+    elif mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $INITSCRIPT)
-	    chkconfig --del $(basename $INITSCRIPT)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-init
    fi
    remove_file $INITSCRIPT
 fi
 if [ -n "$SYSTEMD" ]; then
    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
    rm -f $SYSTEMD/shorewall-init.service
 fi
 [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
 [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
@@ -183,7 +140,6 @@ remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
 remove_file ${CONFDIR}/network/if-up.d/shorewall
 remove_file ${CONFDIR}/network/if-down.d/shorewall
 remove_file ${CONFDIR}/network/if-post-down.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
@@ -196,15 +152,14 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
    for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
 	    remove_file ${CONFDIR}/ppp/$FILE
 	fi
    done
 fi
 rm -f  ${SBINDIR}/shorewall-init
 rm -rf ${SHAREDIR}/shorewall-init
-rm -rf ${LIBEXECDIR}/shorewall-init
+rm -rf ${LIBEXEC}/shorewall-init
 echo "Shorewall Init Uninstalled"
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -4,4 +4,4 @@
 # /usr/share/shorewall-lite/configpath
 #
-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -0,0 +1,58 @@
 #!/bin/bash
 OPTIONS="-f"
 if [ -f /etc/sysconfig/shorewall ] ; then
 	. /etc/sysconfig/shorewall
 elif [ -f /etc/default/shorewall ] ; then
 	. /etc/default/shorewall
 fi
 # if you want to override options, do so in /etc/sysconfig/shorewall or
 # in /etc/default/shorewall --
 # i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
 . /etc/rc.conf
 . /etc/rc.d/functions
 DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
 case "$1" in
 	start)
 		stat_busy "Starting $DAEMON_NAME"
 		/sbin/shorewall-lite $OPTIONS start &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			add_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	stop)
 		stat_busy "Stopping $DAEMON_NAME"
 		/sbin/shorewall-lite stop &>/dev/null
 		if [ $? -gt 0 ]; then
 			stat_fail
 		else
 			rm_daemon $DAEMON_NAME
 			stat_done
 		fi
 		;;
 	restart|reload)
 		stat_busy "Restarting $DAEMON_NAME"
 		/sbin/shorewall-lite restart &>/dev/null
 		if [ $? -gt 0  ]; then
 			stat_fail
 		else
 			stat_done
 		fi
 		;;
 	*)
 		echo "usage: $0 {start|stop|restart}"
 esac
 exit 0
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -11,7 +11,7 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO
-. /lib/lsb/init-functions
+
 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -39,7 +39,7 @@ fi
 start() {
    echo -n $"Starting Shorewall: "
-    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS start 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
@@ -69,7 +69,7 @@ restart() {
 # Note that we don't simply stop and start since shorewall has a built in
 # restart which stops the firewall if running and then starts it.
    echo -n $"Restarting Shorewall: "
-    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS restart 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -3,18 +3,17 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -1,92 +0,0 @@
 #!/bin/sh
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
 #	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
 #
 #	Commands are:
 #
 #	   shorewall start			  Starts the firewall
 #	   shorewall restart			  Restarts the firewall
 #	   shorewall reload			  Reload the firewall
 #						  (same as restart)
 #	   shorewall stop			  Stops the firewall
 #	   shorewall status			  Displays firewall status
 #
 ### BEGIN INIT INFO
 # Provides:	  shorewall-lite
 # Required-Start: $network $remote_fs
 # Required-Stop:  
 # Default-Start:  2 3 5
 # Default-Stop:	  0 1 6
 # Description:	  starts and stops the shorewall firewall
 # Short-Description: Packet filtering firewall
 ### END INIT INFO
 ################################################################################
 # Give Usage Information						       #
 ################################################################################
 usage() {
    echo "Usage: $0 start|stop|reload|restart|status"
    exit 1
 }
 ################################################################################
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
    . ${SYSCONFDIR}/shorewall-lite
 fi
 SHOREWALL_INIT_SCRIPT=1
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
 command="$1"
 case "$command" in
    start)
 	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
 	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 	;;
    *)
 	usage
 	;;
 esac
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 VERSION=xxx #The Build script inserts the actual version
@@ -30,7 +30,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -114,13 +113,9 @@ fi
 # Parse the run line
 #
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-
+    case "$1" in
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -133,10 +128,6 @@ while [ $finished -eq 0 ] ; do
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -180,63 +171,31 @@ else
    usage 1
 fi
-if [ -z "${VARLIB}" ]; then
+for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
    VARLIB=${VARDIR}
    VARDIR=${VARLIB}/${PRODUCT}
 elif [ -z "${VARDIR}" ]; then
    VARDIR=${VARLIB}/${PRODUCT}
 fi
 for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 [ -n "$SANDBOX" ] && configure=0
 #
 # Determine where to install the firewall script
 #
 cygwin=
 INSTALLD='-D'
 INITFILE=$PRODUCT
 T='-T'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
 	    BUILD=apple
 	    ;;
 	*)
-	    if [ -f /etc/os-release ]; then
+	    if [ -f ${CONFDIR}/debian_version ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
 		    fedora|rhel|centos|foobar)
 			BUILD=redhat
 			;;
 		    debian)
 			BUILD=debian
 			;;
 		    gentoo)
 			BUILD=gentoo
 			;;
 		    opensuse)
 			BUILD=suse
 			;;
 		    *)
 			BUILD="$ID"
 			;;
 		esac
 	    elif [ -f ${CONFDIR}/debian_version ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -253,7 +212,7 @@ if [ -z "$BUILD" ]; then
 fi
 case $BUILD in
-    cygwin*|CYGWIN*)
+    cygwin*)
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
@@ -285,9 +244,6 @@ case "$HOST" in
    debian)
 	echo "Installing Debian-specific configuration..."
 	;;
    gentoo)
 	echo "Installing Gentoo-specific configuration..."
 	;;
    redhat)
 	echo "Installing Redhat/Fedora-specific configuration..."
 	;;
@@ -297,10 +253,7 @@ case "$HOST" in
    archlinux)
 	echo "Installing ArchLinux-specific configuration..."
 	;;
-    suse)
+    linux|suse)
 	echo "Installing Suse-specific configuration..."
 	;;
    linux)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -318,11 +271,21 @@ if [ -n "$DESTDIR" ]; then
    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
    if [ -n "$SYSTEMD" ]; then
 	mkdir -p ${DESTDIR}/lib/systemd/system
 	INITFILE=
    fi
 else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
    if [ -f /lib/systemd/system ]; then
 	SYSTEMD=Yes
 	INITFILE=
    fi
 fi
 echo "Installing $Product Version $VERSION"
@@ -331,7 +294,7 @@ echo "Installing $Product Version $VERSION"
 # Check for ${CONFDIR}/$PRODUCT
 #
 if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
@@ -340,8 +303,8 @@ if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
 	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 else
    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${SHAREDIR}/$PRODUCT
+    rm -rf ${DESTDIR}/usr/share/$PRODUCT
-    rm -rf ${DESTDIR}${VARDIR}
+    rm -rf ${DESTDIR}/var/lib/$PRODUCT
    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
 fi
@@ -357,7 +320,6 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
 [ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
@@ -365,12 +327,12 @@ echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 # Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
 mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
+mkdir -p ${DESTDIR}/usr/share/$PRODUCT
 mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${VARDIR}
+mkdir -p ${DESTDIR}/var/lib/$PRODUCT
 chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
-chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+chmod 755 ${DESTDIR}/usr/share/$PRODUCT
 if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
@@ -380,29 +342,22 @@ if [ -n "$DESTDIR" ]; then
 fi
 if [ -n "$INITFILE" ]; then
    if [ -f "${INITSOURCE}" ]; then
 	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
 	install_file ${INITSOURCE} "$initfile" 0544
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
+    initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
    install_file ${INITSOURCE} "$initfile" 0544
-	echo  "SysV init script $INITSOURCE installed in $initfile"
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
-    fi
+
    echo  "$Product init script installed in $initfile"
 fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
 fi
 #
 # Install the config file
 #
@@ -413,9 +368,6 @@ fi
 if [ $HOST = archlinux ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 elif [ $HOST = gentoo ]; then
    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 #
@@ -451,7 +403,6 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
 [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap
 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -482,18 +433,18 @@ done
 if [ -d manpages ]; then
    cd manpages
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
    done
    for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
    done
    cd ..
@@ -515,7 +466,7 @@ chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 # Remove and create the symbolic link to the init script
 #
-if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
+if [ -z "$DESTDIR" ]; then
    rm -f ${SHAREDIR}/$PRODUCT/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
@@ -524,16 +475,13 @@ delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
 delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
-#
+if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
 # Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
 #
 if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
@@ -542,21 +490,21 @@ if [ ${SHAREDIR} != /usr/share ]; then
    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
 fi
-if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
+if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
+    if mywhich update-rc.d ; then
-	if systemctl enable ${PRODUCT}.service; then
+	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
 	update-rc.d $PRODUCT enable defaults
    elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"
 	fi
    elif mywhich insserv; then
 	if insserv ${INITDIR}/${INITFILE} ; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
@@ -568,22 +516,10 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	else
 	    cant_autostart
 	fi
    elif mywhich update-rc.d ; then
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
 	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
+	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
 		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
 	else
 	    cant_autostart
 	fi
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#	This program is free software; you can redisribute it and/or modify
-#
+#	it under the terms of Version 2 of the GNU General Public License
-#	This program is free software; you can redistribute it and/or modify
+#	as published by the Free Software Foundation.
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.
--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite-vardir</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -56,7 +54,7 @@
        /opt/var/lib/shorewall-lite/.</para>
      </blockquote>
-      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      <para> When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
      will save its state in the <replaceable>directory</replaceable>
      specified.</para>
    </note>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -143,7 +141,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo>Administrative Commands</refmiscinfo>
  </refmeta>
  <refnamediv>
@@ -116,8 +114,6 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -301,7 +297,7 @@
      <arg><option>-n</option></arg>
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
+      <arg><option>-p</option></arg>
      <arg><replaceable>directory</replaceable></arg>
    </cmdsynopsis>
@@ -316,8 +312,6 @@
      <arg choice="plain"><option>restore</option></arg>
      <arg><option>-C</option></arg>
      <arg><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
@@ -329,23 +323,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><option>run</option></arg>
+      <arg choice="plain"><option>save</option></arg>
      <arg choice="plain">function</arg>
      <arg><replaceable>parameter ...</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg
      choice="plain"><option>save</option><arg><option>-C</option></arg></arg>
      <arg choice="opt"><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
@@ -357,9 +335,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-b</option></arg>
      <arg><option>-x</option></arg>
@@ -379,21 +355,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-x</option></arg>
      <arg choice="plain"><option>{bl|blacklists}</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-f</option></arg>
@@ -407,10 +369,10 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
+      choice="req"><option>classifiers|connections|config|filters|ip|ipa|zones|policies|marks</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -420,38 +382,11 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>event</option><arg
      choice="plain"><replaceable>event</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-c</option></arg>
      <arg choice="plain"><option>routing</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
-      <arg choice="req"><option>mangle|nat|raw|rawpost</option></arg>
+      <arg choice="req"><option>mangle|nat|routing|raw|rawpost</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -461,7 +396,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -473,7 +408,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>
      <arg><option>-m</option></arg>
@@ -493,10 +428,6 @@
      <arg><option>-n</option></arg>
      <arg><option>-p</option></arg>
      <arg><option>-f</option></arg>
      <arg><option>-C</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -517,8 +448,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><arg
+      <arg choice="plain"><option>status</option></arg>
      choice="plain"><option>status</option><arg><option>-i</option></arg></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -549,9 +479,8 @@
    <para>The nolock <option>option</option> prevents the command from
    attempting to acquire the Shorewall-lite lockfile. It is useful if you
-    need to include <command>shorewall</command> commands in the
+    need to include <command>shorewall</command> commands in
-    <filename>started</filename> <ulink
+    <filename>/etc/shorewall/started</filename>.</para>
    url="../shorewall_extension_scripts.html">extension script</ulink>.</para>
    <para>The <emphasis>options</emphasis> control the amount of output that
    the command produces. They consist of a sequence of the letters <emphasis
@@ -561,9 +490,9 @@
    url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
-    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
+    VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
-    immediately with one of -1,0,1,2 to specify VERBOSITY. There may be no
+    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    white-space between <emphasis role="bold">v</emphasis> and the
+    be no white space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>
    <para>The <emphasis>options</emphasis> may also include the letter
@@ -682,9 +611,6 @@
          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
@@ -704,7 +630,7 @@
        <term><emphasis role="bold">forget</emphasis></term>
        <listitem>
-          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
+          <para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
          and /var/lib/shorewall-lite/save. If no
          <emphasis>filename</emphasis> is given then the file specified by
          RESTOREFILE in <ulink
@@ -762,7 +688,7 @@
          and raw table PREROUTING chains.</para>
          <para>The trace records are written to the kernel's log buffer with
-          facility = kernel and priority = warning, and they are routed from
+          faciility = kernel and priority = warning, and they are routed from
          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
          Shorewall-lite has no control over where the messages go; consult
          your logging daemon's documentation.</para>
@@ -819,7 +745,7 @@
          <para>The <replaceable>iptables match expression</replaceable> must
          be one given in the <command>iptrace</command> command being
-          canceled.</para>
+          cancelled.</para>
        </listitem>
      </varlistentry>
@@ -846,12 +772,6 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
@@ -867,36 +787,6 @@
          <emphasis>filename</emphasis> is given then Shorewall-lite will be
          restored from the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <caution>
            <para>If your iptables ruleset depends on variables that are
            detected at run-time, either in your params file or by
            Shorewall-generated code, <command>restore</command> will use the
            values that were current when the ruleset was saved, which may be
            different from the current values.</para>
          </caution>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the <option>-C</option> option was specified during <emphasis
          role="bold">shorewall save</emphasis>, then the counters saved by
          that operation will be restored.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">run</emphasis></term>
        <listitem>
          <para>Added in Shorewall 4.6.3. Executes
          <replaceable>command</replaceable> in the context of the generated
          script passing the supplied <replaceable>parameter</replaceable>s.
          Normally, the <replaceable>command</replaceable> will be a function
          declared in <filename>lib.private</filename>.</para>
          <para>Before executing the <replaceable>command</replaceable>, the
          script will detect the configuration, setting all SW_* variables and
          will run your <filename>init</filename> extension script with
          $COMMAND = 'run'.</para>
        </listitem>
      </varlistentry>
@@ -911,10 +801,6 @@
          <emphasis>filename</emphasis> is not given then the state is saved
          in the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-C</option> option, added in Shorewall 4.6.5,
          causes the iptables packet and byte counters to be saved along with
          the chains and rules.</para>
        </listitem>
      </varlistentry>
@@ -926,19 +812,6 @@
          arguments:</para>
          <variablelist>
            <varlistentry>
              <term><emphasis role="bold">bl|blacklists</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.6.2. Displays the dynamic chain
                along with any chains produced by entries in
                shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
                option is passed directly through to iptables and causes
                actual packet and byte counts to be displayed. Without this
                option, those counts are abbreviated.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">capabilities</emphasis></term>
@@ -968,12 +841,6 @@
                Netfilter table to display. The default is <emphasis
                role="bold">filter</emphasis>.</para>
                <para>The <emphasis role="bold">-b</emphasis> ('brief') option
                causes rules which have not been used (i.e. which have zero
                packet and byte counts) to be omitted from the output. Chains
                with no rules displayed are also omitted from the
                output.</para>
                <para>The <emphasis role="bold">-l</emphasis> option causes
                the rule number for each Netfilter rule to be
                displayed.</para>
@@ -1000,7 +867,7 @@
              <term><emphasis role="bold">config</emphasis></term>
              <listitem>
-                <para>Displays distribution-specific defaults.</para>
+                <para>Dispays distribution-specific defaults.</para>
              </listitem>
            </varlistentry>
@@ -1013,24 +880,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">event</emphasis><replaceable>
              event</replaceable></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays the named
                event.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">events</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.5.19. Displays all events.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">ip</emphasis></term>
@@ -1102,9 +951,7 @@
              <term><emphasis role="bold">routing</emphasis></term>
              <listitem>
-                <para>Displays the system's IPv4 routing configuration. The -c
+                <para>Displays the system's IPv4 routing configuration.</para>
                option causes the route cache to be displayed in addition to
                the other routing information.</para>
              </listitem>
            </varlistentry>
@@ -1154,22 +1001,6 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-m</option> option prevents the firewall script
          from modifying the current routing configuration.</para>
          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
          If the RESTOREFILE named in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
          executable and is not older than the current filewall script, then
          that saved configuration is restored.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
          and is only meaningful when the <option>-f</option> option is also
          specified. If the previously-saved configuration is restored, and if
          the <option>-C</option> option was also specified in the <emphasis
          role="bold">save</emphasis> command, then the packet and byte
          counters will be restored.</para>
        </listitem>
      </varlistentry>
@@ -1201,10 +1032,6 @@
        <listitem>
          <para>Produces a short report about the state of the
          Shorewall-configured firewall.</para>
          <para>The <option>-i </option>option was added in Shorewall 4.6.2
          and causes the status of each optional or provider interface to be
          displayed.</para>
        </listitem>
      </varlistentry>
@@ -1220,23 +1047,6 @@
    </variablelist>
  </refsect1>
  <refsect1>
    <title>EXIT STATUS</title>
    <para>In general, when a command succeeds, status 0 is returned; when the
    command fails, a non-zero status is returned.</para>
    <para>The <command>status</command> command returns exit status as
    follows:</para>
    <para>0 - Firewall is started.</para>
    <para>3 - Firewall is stopped or cleared</para>
    <para>4 - Unknown state; usually means that the firewall has never been
    started.</para>
  </refsect1>
  <refsect1>
    <title>FILES</title>
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,18 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,9 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
@@ -44,19 +45,17 @@
 #    used during firewall compilation, then the generated firewall program will likewise not
 #    require Shorewall to be installed.
-
+SHAREDIR=/usr/share/shorewall-lite
 VARDIR=/var/lib/shorewall-lite
 CONFDIR=/etc/shorewall-lite
 g_program=shorewall-lite
 g_product="Shorewall Lite"
 g_family=4
 g_base=shorewall
 g_basedir=/usr/share/shorewall-lite
-#
+. /usr/share/shorewall-lite/lib.base
-# This is modified by the installer when ${SHAREDIR} != /usr/share
+. /usr/share/shorewall/lib.cli
 #
 . /usr/share/shorewall/shorewallrc
 g_sharedir="$SHAREDIR"/shorewall-lite
 g_confdir="$CONFDIR"/shorewall-lite
 g_readrc=1
 . ${SHAREDIR}/shorewall/lib.cli
 . /usr/share/shorewall-lite/configpath
 [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -2,17 +2,16 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+#	it under the terms of Version 2 of the GNU General Public License
-#       Free Software Foundation, either version 2 of the license or, at your
+#	as published by the Free Software Foundation.
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,20 +19,23 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
 ################################################################################################
-PRODUCT=shorewall-lite
+g_program=shorewall-lite
 #
 # This is modified by the installer when ${SHAREDIR} != /usr/share
 #
 . /usr/share/shorewall/shorewallrc
-g_program=$PRODUCT
+g_libexec="$LIBEXECDIR"
 g_sharedir="$SHAREDIR"/shorewall-lite
 g_sbindir="$SBINDIR"
 g_vardir="$VARDIR"
 g_confdir="$CONFDIR"/shorewall-lite
 g_readrc=1
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -1,20 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
-After=network-online.target
+After=syslog.target
-Conflicts=iptables.service firewalld.service
+After=network.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStart=/sbin/shorewall-lite $OPTIONS start
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-lite/shorewall-lite.service.214
+++ b/Shorewall-lite/shorewall-lite.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
 #       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
+#       This program is distributed in the hope that it will be useful,
-#	it under the terms of the GNU General Public License as published by the
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Free Software Foundation, either version 2 of the license or, at your
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       option, any later version.
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
+#       You should have received a copy of the GNU General Public License
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       along with this program; if not, write to the Free Software
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #
@@ -27,16 +27,11 @@
 #       shown below. Simply run this script to remove Shorewall Firewall
 VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-lite
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <shorewallrc file> ]"
    echo "where <option> is one of"
    echo "  -h"
    echo "  -v"
    echo "  -n"
    exit $1
 }
@@ -74,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -153,49 +112,39 @@ fi
 echo "Uninstalling Shorewall Lite $VERSION"
-[ -n "$SANDBOX" ] && configure=0
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-
+   shorewall-lite clear
 if [ $configure -eq 1 ]; then
    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
 	shorewall-lite clear
    fi
 fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-elif [ -n "$INITFILE" ]; then
+elIF [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi
 if [ -f "$FIREWALL" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-lite remove
-	    updaterc.d shorewall-lite remove
+    elif if mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $FIREWALL
-            insserv -r $FIREWALL
+    elif [ mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $FIREWALL)
-	    chkconfig --del $(basename $FIREWALL)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-lite
    fi
    remove_file $FIREWALL
 fi
 if [ -n "$SYSTEMD" ]; then
    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
    rm -f $SYSTEMD/shorewall-lite.service
 fi
 rm -f ${SBINDIR}/shorewall-lite
-rm -rf ${CONFDIR}/shorewall-lite
+rm -rf ${SBINDIR}/shorewall-lite
 rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
-rm -rf ${LIBEXECDIR}/shorewall-lite
+rm -rf ${LIBEXEC}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
-
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall-lite.service
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*
 echo "Shorewall Lite Uninstalled"
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,14 +0,0 @@
 #
 # Shorewall version 4 - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #
 #	This macro handles AMQP traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,17 +1,15 @@
 #
 # Shorewall version 4 - Audited AllowICMPs Macro
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# /usr/share/shorewall/macro.AAllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#					PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types
 A_ACCEPT       -	-	icmp	fragmentation-needed
 A_ACCEPT       -	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - Audited DropDNSrep Macro
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# /usr/share/shorewall/macro.ADropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies
 A_DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,16 +1,14 @@
 #
 # Shorewall version 4 - ADropUPnP Macro
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# /usr/share/shorewall/macro.ADropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT UPnP
+COMMENT UPnP
 A_DROP	-	-	udp	1900
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,42 +0,0 @@
 #
 # Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
 #       This macro handles ports for Samba 4 Active Directory Service
 #
 # You can comment out the ports you do not want open
 #
 #
 ###############################################################################
 ?FORMAT 2 
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
 PARAM   -       -       tcp     3268	#LDAP GC
 PARAM   -       -       tcp     3269	#LDAP GC SSL
 PARAM   -       -       tcp     88	#Kerberos
 PARAM   -       -       udp	88
 # Use macro.DNS for DNS sevice
 PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
 PARAM   -       -       udp	445
 # Use macro.SMTP for Mail service
 PARAM   -       -       tcp     135	#RPC, EPM
 PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
 PARAM   -       -       udp	123	#Windows Time
 PARAM   -       -       tcp     464	#Kerberosb change/set password
 PARAM   -       -       udp	464
 PARAM   -       -       udp	138	#DFS, Group Policy
 PARAM   -       -       tcp     9389	#SOAP
 PARAM   -       -       tcp     2535	#MADCAP
 PARAM   -       -       udp	2535
 PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
 PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -6,12 +6,10 @@
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types
 DEFAULT ACCEPT
 PARAM	-	-	icmp	fragmentation-needed
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -8,17 +8,9 @@
 #	files from those nodes.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	udp	10080
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
 PARAM	-	-	udp	10080 { helper=amanda }
 ?else
 PARAM	-	-	udp	10080
 ?endif
 PARAM	-	-	tcp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -6,8 +6,6 @@
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -6,8 +6,6 @@
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -6,12 +6,10 @@
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+?IF $BLACKLIST_LOGLEVEL
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
 blacklog
-?else
+?ELSE
 $BLACKLIST_DISPOSITION
-?endif
+?ENDIF
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -7,12 +7,9 @@
 #
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -6,10 +6,8 @@
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -6,8 +6,6 @@
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -6,11 +6,9 @@
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
-###############################################################################
+####################################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -7,9 +7,7 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -7,8 +7,6 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	tcp	6277
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S) PORT(S) LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -6,9 +6,7 @@
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -6,8 +6,6 @@
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -11,14 +11,12 @@
 #		Drop	net	all
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
-# Don't log 'auth' DROP
+# Don't log 'auth' REJECT
 #
-DROP	-	-	tcp	113
+REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -6,12 +6,10 @@
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies
 DEFAULT DROP
 PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -6,12 +6,10 @@
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-?COMMENT UPnP
+COMMENT UPnP
 DEFAULT DROP
 PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -28,9 +28,7 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -6,12 +6,6 @@
 #	This macro handles FTP traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	tcp	21
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
 PARAM	-	-	tcp	21 { helper=ftp }
 ?else
 PARAM	-	-	tcp	21
 ?endif
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -7,8 +7,6 @@
 #	your finger information to internet.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -6,10 +6,8 @@
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -7,9 +7,7 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -6,8 +6,6 @@
 #	This macro handles Git traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -6,9 +6,7 @@
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,14 +0,0 @@
 #
 # Shorewall version 4 - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter
 #       This macro handles Citrix/Goto Meeting
 #       Assumes that ports 80 and 443 are already open
 #       If needed, use the macros that open Http and Https to reduce redundancy
 ####################################################################################
 ?FORMAT 2
 ####################################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -6,8 +6,6 @@
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -6,8 +6,6 @@
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -6,8 +6,6 @@
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -6,8 +6,6 @@
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -6,8 +6,6 @@
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,23 +0,0 @@
 #
 # Shorewall version 4 - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #
 #	This macro handles console redirection with HP ILO 2+,
 #	Use this macro to open access to your ILO interface from management
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media
 PARAM	-	-	tcp	17990		# Console Replay
 HTTP
 HTTPS
 RDP
 SSH
 Telnet						# Remote Console/Telnet
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -7,8 +7,6 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -7,8 +7,6 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -6,9 +6,7 @@
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,26 +0,0 @@
 #
 # Shorewall version 4 - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #
 #	This macro handles IPMI console redirection with Asus (AMI),
 #	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
 #	Use this macro to open access to your IPMI interface from management
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
 PARAM	-	-	tcp	5900,5901	# Remote Console (Aten, Dell)
 PARAM	-	-	tcp	7578		# Remote Console (AMI)
 PARAM	-	-	udp	623		# RMCP
 HTTP
 HTTPS
 SNMP
 SSH						# Serial over Lan
 Telnet
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -6,8 +6,6 @@
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -6,10 +6,7 @@
 #	This macro handles Internet Printing Protocol (IPP) broadcasts.
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -23,9 +23,7 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -7,10 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -6,10 +6,8 @@
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -6,13 +6,6 @@
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	-	-	tcp	6667
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
 PARAM	-	-	tcp	6667 { helper=irc }
 ?else
 PARAM	-	-	tcp	6667
 ?endif
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -8,10 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (plaintext).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -6,8 +6,6 @@
 #	This macro accepts Jabber traffic (ssl).
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -6,8 +6,6 @@
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-?FORMAT 2
+#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -6,8 +6,6 @@
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,14 +0,0 @@
 #
 # Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -7,9 +7,7 @@
 #	(RFC 2661)
 #
 ###############################################################################
-?FORMAT 2
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-###############################################################################
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	746a363d41	Add some decimal->hex convertions in routing rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 11:11:15 -07:00
Tom Eastep	6e5b07c804	Deprecate the current TPROXY implementation. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 11:02:08 -07:00
Tom Eastep	865078f925	Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-05-10 07:29:59 -07:00