Remove version from config files

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/shorewall-init.service.214.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)

Shorewall-init/shorewall-init.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)

Shorewall-lite/shorewall-lite.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)

Shorewall/Perl/Shorewall/Config.pm

@@ -300,7 +300,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@@ -601,11 +601,13 @@ our %validlevels;            # Valid log levels.
 # Deprecated options with their default values
 #
 our %deprecated = (
+		   LEGACY_RESTART => 'no'
 		  );
 #
 # Deprecated options that are eliminated via update
 #
 our %converted = (
+		  LEGACY_RESTART => 1
 		 );
 #
 # Eliminated options
@@ -711,7 +713,7 @@ sub initialize( $;$$) {
 		    TC_SCRIPT               => '',
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
-		    VERSION                 => "4.5.19-Beta1",
+		    VERSION                 => "5.0.1",
 		    CAPVERSION              => 40609 ,
 		    BLACKLIST_LOG_TAG       => '',
 		    RELATED_LOG_TAG         => '',
@@ -858,6 +860,7 @@ sub initialize( $;$$) {
 	  BASIC_FILTERS => undef,
 	  WORKAROUNDS => undef ,
 	  LEGACY_RESTART => undef ,
+	  RESTART => undef ,
 	  #
 	  # Packet Disposition
 	  #
@@ -4832,7 +4835,7 @@ sub update_config_file( $ ) {
     unless ( supplied $config{LOGLIMIT} ) {
 	if ( $config{LOGRATE} || $config{LOGBURST} ) {
 	    my $limit;
-	    
+
 	    if ( supplied $config{LOGRATE} ) {
 		fatal_error"Invalid LOGRATE ($config{LOGRATE})" unless $config{LOGRATE}  =~ /^\d+\/(second|minute)$/;
 		$limit = $config{LOGRATE};
@@ -4863,6 +4866,7 @@ sub update_config_file( $ ) {
 
     update_default( 'USE_DEFAULT_RT', 'No' );
     update_default( 'EXPORTMODULES',  'No' );
+    update_default( 'RESTART',        'reload' );
 
     my $fn;
 
@@ -5564,7 +5568,7 @@ sub get_configuration( $$$$ ) {
 
 		$limit .= "--$match $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode ";
 		$units = $4;
-	    } elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))?)$/ ) {
+	    } elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|second|minute|hour|day))?)$/ ) {
 		fatal_error "Invalid rate ($1)" unless $2;
 		$limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode ";
 		$units = $4;
@@ -5588,7 +5592,7 @@ sub get_configuration( $$$$ ) {
 	    fatal_error "Invalid rate ($1)" unless $2;
 	    fatal_error "Invalid burst value ($5)" unless $5;
 	    $limit = "-m limit --limit $1 --limit-burst $5 ";
-	} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ )  {
+	} elsif ( $rate =~ /^(\d+)(\/(sec|min|second|minute|hour|day))?$/ )  {
 	    fatal_error "Invalid rate (${1}${2})" unless $1;
 	    $limit = "-m limit --limit $rate ";
 	} else {
@@ -5759,7 +5763,15 @@ sub get_configuration( $$$$ ) {
     default_yes_no 'INLINE_MATCHES'             , '';
     default_yes_no 'BASIC_FILTERS'              , '';
     default_yes_no 'WORKAROUNDS'                , 'Yes';
-    default_yes_no 'LEGACY_RESTART'             , '';
+
+    if ( supplied( $val = $config{RESTART} ) ) {
+	fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/;
+    } elsif (supplied $config{LEGACY_RESTART} ) {
+	default_yes_no 'LEGACY_RESTART'             , 'Yes';
+	$config{RESTART} = $config{LEGACY_RESTART} ? 'reload' : 'restart';
+    } else {
+	$config{RESTART} = 'reload';
+    }
 
     require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
 
@@ -6302,7 +6314,7 @@ sub generate_aux_config() {
 
     emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";
 
-    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS LEGACY_RESTART) ) {
+    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS RESTART) ) {
 	conditionally_add_option $option;
     }
 

Shorewall/Perl/Shorewall/Providers.pm

@@ -846,12 +846,12 @@ CEOF
 
 	if ( $hostroute ) {
 	    if ( $family == F_IPV4 ) {
-		emit "run_ip route replace $gateway src $address dev $physical ${mtu}";
-		emit "run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm";
+		emit qq(run_ip route replace $gateway src $address dev $physical ${mtu});
+		emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm);
 	    } else {
-		emit "qt \$IP -6 route add $gateway src $address dev $physical ${mtu}";
-		emit "qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm";
-		emit "run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm";
+		emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu});
+		emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm);
+		emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm);
 	    }
 	}
 

Shorewall/Perl/prog.footer

@@ -310,7 +310,7 @@ case "$COMMAND" in
     restart)
 	[ $# -ne 1 ] && usage 2
 
-	if [ -z "$LEGACY_RESTART" ]; then
+	if [ "$RESTART" = restart ]; then
 	    COMMAND=stop stop_command && COMMAND=start start_command
 	else
 	    COMMAND=reload

Shorewall/Samples/Universal/shorewall.conf

@@ -176,8 +176,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -204,6 +202,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=Yes
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/one-interface/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for one-interface configuration.
+# Shorewall - Sample Interfaces File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for one-interface configuration.
+# Shorewall - Sample Policy File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for one-interface configuration.
+# Shorewall - Sample Rules File for one-interface configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/one-interface/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for one-interface
+# Shorewall - Sample shorewall.conf for one-interface
 #                         configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
@@ -187,8 +187,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -215,6 +213,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/one-interface/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for one-interface configuration.
+# Shorewall - Sample Zones File for one-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for three-interface configuration.
+# Shorewall - Sample Interfaces File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Masq file for three-interface configuration.
+# Shorewall - Sample Masq file for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for three-interface configuration.
+# Shorewall - Sample Policy File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for three-interface configuration.
+# Shorewall - Sample Rules File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for three-interface
+# Shorewall - Sample shorewall.conf for three-interface
 #                         configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
@@ -184,8 +184,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -212,6 +210,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/three-interfaces/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Stoppedrules File for three-interface configuration.
+# Shorewall - Sample Stoppedrules File for three-interface configuration.
 # Copyright (C) 2012-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/three-interfaces/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for three-interface configuration.
+# Shorewall - Sample Zones File for three-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Interfaces File for two-interface configuration.
+# Shorewall - Sample Interfaces File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Masq file for two-interface configuration.
+# Shorewall - Sample Masq file for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Policy File for two-interface configuration.
+# Shorewall - Sample Policy File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Rules File for two-interface configuration.
+# Shorewall - Sample Rules File for two-interface configuration.
 # Copyright (C) 2006-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/shorewall.conf

@@ -1,6 +1,6 @@
 ###############################################################################
 #
-# Shorewall version 5.0 - Sample shorewall.conf for two-interface
+# Shorewall - Sample shorewall.conf for two-interface
 #                         configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
@@ -187,8 +187,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_RESTART=Yes
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -215,6 +213,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/Samples/two-interfaces/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Stoppedrules File for two-interface configuration.
+# Shorewall - Sample Stoppedrules File for two-interface configuration.
 # Copyright (C) 2012-2015 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/Samples/two-interfaces/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5.0 - Sample Zones File for two-interface configuration.
+# Shorewall - Sample Zones File for two-interface configuration.
 # Copyright (C) 2006-2014 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or

Shorewall/configfiles/accounting

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Accounting File
+# Shorewall - Accounting File
 #
 # For information about entries in this file, type "man shorewall-accounting"
 #

Shorewall/configfiles/actions

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Actions File
+# Shorewall - Actions File
 #
 # /etc/shorewall/actions
 #

Shorewall/configfiles/arprules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - arprules File
+# Shorewall - arprules File
 #
 # For information about entries in this file, type "man shorewall-arprules"
 #

Shorewall/configfiles/blrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Blacklist Rules File
+# Shorewall - Blacklist Rules File
 #
 # For information about entries in this file, type "man shorewall-blrules"
 #

Shorewall/configfiles/clear

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - clear File
+# Shorewall - clear File
 #
 # /etc/shorewall/clear
 #

Shorewall/configfiles/conntrack

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - conntrack File
+# Shorewall - conntrack File
 #
 # For information about entries in this file, type "man shorewall-conntrack"
 #

Shorewall/configfiles/ecn

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Ecn File
+# Shorewall - Ecn File
 #
 # For information about entries in this file, type "man shorewall-ecn"
 #

Shorewall/configfiles/findgw

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Findgw File
+# Shorewall - Findgw File
 #
 # /etc/shorewall/findgw
 #

Shorewall/configfiles/hosts

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Hosts file
+# Shorewall - Hosts file
 #
 # For information about entries in this file, type "man shorewall-hosts"
 #

Shorewall/configfiles/init

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Init File
+# Shorewall - Init File
 #
 # /etc/shorewall/init
 #

Shorewall/configfiles/initdone

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Initdone File
+# Shorewall - Initdone File
 #
 # /etc/shorewall/initdone
 #

Shorewall/configfiles/interfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Interfaces File
+# Shorewall - Interfaces File
 #
 # For information about entries in this file, type "man shorewall-interfaces"
 #

Shorewall/configfiles/isusable

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - isusable File
+# Shorewall - isusable File
 #
 # /etc/shorewall/isusable
 #

Shorewall/configfiles/lib.private

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - lib.private File
+# Shorewall - lib.private File
 #
 # /etc/shorewall/lib.private
 #

Shorewall/configfiles/maclist

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Maclist file
+# Shorewall - Maclist file
 #
 # For information about entries in this file, type "man shorewall-maclist"
 #

Shorewall/configfiles/mangle

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Mangle File
+# Shorewall - Mangle File
 #
 # For information about entries in this file, type "man shorewall-mangle"
 #

Shorewall/configfiles/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Masq file
+# Shorewall - Masq file
 #
 # For information about entries in this file, type "man shorewall-masq"
 #

Shorewall/configfiles/nat

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Nat File
+# Shorewall - Nat File
 #
 # For information about entries in this file, type "man shorewall-nat"
 #

Shorewall/configfiles/netmap

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5	 - Netmap File
+# Shorewall	 - Netmap File
 #
 # For information about entries in this file, type "man shorewall-netmap"
 #

Shorewall/configfiles/params

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Params File
+# Shorewall - Params File
 #
 # /etc/shorewall/params
 #

Shorewall/configfiles/policy

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Policy File
+# Shorewall - Policy File
 #
 # For information about entries in this file, type "man shorewall-policy"
 #

Shorewall/configfiles/providers

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Providers File
+# Shorewall - Providers File
 #
 # For information about entries in this file, type "man shorewall-providers"
 #

Shorewall/configfiles/proxyarp

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Proxyarp File
+# Shorewall - Proxyarp File
 #
 # For information about entries in this file, type "man shorewall-proxyarp"
 #

Shorewall/configfiles/refresh

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - refresh File
+# Shorewall - refresh File
 #
 # /etc/shorewall/refresh
 #

Shorewall/configfiles/refreshed

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - refreshed File
+# Shorewall - refreshed File
 #
 # /etc/shorewall/refreshed
 #

Shorewall/configfiles/restored

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Restored File
+# Shorewall - Restored File
 #
 # /etc/shorewall/restored
 #

Shorewall/configfiles/routes

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - routes File
+# Shorewall - routes File
 #
 # For information about entries in this file, type "man shorewall-routes"
 #

Shorewall/configfiles/routestopped

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Routestopped File
+# Shorewall - Routestopped File
 #
 # This file is deprecated in favor of the stoppedrules file
 #

Shorewall/configfiles/rtrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - route rules File
+# Shorewall - route rules File
 #
 # For information about entries in this file, type "man shorewall-rtrules"
 #

Shorewall/configfiles/rules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Rules File
+# Shorewall - Rules File
 #
 # For information on the settings in this file, type "man shorewall-rules"
 #

Shorewall/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Show Connections Filter
+# Shorewall - Show Connections Filter
 #
 # /etc/shorewall/scfilter
 #

Shorewall/configfiles/secmarks

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Secmarks File
+# Shorewall - Secmarks File
 #
 # For information about entries in this file, type "man shorewall-secmarks"
 #

Shorewall/configfiles/shorewall.conf

@@ -174,8 +174,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=No
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -204,6 +202,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
 RESTORE_ROUTEMARKS=Yes

Shorewall/configfiles/start

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Start File
+# Shorewall - Start File
 #
 # /etc/shorewall/start
 #

Shorewall/configfiles/started

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Started File
+# Shorewall - Started File
 #
 # /etc/shorewall/started
 #

Shorewall/configfiles/stop

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stop File
+# Shorewall - Stop File
 #
 # /etc/shorewall/stop
 #

Shorewall/configfiles/stopped

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stopped File
+# Shorewall - Stopped File
 #
 # /etc/shorewall/stopped
 #

Shorewall/configfiles/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Stopped Rules File
+# Shorewall - Stopped Rules File
 #
 # For information about entries in this file, type "man shorewall-stoppedrules"
 #

Shorewall/configfiles/tcclasses

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcclasses File
+# Shorewall - Tcclasses File
 #
 # For information about entries in this file, type "man shorewall-tcclasses"
 #

Shorewall/configfiles/tcclear

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - tcclear File
+# Shorewall - tcclear File
 #
 # /etc/shorewall/tcclear
 #

Shorewall/configfiles/tcdevices

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcdevices File
+# Shorewall - Tcdevices File
 #
 # For information about entries in this file, type "man shorewall-tcdevices"
 #

Shorewall/configfiles/tcfilters

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcfilters File
+# Shorewall - Tcfilters File
 #
 # For information about entries in this file, type "man shorewall-tcfilters"
 #

Shorewall/configfiles/tcinterfaces

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcinterfaces File
+# Shorewall - Tcinterfaces File
 #
 # For information about entries in this file, type "man shorewall-tcinterfaces"
 #

Shorewall/configfiles/tcpri

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tcpri File
+# Shorewall - Tcpri File
 #
 # For information about entries in this file, type "man shorewall-tcpri"
 #

Shorewall/configfiles/tunnels

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Tunnels File
+# Shorewall - Tunnels File
 #
 # For information about entries in this file, type "man shorewall-tunnels"
 #

Shorewall/configfiles/zones

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Zones File
+# Shorewall - Zones File
 #
 # For information about this file, type "man shorewall-zones"
 #

Shorewall/manpages/shorewall.conf.xml

@@ -89,7 +89,7 @@
     colon (":") and a <firstterm>log tag</firstterm>. The log tag normally
     follows the packet disposition in Shorewall-generated Netfilter log
     messages, separated from the disposition by a colon (e.g, "DROP:mytag").
-    See LOGTAGONLY below for additional information. </para>
+    See LOGTAGONLY below for additional information.</para>
 
     <para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
     logs the packet's mark value along with the other usual information. The
@@ -1146,25 +1146,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0. In that release, the <emphasis
-          role="bold">reload</emphasis> command was redefined to do what
-          <emphasis role="bold">restart</emphasis> had done in earlier
-          releases and <emphasis role="bold">restart</emphasis> became a true
-          restart (equivalent to <emphasis role="bold">stop</emphasis>
-          followed by <emphasis role="bold">start</emphasis>). When
-          LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis>
-          command performs the same operation as the <emphasis
-          role="bold">reload</emphasis> command making it compatible with
-          earlier releases. If not specified, LAGACY_RESTART=No is
-          assumed.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@@ -2169,6 +2150,27 @@ INLINE          -       -       -       ; -j REJECT
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">RESTART=</emphasis>[<emphasis
+        role="bold">restart</emphasis>|<emphasis
+        role="bold">reload</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.1 to replace LEGACY_RESTART which was
+          added in Shorewall 5.0.0. In that release, the <emphasis
+          role="bold">reload</emphasis> command was redefined to do what
+          <emphasis role="bold">restart</emphasis> had done in earlier
+          releases and <emphasis role="bold">restart</emphasis> became a true
+          restart (equivalent to <emphasis role="bold">stop</emphasis>
+          followed by <emphasis role="bold">start</emphasis>). When
+          RESTART=reload, the <emphasis role="bold">restart</emphasis> command
+          performs the same operation as the <emphasis
+          role="bold">reload</emphasis> command making it compatible with
+          earlier releases. If not specified, RESTART=reload is
+          assumed.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis
         role="bold">RESTORE_DEFAULT_ROUTE=</emphasis>[<emphasis
@@ -2479,7 +2481,8 @@ INLINE          -       -       -       ; -j REJECT
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
         role="bold">Internal</emphasis>|<emphasis
-        role="bold">Simple</emphasis>|Shared]</term>
+        role="bold">Simple</emphasis>|<emphasis
+        role="bold">Shared</emphasis>]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis

Shorewall/shorewall.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall

Shorewall6/Samples6/Universal/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=Yes
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/one-interface/shorewall6.conf

@@ -164,8 +164,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -188,6 +186,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/three-interfaces/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/Samples6/two-interfaces/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/configfiles/conntrack

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - conntrack File
+# Shorewall - conntrack File
 #
 # For information about entries in this file, type "man shorewal6-conntrack"
 #

Shorewall6/configfiles/findgw

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Findgw File
+# Shorewall - Findgw File
 #
 # /etc/shorewall6/findgw
 #

Shorewall6/configfiles/proxyndp

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Proxyndp File
+# Shorewall - Proxyndp File
 #
 # For information about entries in this file, type "man shorewall6-proxyndp"
 #

Shorewall6/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall version 5 - Show Connections Filter
+# Shorewall - Show Connections Filter
 #
 # /etc/shorewall/scfilter
 #

Shorewall6/configfiles/shorewall6.conf

@@ -163,8 +163,6 @@ IP_FORWARDING=Off
 
 KEEP_RT_TABLES=Yes
 
-LEGACY_RESTART=Yes
-
 LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
@@ -187,6 +185,8 @@ REJECT_ACTION=
 
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No

Shorewall6/manpages/shorewall6.conf.xml

@@ -1010,24 +1010,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">LEGACY_RESTART=</emphasis>{<emphasis
-        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0. In that release, the <emphasis
-          role="bold">reload</emphasis> command was redefined to do what
-          <emphasis role="bold">restart</emphasis> had done in earlier
-          releases and <emphasis role="bold">restart</emphasis> became a true
-          restart (equivalent to <emphasis role="bold">stop</emphasis>
-          followed by <emphasis role="bold">start</emphasis>). When
-          LEGACY_FASTSTART=Yes, the <emphasis role="bold">restart</emphasis>
-          command performs the same operation as the reload command making it
-          compatible with earlier releases. If not specified,
-          LAGACY_RESTART=No is assumed.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@@ -1924,6 +1906,27 @@ INLINE          -       -       -       ; -j REJECT
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">RESTART=</emphasis>[<emphasis
+        role="bold">restart</emphasis>|<emphasis
+        role="bold">reload</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.1 to replace LEGACY_RESTART which was
+          added in Shorewall 5.0.0. In that release, the <emphasis
+          role="bold">reload</emphasis> command was redefined to do what
+          <emphasis role="bold">restart</emphasis> had done in earlier
+          releases and <emphasis role="bold">restart</emphasis> became a true
+          restart (equivalent to <emphasis role="bold">stop</emphasis>
+          followed by <emphasis role="bold">start</emphasis>). When
+          RESTART=reload, the <emphasis role="bold">restart</emphasis> command
+          performs the same operation as the <emphasis
+          role="bold">reload</emphasis> command making it compatible with
+          earlier releases. If not specified, RESTART=reload is
+          assumed.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis role="bold">RESTORE_ROUTEMARKS=</emphasis>[<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
@@ -2143,7 +2146,9 @@ INLINE          -       -       -       ; -j REJECT
         <term><emphasis role="bold">TC_ENABLED=</emphasis>[<emphasis
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
-        role="bold">Internal|Shared</emphasis>]</term>
+        role="bold">Internal</emphasis>|<emphasis
+        role="bold">Simple</emphasis>|<emphasis
+        role="bold">Shared</emphasis>]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@@ -2160,6 +2165,13 @@ INLINE          -       -       -       ; -j REJECT
           empty then Shorewall6 will use its builtin traffic shaper
           (tc4shorewall6 written by Arne Bernin.</para>
 
+          <para>If you set TC_ENABLED=Simple (Shorewall 4.4.6 and later),
+          simple traffic shaping using <ulink
+          url="/manpages/shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5)
+          and <ulink
+          url="/manpages/shorewall-tcpri.html">shorewall-tcpri</ulink>(5) is
+          enabled.</para>
+
           <para>Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
           or shared, then you should create symbolic links from your
           Shorewall6 configuration directory (normally

Shorewall6/shorewall6.service.debian

@@ -2,6 +2,7 @@
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv6 firewall

docs/Shorewall-5.xml

@@ -338,9 +338,18 @@
 
       <para>For those that can't get used to the idea of using
       <command>reload</command> in place of <command>restart</command>, a
-      LEGACY_RESTART option has been added to shorewall[6].conf. The option
-      defaults to No but if set to Yes, then the <command>restart</command>
+      RESTART option has been added to shorewall[6].conf. The option defaults
+      to 'restart' but if set to 'reload', then the <command>restart</command>
       command does what it did in earlier releases.</para>
+
+      <note>
+        <para>Beginning with Shorewall 5.0.1 and Shorewall 4.6.13.2, the
+        update command will set RESTART=reload to maintain compatibility with
+        earlier releases. Shorewall 5.0.0 created the setting
+        LEGACY_RESTART=No which was equivalent to RESTART=restart. Under
+        Shorewall 5.0.1 and later, update will convert LEGACY_RESTART to the
+        equivalent RESTART setting.</para>
+      </note>
     </section>
   </section>