Clarify DEST column in DNAT rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
One more manual with BROADCAST columns
2014-06-04 15:01:39 -07:00 · 2014-06-04 14:55:23 -07:00 · 2014-06-04 14:43:13 -07:00 · 2014-06-02 14:22:40 -07:00
481 changed files with 7861 additions and 12427 deletions
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -28,7 +28,7 @@
 #
 # Build updates this
 #
-VERSION=4.6.12
+VERSION=4.5.2.1
 case "$BASH_VERSION" in
    [4-9].*)
@@ -102,7 +102,7 @@ if [ -z "$vendor" ]; then
 		vendor=redhat
 		;;
 	    debian|ubuntu)
-		ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit
+		vendor=debian
 		;;
 	    opensuse)
 		vendor=suse
@@ -130,7 +130,7 @@ if [ -z "$vendor" ]; then
 	*)
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
-		rcfile=shorewallrc.debian.sysvinit
+		rcfile=shorewallrc.debian
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
@@ -195,10 +195,6 @@ elif [ -n "${options[VARDIR]}" ]; then
    fi
 fi
 if [ -z "${options[SERVICEDIR]}" ]; then
    options[SERVICEDIR]="${options[SYSTEMD]}"
 fi
 for on in \
    HOST \
    PREFIX \
@@ -213,7 +209,7 @@ for on in \
    INITFILE \
    AUXINITSOURCE \
    AUXINITFILE \
-    SERVICEDIR \
+    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -31,7 +31,7 @@ use strict;
 # Build updates this
 #
 use constant {
-    VERSION => '4.6.12'
+    VERSION => '4.5.2.1'
 };
 my %params;
@@ -68,16 +68,14 @@ unless ( defined $vendor ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
+	} elsif ( $id eq 'ubuntu' ) {
-	    my $init = `ls -l /sbin/init`;
+	    $vendor = 'debian';
 	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
    $params{HOST} =~ s/\..*//;
 }
 if ( defined $vendor ) {
@@ -86,7 +84,7 @@ if ( defined $vendor ) {
 } else {
    if ( -f '/etc/debian_version' ) {
 	$vendor = 'debian';
-	$rcfilename = 'shorewallrc.debian.sysvinit';
+	$rcfilename = 'shorewallrc.debian';
    } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
@@ -102,7 +100,7 @@ if ( defined $vendor ) {
    } elsif ( `uname` =~ '^Darwin' ) {
 	$vendor = 'apple';
 	$rcfilename = 'shorewallrc.apple';
-    } elsif ( `uname` =~ /^Cygwin/i ) {
+    } elsif ( `uname` =~ '^Cygwin' ) {
 	$vendor = 'cygwin';
 	$rcfilename = 'shorewallrc.cygwin';
    } else {
@@ -119,7 +117,7 @@ my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
 if ( $vendor eq 'linux' ) {
    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 } else {
-    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
+    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $vendor, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 }
 open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
@@ -156,8 +154,6 @@ if ( $options{VARLIB} ) {
    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
 }
 $options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
 for ( qw/ HOST
 	  PREFIX
 	  SHAREDIR
@@ -171,8 +167,8 @@ for ( qw/ HOST
 	  INITFILE
 	  AUXINITSOURCE
 	  AUXINITFILE
-	  SERVICEDIR
+	  SYSTEMD
-	  SERVICEFILE
+          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
 	  SPARSE
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -187,7 +187,7 @@ INSTALLD='-D'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
@@ -198,7 +198,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
@@ -329,13 +329,9 @@ if [ -n "${SYSCONFDIR}" ]; then
    chmod 755 ${DESTDIR}${SYSCONFDIR}
 fi
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "${SYSTEMD}" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
-fi
+    chmod 755 ${DESTDIR}${SYSTEMD}
 if [ -n "${SERVICEDIR}" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    chmod 755 ${DESTDIR}${SERVICEDIR}
 fi
 mkdir -p ${DESTDIR}${SBINDIR}
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+# Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -75,24 +75,6 @@ elif [ -z "${VARDIR}" ]; then
    VARDIR="${VARLIB}/${PRODUCT}"
 fi
 #
 # Fatal Error
 #
 fatal_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 2
 }
 #
 # Not configured Error
 #
 not_configured_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 6
 }
 #
 # Conditionally produce message
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -71,35 +71,98 @@ startup_error() # $* = Error Message
 }
 #
-# Create the required option string and run the passed script using
+# Get the Shorewall version of the passed script
 #
 get_script_version() { # $1 = script
    local temp
    local version
    local ifs
    local digits
    local verbosity
    verbosity="$VERBOSITY"
    VERBOSITY=0
    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )
    if [ -z "$temp" ]; then
 	version=0
    else
 	ifs=$IFS
 	IFS=.
 	temp=$(echo $temp)
 	IFS=$ifs
 	digits=0
 	for temp in $temp; do
 	    version=${version}$(printf '%02d' $temp)
 	    digits=$(($digits + 1))
 	    [ $digits -eq 3 ] && break
 	done
    fi
    echo $version
    VERBOSITY="$verbosity"
 }
 #
 # Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
    local script
    local options
    local version
    export VARDIR
    script=$1
    shift
-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
+    version=$(get_script_version $script)
-	options="$1 -"
+
-	shift;
+    if [ $version -lt 040408 ]; then
 	#
 	# Old script that doesn't understand 4.4.8 script options
 	#
 	export RESTOREFILE
 	export VERBOSITY
 	export NOROUTES=$g_noroutes
 	export PURGE=$g_purge
 	export TIMESTAMP=$g_timestamp
 	export RECOVERING=$g_recovering
 	case "$g_program" in
 	    *-lite)
 		#
 		# Shorewall Lite
 		#
 		export LOGFORMAT
 		export IPTABLES
 		;;
 	esac
    else
-	options='-'
+	#
 	# 4.4.8 or later -- no additional exports required
 	#
 	if [ x$1 = xtrace -o x$1 = xdebug ]; then
 	    options="$1 -"
 	    shift;
 	else
 	    options='-'
 	fi
 	[ -n "$g_noroutes" ]   && options=${options}n
 	[ -n "$g_timestamp" ]  && options=${options}t
 	[ -n "$g_purge" ]      && options=${options}p
 	[ -n "$g_recovering" ] && options=${options}r
 	options="${options}V $VERBOSITY"
 	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    fi
    [ -n "$g_noroutes" ]   && options=${options}n
    [ -n "$g_timestamp" ]  && options=${options}t
    [ -n "$g_purge" ]      && options=${options}p
    [ -n "$g_recovering" ] && options=${options}r
    [ -n "$g_counters" ]   && options=${options}c
    options="${options}V $VERBOSITY"
    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    $SHOREWALL_SHELL $script $options $@
 }
@@ -109,7 +172,6 @@ run_it() {
 error_message() # $* = Error Message
 {
   echo "   $@" >&2
   return 1
 }
 #
@@ -147,17 +209,6 @@ split() {
    IFS=$ifs
 }
 #
 # Split a comma-separated list into a space-separated list
 #
 split_list() {
    local ifs
    ifs=$IFS
    IFS=,
    echo $*
    IFS=$ifs
 }
 #
 # Search a list looking for a match -- returns zero if a match found
 # 1 otherwise
@@ -321,7 +372,7 @@ reload_kernel_modules() {
 	moduleloader=insmod
    fi
-    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
+    [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]
    [ -z "$MODULESDIR" ] && \
 	uname=$(uname -r) && \
@@ -360,7 +411,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	moduleloader=insmod
    fi
-    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
+    [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
    [ -z "$MODULESDIR" ] && \
 	uname=$(uname -r) && \
@@ -499,9 +550,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name, $2 = table name (optional)
+chain_exists() # $1 = chain name
 {
-    qt1 $g_tool -t ${2:-filter} -L $1 -n
+    qt1 $g_tool -L $1 -n
 }
 #
@@ -592,24 +643,6 @@ find_first_interface_address_if_any() # $1 = interface
    fi
 }
 #
 #Determines if the passed interface is a loopback interface
 #
 loopback_interface() { #$1 = Interface name
    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
 }
 #
 # Find Loopback Interfaces
 #
 find_loopback_interfaces() {
    local interfaces
    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
    [ -n "$interfaces" ] && echo $interfaces || echo lo
 }
 #
 # Internal version of 'which'
 #
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.0 rc file
+# Apple OS X Shorewall 4.5 rc file
 #
 BUILD=apple
 HOST=apple
@@ -14,7 +14,7 @@ INITDIR=                               #Unused on OS X
 INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
-SERVICEDIR=                            #Unused on OS X
+SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.0 rc file
+# Arch Linux Shorewall 4.5 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
@@ -8,14 +8,14 @@ SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/bin                       #Directory where system administration programs are installed
+SBINDIR=/usr/sbin                      #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
 INITDIR=                               #Directory where SysV init scripts are installed.
 INITFILE=                              #Name of the product's installed SysV init script
 INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.0 rc file
+# Cygwin Shorewall 4.5 rc file
 #
 BUILD=cygwin
 HOST=cygwin
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                   #Unused on Cygwin
 INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
-SERVICEDIR=                           #Unused on Cygwin
+SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -15,9 +15,9 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,23 +0,0 @@
 #
 # Debian Shorewall 4.5 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
 PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
 CONFDIR=/etc				#Directory where subsystem configurations are installed
 SBINDIR=/sbin				#Directory where system administration programs are installed
 MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
 INITDIR=				#Directory where SysV init scripts are installed.
 INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
 ANNOTATED=				#If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.0 rc file
+# Default Shorewall 4.5 rc file
 #
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                     #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.0 rc file
+# RedHat/FedoraShorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
@@ -14,7 +14,7 @@ INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.0 rc file
+# Slackware Shorewall 4.5 rc file
 #
 BUILD=slackware
 HOST=slackware
@@ -15,7 +15,7 @@ AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be i
 AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.0 rc file
+# SuSE Shorewall 4.5 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
@@ -8,13 +8,13 @@ CONFDIR=/etc                                          #Directory where subsystem
 SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
-SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
+SBINDIR=/sbin                                         #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
 INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                                     #Name of the product's SysV init script
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -35,12 +35,6 @@ usage() # $1 = exit status
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -28,7 +28,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -31,7 +31,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x "$STATEDIR/firewall" ]; then
 	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -28,7 +28,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -71,12 +71,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
    else
 	return 0
    fi
 }
@@ -105,33 +103,26 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-              #
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	      # Run in a sub-shell to avoid name collisions
+          #
-	      #
+	  # Run in a sub-shell to avoid name collisions
-	      (
+	  #
-		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+	  ( 
-		      ${STATEDIR}/firewall ${OPTIONS} stop
+	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  fi
+		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || echo_notdone
-	      )
+	      else
-	  fi
+		  echo_notdone
 	      fi
 	  )
      else
 	  echo echo_notdone
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      echo -n "Restoring ipsets: "
      if ! ipset -R < "$SAVE_IPSETS"; then
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
@@ -142,29 +133,15 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  fi
+	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || echo_notdone
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" ]; then
      echo "Saving ipsets: "
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -42,7 +42,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	${SBINDIR}/$PRODUCT $OPTIONS compile -c
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
@@ -67,12 +67,12 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-    else
+	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-	return 0
+	fi
    fi
 }
@@ -83,11 +83,11 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+      if [ -x ${STATEDIR}/firewall ]; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      fi
+	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
 	  fi
      fi
  done
@@ -106,10 +106,10 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/firewall ]; then
-	  fi
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
      fi
  done
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -38,7 +38,7 @@
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
+# 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
@@ -77,12 +77,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
    else
 	return 0
    fi
 }
@@ -93,12 +91,14 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x $STATEDIR/firewall ]; then
+
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+      if [ -x $STATEDIR/firewall ]; then
-		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      fi
+	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
 	  fi
      else
 	  exit 6
      fi
  done
@@ -114,10 +114,12 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/firewall ]; then
-	  fi
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
      else
 	  exit 6
      fi
  done
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -35,7 +35,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -106,12 +105,9 @@ PRODUCT=shorewall-init
 T='-T'
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-    option="$1"
+    case "$1" in
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -124,10 +120,6 @@ while [ $finished -eq 0 ] ; do
 			echo "Shorewall-init Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -184,12 +176,8 @@ for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "$SANDBOX" ] && configure=0
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 [ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
 if [ -z "$BUILD" ]; then
    case $(uname) in
 	cygwin*)
@@ -203,7 +191,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID=)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian|ubuntu)
@@ -318,7 +306,6 @@ fi
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
    mkdir -p ${DESTDIR}${INITDIR}
    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
@@ -332,17 +319,13 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
-    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
+    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
@@ -381,22 +364,16 @@ fi
 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
-	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
+	mkdir -p ${DESTDIR}/etc/network/if-up.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
+	mkdir -p ${DESTDIR}/etc/network/if-down.d/
 	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
    elif [ $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
    fi
-    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
+    if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
-	    mkdir ${DESTDIR}${ETC}/default
+	    mkdir ${DESTDIR}/etc/default
 	fi
-	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
+	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
 	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
    fi
    IFUPDOWN=ifupdown.debian.sh
@@ -406,13 +383,13 @@ else
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
+		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    else
-		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
+		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
@@ -438,29 +415,17 @@ mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
+    install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
 case $HOST in
    debian)
-	if [ $configure -eq 1 ]; then
+	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	else
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
 	fi
 	;;
    suse)
 	if [ -z "$RPM" ]; then
 	    if [ $configure -eq 0 ]; then
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
 	    fi
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
 	fi
@@ -488,7 +453,7 @@ case $HOST in
 esac
 if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
 	    if mywhich insserv; then
 		if insserv ${INITDIR}/shorewall-init; then
@@ -511,7 +476,7 @@ if [ -z "$DESTDIR" ]; then
 	    # not by the installer
 	    /bin/true
 	else
-	    if [ -n "$SERVICEDIR" ]; then
+	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable shorewall-init.service; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
@@ -540,7 +505,7 @@ if [ -z "$DESTDIR" ]; then
 	fi
    fi
 else
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,19 +1,18 @@
-#!/bin/bash
+#! /bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	On most distributions, this file should be called
+#       On most distributions, this file should be called /etc/init.d/shorewall.
 #	/etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is part of Shorewall.
+#       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by
+#	it under the terms of the GNU General Public License as published by the
-#	the Free Software Foundation, either version 2 of the license or,
+#       Free Software Foundation, either version 2 of the license or, at your
-#	at your option, any later version.
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,7 +22,7 @@
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
-###############################################################################
+#########################################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
@@ -31,12 +30,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
    else
 	return 0
    fi
 }
@@ -49,7 +46,7 @@ setstatedir() {
 if [ -f "$SYSCONFDIR/shorewall-init" ]; then
    . $SYSCONFDIR/shorewall-init
    if [ -z "$PRODUCTS" ]; then
-	echo "ERROR: No products configured" >&2
+        echo "ERROR: No products configured" >&2
 	exit 1
    fi
 else
@@ -59,66 +56,70 @@ fi
 # Initialize the firewall
 shorewall_start () {
-    local PRODUCT
+  local PRODUCT
-    local STATEDIR
+  local STATEDIR
-    echo -n "Initializing \"Shorewall-based firewalls\": "
+  echo -n "Initializing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
+      setstatedir
 	    if [ -x ${STATEDIR}/firewall ]; then
 		#
 		# Run in a sub-shell to avoid name collisions
 		#
 		(
 		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 			${STATEDIR}/firewall ${OPTIONS} stop
 		    fi
 		)
 	    fi
 	fi
    done
-    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	ipset -R < "$SAVE_IPSETS"
+          #
-    fi
+	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
      else
 	  exit 1
      fi
  done
-    return 0
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 # Clear the firewall
 shorewall_stop () {
-    local PRODUCT
+  local PRODUCT
-    local STATEDIR
+  local STATEDIR
-    echo -n "Clearing \"Shorewall-based firewalls\": "
+  echo -n "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
+      setstatedir
 	    if [ -x ${STATEDIR}/firewall ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	fi
    done
-    if [ -n "$SAVE_IPSETS" ]; then
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
+	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
+      fi
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+  done
 	fi
    fi
-    return 0
+  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      fi
  fi
  return 0
 }
 case "$1" in
-    start)
+  start)
-	shorewall_start
+     shorewall_start
-	;;
+     ;;
-    stop)
+  stop)
-	shorewall_stop
+     shorewall_stop
-	;;
+     ;;
-    *)
+  *)
-	echo "Usage: $0 {start|stop}"
+     echo "Usage: $0 {start|stop}"
-	exit 1
+     exit 1
 esac
 exit 0
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -1,10 +1,11 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
-Description=Shorewall firewall (bootup security)
+Description=Shorewall IPv4 firewall
 After=syslog.target
 Before=network.target
 [Service]
@@ -12,8 +13,8 @@ Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
+ExecStart=/sbin/shorewall-init $OPTIONS start
-ExecStop=/sbin/shorewall-init stop
+ExecStop=/sbin/shorewall-init $OPTIONS stop
 [Install]
-WantedBy=network-pre.target
+WantedBy=multi-user.target
--- a/Shorewall-init/shorewall-init.service.214
+++ b/Shorewall-init/shorewall-init.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/shorewall-init.service.214.debian
+++ b/Shorewall-init/shorewall-init.service.214.debian
@@ -1,17 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
--- a/Shorewall-init/shorewall-init.service.debian
+++ b/Shorewall-init/shorewall-init.service.debian
@@ -1,19 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+\#!/bin/sh
 #
 # Script to back uninstall Shoreline Firewall
 #
@@ -35,12 +35,6 @@ usage() # $1 = exit status
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
@@ -75,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -156,29 +114,22 @@ fi
 echo "Uninstalling Shorewall Init $VERSION"
 [ -n "$SANDBOX" ] && configure=0
 INITSCRIPT=${CONFDIR}/init.d/shorewall-init
 if [ -f "$INITSCRIPT" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-init remove
-	    updaterc.d shorewall-init remove
+    elif mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $INITSCRIPT
-            insserv -r $INITSCRIPT
+    elif mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $INITSCRIPT)
-	    chkconfig --del $(basename $INITSCRIPT)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-init
    fi
    remove_file $INITSCRIPT
 fi
 if [ -n "$SYSTEMD" ]; then
    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
    rm -f $SYSTEMD/shorewall-init.service
 fi
 [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
 [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
@@ -208,9 +159,8 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
 fi
 rm -f  ${SBINDIR}/shorewall-init
 rm -rf ${SHAREDIR}/shorewall-init
-rm -rf ${LIBEXECDIR}/shorewall-init
+rm -rf ${LIBEXEC}/shorewall-init
 echo "Shorewall Init Uninstalled"
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -1,5 +1,5 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -39,7 +39,7 @@ fi
 start() {
    echo -n $"Starting Shorewall: "
-    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS start 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
@@ -69,7 +69,7 @@ restart() {
 # Note that we don't simply stop and start since shorewall has a built in
 # restart which stops the firewall if running and then starts it.
    echo -n $"Restarting Shorewall: "
-    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS restart 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -30,7 +30,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -114,13 +113,9 @@ fi
 # Parse the run line
 #
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-
+    case "$1" in
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -133,10 +128,6 @@ while [ $finished -eq 0 ] ; do
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -195,8 +186,6 @@ done
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 [ -n "$SANDBOX" ] && configure=0
 #
 # Determine where to install the firewall script
 #
@@ -206,7 +195,7 @@ T='-T'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
@@ -217,7 +206,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
@@ -253,7 +242,7 @@ if [ -z "$BUILD" ]; then
 fi
 case $BUILD in
-    cygwin*|CYGWIN*)
+    cygwin*)
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
@@ -357,7 +346,6 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
 [ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
@@ -370,7 +358,7 @@ mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
 mkdir -p ${DESTDIR}${VARDIR}
 chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
-chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+chmod 755 ${DESTDIR}/usr/share/$PRODUCT
 if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
@@ -381,7 +369,7 @@ fi
 if [ -n "$INITFILE" ]; then
    if [ -f "${INITSOURCE}" ]; then
-	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
+	initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
 	install_file ${INITSOURCE} "$initfile" 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
@@ -392,16 +380,12 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi
 #
 # Install the config file
@@ -482,18 +466,18 @@ done
 if [ -d manpages ]; then
    cd manpages
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
    done
    for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
    done
    cd ..
@@ -515,7 +499,7 @@ chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 # Remove and create the symbolic link to the init script
 #
-if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
+if [ -z "$DESTDIR" ]; then
    rm -f ${SHAREDIR}/$PRODUCT/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
@@ -542,8 +526,8 @@ if [ ${SHAREDIR} != /usr/share ]; then
    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
 fi
-if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
+if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
+    if [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -47,19 +47,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>allow</option></arg>
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -72,21 +59,6 @@
      choice="plain"><option>clear</option><arg><option>-f</option></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>close</option><arg choice="req">
      <replaceable>open-number</replaceable> |
      <replaceable>source</replaceable><replaceable>dest</replaceable><arg><replaceable>protocol</replaceable><arg>
      <replaceable>port</replaceable> </arg></arg></arg><replaceable>
      </replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -144,8 +116,6 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -293,29 +263,6 @@
      expression</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="plain"><option>open</option><replaceable>
      source</replaceable><replaceable> dest</replaceable><arg>
      <replaceable>protocol</replaceable><arg> <replaceable>port</replaceable>
      </arg> </arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>reenable</option></arg>
      <arg choice="plain">{ <replaceable>interface</replaceable> |
      <replaceable>provider</replaceable> }</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -329,21 +276,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>reload</option></arg>
      <arg><option>-n</option></arg>
      <arg><option>-p</option><arg><option>-C</option></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -367,7 +299,9 @@
      <arg><option>-n</option></arg>
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
+      <arg><option>-p</option></arg>
      <arg><replaceable>directory</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -380,8 +314,6 @@
      <arg choice="plain"><option>restore</option></arg>
      <arg><option>-C</option></arg>
      <arg><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
@@ -393,38 +325,11 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><option>run</option></arg>
+      <arg choice="plain"><option>save</option></arg>
      <arg choice="plain">function</arg>
      <arg><replaceable>parameter ...</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg
      choice="plain"><option>save</option><arg><option>-C</option></arg></arg>
      <arg choice="opt"><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>savesets</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -432,7 +337,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-b</option></arg>
@@ -454,21 +359,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
      <arg choice="plain"><option>{bl|blacklists}</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-f</option></arg>
@@ -482,7 +373,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg
      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
@@ -495,7 +386,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg choice="plain"><option>event</option><arg
      choice="plain"><replaceable>event</replaceable></arg></arg>
@@ -508,25 +399,11 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-c</option></arg>
      <arg choice="plain"><option>routing</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
-      <arg choice="req"><option>mangle|nat|raw|rawpost</option></arg>
+      <arg choice="req"><option>mangle|nat|routing|raw|rawpost</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -536,7 +413,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -548,7 +425,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-m</option></arg>
@@ -568,10 +445,6 @@
      <arg><option>-n</option></arg>
      <arg><option>-p</option></arg>
      <arg><option>-f</option></arg>
      <arg><option>-C</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -592,8 +465,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><arg
+      <arg choice="plain"><option>status</option></arg>
      choice="plain"><option>status</option><arg><option>-i</option></arg></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -624,9 +496,8 @@
    <para>The nolock <option>option</option> prevents the command from
    attempting to acquire the Shorewall-lite lockfile. It is useful if you
-    need to include <command>shorewall</command> commands in the
+    need to include <command>shorewall</command> commands in
-    <filename>started</filename> <ulink
+    <filename>/etc/shorewall/started</filename>.</para>
    url="../shorewall_extension_scripts.html">extension script</ulink>.</para>
    <para>The <emphasis>options</emphasis> control the amount of output that
    the command produces. They consist of a sequence of the letters <emphasis
@@ -637,8 +508,8 @@
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
-    immediately with one of -1,0,1,2 to specify VERBOSITY. There may be no
+    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    white-space between <emphasis role="bold">v</emphasis> and the
+    be no white-space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>
    <para>The <emphasis>options</emphasis> may also include the letter
@@ -653,10 +524,7 @@
    <variablelist>
      <varlistentry>
-        <term><emphasis role="bold">add </emphasis>{
+        <term><emphasis role="bold">add</emphasis></term>
        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
        <replaceable>host-list</replaceable> }</term>
        <listitem>
          <para>Adds a list of hosts or subnets to a dynamic zone usually used
@@ -681,8 +549,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">allow
+        <term><emphasis role="bold">allow</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Re-enables receipt of packets from hosts previously
@@ -694,25 +561,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">call <replaceable>function</replaceable> [
+        <term><emphasis role="bold">clear</emphasis></term>
        <replaceable>parameter</replaceable> ... ]</emphasis></term>
        <listitem>
          <para>Added in Shorewall 4.6.10. Allows you to call a function in
          one of the Shorewall libraries or in your compiled script. function
          must name the shell function to be called. The listed parameters are
          passed to the function.</para>
          <para>The function is first searched for in
          <filename>lib.base</filename>, <filename>lib.common</filename> and
          <filename>lib.cli</filename>. If it is not found, the call command
          is passed to the generated script to be executed.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">clear
        </emphasis>[-<option>f</option>]</term>
        <listitem>
          <para>Clear will remove all rules and chains installed by
@@ -723,38 +572,13 @@
          <para>If <option>-f</option> is given, the command will be processed
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
          role="bold">reload</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">close</emphasis> {
+        <term><emphasis role="bold">delete</emphasis></term>
        <replaceable>open-number</replaceable> |
        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
        ] ] }</term>
        <listitem>
          <para>Added in Shorewall 4.5.8. This command closes a temporary open
          created by the <command>open</command> command. In the first form,
          an <replaceable>open-number</replaceable> specifies the open to be
          closed. Open numbers are displayed in the <emphasis
          role="bold">num</emphasis> column of the output of the
          <command>shorewall-lite show opens </command>command.</para>
          <para>When the second form of the command is used, the parameters
          must match those given in the earlier <command>open</command>
          command.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">delete </emphasis>{
        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
        <replaceable>host-list</replaceable> }</term>
        <listitem>
          <para>The delete command reverses the effect of an earlier <emphasis
@@ -769,9 +593,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">disable </emphasis>{
+        <term><emphasis role="bold">disable</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
          <para>Added in Shorewall 4.4.26. Disables the optional provider
@@ -783,8 +605,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">drop
+        <term><emphasis role="bold">drop</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -793,9 +614,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
+        <term><emphasis role="bold">dump</emphasis></term>
        [-<option>l</option>] [-<option>m</option>]
        [-<option>c</option>]</term>
        <listitem>
          <para>Produces a verbose report about the firewall configuration for
@@ -809,16 +628,11 @@
          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">enable </emphasis>{
+        <term><emphasis role="bold">enable</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
          <para>Added in Shorewall 4.4.26. Enables the optional provider
@@ -830,8 +644,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">forget </emphasis>[
+        <term><emphasis role="bold">forget</emphasis></term>
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
@@ -852,8 +665,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">hits </emphasis>
+        <term><emphasis role="bold">hits</emphasis></term>
        [-<option>t</option>]</term>
        <listitem>
          <para>Generates several reports from Shorewall-lite log messages in
@@ -863,8 +675,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">ipcalc </emphasis>{ address mask |
+        <term><emphasis role="bold">ipcalc</emphasis></term>
        address/vlsm }</term>
        <listitem>
          <para>Ipcalc displays the network address, broadcast address,
@@ -874,8 +685,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">iprange
+        <term><emphasis role="bold">iprange</emphasis></term>
        </emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
        <listitem>
          <para>Iprange decomposes the specified range of IP addresses into
@@ -884,8 +694,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">iptrace </emphasis><replaceable>iptables
+        <term><emphasis role="bold">iptrace</emphasis></term>
        match expression</replaceable></term>
        <listitem>
          <para>This is a low-level debugging command that causes iptables
@@ -904,17 +713,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">list</emphasis></term>
+        <term><emphasis role="bold">logdrop</emphasis></term>
        <listitem>
          <para><command>list</command> is a synonym for
          <command>show</command> -- please see below.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">logdrop
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -925,8 +724,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
+        <term><emphasis role="bold">logwatch</emphasis></term>
        [<replaceable>refresh-interval</replaceable>]</term>
        <listitem>
          <para>Monitors the log file specified by the LOGFILE option in
@@ -945,8 +743,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">logreject
+        <term><emphasis role="bold">logreject</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -957,17 +754,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">ls</emphasis></term>
+        <term><emphasis role="bold">noiptrace</emphasis></term>
        <listitem>
          <para><command>ls</command> is a synonym for <command>show</command>
          -- please see below.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
        match expression</replaceable></term>
        <listitem>
          <para>This is a low-level debugging command that cancels a trace
@@ -980,78 +767,21 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">open</emphasis>
+        <term><emphasis role="bold">reset</emphasis></term>
        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
        ] ]</term>
        <listitem>
-          <para>Added in Shorewall 4.6.8. This command requires that the
+          <para>All the packet and byte counters in the firewall are
-          firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in
+          reset.</para>
          <ulink url="/manpages/shorewall.conf.html">shorewall.conf
          (5)</ulink>. The effect of the command is to temporarily open the
          firewall for connections matching the parameters.</para>
          <para>The <replaceable>source</replaceable> and
          <replaceable>dest</replaceable> parameters may each be specified as
          <emphasis role="bold">all</emphasis> if you don't wish to restrict
          the connection source or destination respectively. Otherwise, each
          must contain a host or network address or a valid DNS name.</para>
          <para>The <replaceable>protocol</replaceable> may be specified
          either as a number or as a name listed in /etc/protocols. The
          <replaceable>port</replaceable> may be specified numerically or as a
          name listed in /etc/services.</para>
          <para>To reverse the effect of a successful <command>open</command>
          command, use the <command>close</command> command with the same
          parameters or simply restart the firewall.</para>
          <para>Example: To open the firewall for SSH connections to address
          192.168.1.1, the command would be:</para>
          <programlisting>    shorewall-lite open all 192.168.1.1 tcp 22</programlisting>
          <para>To reverse that command, use:</para>
          <screen>    shorewall-lite close all 192.168.1.1 tcp 22</screen>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">reenable</emphasis>{
+        <term><emphasis role="bold">restart</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
-          <para>Added in Shorewall 4.6.9. This is equivalent to a
+          <para>Restart is similar to <emphasis role="bold">shorewall-lite
-          <command>disable</command> command followed by an
+          start</emphasis> except that it assumes that the firewall is already
-          <command>enable</command> command on the specified
+          started. Existing connections are maintained.</para>
          <replaceable>interface</replaceable> or
          <replaceable>provider</replaceable>.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reject</emphasis><replaceable>
        address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
          to be silently rejected.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
        [-<option>C</option>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.0, <emphasis
          role="bold">reload</emphasis> is similar to <emphasis
          role="bold">shorewall-lite start</emphasis> except that it assumes
          that the firewall is already started. Existing connections are
          maintained.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
@@ -1059,56 +789,11 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
+        <term><emphasis role="bold">restore</emphasis></term>
        ...]</emphasis><acronym/></term>
        <listitem>
          <para>Resets the packet and byte counters in the specified
          <replaceable>chain</replaceable>(s). If no
          <replaceable>chain</replaceable> is specified, all the packet and
          byte counters in the firewall are reset.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">restart </emphasis>[-n] [-p]
        [-<option>C</option>]</term>
        <listitem>
          <para>Beginning with Shorewall 5.0.0, this command performs a true
          restart. The firewall is completely stopped as if a
          <command>stop</command> command had been issued then it is started
          again.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
        [-<option>p</option>] [-<option>C</option>] [
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>Restore Shorewall-lite to a state saved using the <emphasis
@@ -1119,52 +804,11 @@
          <emphasis>filename</emphasis> is given then Shorewall-lite will be
          restored from the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <caution>
            <para>If your iptables ruleset depends on variables that are
            detected at run-time, either in your params file or by
            Shorewall-generated code, <command>restore</command> will use the
            values that were current when the ruleset was saved, which may be
            different from the current values.</para>
          </caution>
          <para>The <option>-n</option> option causes Shorewall to avoid
          updating the routing table(s).</para>
          <para>The <option>-p</option> option, added in Shorewall 4.6.5,
          causes the connection tracking table to be flushed; the
          <command>conntrack</command> utility must be installed to use this
          option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the <option>-C</option> option was specified during <emphasis
          role="bold">shorewall save</emphasis>, then the counters saved by
          that operation will be restored.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">run
+        <term><emphasis role="bold">save</emphasis></term>
        </emphasis><replaceable>command</replaceable> [
        <replaceable>parameter</replaceable> ... ]</term>
        <listitem>
          <para>Added in Shorewall 4.6.3. Executes
          <replaceable>command</replaceable> in the context of the generated
          script passing the supplied <replaceable>parameter</replaceable>s.
          Normally, the <replaceable>command</replaceable> will be a function
          declared in <filename>lib.private</filename>.</para>
          <para>Before executing the <replaceable>command</replaceable>, the
          script will detect the configuration, setting all SW_* variables and
          will run your <filename>init</filename> extension script with
          $COMMAND = 'run'.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>The dynamic blacklist is stored in
@@ -1174,24 +818,6 @@
          <emphasis>filename</emphasis> is not given then the state is saved
          in the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-C</option> option, added in Shorewall 4.6.5,
          causes the iptables packet and byte counters to be saved along with
          the chains and rules.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">savesets</emphasis></term>
        <listitem>
          <para>Added in shorewall 4.6.8. Performs the same action as the
          <command>stop</command> command with respect to saving ipsets (see
          the SAVE_IPSETS option in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
          This command may be used to proactively save your ipset contents in
          the event that a system failure occurs prior to issuing a
          <command>stop</command> command.</para>
        </listitem>
      </varlistentry>
@@ -1204,22 +830,7 @@
          <variablelist>
            <varlistentry>
-              <term><emphasis role="bold">bl|blacklists
+              <term><emphasis role="bold">capabilities</emphasis></term>
              </emphasis>[-<option>x</option>]</term>
              <listitem>
                <para>Added in Shorewall 4.6.2. Displays the dynamic chain
                along with any chains produced by entries in
                shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
                option is passed directly through to iptables and causes
                actual packet and byte counts to be displayed. Without this
                option, those counts are abbreviated.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>[-<option>f</option>] <emphasis
              role="bold">capabilities</emphasis></term>
              <listitem>
                <para>Displays your kernel/iptables capabilities. The
@@ -1230,10 +841,8 @@
            </varlistentry>
            <varlistentry>
-              <term>[-<option>b</option>] [-<option>x</option>]
+              <term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
-              [-<option>l</option>] [-<option>t</option>
+              ]</term>
              {<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
              [ <emphasis>chain</emphasis>... ]</term>
              <listitem>
                <para>The rules in each <emphasis>chain</emphasis> are
@@ -1286,19 +895,11 @@
            </varlistentry>
            <varlistentry>
-              <term><emphasis role="bold">connections
+              <term><emphasis role="bold">connections</emphasis></term>
              [<replaceable>filter_parameter</replaceable>
              ...]</emphasis></term>
              <listitem>
                <para>Displays the IP connections currently being tracked by
                the firewall.</para>
                <para>If the <command>conntrack</command> utility is
                installed, beginning with Shorewall 4.6.11 the set of
                connections displayed can be limited by including conntrack
                filter parameters (-p , -s, --dport, etc). See conntrack(8)
                for details.</para>
              </listitem>
            </varlistentry>
@@ -1340,8 +941,7 @@
            </varlistentry>
            <varlistentry>
-              <term>[-<option>m</option>] <emphasis
+              <term><emphasis role="bold">log</emphasis></term>
              role="bold">log</emphasis></term>
              <listitem>
                <para>Displays the last 20 Shorewall-lite messages from the
@@ -1353,20 +953,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>[-<option>x</option>] <emphasis
              role="bold">mangle</emphasis></term>
              <listitem>
                <para>Displays the Netfilter mangle table using the command
                <emphasis role="bold">iptables -t mangle -L -n -v</emphasis>.
                The <emphasis role="bold">-x</emphasis> option is passed
                directly through to iptables and causes actual packet and byte
                counts to be displayed. Without this option, those counts are
                abbreviated.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">marks</emphasis></term>
@@ -1390,16 +976,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">opens</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.5.8. Displays the iptables rules in
                the 'dynamic' chain created through use of the <command>open
                </command>command..</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">policies</emphasis></term>
@@ -1416,9 +992,7 @@
              <term><emphasis role="bold">routing</emphasis></term>
              <listitem>
-                <para>Displays the system's IPv4 routing configuration. The -c
+                <para>Displays the system's IPv4 routing configuration.</para>
                option causes the route cache to be displayed in addition to
                the other routing information.</para>
              </listitem>
            </varlistentry>
@@ -1457,9 +1031,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">start</emphasis> [-<option>p</option>]
+        <term><emphasis role="bold">start</emphasis></term>
        [-<option>n</option>] [<option>-f</option>]
        [-<option>C</option>]</term>
        <listitem>
          <para>Start Shorewall Lite. Existing connections through
@@ -1470,22 +1042,6 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-n</option> option prevents the firewall script
          from modifying the current routing configuration.</para>
          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
          If the RESTOREFILE named in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
          executable and is not older than the current filewall script, then
          that saved configuration is restored.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
          and is only meaningful when the <option>-f</option> option is also
          specified. If the previously-saved configuration is restored, and if
          the <option>-C</option> option was also specified in the <emphasis
          role="bold">save</emphasis> command, then the packet and byte
          counters will be restored.</para>
        </listitem>
      </varlistentry>
@@ -1517,10 +1073,6 @@
        <listitem>
          <para>Produces a short report about the state of the
          Shorewall-configured firewall.</para>
          <para>The <option>-i </option>option was added in Shorewall 4.6.2
          and causes the status of each optional or provider interface to be
          displayed.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -38,7 +38,7 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
+#        MODULE_SUFFIX - "o gz ko o.gz ko.gz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -1,21 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
-Wants=network-online.target
+After=syslog.target
-After=network-online.target
+After=network.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStart=/sbin/shorewall-lite $OPTIONS start
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-lite/shorewall-lite.service.214
+++ b/Shorewall-lite/shorewall-lite.service.214
@@ -1,21 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -1,22 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -27,25 +27,14 @@
 #       shown below. Simply run this script to remove Shorewall Firewall
 VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-lite
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <shorewallrc file> ]"
    echo "where <option> is one of"
    echo "  -h"
    echo "  -v"
    echo "  -n"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
@@ -80,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -159,12 +112,8 @@ fi
 echo "Uninstalling Shorewall Lite $VERSION"
-[ -n "$SANDBOX" ] && configure=0
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-
+   shorewall-lite clear
 if [ $configure -eq 1 ]; then
    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
 	shorewall-lite clear
    fi
 fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
@@ -174,34 +123,28 @@ elif [ -n "$INITFILE" ]; then
 fi
 if [ -f "$FIREWALL" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-lite remove
-	    updaterc.d shorewall-lite remove
+    elif mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $FIREWALL
-            insserv -r $FIREWALL
+    elif [ mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $FIREWALL)
-	    chkconfig --del $(basename $FIREWALL)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-lite
    fi
    remove_file $FIREWALL
 fi
 if [ -n "$SYSTEMD" ]; then
    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
    rm -f $SYSTEMD/shorewall-lite.service
 fi
 rm -f ${SBINDIR}/shorewall-lite
-rm -rf ${CONFDIR}/shorewall-lite
+rm -rf ${SBINDIR}/shorewall-lite
 rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
-rm -rf ${LIBEXECDIR}/shorewall-lite
+rm -rf ${LIBEXEC}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
-
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall-lite.service
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*
 echo "Shorewall Lite Uninstalled"
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - AMQP Macro
+# Shorewall version 4 - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Audited AllowICMPs Macro
+# Shorewall version 4 - Audited AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.A_AllowICMPs
 #
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Audited DropDNSrep Macro
+# Shorewall version 4 - Audited DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.A_DropDNSrep
 #
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ADropUPnP Macro
+# Shorewall version 4 - ADropUPnP Macro
 #
 # /usr/share/shorewall/macro.A_DropUPnP
 #
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Samba 4 Macro
+# Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
@@ -7,12 +7,10 @@
 #
 # You can comment out the ports you do not want open
 #
-#
+# 
 ###############################################################################
-?FORMAT 2 
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
-###############################################################################
+#                               PORT(S) PORT(S) LIMIT   GROUP
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - AllowICMPs Macro
+# Shorewall version 4 - AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.AllowICMPs
 #
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Amanda Macro
+# Shorewall version 4 - Amanda Macro
 #
 # /usr/share/shorewall/macro.Amanda
 #
@@ -14,7 +14,7 @@
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
- PARAM	-	-	udp	10080 { helper=amanda }
+ PARAM	-	-	udp	10080 ; helper=amanda
 ?else
 PARAM	-	-	udp	10080
 ?endif
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Auth Macro
+# Shorewall version 4 - Auth Macro
 #
 # /usr/share/shorewall/macro.Auth
 #
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BGP Macro
+# Shorewall version 4 - BGP Macro
 #
 # /usr/share/shorewall/macro.BGP
 #
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - blacklist Macro
+# Shorewall version 4 - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BitTorrent Macro
+# Shorewall version 4 - BitTorrent Macro
 #
 # /usr/share/shorewall/macro.BitTorrent
 #
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - BitTorrent 3.2 Macro
+# Shorewall version 4 - BitTorrent 3.2 Macro
 #
 # /usr/share/shorewall/macro.BitTorrent32
 #
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - CVS Macro
+# Shorewall version 4 - CVS Macro
 #
 # /usr/share/shorewall/macro.CVS
 #
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Citrix/ICA Macro
+# Shorewall version 4 - Citrix/ICA Macro
 #
 # /usr/share/shorewall/macro.Citrix
 #
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DAAP Macro
+# Shorewall version 4 - DAAP Macro
 #
 # /usr/share/shorewall/macro.DAAP
 #
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DCC Macro
+# Shorewall version 4 - DCC Macro
 #
 # /usr/share/shorewall/macro.DCC
 #
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DHCPfwd Macro
+# Shorewall version 4 - DHCPfwd Macro
 #
 # /usr/share/shorewall/macro.DHCPfwd
 #
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DNS Macro
+# Shorewall version 4 - DNS Macro
 #
 # /usr/share/shorewall/macro.DNS
 #
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Distcc Macro
+# Shorewall version 4 - Distcc Macro
 #
 # /usr/share/shorewall/macro.Distcc
 #
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Drop Macro
+# Shorewall version 4 - Drop Macro
 #
 # /usr/share/shorewall/macro.Drop
 #
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DropDNSrep Macro
+# Shorewall version 4 - DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.DropDNSrep
 #
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - DropUPnP Macro
+# Shorewall version 4 - DropUPnP Macro
 #
 # /usr/share/shorewall/macro.DropUPnP
 #
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Edonkey Macro
+# Shorewall version 4 - Edonkey Macro
 #
 # /usr/share/shorewall/macro.Edonkey
 #
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - FTP Macro
+# Shorewall version 4 - FTP Macro
 #
 # /usr/share/shorewall/macro.FTP
 #
@@ -11,7 +11,7 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
- PARAM	-	-	tcp	21 { helper=ftp }
+ PARAM	-	-	tcp	21 ; helper=ftp
 ?else
 PARAM	-	-	tcp	21
 ?endif
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Finger Macro
+# Shorewall version 4 - Finger Macro
 #
 # /usr/share/shorewall/macro.Finger
 #
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - GNUnet Macro
+# Shorewall version 4 - GNUnet Macro
 #
 # /usr/share/shorewall/macro.GNUnet
 #
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - GRE Macro
+# Shorewall version 4 - GRE Macro
 #
 # /usr/share/shorewall/macro.GRE
 #
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Git Macro
+# Shorewall version 4 - Git Macro
 #
 # /usr/share/shorewall/macro.Git
 #
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Gnutella Macro
+# Shorewall version 4 - Gnutella Macro
 #
 # /usr/share/shorewall/macro.Gnutella
 #
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,14 +0,0 @@
 #
 # Shorewall version 5 - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter
 #       This macro handles Citrix/Goto Meeting
 #       Assumes that ports 80 and 443 are already open
 #       If needed, use the macros that open Http and Https to reduce redundancy
 ####################################################################################
 ?FORMAT 2
 ####################################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HKP Macro
+# Shorewall version 4 - HKP Macro
 #
 # /usr/share/shorewall/macro.HKP
 #
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HTTP Macro
+# Shorewall version 4 - HTTP Macro
 #
 # /usr/share/shorewall/macro.HTTP
 #
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - HTTPS Macro
+# Shorewall version 4 - HTTPS Macro
 #
 # /usr/share/shorewall/macro.HTTPS
 #
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ICPV2 Macro
+# Shorewall version 4 - ICPV2 Macro
 #
 # /usr/share/shorewall/macro.ICPV2
 #
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - ICQ Macro
+# Shorewall version 4 - ICQ Macro
 #
 # /usr/share/shorewall/macro.ICQ
 #
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,23 +0,0 @@
 #
 # Shorewall version 5 - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #
 #	This macro handles console redirection with HP ILO 2+,
 #	Use this macro to open access to your ILO interface from management
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media
 PARAM	-	-	tcp	17990		# Console Replay
 HTTP
 HTTPS
 RDP
 SSH
 Telnet						# Remote Console/Telnet
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IMAP Macro
+# Shorewall version 4 - IMAP Macro
 #
 # /usr/share/shorewall/macro.IMAP
 #
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IMAPS Macro
+# Shorewall version 4 - IMAPS Macro
 #
 # /usr/share/shorewall/macro.IMAPS
 #
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPIP Macro
+# Shorewall version 4 - IPIP Macro
 #
 # /usr/share/shorewall/macro.IPIP
 #
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,12 +1,9 @@
 #
-# Shorewall version 5 - IPMI Macro
+# Shorewall version 4 - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #
-#	This macro handles IPMI console redirection with Asus (AMI),
+#	This macro handles IPMI used by Asus, Dell, MSI, and Supermicro.
 #	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
 #	Use this macro to open access to your IPMI interface from management
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
@@ -14,13 +11,9 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	623		# RMCP
-PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
+PARAM	-	-	tcp	5900,5901	# Remote Console
-PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
+PARAM	-	-	tcp	8889		# WS-MAN
 PARAM	-	-	tcp	5900,5901	# Remote Console (Aten, Dell)
 PARAM	-	-	tcp	7578		# Remote Console (AMI)
 PARAM	-	-	udp	623		# RMCP
 SSH
 HTTP
 HTTPS
 SNMP
 SSH						# Serial over Lan
 Telnet
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPP Broadcast Macro
+# Shorewall version 4 - IPP Broadcast Macro
 #
 # /usr/share/shorewall/macro.IPPbrd
 #
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPPserver Macro
+# Shorewall version 4 - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsec Macro
+# Shorewall version 4 - IPsec Macro
 #
 # /usr/share/shorewall/macro.IPsec
 #
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsecah Macro
+# Shorewall version 4 - IPsecah Macro
 #
 # /usr/share/shorewall/macro.IPsecah
 #
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - IPsecnat Macro
+# Shorewall version 4 - IPsecnat Macro
 #
 # /usr/share/shorewall/macro.IPsecnat
 #
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 IRC Macro
+# Shorewall version 4 IRC Macro
 #
 # /usr/share/shorewall/macro.IRC
 #
@@ -12,7 +12,7 @@
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
- PARAM	-	-	tcp	6667 { helper=irc }
+ PARAM	-	-	tcp	6667 ; helper=irc
 ?else
 PARAM	-	-	tcp	6667
 ?endif
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - JAP Macro
+# Shorewall version 4 - JAP Macro
 #
 # /usr/share/shorewall/macro.JAP
 #
--- a/Shorewall/Macros/macro.Jabber
+++ b/Shorewall/Macros/macro.Jabber
@@ -1,13 +0,0 @@
 #
 # Shorewall version 5 - Jabber Macro
 #
 # /usr/share/shorewall/macro.Jabber
 #
 #	This macro accepts Jabber traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -1,14 +1,13 @@
 #
-# Shorewall version 5 - JabberPlain Macro
+# Shorewall version 3.4 - JabberPlain Macro
 #
 # /usr/share/shorewall/macro.JabberPlain
 #
-#	This macro accepts Jabber traffic (plaintext). This macro is
+#	This macro accepts Jabber traffic (plaintext).
 #	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-Jabber
+PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -1,11 +1,9 @@
 #
-# Shorewall version 5 - JabberSecure (SSL) Macro
+# Shorewall version 3.4 - JabberSecure (ssl) Macro
 #
 # /usr/share/shorewall/macro.JabberSecure
 #
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
+#	This macro accepts Jabber traffic (ssl).
 #	is deprecated, please configure Jabber with STARTTLS and use
 #	Jabber macro instead.
 #
 ###############################################################################
 ?FORMAT 2
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Kerberos Macro
+# Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - L2TP Macro
+# Shorewall version 4 - L2TP Macro
 #
 # /usr/share/shorewall/macro.L2TP
 #
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - LDAP Macro
+# Shorewall version 4 - LDAP Macro
 #
 # /usr/share/shorewall/macro.LDAP
 #
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - LDAPS Macro
+# Shorewall version 4 - LDAPS Macro
 #
 # /usr/share/shorewall/macro.LDAPS
 #
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MSNP Macro
+# Shorewall version 4 - MSNP Macro
 #
 # /usr/share/shorewall/macro.MSNP
 #
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MSSQL Macro
+# Shorewall version 4 - MSSQL Macro
 #
 # /usr/share/shorewall/macro.MSSQL
 #
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Mail Macro
+# Shorewall version 4 - Mail Macro
 #
 # /usr/share/shorewall/macro.Mail
 #
--- a/Shorewall/Macros/macro.MongoDB
+++ b/Shorewall/Macros/macro.MongoDB
@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - MongoDB Macro
+# Shorewall version 4 - MongoDB Macro
 #
 # /usr/share/shorewall/macro.MongoDB
 #
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	e021285199	Clarify DEST column in DNAT rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 15:01:39 -07:00
Tom Eastep	4dad6d2bb9	One more manual with BROADCAST columns Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 14:55:23 -07:00
Tom Eastep	b537fab05d	Eradicate mention of the BROADCAST column in the interfaces file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 14:43:13 -07:00
Tom Eastep	fbfb688346	Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.0	2014-06-02 14:22:40 -07:00