Correct documentation index link

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/INSTALL

@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 
 -----------------------------------------------------------------------------

Shorewall-core/configure

@@ -28,7 +28,7 @@
 #
 # Build updates this
 #
-VERSION=4.6.12
+VERSION=4.5.2.1
 
 case "$BASH_VERSION" in
     [4-9].*)
@@ -91,6 +91,8 @@ for p in $@; do
     fi
 done
 
+cd $(dirname $0)
+
 vendor=${params[HOST]}
 
 if [ -z "$vendor" ]; then
@@ -102,7 +104,7 @@ if [ -z "$vendor" ]; then
 		vendor=redhat
 		;;
 	    debian|ubuntu)
-		ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit
+		vendor=debian
 		;;
 	    opensuse)
 		vendor=suse
@@ -122,7 +124,6 @@ if [ -z "$vendor" ]; then
 	    params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
-
 	cygwin*|CYGWIN*)
 	    params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
@@ -130,7 +131,7 @@ if [ -z "$vendor" ]; then
 	*)
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
-		rcfile=shorewallrc.debian.sysvinit
+		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
@@ -143,28 +144,41 @@ if [ -z "$vendor" ]; then
 	    elif [ -f /etc/arch-release ] ; then
 		params[HOST]=archlinux
 		rcfile=shorewallrc.archlinux
+	    elif [ -f /etc/openwrt_release ]; then
+		params[HOST]=openwrt
+		rcfile=shorewallrc.openwrt
 	    else
 		params[HOST]=linux
 		rcfile=shorewallrc.default
 	    fi
 	    ;;
     esac
-
     vendor=${params[HOST]}
-elif [ $vendor = linux ]; then
-    rcfile=shorewallrc.default;
 else
-    rcfile=shorewallrc.$vendor
+    if [ $vendor = linux ]; then
+	rcfile=shorewallrc.default;
+    elif [ $vendor = debian -a -f /etc/debian_version ]; then
+	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
+    else
+	rcfile=shorewallrc.$vendor
+    fi
+
     if [ ! -f $rcfile ]; then
 	echo "ERROR: $vendor is not a recognized host type" >&2
 	exit 1
+    elif [ $vendor = default ]; then
+	params[HOST]=linux
+	vendor=linux
+    elif [[ $vendor == debian.* ]]; then
+	params[HOST]=debian
+	vendor=debian
     fi
 fi
 
 if [ $vendor = linux ]; then
     echo "INFO: Creating a generic Linux installation - " `date`;
 else
-    echo "INFO: Creating a ${vendor}-specific installation - " `date`;
+    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
 fi
 
 echo
@@ -177,6 +191,7 @@ done
 
 echo '#'                                                                 > shorewallrc
 echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
+echo "# rc file: $rcfile"                                               >> shorewallrc
 echo '#'                                                                >> shorewallrc
 
 if [ $# -gt 0 ]; then

Shorewall-core/configure.pl

@@ -31,7 +31,7 @@ use strict;
 # Build updates this
 #
 use constant {
-    VERSION => '4.6.12'
+    VERSION => '4.5.2.1'
 };
 
 my %params;
@@ -52,6 +52,9 @@ for ( @ARGV ) {
     $params{$pn} = $pv;
 }
 
+use File::Basename;
+chdir dirname($0);
+
 my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
@@ -81,12 +84,39 @@ unless ( defined $vendor ) {
 }
 
 if ( defined $vendor ) {
-    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
-    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
+    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
+	if ( -l '/sbin/init' ) {
+	    if ( readlink('/sbin/init') =~ /systemd/ ) {
+		$rcfilename = 'shorewallrc.debian.systemd';
+	    } else {
+		$rcfilename = 'shorewallrc.debian.sysvinit';
+	    }
+	} else {
+	    $rcfilename = 'shorewallrc.debian.sysvinit';
+	}
+    } else {
+	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
+    }
+
+    unless ( -f $rcfilename ) {
+	die qq("ERROR: $vendor" is not a recognized host type);
+    } elsif ( $vendor eq 'default' ) {
+	$params{HOST} = $vendor = 'linux';
+    } elsif ( $vendor =~ /^debian\./ ) {
+	$params{HOST} = $vendor = 'debian';
+    }
 } else {
     if ( -f '/etc/debian_version' ) {
 	$vendor = 'debian';
-	$rcfilename = 'shorewallrc.debian.sysvinit';
+	if ( -l '/sbin/init' ) {
+	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
+		$rcfilename = 'shorewallrc.debian.systemd';
+	    } else {
+		$rcfilename = 'shorewallrc.debian.sysvinit';
+	    }
+	} else {
+	    $rcfilename = 'shorewallrc.debian.sysvinit';
+	}
     } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
@@ -143,7 +173,8 @@ my $outfile;
 
 open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
 
-printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
+printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
+print $outfile "# rc file: $rcfilename\n#\n";
 
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
 

Shorewall-core/install.sh

@@ -66,15 +66,6 @@ mywhich() {
     return 2
 }
 
-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
     echo
@@ -88,7 +79,20 @@ delete_file() # $1 = file to delete
 
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
 }
 
 require()
@@ -181,10 +185,6 @@ done
 
 [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
 
-T="-T"
-
-INSTALLD='-D'
-
 if [ -z "$BUILD" ]; then
     case $(uname) in
 	cygwin*|CYGWIN*)
@@ -226,6 +226,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=suse
 	    elif [ -f /etc/arch-release ] ; then
 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
+		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -252,17 +254,15 @@ case $BUILD in
 
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
-	INSTALLD=
-	T=
 	;;
     *)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=root
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
 	;;
 esac
 
-OWNERSHIP="-o $OWNER -g $GROUP"
-
 #
 # Determine where to install the firewall script
 #
@@ -276,7 +276,7 @@ case "$HOST" in
     apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
 	;;
     *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -305,7 +305,6 @@ if [ -n "$DESTDIR" ]; then
     if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
-	    OWNERSHIP=""
 	fi
     fi
 fi
@@ -407,9 +406,9 @@ fi
 if [ ${SHAREDIR} != /usr/share ]; then
     for f in lib.*; do
 	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	fi
     done
 fi

Shorewall-core/lib.base

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+# Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #

Shorewall-core/lib.cli

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.cli.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -143,29 +143,63 @@ timed_read ()
 }
 
 #
-# Determine if 'syslog -C' is running
+# Determine if 'syslogd -C' or logd -S is running
 #
 syslog_circular_buffer() {
     local pid
     local tty
     local flags
-    local cputime
+    local time
     local path
     local args
     local arg
 
-    ps ax 2> /dev/null | while read pid tty flags cputime path args; do
-	case $path in
-	    syslogd|*/syslogd)
-		for arg in $args; do
-		    if [ x$arg = x-C ]; then
-			echo Yes
-			return
-		    fi
-		done
-		;;
-	esac
-    done
+    ps w 2> /dev/null | (
+	while read pid tty stat time path args; do
+	    case $path in
+		syslogd|*/syslogd)
+		    for arg in $args; do
+			case $arg in
+			    -C*)
+				return 0
+				;;
+			esac
+		    done
+		    ;;
+		logd|*/logd)
+		    for arg in $args; do
+			case $arg in
+			    -S*)
+				return 0
+				;;
+			esac
+		    done
+		    ;;
+	    esac
+	done
+
+	return 1 )
+}
+
+setup_logread() {
+    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
+
+    if syslog_circular_buffer; then
+	LOGFILE=logread
+	if qt mywhich tac; then
+	    g_logread="logread | tac"
+	else
+	    g_logread="logread"
+	fi
+    elif [ -r $LOGFILE ]; then
+	if qt mywhich tac; then
+	    g_logread="tac $LOGFILE"
+	else
+	    g_logread="cat $LOGFILE"
+	fi
+    else
+	fatal_error "LOGFILE ($LOGFILE) does not exist or is not readable!"
+    fi
 }
 
 #
@@ -173,31 +207,59 @@ syslog_circular_buffer() {
 #
 packet_log() # $1 = number of messages
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-	if [ $g_family -eq 4 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+    if qt mywhich tac; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+	    if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
-    elif [ $g_family -eq 4 ]; then
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
     else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
-    fi
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+	    if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  tail -n$1 | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
+	else
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  tail -n$1 | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	fi
+    fi	
 }
 
 search_log() # $1 = IP address to search for
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-        if [ $g_family -eq 4 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+    if qt mywhich tac; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+            if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
-    elif [ $g_family -eq 4 ]; then
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
     else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+            if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
+	else
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	fi
     fi
 }
 
@@ -280,17 +342,7 @@ show_bl() {
 logwatch() # $1 = timeout -- if negative, prompt each time that
 	   #		     an 'interesting' packet count changes
 {
-    if [ -z "$LOGFILE" ]; then
-	LOGFILE=/var/log/messages
-
-	if [ -n "$(syslog_circular_buffer)" ]; then
-	    g_logread="logread | tac"
-	elif [ -r $LOGFILE ]; then
-	    g_logread="tac $LOGFILE"
-	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist!"
-	fi
-    fi
+    setup_logread
 
     host=$(echo $g_hostname | sed 's/\..*$//')
     oldrejects=$($g_tool -L -v -n | grep 'LOG')
@@ -388,16 +440,30 @@ do_save() {
     status=0
 
     if [ -f ${VARDIR}/firewall ]; then
-	if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
-	    cp -f ${VARDIR}/firewall $g_restorepath
-	    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
-	    chmod +x $g_restorepath
-	    echo "   Currently-running Configuration Saved to $g_restorepath"
-	    run_user_exit save
+	if [ -n "$WORKAROUNDS" ]; then
+	    if $iptables_save | iptablesbug | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+		cp -f ${VARDIR}/firewall $g_restorepath
+		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
+		chmod +x $g_restorepath
+		echo "   Currently-running Configuration Saved to $g_restorepath"
+		run_user_exit save
+	    else
+		rm -f ${VARDIR}/restore-$$
+		echo "   ERROR: Currently-running Configuration Not Saved" >&2
+		status=1
+	    fi
 	else
-	    rm -f ${VARDIR}/restore-$$
-	    echo "   ERROR: Currently-running Configuration Not Saved" >&2
-	    status=1
+	    if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+		cp -f ${VARDIR}/firewall $g_restorepath
+		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
+		chmod +x $g_restorepath
+		echo "   Currently-running Configuration Saved to $g_restorepath"
+		run_user_exit save
+	    else
+		rm -f ${VARDIR}/restore-$$
+		echo "   ERROR: Currently-running Configuration Not Saved" >&2
+		status=1
+	    fi
 	fi
     else
 	echo "   ERROR: ${VARDIR}/firewall does not exist" >&2
@@ -409,11 +475,24 @@ do_save() {
 	    resolve_arptables
 
 	    if [ -n "$arptables" ]; then
-		if ${arptables}-save > ${VARDIR}/restore-$$; then
-		    if grep -q '^-A' ${VARDIR}/restore-$$; then
-			mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
-		    else
-			rm -f ${VARDIR}/restore-$$
+		if [ -n "$WORKAROUNDS" ]; then
+	            #
+	            # 'sed' command is a hack to work around broken arptables_jf
+	            #
+		    if ${arptables}-save | sed 's/-p[[:space:]]\+0\([[:digit:]]\)00\/ffff/-p 000\1\/ffff/' > ${VARDIR}/restore-$$; then
+			if grep -q '^-A' ${VARDIR}/restore-$$; then
+			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
+			else
+			    rm -f ${VARDIR}/restore-$$
+			fi
+		    fi
+		else
+		    if ${arptables}-save > ${VARDIR}/restore-$$; then
+			if grep -q '^-A' ${VARDIR}/restore-$$; then
+			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
+			else
+			    rm -f ${VARDIR}/restore-$$
+			fi
 		    fi
 		fi
 	    else
@@ -454,12 +533,28 @@ do_save() {
 		esac
 
 		if [ -n "$IPSET" ]; then
-		    if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
-			#
-			# Don't save an 'empty' file
-			#
-			grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
+		    if [ -n "$WORKAROUNDS" ]; then
+			if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
+			    #
+			    # The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
+			    #
+			    hack='| grep -v /31'
+			else
+			    hack=
+			fi
+
+			if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
+			    #
+			    # Don't save an 'empty' file
+			    #
+			    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
+			fi
 		    fi
+		elif eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
+		    #
+		    # Don't save an 'empty' file
+		    #
+		    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 		fi
 		;;
 	    [Nn]o|ipv4|ipv6)
@@ -1038,17 +1133,7 @@ show_command() {
 	log)
 	    [ $# -gt 2 ] && usage 1
 
-	    if [ -z "$LOGFILE" ]; then
-		LOGFILE=/var/log/messages
-
-		if [ -n "$(syslog_circular_buffer)" ]; then
-		    g_logread="logread | tac"
-		elif [ -r $LOGFILE ]; then
-		    g_logread="tac $LOGFILE"
-		else
-		    fatal_error "LOGFILE ($LOGFILE) does not exist!"
-		fi
-	    fi
+	    setup_logread
 
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
@@ -1427,17 +1512,7 @@ do_dump_command() {
 	esac
     done
 
-    if [ -z "$LOGFILE" ]; then
-	LOGFILE=/var/log/messages
-
-	if [ -n "$(syslog_circular_buffer)" ]; then
-	    g_logread="logread | tac"
-	elif [ -r $LOGFILE ]; then
-	    g_logread="tac $LOGFILE"
-	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
-	fi
-    fi
+    setup_logread
 
     g_ipt_options="$g_ipt_options $g_ipt_options1"
 
@@ -1592,7 +1667,7 @@ do_dump_command() {
 
     echo
 
-    ss -${g_family}tunap
+    qt mywhich ss && ss -${g_family}tunap || { qt mywhich netstat && netatat -tunap; }
 
     if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
@@ -3520,15 +3595,7 @@ get_config() {
 
     [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
-
-    if ( ps ax 2> /dev/null | grep -v grep |  qt grep 'syslogd.*-C' ) ; then
-	g_logread="logread | tac"
-    elif [ -r $LOGFILE ]; then
-	g_logread="tac $LOGFILE"
-    else
-	fatal_error "LOGFILE ($LOGFILE) does not exist!"
-    fi
+    setup_logread
     #
     # See if we have a real version of "tail" -- use separate redirection so
     # that ash (aka /bin/sh on LRP) doesn't crap
@@ -3590,7 +3657,13 @@ get_config() {
 	VERBOSITY=2
     fi
 
-    g_hostname=$(hostname 2> /dev/null)
+    if qt mywhich hostname; then
+	g_hostname=$(hostname 2> /dev/null)
+    elif qt mywhich uname; then
+	g_hostname=$(uname -n 2> /dev/null)
+    else
+	g_hostname=localhost
+    fi
 
     if [ -n "$IPSET" ]; then
 	case "$IPSET" in
@@ -3744,7 +3817,7 @@ start_command() {
 }
 
 #
-# Reload/Restart Command Executor
+# Restart Command Executor
 #
 restart_command() {
     local finished
@@ -3803,11 +3876,11 @@ restart_command() {
     [ -n "$g_nolock" ] || mutex_on
 
     if [ -x ${VARDIR}/firewall ]; then
-	run_it ${VARDIR}/firewall $g_debugging $COMMAND
+	run_it ${VARDIR}/firewall $g_debugging restart
 	rc=$?
     else
 	error_message "${VARDIR}/firewall is missing or is not executable"
-	logger -p kern.err "ERROR:$g_product $COMMAND failed"
+	logger -p kern.err "ERROR:$g_product restart failed"
 	rc=6
     fi
 
@@ -3969,6 +4042,7 @@ shorewall_cli() {
     g_refreshchains=:none:
     g_confess=
     g_update=
+    g_convert=
     g_annotate=
     g_recovering=
     g_timestamp=
@@ -3977,10 +4051,14 @@ shorewall_cli() {
     g_conditional=
     g_file=
     g_doing="Compiling"
+    g_directives=
     g_inline=
+    g_tcrules=
     g_counters=
     g_loopback=
     g_compiled=
+    g_routestopped=
+    g_notrack=
 
     VERBOSE=
     VERBOSITY=1
@@ -4159,7 +4237,7 @@ shorewall_cli() {
 	    run_it $g_firewall $g_debugging reset $@
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
-	reload|restart)
+	restart)
 	    get_config Yes Yes
 	    shift
 	    restart_command $@

Shorewall-core/lib.common

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -33,7 +33,7 @@ startup_error() # $* = Error Message
     echo "   ERROR: $@: Firewall state not changed" >&2
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
         echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
     fi
 
@@ -50,7 +50,7 @@ startup_error() # $* = Error Message
     esac
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
 
 	case $COMMAND in
 	    start)
@@ -71,35 +71,108 @@ startup_error() # $* = Error Message
 }
 
 #
-# Create the required option string and run the passed script using
+# Get the Shorewall version of the passed script
+#
+get_script_version() { # $1 = script
+    local temp
+    local version
+    local ifs
+    local digits
+    local verbosity
+
+    if [ -z "$WORKAROUNDS" -o "$g_compiled" = "$g_file" ]; then
+	#
+	# Unless WORKAROUNDS=No, either this script was just compiled or AUTOMAKE
+	# determined that re-compilation wasn't needed
+	#
+	temp="$SHOREWALL_VERSION"
+    else
+	verbosity="$VERBOSITY"
+	VERBOSITY=0
+
+	temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 )
+    fi
+
+    if [ -z "$temp" ]; then
+	version=0
+    else
+	temp=${temp%-*}
+	ifs=$IFS
+	IFS=.
+	temp=$(echo $temp)
+	IFS=$ifs
+	digits=0
+
+	for temp in $temp; do
+	    version=${version}$(printf '%02d' $temp)
+	    digits=$(($digits + 1))
+	    [ $digits -eq 3 ] && break
+	done
+    fi
+
+    echo $version
+
+    VERBOSITY="$verbosity"
+}
+
+#
+# Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
     local script
     local options
+    local version
 
     export VARDIR
 
     script=$1
     shift
 
-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
-	options="$1 -"
-	shift;
+    version=$(get_script_version $script)
+
+    if [ $version -lt 040408 ]; then
+	#
+	# Old script that doesn't understand 4.4.8 script options
+	#
+	export RESTOREFILE
+	export VERBOSITY
+	export NOROUTES=$g_noroutes
+	export PURGE=$g_purge
+	export TIMESTAMP=$g_timestamp
+	export RECOVERING=$g_recovering
+
+	case "$g_program" in
+	    *-lite)
+		#
+		# Shorewall Lite
+		#
+		export LOGFORMAT
+		export IPTABLES
+		;;
+	esac
     else
-	options='-'
+	#
+	# 4.4.8 or later -- no additional exports required
+	#
+	if [ x$1 = xtrace -o x$1 = xdebug ]; then
+	    options="$1 -"
+	    shift;
+	else
+	    options='-'
+	fi
+
+	[ -n "$g_noroutes" ]   && options=${options}n
+	[ -n "$g_timestamp" ]  && options=${options}t
+	[ -n "$g_purge" ]      && options=${options}p
+	[ -n "$g_recovering" ] && options=${options}r
+	[ -n "$g_counters" ]   && options=${options}c
+
+	options="${options}V $VERBOSITY"
+
+	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
     fi
 
-    [ -n "$g_noroutes" ]   && options=${options}n
-    [ -n "$g_timestamp" ]  && options=${options}t
-    [ -n "$g_purge" ]      && options=${options}p
-    [ -n "$g_recovering" ] && options=${options}r
-    [ -n "$g_counters" ]   && options=${options}c
-
-    options="${options}V $VERBOSITY"
-
-    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
-
     $SHOREWALL_SHELL $script $options $@
 }
 
@@ -499,9 +572,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name
+chain_exists() # $1 = chain name, $2 = table name (optional)
 {
-    qt1 $g_tool -L $1 -n
+    qt1 $g_tool -t ${2:-filter} -L $1 -n
 }
 
 #
@@ -709,12 +782,15 @@ mutex_on()
     local lockf
     lockf=${LOCKFILE:=${VARDIR}/lock}
     local lockpid
+    local lockd
 
     MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
 
     if [ $MUTEX_TIMEOUT -gt 0 ]; then
 
-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+	lockd=$(dirname $LOCKFILE)
+
+	[ -d "$lockd" ] || mkdir -p "$lockd"
 
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
@@ -734,6 +810,11 @@ mutex_on()
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
+	elif qt mywhich lock; then
+            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
+            chmod u+w ${lockf}
+            echo $$ > ${lockf}
+            chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1

Shorewall-core/shorewallrc.apple

@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.0 rc file
+# Apple OS X Shorewall 4.5 rc file
 #
 BUILD=apple
 HOST=apple

Shorewall-core/shorewallrc.archlinux

@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.0 rc file
+# Arch Linux Shorewall 4.5 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux

Shorewall-core/shorewallrc.cygwin

@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.0 rc file
+# Cygwin Shorewall 4.5 rc file
 #
 BUILD=cygwin
 HOST=cygwin

Shorewall-core/shorewallrc.debian.systemd

@@ -15,7 +15,7 @@ INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
 ANNOTATED=				#If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEFILE=$PRODUCT.service.debian	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR

Shorewall-core/shorewallrc.default

@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.0 rc file
+# Default Shorewall 4.5 rc file
 #
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system

Shorewall-core/shorewallrc.openwrt

@@ -0,0 +1,26 @@
+#
+# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
+#
+# Input: host=openwrt
+#
+HOST=openwrt
+PREFIX=/usr                             
+SHAREDIR=${PREFIX}/share                
+LIBEXECDIR=${PREFIX}/share              
+PERLLIBDIR=${PREFIX}/share/shorewall    
+CONFDIR=/etc                            
+SBINDIR=/sbin                           
+MANDIR=${PREFIX}/man                    
+INITDIR=/etc/init.d                     
+INITSOURCE=init.openwrt.sh
+INITFILE=$PRODUCT                       
+AUXINITSOURCE=
+AUXINITFILE=
+SERVICEDIR=                             
+SERVICEFILE=                            
+SYSCONFFILE=default.openwrt
+SYSCONFDIR=${CONFDIR}/sysconfig
+SPARSE=                                 
+ANNOTATED=                              
+VARLIB=/lib
+VARDIR=${VARLIB}/$PRODUCT               

Shorewall-core/shorewallrc.redhat

@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.0 rc file
+# RedHat/FedoraShorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat

Shorewall-core/shorewallrc.slackware

@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.0 rc file
+# Slackware Shorewall 4.5 rc file
 #
 BUILD=slackware
 HOST=slackware

Shorewall-core/shorewallrc.suse

@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.0 rc file
+# SuSE Shorewall 4.5 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse

Shorewall-init/init.debian.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #

Shorewall-init/init.sh

@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #

Shorewall-init/init.suse.sh

@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -38,7 +38,7 @@
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
+# 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured

Shorewall-init/install.sh

@@ -397,6 +397,7 @@ if [ $HOST = debian ]; then
 
 	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
 	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
+	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
     fi
 
     IFUPDOWN=ifupdown.debian.sh
@@ -490,7 +491,11 @@ esac
 if [ -z "$DESTDIR" ]; then
     if [ $configure -eq 1 -a -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if mywhich insserv; then
+	    if [ -n "$SERVICEDIR" ]; then
+		if systemctl enable ${PRODUCT}.service; then
+                    echo "Shorewall Init will start automatically at boot"
+		fi
+	    elif mywhich insserv; then
 		if insserv ${INITDIR}/shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
@@ -554,7 +559,7 @@ fi
 
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
 
-if [ -f ${DESTDIR}/etc/ppp ]; then
+if [ -d ${DESTDIR}/etc/ppp ]; then
     case $HOST in
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do

Shorewall-init/shorewall-init

@@ -1,5 +1,5 @@
 #!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
 #
 #	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #

Shorewall-init/shorewall-init.service

@@ -16,4 +16,4 @@ ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 
 [Install]
-WantedBy=network-pre.target
+WantedBy=basic.target

Shorewall-init/shorewall-init.service.214.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
@@ -15,3 +16,6 @@ EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
+
+[Install]
+WantedBy=basic.target

Shorewall-init/shorewall-init.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)

Shorewall-init/uninstall.sh

@@ -174,9 +174,13 @@ if [ -f "$INITSCRIPT" ]; then
     remove_file $INITSCRIPT
 fi
 
-if [ -n "$SYSTEMD" ]; then
+if [ -z "${SERVICEDIR}" ]; then
+    SERVICEDIR="$SYSTEMD"
+fi
+
+if [ -n "$SERVICEDIR" ]; then
     [ $configure -eq 1 ] && systemctl disable shorewall-init.service
-    rm -f $SYSTEMD/shorewall-init.service
+    rm -f $SERVICEDIR/shorewall-init.service
 fi
 
 [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
@@ -202,8 +206,10 @@ if [ -d ${CONFDIR}/ppp ]; then
     done
 
     for file in if-up.local if-down.local; do
-	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
-	    remove_file ${CONFDIR}/ppp/$FILE
+	if [ -f ${CONFDIR}/ppp/$file ]; then
+	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+		remove_file ${CONFDIR}/ppp/$FILE
+	    fi
 	fi
     done
 fi

Shorewall-lite/configpath

@@ -1,5 +1,5 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #

Shorewall-lite/install.sh

@@ -67,15 +67,6 @@ mywhich() {
     return 2
 }
 
-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
     echo
@@ -89,7 +80,28 @@ delete_file() # $1 = file to delete
 
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
+}
+
+make_directory() # $1 = directory , $2 = mode
+{
+    mkdir -p $1
+    chmod 755 $1
+    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
+
 }
 
 require()
@@ -187,7 +199,7 @@ elif [ -z "${VARDIR}" ]; then
     VARDIR=${VARLIB}/${PRODUCT}
 fi
 
-for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
     require $var
 done
 
@@ -201,8 +213,6 @@ PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 # Determine where to install the firewall script
 #
 cygwin=
-INSTALLD='-D'
-T='-T'
 
 if [ -z "$BUILD" ]; then
     case $(uname) in
@@ -245,6 +255,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=slackware
 	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ]; then
+		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -260,16 +272,16 @@ case $BUILD in
     apple)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
-	INSTALLD=
-	T=
 	;;
     *)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=root
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
 	;;
 esac
 
-OWNERSHIP="-o $OWNER -g $GROUP"
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
 
 [ -n "$HOST" ] || HOST=$BUILD
 
@@ -300,6 +312,9 @@ case "$HOST" in
     suse)
 	echo "Installing Suse-specific configuration..."
 	;;
+    openwrt)
+	echo "Installing OpenWRT-specific configuration..."
+	;;
     linux)
 	;;
     *)
@@ -316,8 +331,9 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
     fi
 
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+    make_directory ${DESTDIR}${SBINDIR} 755
+    make_directory ${DESTDIR}${INITDIR} 755
+
 else
     if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
@@ -357,7 +373,7 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
-[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
 
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 
@@ -399,7 +415,7 @@ fi
 if [ -n "$SERVICEDIR" ]; then
     mkdir -p ${DESTDIR}${SERVICEDIR}
     [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
     [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
     echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
 fi
@@ -421,9 +437,9 @@ fi
 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
-[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
+install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
 echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 
 #
@@ -438,7 +454,7 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
 for f in lib.* ; do
     if [ -f $f ]; then
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
     fi
 done
 
@@ -451,7 +467,7 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 
 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
 
 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -461,17 +477,17 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 #
 
 if [ -f modules ]; then
-    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
     echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 
 if [ -f helpers ]; then
-    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
     echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
     echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
@@ -482,17 +498,17 @@ done
 if [ -d manpages ]; then
     cd manpages
 
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
 
     for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
     done
 
     for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
     done
 
@@ -502,7 +518,7 @@ if [ -d manpages ]; then
 fi
 
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
     echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 
@@ -533,13 +549,13 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
     fi
 
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
     echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 
 if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
 fi
 
 if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
@@ -587,6 +603,13 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	else
 	    cant_autostart
 	fi
+    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+	/etc/init.d/$PRODUCT enable
+	if /etc/init.d/$PRODUCT enabled; then
+            echo "$PRODUCT will start automatically at boot"
+	else
+            cant_autostart
+	fi
     elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
 	cant_autostart
     fi

Shorewall-lite/manpages/shorewall-lite.xml

@@ -329,21 +329,6 @@
       <arg choice="plain"><replaceable>address</replaceable></arg>
     </cmdsynopsis>
 
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>reload</option></arg>
-
-      <arg><option>-n</option></arg>
-
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
-    </cmdsynopsis>
-
     <cmdsynopsis>
       <command>shorewall-lite</command>
 
@@ -723,7 +708,6 @@
           <para>If <option>-f</option> is given, the command will be processed
           by the compiled script that executed the last successful <emphasis
           role="bold">start</emphasis>, <emphasis
-          role="bold">reload</emphasis>, <emphasis
           role="bold">restart</emphasis> or <emphasis
           role="bold">refresh</emphasis> command if that script exists.</para>
         </listitem>
@@ -1042,32 +1026,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
-        [-<option>C</option>]</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0, <emphasis
-          role="bold">reload</emphasis> is similar to <emphasis
-          role="bold">shorewall-lite start</emphasis> except that it assumes
-          that the firewall is already started. Existing connections are
-          maintained.</para>
-
-          <para>The <option>-n</option> option causes Shorewall-lite to avoid
-          updating the routing table(s).</para>
-
-          <para>The <option>-p</option> option causes the connection tracking
-          table to be flushed; the <command>conntrack</command> utility must
-          be installed to use this option.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
-          If the specified (or implicit) firewall script is the one that
-          generated the current running configuration, then the running
-          netfilter configuration will be reloaded as is so as to preserve the
-          iptables packet and byte counters.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
         ...]</emphasis><acronym/></term>
@@ -1085,10 +1043,9 @@
         [-<option>C</option>]</term>
 
         <listitem>
-          <para>Beginning with Shorewall 5.0.0, this command performs a true
-          restart. The firewall is completely stopped as if a
-          <command>stop</command> command had been issued then it is started
-          again.</para>
+          <para>Restart is similar to <emphasis role="bold">shorewall-lite
+          start</emphasis> except that it assumes that the firewall is already
+          started. Existing connections are maintained.</para>
 
           <para>The <option>-n</option> option causes Shorewall-lite to avoid
           updating the routing table(s).</para>

Shorewall-lite/shorewall-lite.conf

@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.

Shorewall-lite/shorewall-lite.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
@@ -16,7 +17,6 @@ EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
-ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 
 [Install]
 WantedBy=basic.target

Shorewall-lite/uninstall.sh

@@ -168,7 +168,15 @@ if [ $configure -eq 1 ]; then
 fi
 
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    if [ $HOST = openwrt ]; then
+	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
+	    /etc/init.d/shorewall-lite disable
+	fi
+	
+	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
+    else
+	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    fi
 elif [ -n "$INITFILE" ]; then
     FIREWALL=${INITDIR}/${INITFILE}
 fi
@@ -187,9 +195,11 @@ if [ -f "$FIREWALL" ]; then
     remove_file $FIREWALL
 fi
 
-if [ -n "$SYSTEMD" ]; then
+[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"
+
+if [ -n "$SERVICEDIR" ]; then
     [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
-    rm -f $SYSTEMD/shorewall-lite.service
+    rm -f $SERVICEDIR/shorewall-lite.service
 fi
 
 rm -f ${SBINDIR}/shorewall-lite
@@ -199,6 +209,7 @@ rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXECDIR}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
+rm -f  ${SYSCONFDIR}/shorewall-lite
 
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*

Shorewall/INSTALL

@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 
 -----------------------------------------------------------------------------

Shorewall/Macros/macro.AMQP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - AMQP Macro
+# Shorewall version 4 - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Audited AllowICMPs Macro
+# Shorewall version 4 - Audited AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.A_AllowICMPs
 #

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Audited DropDNSrep Macro
+# Shorewall version 4 - Audited DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.A_DropDNSrep
 #

Shorewall/Macros/macro.A_DropUPnP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ADropUPnP Macro
+# Shorewall version 4 - ADropUPnP Macro
 #
 # /usr/share/shorewall/macro.A_DropUPnP
 #

Shorewall/Macros/macro.ActiveDir

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Samba 4 Macro
+# Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #

Shorewall/Macros/macro.AllowICMPs

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - AllowICMPs Macro
+# Shorewall version 4 - AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.AllowICMPs
 #

Shorewall/Macros/macro.Amanda

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Amanda Macro
+# Shorewall version 4 - Amanda Macro
 #
 # /usr/share/shorewall/macro.Amanda
 #

Shorewall/Macros/macro.Auth

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Auth Macro
+# Shorewall version 4 - Auth Macro
 #
 # /usr/share/shorewall/macro.Auth
 #

Shorewall/Macros/macro.BGP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BGP Macro
+# Shorewall version 4 - BGP Macro
 #
 # /usr/share/shorewall/macro.BGP
 #

Shorewall/Macros/macro.BLACKLIST

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - blacklist Macro
+# Shorewall version 4 - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #

Shorewall/Macros/macro.BitTorrent

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BitTorrent Macro
+# Shorewall version 4 - BitTorrent Macro
 #
 # /usr/share/shorewall/macro.BitTorrent
 #

Shorewall/Macros/macro.BitTorrent32

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BitTorrent 3.2 Macro
+# Shorewall version 4 - BitTorrent 3.2 Macro
 #
 # /usr/share/shorewall/macro.BitTorrent32
 #

Shorewall/Macros/macro.CVS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - CVS Macro
+# Shorewall version 4 - CVS Macro
 #
 # /usr/share/shorewall/macro.CVS
 #

Shorewall/Macros/macro.Citrix

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Citrix/ICA Macro
+# Shorewall version 4 - Citrix/ICA Macro
 #
 # /usr/share/shorewall/macro.Citrix
 #

Shorewall/Macros/macro.DAAP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DAAP Macro
+# Shorewall version 4 - DAAP Macro
 #
 # /usr/share/shorewall/macro.DAAP
 #

Shorewall/Macros/macro.DCC

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DCC Macro
+# Shorewall version 4 - DCC Macro
 #
 # /usr/share/shorewall/macro.DCC
 #

Shorewall/Macros/macro.DHCPfwd

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DHCPfwd Macro
+# Shorewall version 4 - DHCPfwd Macro
 #
 # /usr/share/shorewall/macro.DHCPfwd
 #

Shorewall/Macros/macro.DNS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DNS Macro
+# Shorewall version 4 - DNS Macro
 #
 # /usr/share/shorewall/macro.DNS
 #

Shorewall/Macros/macro.Distcc

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Distcc Macro
+# Shorewall version 4 - Distcc Macro
 #
 # /usr/share/shorewall/macro.Distcc
 #

Shorewall/Macros/macro.Drop

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Drop Macro
+# Shorewall version 4 - Drop Macro
 #
 # /usr/share/shorewall/macro.Drop
 #

Shorewall/Macros/macro.DropDNSrep

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DropDNSrep Macro
+# Shorewall version 4 - DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.DropDNSrep
 #

Shorewall/Macros/macro.DropUPnP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DropUPnP Macro
+# Shorewall version 4 - DropUPnP Macro
 #
 # /usr/share/shorewall/macro.DropUPnP
 #

Shorewall/Macros/macro.Edonkey

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Edonkey Macro
+# Shorewall version 4 - Edonkey Macro
 #
 # /usr/share/shorewall/macro.Edonkey
 #

Shorewall/Macros/macro.FTP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - FTP Macro
+# Shorewall version 4 - FTP Macro
 #
 # /usr/share/shorewall/macro.FTP
 #

Shorewall/Macros/macro.Finger

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Finger Macro
+# Shorewall version 4 - Finger Macro
 #
 # /usr/share/shorewall/macro.Finger
 #

Shorewall/Macros/macro.GNUnet

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - GNUnet Macro
+# Shorewall version 4 - GNUnet Macro
 #
 # /usr/share/shorewall/macro.GNUnet
 #

Shorewall/Macros/macro.GRE

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - GRE Macro
+# Shorewall version 4 - GRE Macro
 #
 # /usr/share/shorewall/macro.GRE
 #

Shorewall/Macros/macro.Git

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Git Macro
+# Shorewall version 4 - Git Macro
 #
 # /usr/share/shorewall/macro.Git
 #

Shorewall/Macros/macro.Gnutella

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Gnutella Macro
+# Shorewall version 4 - Gnutella Macro
 #
 # /usr/share/shorewall/macro.Gnutella
 #

Shorewall/Macros/macro.Goto-Meeting

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Citrix/Goto Meeting macro
+# Shorewall version 4 - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter

Shorewall/Macros/macro.HKP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HKP Macro
+# Shorewall version 4 - HKP Macro
 #
 # /usr/share/shorewall/macro.HKP
 #

Shorewall/Macros/macro.HTTP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HTTP Macro
+# Shorewall version 4 - HTTP Macro
 #
 # /usr/share/shorewall/macro.HTTP
 #

Shorewall/Macros/macro.HTTPS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HTTPS Macro
+# Shorewall version 4 - HTTPS Macro
 #
 # /usr/share/shorewall/macro.HTTPS
 #

Shorewall/Macros/macro.ICPV2

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ICPV2 Macro
+# Shorewall version 4 - ICPV2 Macro
 #
 # /usr/share/shorewall/macro.ICPV2
 #

Shorewall/Macros/macro.ICQ

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ICQ Macro
+# Shorewall version 4 - ICQ Macro
 #
 # /usr/share/shorewall/macro.ICQ
 #

Shorewall/Macros/macro.ILO

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ILO Macro
+# Shorewall version 4 - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #

Shorewall/Macros/macro.IMAP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IMAP Macro
+# Shorewall version 4 - IMAP Macro
 #
 # /usr/share/shorewall/macro.IMAP
 #

Shorewall/Macros/macro.IMAPS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IMAPS Macro
+# Shorewall version 4 - IMAPS Macro
 #
 # /usr/share/shorewall/macro.IMAPS
 #

Shorewall/Macros/macro.IPIP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPIP Macro
+# Shorewall version 4 - IPIP Macro
 #
 # /usr/share/shorewall/macro.IPIP
 #

Shorewall/Macros/macro.IPMI

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPMI Macro
+# Shorewall version 4 - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #

Shorewall/Macros/macro.IPPbrd

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPP Broadcast Macro
+# Shorewall version 4 - IPP Broadcast Macro
 #
 # /usr/share/shorewall/macro.IPPbrd
 #

Shorewall/Macros/macro.IPPserver

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPPserver Macro
+# Shorewall version 4 - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #

Shorewall/Macros/macro.IPsec

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsec Macro
+# Shorewall version 4 - IPsec Macro
 #
 # /usr/share/shorewall/macro.IPsec
 #

Shorewall/Macros/macro.IPsecah

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsecah Macro
+# Shorewall version 4 - IPsecah Macro
 #
 # /usr/share/shorewall/macro.IPsecah
 #

Shorewall/Macros/macro.IPsecnat

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsecnat Macro
+# Shorewall version 4 - IPsecnat Macro
 #
 # /usr/share/shorewall/macro.IPsecnat
 #

Shorewall/Macros/macro.IRC

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 IRC Macro
+# Shorewall version 4 IRC Macro
 #
 # /usr/share/shorewall/macro.IRC
 #

Shorewall/Macros/macro.JAP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - JAP Macro
+# Shorewall version 4 - JAP Macro
 #
 # /usr/share/shorewall/macro.JAP
 #

Shorewall/Macros/macro.Jabber

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Jabber Macro
+# Shorewall version 4 - Jabber Macro
 #
 # /usr/share/shorewall/macro.Jabber
 #

Shorewall/Macros/macro.JabberPlain

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - JabberPlain Macro
+# Shorewall version 4 - JabberPlain Macro
 #
 # /usr/share/shorewall/macro.JabberPlain
 #

Shorewall/Macros/macro.JabberSecure

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - JabberSecure (SSL) Macro
+# Shorewall version 4 - JabberSecure (SSL) Macro
 #
 # /usr/share/shorewall/macro.JabberSecure
 #

Shorewall/Macros/macro.Kerberos

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Kerberos Macro
+# Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #

Shorewall/Macros/macro.L2TP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - L2TP Macro
+# Shorewall version 4 - L2TP Macro
 #
 # /usr/share/shorewall/macro.L2TP
 #

Shorewall/Macros/macro.LDAP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - LDAP Macro
+# Shorewall version 4 - LDAP Macro
 #
 # /usr/share/shorewall/macro.LDAP
 #

Shorewall/Macros/macro.LDAPS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - LDAPS Macro
+# Shorewall version 4 - LDAPS Macro
 #
 # /usr/share/shorewall/macro.LDAPS
 #

Shorewall/Macros/macro.MSNP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MSNP Macro
+# Shorewall version 4 - MSNP Macro
 #
 # /usr/share/shorewall/macro.MSNP
 #

Shorewall/Macros/macro.MSSQL

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MSSQL Macro
+# Shorewall version 4 - MSSQL Macro
 #
 # /usr/share/shorewall/macro.MSSQL
 #

Shorewall/Macros/macro.Mail

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Mail Macro
+# Shorewall version 4 - Mail Macro
 #
 # /usr/share/shorewall/macro.Mail
 #

Shorewall/Macros/macro.MongoDB

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MongoDB Macro
+# Shorewall version 4 - MongoDB Macro
 #
 # /usr/share/shorewall/macro.MongoDB
 #

Shorewall/Macros/macro.Munin

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Munin Macro
+# Shorewall version 4 - Munin Macro
 #
 # /usr/share/shorewall/macro.Munin
 #

Shorewall/Macros/macro.MySQL

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MySQL Macro
+# Shorewall version 4 - MySQL Macro
 #
 # /usr/share/shorewall/macro.MySQL
 #

Shorewall/Macros/macro.NNTP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 NNTP Macro
+# Shorewall version 4 NNTP Macro
 #
 # /usr/share/shorewall/macro.NNTP
 #

Shorewall/Macros/macro.NNTPS

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 NNTPS Macro
+# Shorewall version 4 NNTPS Macro
 #
 # /usr/share/shorewall/macro.NNTPS
 #

Shorewall/Macros/macro.NTP

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - NTP Macro
+# Shorewall version 4 - NTP Macro
 #
 # /usr/share/shorewall/macro.NTP
 #

Shorewall/Macros/macro.NTPbi

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - NTPbi Macro
+# Shorewall version 4 - NTPbi Macro
 #
 # /usr/share/shorewall/macro.NTPbi
 #

Shorewall/Macros/macro.NTPbrd

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - NTPbrd Macro
+# Shorewall version 4 - NTPbrd Macro
 #
 # /usr/share/shorewall/macro.NTPbrd
 #

Shorewall/Macros/macro.OSPF

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - OSPF Macro
+# Shorewall version 4 - OSPF Macro
 #
 # /usr/share/shorewall/macro.OSPF
 #

Shorewall/Macros/macro.OpenVPN

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - OpenVPN Macro
+# Shorewall version 4 - OpenVPN Macro
 #
 # /usr/share/shorewall/macro.OpenVPN Macro
 #

Shorewall/Macros/macro.PCA

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - PCA Macro
+# Shorewall version 4 - PCA Macro
 #
 # /usr/share/shorewall/macro.PCA
 #