Remove version from config files

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/shorewall-init.service.214.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)

Shorewall-init/shorewall-init.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)

Shorewall-lite/shorewall-lite.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)

Shorewall/Perl/Shorewall/Config.pm

@@ -300,7 +300,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@@ -601,11 +601,13 @@ our %validlevels;            # Valid log levels.
 # Deprecated options with their default values
 #
 our %deprecated = (
+		   LEGACY_RESTART => 'no'
 		  );
 #
 # Deprecated options that are eliminated via update
 #
 our %converted = (
+		  LEGACY_RESTART => 1
 		 );
 #
 # Eliminated options
@@ -711,7 +713,7 @@ sub initialize( $;$$) {
 		    TC_SCRIPT               => '',
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
-		    VERSION                 => "4.5.19-Beta1",
+		    VERSION                 => "5.0.1",
 		    CAPVERSION              => 40609 ,
 		    BLACKLIST_LOG_TAG       => '',
 		    RELATED_LOG_TAG         => '',
@@ -858,6 +860,7 @@ sub initialize( $;$$) {
 	  BASIC_FILTERS => undef,
 	  WORKAROUNDS => undef ,
 	  LEGACY_RESTART => undef ,
+	  RESTART => undef ,
 	  #
 	  # Packet Disposition
 	  #
@@ -4832,7 +4835,7 @@ sub update_config_file( $ ) {
     unless ( supplied $config{LOGLIMIT} ) {
 	if ( $config{LOGRATE} || $config{LOGBURST} ) {
 	    my $limit;
-	    
+
 	    if ( supplied $config{LOGRATE} ) {
 		fatal_error"Invalid LOGRATE ($config{LOGRATE})" unless $config{LOGRATE}  =~ /^\d+\/(second|minute)$/;
 		$limit = $config{LOGRATE};
@@ -4863,6 +4866,7 @@ sub update_config_file( $ ) {
 
     update_default( 'USE_DEFAULT_RT', 'No' );
     update_default( 'EXPORTMODULES',  'No' );
+    update_default( 'RESTART',        'reload' );
 
     my $fn;
 
@@ -5564,7 +5568,7 @@ sub get_configuration( $$$$ ) {
 
 		$limit .= "--$match $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode ";
 		$units = $4;
-	    } elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))?)$/ ) {
+	    } elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|second|minute|hour|day))?)$/ ) {
 		fatal_error "Invalid rate ($1)" unless $2;
 		$limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode ";
 		$units = $4;
@@ -5588,7 +5592,7 @@ sub get_configuration( $$$$ ) {
 	    fatal_error "Invalid rate ($1)" unless $2;
 	    fatal_error "Invalid burst value ($5)" unless $5;
 	    $limit = "-m limit --limit $1 --limit-burst $5 ";
-	} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ )  {
+	} elsif ( $rate =~ /^(\d+)(\/(sec|min|second|minute|hour|day))?$/ )  {
 	    fatal_error "Invalid rate (${1}${2})" unless $1;
 	    $limit = "-m limit --limit $rate ";
 	} else {
@@ -5759,7 +5763,15 @@ sub get_configuration( $$$$ ) {
     default_yes_no 'INLINE_MATCHES'             , '';
     default_yes_no 'BASIC_FILTERS'              , '';
     default_yes_no 'WORKAROUNDS'                , 'Yes';
-    default_yes_no 'LEGACY_RESTART'             , '';
+
+    if ( supplied( $val = $config{RESTART} ) ) {
+	fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/;
+    } elsif (supplied $config{LEGACY_RESTART} ) {
+	default_yes_no 'LEGACY_RESTART'             , 'Yes';
+	$config{RESTART} = $config{LEGACY_RESTART} ? 'reload' : 'restart';
+    } else {
+	$config{RESTART} = 'reload';
+    }
 
     require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
 
@@ -6302,7 +6314,7 @@ sub generate_aux_config() {
 
     emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";
 
-    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS LEGACY_RESTART) ) {
+    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS RESTART) ) {
 	conditionally_add_option $option;
     }
 

Shorewall/Perl/Shorewall/Misc.pm

@@ -818,7 +818,7 @@ sub add_common_rules ( $ ) {
     if ( $upgrade ) {
 	convert_blacklist;
     } elsif ( -f ( my $fn = find_file 'blacklist' ) ) {
-	warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
+	warning_message "The blacklist file is no longer supported -- use '$product update' to convert $fn to the equivalent blrules file";
     }
 
     $list = find_hosts_by_option 'nosmurfs';

Shorewall/Perl/Shorewall/Providers.pm

@@ -846,12 +846,12 @@ CEOF
 
 	if ( $hostroute ) {
 	    if ( $family == F_IPV4 ) {
-		emit "run_ip route replace $gateway src $address dev $physical ${mtu}";
-		emit "run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm";
+		emit qq(run_ip route replace $gateway src $address dev $physical ${mtu});
+		emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm);
 	    } else {
-		emit "qt \$IP -6 route add $gateway src $address dev $physical ${mtu}";
-		emit "qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm";
-		emit "run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm";
+		emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu});
+		emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm);
+		emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm);
 	    }
 	}
 

Shorewall/Perl/Shorewall/Tc.pm

@@ -3373,7 +3373,7 @@ sub setup_tc( $ ) {
 		}
 	    }
 	} elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
-	    warning_message "The tcrules file is no longer supported -- use '$product update -t' to convert $fn to an equivalent 'mangle' file";
+	    warning_message "The tcrules file is no longer supported -- use '$product update' to convert $fn to an equivalent 'mangle' file";
 	}
 
 	if ( my $fn = open_file( 'mangle', 1, 1 ) ) {

Shorewall/Perl/lib.core

@@ -67,7 +67,7 @@ progress_message() # $* = Message
     fi
 
     if [ $LOG_VERBOSITY -gt 1 ]; then
-        timestamp="$(date +'%b %_d %T') "
+        timestamp="$(date +'%b %e %T') "
         echo "${timestamp}$@" >> $STARTUP_LOG
     fi
 }
@@ -83,7 +83,7 @@ progress_message2() # $* = Message
     fi
 
     if [ $LOG_VERBOSITY -gt 0 ]; then
-        timestamp="$(date +'%b %_d %T') "
+        timestamp="$(date +'%b %e %T') "
         echo "${timestamp}$@" >> $STARTUP_LOG
     fi
 }
@@ -99,7 +99,7 @@ progress_message3() # $* = Message
     fi
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %_d %T') "
+        timestamp="$(date +'%b %e %T') "
         echo "${timestamp}$@" >> $STARTUP_LOG
     fi
 }
@@ -437,7 +437,7 @@ fatal_error()
     echo "   ERROR: $@" >&2
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %e %T') "
         echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
     fi
 

Shorewall/Perl/prog.footer

@@ -310,7 +310,7 @@ case "$COMMAND" in
     restart)
 	[ $# -ne 1 ] && usage 2
 
-	if [ -z "$LEGACY_RESTART" ]; then
+	if [ "$RESTART" = restart ]; then
 	    COMMAND=stop stop_command && COMMAND=start start_command
 	else
 	    COMMAND=reload

Shorewall/Samples/Universal/shorewall.conf

@@ -176,8 +176,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -204,6 +202,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=Yes
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/one-interface/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for one-interface configuration.
+# Shorewall - Sample Interfaces File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for one-interface configuration.
+# Shorewall - Sample Policy File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for one-interface configuration.
+# Shorewall - Sample Rules File for one-interface configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for one-interface
+# Shorewall - Sample shorewall.conf for one-interface
 #                         configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
@@ -187,8 +187,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -215,6 +213,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/one-interface/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for one-interface configuration.
+# Shorewall - Sample Zones File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for three-interface configuration.
+# Shorewall - Sample Interfaces File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Masq file for three-interface configuration.
+# Shorewall - Sample Masq file for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for three-interface configuration.
+# Shorewall - Sample Policy File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for three-interface configuration.
+# Shorewall - Sample Rules File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for three-interface
+# Shorewall - Sample shorewall.conf for three-interface
 #                         configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
@@ -184,8 +184,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -212,6 +210,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/three-interfaces/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Stoppedrules File for three-interface configuration.
+# Shorewall - Sample Stoppedrules File for three-interface configuration.
 # Copyright (C) 2012-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for three-interface configuration.
+# Shorewall - Sample Zones File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for two-interface configuration.
+# Shorewall - Sample Interfaces File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Masq file for two-interface configuration.
+# Shorewall - Sample Masq file for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for two-interface configuration.
+# Shorewall - Sample Policy File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for two-interface configuration.
+# Shorewall - Sample Rules File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for two-interface
+# Shorewall - Sample shorewall.conf for two-interface
 #                         configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
@@ -187,8 +187,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -215,6 +213,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/two-interfaces/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Stoppedrules File for two-interface configuration.
+# Shorewall - Sample Stoppedrules File for two-interface configuration.
 # Copyright (C) 2012-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for two-interface configuration.
+# Shorewall - Sample Zones File for two-interface configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/configfiles/accounting

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Accounting File
+# Shorewall - Accounting File
 #
 # For information about entries in this file, type "man shorewall-accounting"
 #

Shorewall/configfiles/actions

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Actions File
+# Shorewall - Actions File
 #
 # /etc/shorewall/actions
 #

Shorewall/configfiles/arprules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - arprules File
+# Shorewall - arprules File
 #
 # For information about entries in this file, type "man shorewall-arprules"
 #

Shorewall/configfiles/blrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Blacklist Rules File
+# Shorewall - Blacklist Rules File
 #
 # For information about entries in this file, type "man shorewall-blrules"
 #

Shorewall/configfiles/clear

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - clear File
+# Shorewall - clear File
 #
 # /etc/shorewall/clear
 #

Shorewall/configfiles/conntrack

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - conntrack File
+# Shorewall - conntrack File
 #
 # For information about entries in this file, type "man shorewall-conntrack"
 #

Shorewall/configfiles/ecn

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Ecn File
+# Shorewall - Ecn File
 #
 # For information about entries in this file, type "man shorewall-ecn"
 #

Shorewall/configfiles/findgw

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Findgw File
+# Shorewall - Findgw File
 #
 # /etc/shorewall/findgw
 #

Shorewall/configfiles/hosts

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Hosts file
+# Shorewall - Hosts file
 #
 # For information about entries in this file, type "man shorewall-hosts"
 #

Shorewall/configfiles/init

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Init File
+# Shorewall - Init File
 #
 # /etc/shorewall/init
 #

Shorewall/configfiles/initdone

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Initdone File
+# Shorewall - Initdone File
 #
 # /etc/shorewall/initdone
 #

Shorewall/configfiles/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Interfaces File
+# Shorewall - Interfaces File
 #
 # For information about entries in this file, type "man shorewall-interfaces"
 #

Shorewall/configfiles/isusable

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - isusable File
+# Shorewall - isusable File
 #
 # /etc/shorewall/isusable
 #

Shorewall/configfiles/lib.private

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - lib.private File
+# Shorewall - lib.private File
 #
 # /etc/shorewall/lib.private
 #

Shorewall/configfiles/maclist

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Maclist file
+# Shorewall - Maclist file
 #
 # For information about entries in this file, type "man shorewall-maclist"
 #

Shorewall/configfiles/mangle

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Mangle File
+# Shorewall - Mangle File
 #
 # For information about entries in this file, type "man shorewall-mangle"
 #

Shorewall/configfiles/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Masq file
+# Shorewall - Masq file
 #
 # For information about entries in this file, type "man shorewall-masq"
 #

Shorewall/configfiles/nat

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Nat File
+# Shorewall - Nat File
 #
 # For information about entries in this file, type "man shorewall-nat"
 #

Shorewall/configfiles/netmap

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5	 - Netmap File
+# Shorewall	 - Netmap File
 #
 # For information about entries in this file, type "man shorewall-netmap"
 #

Shorewall/configfiles/params

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Params File
+# Shorewall - Params File
 #
 # /etc/shorewall/params
 #

Shorewall/configfiles/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Policy File
+# Shorewall - Policy File
 #
 # For information about entries in this file, type "man shorewall-policy"
 #

Shorewall/configfiles/providers

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Providers File
+# Shorewall - Providers File
 #
 # For information about entries in this file, type "man shorewall-providers"
 #

Shorewall/configfiles/proxyarp

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Proxyarp File
+# Shorewall - Proxyarp File
 #
 # For information about entries in this file, type "man shorewall-proxyarp"
 #

Shorewall/configfiles/refresh

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - refresh File
+# Shorewall - refresh File
 #
 # /etc/shorewall/refresh
 #

Shorewall/configfiles/refreshed

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - refreshed File
+# Shorewall - refreshed File
 #
 # /etc/shorewall/refreshed
 #

Shorewall/configfiles/restored

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Restored File
+# Shorewall - Restored File
 #
 # /etc/shorewall/restored
 #

Shorewall/configfiles/routes

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - routes File
+# Shorewall - routes File
 #
 # For information about entries in this file, type "man shorewall-routes"
 #

Shorewall/configfiles/routestopped

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Routestopped File
+# Shorewall - Routestopped File
 #
 # This file is deprecated in favor of the stoppedrules file
 #

Shorewall/configfiles/rtrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - route rules File
+# Shorewall - route rules File
 #
 # For information about entries in this file, type "man shorewall-rtrules"
 #

Shorewall/configfiles/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Rules File
+# Shorewall - Rules File
 #
 # For information on the settings in this file, type "man shorewall-rules"
 #

Shorewall/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Show Connections Filter
+# Shorewall - Show Connections Filter
 #
 # /etc/shorewall/scfilter
 #

Shorewall/configfiles/secmarks

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Secmarks File
+# Shorewall - Secmarks File
 #
 # For information about entries in this file, type "man shorewall-secmarks"
 #

Shorewall/configfiles/shorewall.conf

@@ -174,8 +174,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=No
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -204,6 +202,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/configfiles/start

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Start File
+# Shorewall - Start File
 #
 # /etc/shorewall/start
 #

Shorewall/configfiles/started

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Started File
+# Shorewall - Started File
 #
 # /etc/shorewall/started
 #

Shorewall/configfiles/stop

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stop File
+# Shorewall - Stop File
 #
 # /etc/shorewall/stop
 #

Shorewall/configfiles/stopped

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stopped File
+# Shorewall - Stopped File
 #
 # /etc/shorewall/stopped
 #

Shorewall/configfiles/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stopped Rules File
+# Shorewall - Stopped Rules File
 #
 # For information about entries in this file, type "man shorewall-stoppedrules"
 #

Shorewall/configfiles/tcclasses

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcclasses File
+# Shorewall - Tcclasses File
 #
 # For information about entries in this file, type "man shorewall-tcclasses"
 #

Shorewall/configfiles/tcclear

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - tcclear File
+# Shorewall - tcclear File
 #
 # /etc/shorewall/tcclear
 #

Shorewall/configfiles/tcdevices

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcdevices File
+# Shorewall - Tcdevices File
 #
 # For information about entries in this file, type "man shorewall-tcdevices"
 #

Shorewall/configfiles/tcfilters

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcfilters File
+# Shorewall - Tcfilters File
 #
 # For information about entries in this file, type "man shorewall-tcfilters"
 #

Shorewall/configfiles/tcinterfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcinterfaces File
+# Shorewall - Tcinterfaces File
 #
 # For information about entries in this file, type "man shorewall-tcinterfaces"
 #

Shorewall/configfiles/tcpri

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcpri File
+# Shorewall - Tcpri File
 #
 # For information about entries in this file, type "man shorewall-tcpri"
 #

Shorewall/configfiles/tunnels

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tunnels File
+# Shorewall - Tunnels File
 #
 # For information about entries in this file, type "man shorewall-tunnels"
 #

Shorewall/configfiles/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Zones File
+# Shorewall - Zones File
 #
 # For information about this file, type "man shorewall-zones"
 #

Shorewall/manpages/shorewall.conf.xml

@@ -89,7 +89,7 @@
     colon (":") and a <firstterm>log tag</firstterm>. The log tag normally
     follows the packet disposition in Shorewall-generated Netfilter log
     messages, separated from the disposition by a colon (e.g, "DROP:mytag").
-    See LOGTAGONLY below for additional information. </para>
+    See LOGTAGONLY below for additional information.</para>
 
     <para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
     logs the packet's mark value along with the other usual information. The
@@ -1146,25 +1146,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0. In that release, the <emphasis
-          role="bold">reload</emphasis> command was redefined to do what
-          <emphasis role="bold">restart</emphasis> had done in earlier
-          releases and <emphasis role="bold">restart</emphasis> became a true
-          restart (equivalent to <emphasis role="bold">stop</emphasis>
-          followed by <emphasis role="bold">start</emphasis>). When
-          LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis>
-          command performs the same operation as the <emphasis
-          role="bold">reload</emphasis> command making it compatible with
-          earlier releases. If not specified, LAGACY_RESTART=No is
-          assumed.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@@ -2169,6 +2150,27 @@ INLINE          -       -       -       ; -j REJECT
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">RESTART=</emphasis>[<emphasis
+        role="bold">restart</emphasis>|<emphasis
+        role="bold">reload</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.1 to replace LEGACY_RESTART which was
+          added in Shorewall 5.0.0. In that release, the <emphasis
+          role="bold">reload</emphasis> command was redefined to do what
+          <emphasis role="bold">restart</emphasis> had done in earlier
+          releases and <emphasis role="bold">restart</emphasis> became a true
+          restart (equivalent to <emphasis role="bold">stop</emphasis>
+          followed by <emphasis role="bold">start</emphasis>). When
+          RESTART=reload, the <emphasis role="bold">restart</emphasis> command
+          performs the same operation as the <emphasis
+          role="bold">reload</emphasis> command making it compatible with
+          earlier releases. If not specified, RESTART=reload is
+          assumed.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis
         role="bold">RESTORE_DEFAULT_ROUTE=</emphasis>[<emphasis
@@ -2479,7 +2481,8 @@ INLINE          -       -       -       ; -j REJECT
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
         role="bold">Internal</emphasis>|<emphasis
-        role="bold">Simple</emphasis>|Shared]</term>
+        role="bold">Simple</emphasis>|<emphasis
+        role="bold">Shared</emphasis>]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis

Shorewall/shorewall.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall

Shorewall6/Samples6/Universal/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=Yes
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/one-interface/shorewall6.conf

@@ -164,8 +164,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -188,6 +186,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/three-interfaces/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/two-interfaces/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/configfiles/conntrack

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - conntrack File
+# Shorewall - conntrack File
 #
 # For information about entries in this file, type "man shorewal6-conntrack"
 #

Shorewall6/configfiles/findgw

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Findgw File
+# Shorewall - Findgw File
 #
 # /etc/shorewall6/findgw
 #

Shorewall6/configfiles/proxyndp

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Proxyndp File
+# Shorewall - Proxyndp File
 #
 # For information about entries in this file, type "man shorewall6-proxyndp"
 #

Shorewall6/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Show Connections Filter
+# Shorewall - Show Connections Filter
 #
 # /etc/shorewall/scfilter
 #

Shorewall6/configfiles/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/manpages/shorewall6.conf.xml

@@ -1010,24 +1010,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0. In that release, the <emphasis
-          role="bold">reload</emphasis> command was redefined to do what
-          <emphasis role="bold">restart</emphasis> had done in earlier
-          releases and <emphasis role="bold">restart</emphasis> became a true
-          restart (equivalent to <emphasis role="bold">stop</emphasis>
-          followed by <emphasis role="bold">start</emphasis>). When
-          LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis>
-          command performs the same operation as the reload command making it
-          compatible with earlier releases. If not specified,
-          LAGACY_RESTART=No is assumed.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@@ -1924,6 +1906,27 @@ INLINE          -       -       -       ; -j REJECT
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">RESTART=</emphasis>[<emphasis
+        role="bold">restart</emphasis>|<emphasis
+        role="bold">reload</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.1 to replace LEGACY_RESTART which was
+          added in Shorewall 5.0.0. In that release, the <emphasis
+          role="bold">reload</emphasis> command was redefined to do what
+          <emphasis role="bold">restart</emphasis> had done in earlier
+          releases and <emphasis role="bold">restart</emphasis> became a true
+          restart (equivalent to <emphasis role="bold">stop</emphasis>
+          followed by <emphasis role="bold">start</emphasis>). When
+          RESTART=reload, the <emphasis role="bold">restart</emphasis> command
+          performs the same operation as the <emphasis
+          role="bold">reload</emphasis> command making it compatible with
+          earlier releases. If not specified, RESTART=reload is
+          assumed.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis role="bold">RESTORE_ROUTEMARKS=</emphasis>[<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
@@ -2143,7 +2146,9 @@ INLINE          -       -       -       ; -j REJECT
         <term><emphasis role="bold">TC_ENABLED=</emphasis>[<emphasis
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
-        role="bold">Internal|Shared</emphasis>]</term>
+        role="bold">Internal</emphasis>|<emphasis
+        role="bold">Simple</emphasis>|<emphasis
+        role="bold">Shared</emphasis>]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@@ -2160,6 +2165,13 @@ INLINE          -       -       -       ; -j REJECT
           empty then Shorewall6 will use its builtin traffic shaper
           (tc4shorewall6 written by Arne Bernin.</para>
 
+          <para>If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later),
+          simple traffic shaping using <ulink
+          url="/manpages/shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5)
+          and <ulink
+          url="/manpages/shorewall-tcpri.html">shorewall-tcpri</ulink>(5) is
+          enabled.</para>
+
           <para>Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
           or shared, then you should create symbolic links from your
           Shorewall6 configuration directory (normally

Shorewall6/shorewall6.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv6 firewall

docs/CompiledPrograms.xml

@@ -186,8 +186,8 @@
               configuring Shorewall on the firewall system itself</emphasis>).
               It's a good idea to include the IP address of the administrative
               system in the <ulink
-              url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
-              file</ulink>.</para>
+              url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules
+              </filename> file</ulink>.</para>
 
               <para>It is important to understand that with Shorewall Lite,
               the firewall's export directory on the administrative system
@@ -493,7 +493,7 @@ clean:
 
             <para>Be sure that the IP address of the administrative system is
             included in the firewall's export directory
-            <filename>routestopped</filename> file.</para>
+            <filename>stoppedrules</filename> file.</para>
 
             <programlisting><command>shorewall stop</command></programlisting>
 
@@ -514,7 +514,7 @@ clean:
 
             <para>It's a good idea to include the IP address of the
             administrative system in the firewall system's <ulink
-            url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
+            url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
             file</ulink>.</para>
 
             <para>Also, edit the <filename>shorewall.conf</filename> file in

docs/FAQ.xml

@@ -247,7 +247,7 @@ DNAT    net:<emphasis>address</emphasis>   loc:<emphasis>local-IP-address</empha
         <itemizedlist>
           <listitem>
             <para>You are trying to test from inside your firewall (no, that
-            won't work -- see <xref linkend="faq2" />).</para>
+            won't work -- see <xref linkend="faq2"/>).</para>
           </listitem>
 
           <listitem>
@@ -2029,7 +2029,7 @@ Dec 15 16:47:30 heath-desktop last message repeated 2 times</programlisting>
       ADMINISABSENTMINDED in <ulink
       url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and the
       contents of <ulink
-      url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>
+      url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>
       (5). To totally open the firewall, use the <command>clear</command>
       command.</para>
     </section>
@@ -2138,8 +2138,8 @@ Creating input Chains...
 
       <para><command>/sbin/shorewall stop</command> places the firewall in a
       <firstterm>safe state</firstterm>, the details of which depend on your
-      <filename>/etc/shorewall/routestopped</filename> file (<ulink
-      url="manpages/shorewall-routestopped.html">shorewall-routestopped</ulink>(5))
+      <filename>/etc/shorewall/stoppedrules</filename> file (<ulink
+      url="manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5))
       and on the setting of ADMINISABSENTMINDED in
       <filename>/etc/shorewall/shorewall.conf</filename> (<ulink
       url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5)).</para>
@@ -3065,7 +3065,7 @@ Shorewall has detected the following iptables/netfilter capabilities:
    Persistent SNAT: Available
 gateway:~# </programlisting>
 
-      <para></para>
+      <para/>
     </section>
 
     <section id="faq19">

docs/Introduction.xml

@@ -373,8 +373,9 @@ ACCEPT     net           $FW       tcp        22</programlisting>
     <para>The AUTOMAKE option in /etc/shorewall/shorewall.conf may be set to
     automatically generate a new script when one of the configuration files is
     changed. When no file has changed since the last compilation, the
-    <command>/sbin/shorewall start</command> and <command>/sbin/shorewall
-    restart</command> commands will simply execute the current
+    <command>/sbin/shorewall start</command>, <command>/sbin/shorewall
+    reload</command> and <command>/sbin/shorewall restart</command> commands
+    will simply execute the current
     <filename>/var/lib/shorewall/firewall</filename> script.</para>
   </section>
 

docs/Manpages.xml

@@ -5,7 +5,7 @@
   <!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
 
   <articleinfo>
-    <title>Shorewall 4.4-4.6 Manpages</title>
+    <title>Shorewall 5.0 Manpages</title>
 
     <authorgroup>
       <author>
@@ -18,7 +18,7 @@
     <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
 
     <copyright>
-      <year>2007-2014</year>
+      <year>2007-2015</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -35,8 +35,10 @@
   </articleinfo>
 
   <warning>
-    <para>These manpages are for Shorewall 4.4 and later only. They describe
-    features and options not available on earlier releases.</para>
+    <para>These manpages are for Shorewall 5.0 and later only. They describe
+    features and options not available on earlier releases. The manpages for
+    Shorewall 4.4-4.6 are available<ulink url="/manpages4/Manpages.html">
+    here</ulink>.</para>
   </warning>
 
   <section id="Section5">
@@ -54,10 +56,6 @@
         <member><ulink url="manpages/shorewall-arprules.html">arprules</ulink>
         - (Added in Shorewall 4.5.12) Define arpfilter rules.</member>
 
-        <member><ulink
-        url="manpages/shorewall-blacklist.html">blacklist</ulink> - Static
-        blacklisting (deprecated)</member>
-
         <member><ulink url="manpages/shorewall-blrules.html">blrules</ulink> -
         shorewall Blacklist file.</member>
 
@@ -106,9 +104,6 @@
         <member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> -
         How to map addresses from one net to another.</member>
 
-        <member><ulink url="manpages/shorewall-notrack.html">notrack</ulink> -
-        Exclude certain traffic from Netfilter connection tracking</member>
-
         <member><ulink url="manpages/shorewall-params.html">params</ulink> -
         Assign values to shell variables used in other files.</member>
 
@@ -129,13 +124,6 @@
         (Added in Shorewall 4.4.15) Add additional routes to provider routing
         tables.</member>
 
-        <member><ulink
-        url="manpages/shorewall-routestopped.html">routestopped</ulink> -
-        Specify connections to be permitted when Shorewall is in the stopped
-        state (deprecated in Shorewall 4.5.8 in favor of the <ulink
-        url="manpages/shorewall-stoppedrules.html">stoppedrules</ulink>
-        file).</member>
-
         <member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
         Specify exceptions to policies, including DNAT and REDIRECT.</member>
 
@@ -162,18 +150,6 @@
         <member><ulink url="manpages/shorewall-tcpri.html">tcpri</ulink> -
         Classify traffic for simplified traffic shaping.</member>
 
-        <member><ulink
-        url="manpages/shorewall-stoppedrules.html">stoppedrules</ulink> -
-        Specify connections to be permitted when Shorewall is in the stopped
-        state (added in Shorewall 4.5.8).</member>
-
-        <member><ulink url="manpages/shorewall-tcrules.html">tcrules</ulink> -
-        Define packet marking rules, usually for traffic shaping. Superseded
-        by mangle (above) in Shorewall 4.6.0.</member>
-
-        <member><ulink url="manpages/shorewall-tos.html">tos</ulink> - Define
-        TOS field manipulation.</member>
-
         <member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
         Define VPN connections with endpoints on the firewall.</member>
 

docs/Manpages6.xml

@@ -5,7 +5,7 @@
   <!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
 
   <articleinfo>
-    <title>Shorewall6 4.4-4.6 Manpages</title>
+    <title>Shorewall6 5.0 Manpages</title>
 
     <authorgroup>
       <author>
@@ -35,8 +35,10 @@
   </articleinfo>
 
   <warning>
-    <para>These manpages are for Shorewall6 4.4 and later only. They describe
-    features and options not available on earlier releases.</para>
+    <para>These manpages are for Shorewall6 5.0 and later only. They describe
+    features and options not available on earlier releases.The manpages for
+    Shorewall 4.4-4.6 are available <ulink
+    url="/manpages4/Manpages.html">here</ulink>.</para>
   </warning>
 
   <section id="Section5">
@@ -51,10 +53,6 @@
         <member><ulink url="manpages6/shorewall6-actions.html">actions</ulink>
         - Declare user-defined actions.</member>
 
-        <member><ulink
-        url="manpages6/shorewall6-blacklist.html">blacklist</ulink> - Static
-        blacklisting (deprecated)</member>
-
         <member><ulink url="manpages6/shorewall6-blrules.html">blrules</ulink>
         - shorewall6 Blacklist file.</member>
 
@@ -93,11 +91,6 @@
         <member><ulink url="manpages6/shorewall6-nesting.html">nesting</ulink>
         - How to define nested zones.</member>
 
-        <member><ulink url="manpages6/shorewall6-notrack.html">notrack</ulink>
-        - Exclude certain traffic from Netfilter6 connection tracking (renamed
-        <ulink url="manpages6/shorewall6-conntrack.html">conntrack</ulink> in
-        Shorewall 4.5.7)</member>
-
         <member><ulink url="manpages6/shorewall6-params.html">params</ulink> -
         Assign values to shell variables used in other files.</member>
 
@@ -119,11 +112,6 @@
         (Added in Shorewall 4.4.15) Add additional routes to provider routing
         tables.</member>
 
-        <member><ulink
-        url="manpages6/shorewall6-routestopped.html">routestopped</ulink> -
-        Specify connections to be permitted when Shorewall6 is in the stopped
-        state (Deprecated in Shoreall 4.5.8).</member>
-
         <member><ulink url="manpages6/shorewall6-rules.html">rules</ulink> -
         Specify exceptions to policies, including DNAT and REDIRECT.</member>
 
@@ -151,13 +139,6 @@
         <member><ulink url="manpages6/shorewall6-tcpri.html">tcpri</ulink> -
         Classify traffic for simplified traffic shaping.</member>
 
-        <member><ulink url="manpages6/shorewall6-tcrules.html">tcrules</ulink>
-        - Define packet marking rules, usually for traffic shaping. Superseded
-        by mangle (above) in Shorewall 4.6.0.</member>
-
-        <member><ulink url="manpages6/shorewall6-tos.html">tos</ulink> -
-        Define TOS field manipulation.</member>
-
         <member><ulink url="manpages6/shorewall6-tunnels.html">tunnels</ulink>
         - Define VPN connections with endpoints on the firewall.</member>
 

docs/MultiISP.xml

@@ -926,7 +926,7 @@ MARK(2)         $FW             0.0.0.0/0       tcp     25</programlisting>
 
       <para>If you are running a Shorewall version earlier than 4.6.0, the
       above rules in <ulink
-      url="manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>
+      url="manpages4/manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>
       would be:</para>
 
       <programlisting>#ACTION         SOURCE          DEST            PROTO   PORT(S) CLIENT  USER    TEST
@@ -1771,7 +1771,7 @@ ISP2    2       2       -               eth1            130.252.99.254  track
       except when you explicitly direct it to use the other provider via
       <ulink url="manpages/shorewall-rtrules.html">shorewall-rtrules</ulink>
       (5) or <ulink
-      url="manpages/shorewall-tcrules.html">shorewall-mangle</ulink>
+      url="manpages4/manpages/shorewall-tcrules.html">shorewall-mangle</ulink>
       (5).</para>
 
       <para>Example (send all traffic through the 'shorewall' provider unless
@@ -1950,7 +1950,7 @@ ONBOOT=yes</programlisting>
       url="manpages/shorewall-providers.html">shorewall-providers</ulink> (5)
       is available in the form of a PROBABILITY column in <ulink
       url="manpages/shorewall-mangle.html">shorewall-mangle</ulink>(5) (<ulink
-      url="manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>) (5).
+      url="manpages4/manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>) (5).
       This feature requires the <firstterm>Statistic Match</firstterm>
       capability in your iptables and kernel.</para>
 

docs/PacketHandling.xml

@@ -186,7 +186,7 @@
     <itemizedlist>
       <listitem>
         <para>Packets are marked based on the contents of your
-        <filename>/etc/shorewall/tcrules</filename> file and the setting of
+        <filename>/etc/shorewall/mangle</filename> file and the setting of
         MARK_IN_FORWARD_CHAIN in
         <filename>/etc/shorewall/shorewall.conf</filename>. This occurs in the
         <emphasis role="bold">tcfor</emphasis> chain of the
@@ -261,7 +261,7 @@
 
       <listitem>
         <para>Packets are marked based on the contents of your
-        <filename>/etc/shorewall/tcrules</filename> file. This occurs in the
+        <filename>/etc/shorewall/mangle</filename> file. This occurs in the
         <emphasis role="bold">tcout</emphasis> chain of the
         <emphasis>mangle</emphasis> table.</para>
       </listitem>

docs/QOSExample.xml

@@ -289,9 +289,9 @@ ip link set ifb0 up</programlisting>
   </section>
 
   <section>
-    <title>/etc/shorewall/tcrules</title>
+    <title>/etc/shorewall/mangle</title>
 
-    <para>The tcrules file classifies upload packets:</para>
+    <para>The mangle file classifies upload packets:</para>
 
     <programlisting>#MARK            SOURCE         DEST          PROTO     DEST        SOURCE     USER    TEST
 #                                                       PORT(S)     PORT(S)

docs/Shorewall-5.xml

@@ -338,9 +338,18 @@
 
       <para>For those that can't get used to the idea of using
       <command>reload</command> in place of <command>restart</command>, a
-      LEGACY_RESTART option has been added to shorewall[6].conf. The option
-      defaults to No but if set to Yes, then the <command>restart</command>
+      RESTART option has been added to shorewall[6].conf. The option defaults
+      to 'restart' but if set to 'reload', then the <command>restart</command>
       command does what it did in earlier releases.</para>
+
+      <note>
+        <para>Beginning with Shorewall 5.0.1 and Shorewall 4.6.13.2, the
+        update command will set RESTART=reload to maintain compatibility with
+        earlier releases. Shorewall 5.0.0 created the setting
+        LEGACY_RESTART=No which was equivalent to RESTART=restart. Under
+        Shorewall 5.0.1 and later, update will convert LEGACY_RESTART to the
+        equivalent RESTART setting.</para>
+      </note>
     </section>
   </section>
 

docs/Shorewall-Lite.xml

@@ -191,7 +191,7 @@
               configuring Shorewall on the firewall system itself</emphasis>).
               It's a good idea to include the IP address of the administrative
               system in the <ulink
-              url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
+              url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
               file</ulink>.</para>
 
               <para>It is important to understand that with Shorewall Lite,
@@ -412,7 +412,7 @@
 
             <para>Be sure that the IP address of the administrative system is
             included in the firewall's export directory
-            <filename>routestopped</filename> file.</para>
+            <filename>stoppedrules</filename> file.</para>
 
             <programlisting><command>shorewall stop</command></programlisting>
 
@@ -433,7 +433,7 @@
 
             <para>It's a good idea to include the IP address of the
             administrative system in the firewall system's <ulink
-            url="manpages/shorewall-routestopped.html"><filename>routestopped</filename>
+            url="manpages/shorewall-stoppedrules.html"><filename>stoppedrules</filename>
             file</ulink>.</para>
 
             <para>Also, edit the <filename>shorewall.conf</filename> file in

docs/Shorewall_Squid_Usage.xml

@@ -248,7 +248,8 @@ MARK(202):P    eth1:!192.168.1.3   0.0.0.0/0   tcp      80</programlisting>
 
             <para>If you are still using a tcrules file, you should consider
             switching to using a mangle file (<command>shorewall update
-            -t</command> will do that for you). Corresponding
+            -t</command> (<command>shorewall update</command> on
+	    Shorewall 5.0 and later) will do that for you). Corresponding
             /etc/shorewall/tcrules entries are:</para>
 
             <programlisting>#MARK    SOURCE              DEST        PROTO    DEST

docs/Shorewall_and_Routing.xml

@@ -91,7 +91,7 @@
           <para>Packets may be marked using entries in the <ulink
           url="manpages/shorewall-mangle.html">/etc/shorewall/mangle</ulink>
           (<ulink
-          url="manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>)
+          url="manpages4/manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>)
           file. Entries in that file containing ":P" in the mark column are
           applied here as are rules that default to the
           MARK_IN_FORWARD_CHAIN=No setting in
@@ -145,9 +145,9 @@
       <orderedlist>
         <listitem>
           <para>Packets may be marked using entries in the <ulink
-          url="manpages/shorewall-tcrules.html">/etc/shorewall/mangle</ulink>
+          url="manpages4/manpages/shorewall-tcrules.html">/etc/shorewall/mangle</ulink>
           (<ulink
-          url="manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>)
+          url="manpages4/manpages/shorewall-tcrules.html">/etc/shorewall/tcrules</ulink>)
           file (rules with "$FW" in the SOURCE column). These marks may be
           used to specify that the packet should be re-routed using an
           alternate routing table.</para>