Delete shorewallrc from Shorewall-core

- Inadvertently added during OpenWRT testing

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/configure

@@ -158,6 +158,9 @@ else
     if [ ! -f $rcfile ]; then
 	echo "ERROR: $vendor is not a recognized host type" >&2
 	exit 1
+    elif [ $vendor = default ]; then
+	params[HOST]=linux
+	vendor=linux
     fi
 fi
 

Shorewall-core/configure.pl

@@ -82,7 +82,11 @@ unless ( defined $vendor ) {
 
 if ( defined $vendor ) {
     $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
-    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
+    unless ( -f $rcfilename ) {
+	die qq("ERROR: $vendor" is not a recognized host type);
+    } elsif ( $vendor eq 'default' ) {
+	$params{HOST} = $vendor = 'linux';
+    }
 } else {
     if ( -f '/etc/debian_version' ) {
 	$vendor = 'debian';

Shorewall-core/install.sh

@@ -66,15 +66,6 @@ mywhich() {
     return 2
 }
 
-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
     echo
@@ -88,7 +79,20 @@ delete_file() # $1 = file to delete
 
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
 }
 
 require()
@@ -181,10 +185,6 @@ done
 
 [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
 
-T="-T"
-
-INSTALLD='-D'
-
 if [ -z "$BUILD" ]; then
     case $(uname) in
 	cygwin*|CYGWIN*)
@@ -226,6 +226,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=suse
 	    elif [ -f /etc/arch-release ] ; then
 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
+		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -252,17 +254,15 @@ case $BUILD in
 
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
-	INSTALLD=
-	T=
 	;;
     *)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=root
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
 	;;
 esac
 
-OWNERSHIP="-o $OWNER -g $GROUP"
-
 #
 # Determine where to install the firewall script
 #
@@ -276,7 +276,7 @@ case "$HOST" in
     apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
 	;;
     *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -305,7 +305,6 @@ if [ -n "$DESTDIR" ]; then
     if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
-	    OWNERSHIP=""
 	fi
     fi
 fi
@@ -407,9 +406,9 @@ fi
 if [ ${SHAREDIR} != /usr/share ]; then
     for f in lib.*; do
 	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
 	fi
     done
 fi

Shorewall-core/lib.cli

@@ -143,29 +143,63 @@ timed_read ()
 }
 
 #
-# Determine if 'syslog -C' is running
+# Determine if 'syslogd -C' or logd -S is running
 #
 syslog_circular_buffer() {
     local pid
     local tty
     local flags
-    local cputime
+    local time
     local path
     local args
     local arg
 
-    ps ax 2> /dev/null | while read pid tty flags cputime path args; do
-	case $path in
-	    syslogd|*/syslogd)
-		for arg in $args; do
-		    if [ x$arg = x-C ]; then
-			echo Yes
-			return
-		    fi
-		done
-		;;
-	esac
-    done
+    ps w 2> /dev/null | (
+	while read pid tty stat time path args; do
+	    case $path in
+		syslogd|*/syslogd)
+		    for arg in $args; do
+			case $arg in
+			    -C*)
+				return 0
+				;;
+			esac
+		    done
+		    ;;
+		logd|*/logd)
+		    for arg in $args; do
+			case $arg in
+			    -S*)
+				return 0
+				;;
+			esac
+		    done
+		    ;;
+	    esac
+	done
+
+	return 1 )
+}
+
+setup_logread() {
+    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
+
+    if syslog_circular_buffer; then
+	LOGFILE=logread
+	if qt mywhich tac; then
+	    g_logread="logread | tac"
+	else
+	    g_logread="logread"
+	fi
+    elif [ -r $LOGFILE ]; then
+	if qt mywhich tac; then
+	    g_logread="tac $LOGFILE"
+	else
+	    g_logread="cat $LOGFILE"
+	fi
+    else
+	fatal_error "LOGFILE ($LOGFILE) does not exist or is not readable!"
+    fi
 }
 
 #
@@ -173,31 +207,59 @@ syslog_circular_buffer() {
 #
 packet_log() # $1 = number of messages
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-	if [ $g_family -eq 4 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+    if qt mywhich tac; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+	    if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
-    elif [ $g_family -eq 4 ]; then
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
     else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
-    fi
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+	    if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  tail -n$1 | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
+	else
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' |  tail -n$1 | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	fi
+    fi	
 }
 
 search_log() # $1 = IP address to search for
 {
-    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
-        if [ $g_family -eq 4 ]; then
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+    if qt mywhich tac; then
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+            if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
 	else
-	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
 	fi
-    elif [ $g_family -eq 4 ]; then
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
     else
-	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+            if [ $g_family -eq 4 ]; then
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+	    else
+		$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	    fi
+	elif [ $g_family -eq 4 ]; then
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
+	else
+	    $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
+	fi
     fi
 }
 
@@ -280,17 +342,7 @@ show_bl() {
 logwatch() # $1 = timeout -- if negative, prompt each time that
 	   #		     an 'interesting' packet count changes
 {
-    if [ -z "$LOGFILE" ]; then
-	LOGFILE=/var/log/messages
-
-	if [ -n "$(syslog_circular_buffer)" ]; then
-	    g_logread="logread | tac"
-	elif [ -r $LOGFILE ]; then
-	    g_logread="tac $LOGFILE"
-	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist!"
-	fi
-    fi
+    setup_logread
 
     host=$(echo $g_hostname | sed 's/\..*$//')
     oldrejects=$($g_tool -L -v -n | grep 'LOG')
@@ -1038,17 +1090,7 @@ show_command() {
 	log)
 	    [ $# -gt 2 ] && usage 1
 
-	    if [ -z "$LOGFILE" ]; then
-		LOGFILE=/var/log/messages
-
-		if [ -n "$(syslog_circular_buffer)" ]; then
-		    g_logread="logread | tac"
-		elif [ -r $LOGFILE ]; then
-		    g_logread="tac $LOGFILE"
-		else
-		    fatal_error "LOGFILE ($LOGFILE) does not exist!"
-		fi
-	    fi
+	    setup_logread
 
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
@@ -1427,17 +1469,7 @@ do_dump_command() {
 	esac
     done
 
-    if [ -z "$LOGFILE" ]; then
-	LOGFILE=/var/log/messages
-
-	if [ -n "$(syslog_circular_buffer)" ]; then
-	    g_logread="logread | tac"
-	elif [ -r $LOGFILE ]; then
-	    g_logread="tac $LOGFILE"
-	else
-	    fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
-	fi
-    fi
+    setup_logread
 
     g_ipt_options="$g_ipt_options $g_ipt_options1"
 
@@ -3495,10 +3527,34 @@ noiptrace_command() {
 	fatal_error "$g_product is not started"
     fi
 }
+
 #
-# Set the configuration variables from shorewall-lite.conf
+# Verify that we have a compiled firewall script
+#
+verify_firewall_script() {
+    if [ ! -f $g_firewall ]; then
+	echo "   ERROR: $g_product is not properly installed" >&2
+	if [ -L $g_firewall ]; then
+	    echo "          $g_firewall is a symbolic link to a" >&2
+	    echo "          non-existant file" >&2
+	else
+	    echo "          The file $g_firewall does not exist" >&2
+	fi
+
+	exit 2
+    fi
+}
+
+################################################################################
+# The remaining functions are used by the Lite cli - they are overloaded by
+# the Standard CLI by loading lib.cli-std
+################################################################################
+#
+# Set the configuration variables from shorewall[6]-lite.conf.
 #
 get_config() {
+    local config
+    local lib
 
     ensure_config_path
 
@@ -3520,15 +3576,7 @@ get_config() {
 
     [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-    [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
-
-    if ( ps ax 2> /dev/null | grep -v grep |  qt grep 'syslogd.*-C' ) ; then
-	g_logread="logread | tac"
-    elif [ -r $LOGFILE ]; then
-	g_logread="tac $LOGFILE"
-    else
-	fatal_error "LOGFILE ($LOGFILE) does not exist!"
-    fi
+    setup_logread
     #
     # See if we have a real version of "tail" -- use separate redirection so
     # that ash (aka /bin/sh on LRP) doesn't crap
@@ -3636,29 +3684,11 @@ get_config() {
 
     g_loopback=$(find_loopback_interfaces)
 
+    lib=$(find_file lib.cli-user)
+
+    [ -f $lib ] && . $lib
+
 }
-
-#
-# Verify that we have a compiled firewall script
-#
-verify_firewall_script() {
-    if [ ! -f $g_firewall ]; then
-	echo "   ERROR: $g_product is not properly installed" >&2
-	if [ -L $g_firewall ]; then
-	    echo "          $g_firewall is a symbolic link to a" >&2
-	    echo "          non-existant file" >&2
-	else
-	    echo "          The file $g_firewall does not exist" >&2
-	fi
-
-	exit 2
-    fi
-}
-
-################################################################################
-# The remaining functions are used by the Lite cli - they are overloaded by
-# the Standard CLI by loading lib.cli-std
-################################################################################
 #
 # Start Command Executor
 #
@@ -3885,6 +3915,13 @@ usage() # $1 = exit status
     ecko "   refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
     echo "   reject <address> ..."
     ecko "   reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
+
+    if [ -z "$g_lite" ]; then
+	echo "   remote-reload [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+	echo "   remote-restart [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+	echo "   remote-start [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+    fi
+
     echo "   reset [ <chain> ... ]"
 
     if [ -n "$g_lite" ]; then

Shorewall-core/lib.common

@@ -33,7 +33,7 @@ startup_error() # $* = Error Message
     echo "   ERROR: $@: Firewall state not changed" >&2
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
         echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
     fi
 
@@ -50,7 +50,7 @@ startup_error() # $* = Error Message
     esac
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%_b %d %T') "
+        timestamp="$(date +'%b %d %T') "
 
 	case $COMMAND in
 	    start)
@@ -709,12 +709,15 @@ mutex_on()
     local lockf
     lockf=${LOCKFILE:=${VARDIR}/lock}
     local lockpid
+    local lockd
 
     MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
 
     if [ $MUTEX_TIMEOUT -gt 0 ]; then
 
-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+	lockd=$(dirname $LOCKFILE)
+
+	[ -d "$lockd" ] || mkdir -p "$lockd"
 
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
@@ -734,6 +737,11 @@ mutex_on()
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
+	elif qt mywhich lock; then
+            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
+            chmod u+w ${lockf}
+            echo $$ > ${lockf}
+            chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1

Shorewall-core/shorewallrc.openwrt

@@ -0,0 +1,26 @@
+#
+# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
+#
+# Input: host=openwrt
+#
+HOST=openwrt
+PREFIX=/usr                             
+SHAREDIR=${PREFIX}/share                
+LIBEXECDIR=${PREFIX}/share              
+PERLLIBDIR=${PREFIX}/share/shorewall    
+CONFDIR=/etc                            
+SBINDIR=/sbin                           
+MANDIR=${PREFIX}/man                    
+INITDIR=/etc/init.d                     
+INITSOURCE=init.openwrt.sh
+INITFILE=$PRODUCT                       
+AUXINITSOURCE=
+AUXINITFILE=
+SERVICEDIR=                             
+SERVICEFILE=                            
+SYSCONFFILE=default.openwrt
+SYSCONFDIR=${CONFDIR}/sysconfig
+SPARSE=                                 
+ANNOTATED=                              
+VARLIB=/lib
+VARDIR=${VARLIB}/$PRODUCT               

Shorewall-lite/default.openwrt

@@ -0,0 +1,25 @@
+# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+
+# startup option(default "-vvv")
+OPTIONS=
+
+# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
+START=50
+
+# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
+STOP=
+
+# option to pass when shorewall start is executed
+STARTOPTIONS=
+
+# option to pass when shorewall restart is executed
+RESTARTOPTIONS=
+
+# option to pass when shorewall reload is executed
+RELOADOPTIONS=
+
+# option to pass when shorewall stop is executed
+STOPOPTIONS=
+
+# option to pass when shorewall status is executed
+STATUSOPTIONS=

Shorewall-lite/init.openwrt.sh

@@ -0,0 +1,98 @@
+#!/bin/sh /etc/rc.common
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
+#
+#	On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically stopped.
+#
+#	Commands are:
+#
+#	   shorewall-lite start			  Starts the firewall
+#	   shorewall-lite restart		  Restarts the firewall
+#	   shorewall-lite reload		  Reload the firewall
+#						  (same as restart)
+#	   shorewall-lite stop			  Stops the firewall
+#	   shorewall-lite status		  Displays firewall status
+#
+
+# description: Packet filtering firewall
+
+# openwrt stuph
+# start and stop runlevel variable
+#START=21
+#STOP=91
+# variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument
+EXTRA_COMMANDS="status"
+EXTRA_HELP="Displays shorewall status"
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS="-vvv"
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
+fi
+
+START=${START:-21}
+STOP=${STOP:-91}
+
+SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N    B E G I N S   H E R E				       #
+################################################################################
+# arg1 of init script is arg2 when rc.common is sourced; set to action variable
+command="$action"
+
+start() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STARTOPTIONS:-$@}
+}
+
+boot() {
+local command="start"
+start
+}
+
+restart() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RESTARTOPTIONS:-$@}
+}
+
+reload() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RELOADOPTION:-$@}
+}
+
+stop() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STOPOPTIONS:-$@}
+}
+
+status() {
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STATUSOPTIONS:-$@}
+}

Shorewall-lite/install.sh

@@ -67,15 +67,6 @@ mywhich() {
     return 2
 }
 
-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
     echo
@@ -89,7 +80,28 @@ delete_file() # $1 = file to delete
 
 install_file() # $1 = source $2 = target $3 = mode
 {
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
+}
+
+make_directory() # $1 = directory , $2 = mode
+{
+    mkdir -p $1
+    chmod 755 $1
+    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
+
 }
 
 require()
@@ -187,7 +199,7 @@ elif [ -z "${VARDIR}" ]; then
     VARDIR=${VARLIB}/${PRODUCT}
 fi
 
-for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
     require $var
 done
 
@@ -201,8 +213,6 @@ PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 # Determine where to install the firewall script
 #
 cygwin=
-INSTALLD='-D'
-T='-T'
 
 if [ -z "$BUILD" ]; then
     case $(uname) in
@@ -245,6 +255,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=slackware
 	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ]; then
+		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -260,16 +272,16 @@ case $BUILD in
     apple)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
-	INSTALLD=
-	T=
 	;;
     *)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=root
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
 	;;
 esac
 
-OWNERSHIP="-o $OWNER -g $GROUP"
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
 
 [ -n "$HOST" ] || HOST=$BUILD
 
@@ -300,6 +312,9 @@ case "$HOST" in
     suse)
 	echo "Installing Suse-specific configuration..."
 	;;
+    openwrt)
+	echo "Installing OpenWRT-specific configuration..."
+	;;
     linux)
 	;;
     *)
@@ -316,8 +331,9 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
     fi
 
-    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+    make_directory ${DESTDIR}${SBINDIR} 755
+    make_directory ${DESTDIR}${INITDIR} 755
+
 else
     if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
@@ -357,7 +373,7 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
-[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
 
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 
@@ -399,7 +415,7 @@ fi
 if [ -n "$SERVICEDIR" ]; then
     mkdir -p ${DESTDIR}${SERVICEDIR}
     [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
     [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
     echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
 fi
@@ -421,9 +437,9 @@ fi
 #
 # Install the  Makefile
 #
-run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
-[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
+install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
 echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 
 #
@@ -438,7 +454,7 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
 for f in lib.* ; do
     if [ -f $f ]; then
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
     fi
 done
 
@@ -451,7 +467,7 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 
 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
 
 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -461,17 +477,17 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 #
 
 if [ -f modules ]; then
-    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
     echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 
 if [ -f helpers ]; then
-    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
+    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
     echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 
 for f in modules.*; do
-    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
     echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 
@@ -482,17 +498,17 @@ done
 if [ -d manpages ]; then
     cd manpages
 
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
 
     for f in *.5; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
     done
 
     for f in *.8; do
 	gzip -c $f > $f.gz
-	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
     done
 
@@ -502,7 +518,7 @@ if [ -d manpages ]; then
 fi
 
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
     echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 
@@ -533,13 +549,13 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
     fi
 
-    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
+    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
     echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 
 if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
 fi
 
 if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
@@ -587,6 +603,13 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	else
 	    cant_autostart
 	fi
+    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+	/etc/init.d/$PRODUCT enable
+	if /etc/init.d/$PRODUCT enabled; then
+            echo "$PRODUCT will start automatically at boot"
+	else
+            cant_autostart
+	fi
     elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
 	cant_autostart
     fi

Shorewall-lite/uninstall.sh

@@ -153,7 +153,7 @@ if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
 	VERSION="$INSTALLED_VERSION"
     fi
 else
-    echo "WARNING: Shorewall Lite Version $VERSION is not installed"
+    echo "WARNING: Shorewal Lite Version $VERSION is not installed"
     VERSION=""
 fi
 
@@ -168,7 +168,15 @@ if [ $configure -eq 1 ]; then
 fi
 
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    if [ $HOST = openwrt ]; then
+	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
+	    /etc/init.d/shorewall-lite disable
+	fi
+	
+	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
+    else
+	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
+    fi
 elif [ -n "$INITFILE" ]; then
     FIREWALL=${INITDIR}/${INITFILE}
 fi
@@ -199,6 +207,7 @@ rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXECDIR}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
+rm -f  ${SYSCONFDIR}/shorewall-lite
 
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*

Shorewall/Perl/Shorewall/Config.pm

@@ -5147,6 +5147,7 @@ sub unsupported_yes_no_warning( $ ) {
 #
 sub get_params( $ ) {
     my $export = $_[0];
+    my $cygwin = ( $shorewallrc{HOST} eq 'cygwin' );
 
     my $fn = find_file 'params';
 
@@ -5188,14 +5189,16 @@ sub get_params( $ ) {
 	    $shell = BASH;
 
 	    for ( @params ) {
-		if ( /^declare -x (.*?)="(.*[^\\])"$/ ) {
+		chomp;
+		if ( $cygwin && /^declare -x (.*?)="(.*)"$/ ) {
+		    $params{$1} = $2 unless $1 eq '_';
+		} elsif ( /^declare -x (.*?)="(.*[^\\])"$/ ) {
 		    $params{$1} = $2 unless $1 eq '_';
 		} elsif ( /^declare -x (.*?)="(.*)$/ ) {
 		    $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n";
 		} elsif ( /^declare -x (.*)\s+$/ || /^declare -x (.*)=""$/ ) {
 		    $params{$1} = '';
 		} else {
-		    chomp;
 		    if ($variable) {
 			s/"$//;
 			$params{$variable} .= $_;
@@ -5216,14 +5219,16 @@ sub get_params( $ ) {
 	    $shell = OLDBASH;
 
 	    for ( @params ) {
-		if ( /^export (.*?)="(.*[^\\])"$/ ) {
+		chomp;
+		if ( $cygwin && /^export (.*?)="(.*)"$/ ) {
+		    $params{$1} = $2 unless $1 eq '_';
+		} elsif ( /^export (.*?)="(.*[^\\])"$/ ) {
 		    $params{$1} = $2 unless $1 eq '_';
 		} elsif ( /^export (.*?)="(.*)$/ ) {
 		    $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n";
 		} elsif ( /^export ([^\s=]+)\s*$/ || /^export (.*)=""$/ ) {
 		    $params{$1} = '';
 		} else {
-		    chomp;
 		    if ($variable) {
 			s/"$//;
 			$params{$variable} .= $_;
@@ -5243,6 +5248,7 @@ sub get_params( $ ) {
 	    $shell = ASH;
 
 	    for ( @params ) {
+		chomp;
 		if ( /^export (.*?)='(.*'"'"')$/ ) {
 		    $params{$variable=$1}="${2}\n";
 		} elsif ( /^export (.*?)='(.*)'$/ ) {
@@ -5250,7 +5256,6 @@ sub get_params( $ ) {
 		} elsif ( /^export (.*?)='(.*)$/ ) {
 		    $params{$variable=$1}="${2}\n";
 		} else {
-		    chomp;
 		    if ($variable) {
 			s/'$//;
 			$params{$variable} .= $_;
@@ -5262,9 +5267,23 @@ sub get_params( $ ) {
 	}
 
 	for ( keys %params ) {
-	    unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) {
-		fatal_error "The variable name $_ is reserved and may not be set in the params file"
-		    if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_};
+	    if ( /[^\w]/ ) {
+		#
+		# Useless variable with special characters in its name
+		#
+		delete $params{$_};
+	    } elsif ( /^(?:SHLVL|OLDPWD)$/ ) {
+		#
+		# The shell running getparams generates those
+		#
+		delete $params{$_};
+	    } else {
+		unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) {
+		    fatal_error "The variable name $_ is reserved and may not be set in the params file"
+			if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_};
+		}
+
+		$params{$_} = '' unless defined $params{$_};
 	    }
 	}
 
@@ -5314,6 +5333,8 @@ sub export_params() {
 	next if exists $compiler_params{$param};
 
 	my $value = $params{$param};
+
+	chomp $value;
 	#
 	# Values in %params are generated from the output of 'export -p'.
 	# The different shells have different conventions for delimiting
@@ -5324,19 +5345,27 @@ sub export_params() {
 	    $value =~ s/\\"/"/g;
 	} elsif ( $shell == OLDBASH ) {
 	    $value =~ s/\\'/'/g;
+	    $value =~ s/\\"/"/g;
+	    $value =~ s/\\\\/\\/g;
 	} else {
 	    $value =~ s/'"'"'/'/g;
 	}
 	#
 	# Don't export pairs from %ENV
 	#
-	next if defined $ENV{$param} && $value eq $ENV{$param};
+	if ( defined $ENV{$param} ) {
+	    next if $value eq $ENV{$param};
+	} elsif ( exists $ENV{$param} ) {
+	    next unless supplied $value;
+	}
 
 	emit "#\n# From the params file\n#" unless $count++;
 	#
 	# We will use double quotes and escape embedded quotes with \.
 	#
-	if ( $value =~ /[\s()['"]/ ) {
+	if ( $value =~ /^"[^"]*"$/ ) {
+	    emit "$param=$value";
+	} elsif ( $value =~ /[\s()['"]/ ) {
 	    $value =~ s/"/\\"/g;
 	    emit "$param='$value'";
 	} else {

Shorewall/Perl/Shorewall/Providers.pm

@@ -661,6 +661,10 @@ sub process_a_provider( $ ) {
 	fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' unless $copy eq 'none';
     }
 
+    if ( $persistent ) {
+	warning_message( "Provider $table is not optional -- the 'persistent' option is ignored" ), $persistent = 0 unless $optional;
+    }
+
     $providers{$table} = { provider          => $table,
 			   number            => $number ,
 			   id                => $config{USE_RT_NAMES} ? $table : $number,
@@ -702,7 +706,7 @@ sub process_a_provider( $ ) {
     if ( $track ) {
 	if ( $routemarked_interfaces{$interface} ) {
 	    fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface} == ROUTEMARKED_UNSHARED;
-	    fatal_error "Multiple providers through the same interface must their IP address specified in the INTERFACES" unless $shared;
+	    fatal_error "Multiple providers through the same interface must have their IP address specified in the INTERFACES column" unless $shared;
 	} else {
 	    $routemarked_interfaces{$interface} = $shared ? ROUTEMARKED_SHARED : ROUTEMARKED_UNSHARED;
 	    push @routemarked_interfaces, $interface;
@@ -1346,7 +1350,7 @@ sub add_a_route( ) {
 
     my $persistent;
 
-    if ( $options != '-' ) {
+    if ( $options ne '-' ) {
 	for ( split_list1( 'option', $options ) ) {
 	    my ( $option, $value ) = split /=/, $options;
 
@@ -1764,6 +1768,7 @@ sub map_provider_to_interface() {
 
 sub setup_providers() {
     our $providers;
+    our $pseudoproviders;
 
     if ( $providers ) {
 	if ( $maxload ) {
@@ -1798,6 +1803,11 @@ sub setup_providers() {
 
 	push_indent;
 
+	if ( $pseudoproviders ) {
+	    emit '';
+	    emit "start_$providers{$_}->{what}_$_" for @providers;
+	}
+
 	emit "\nundo_routing";
 	emit "restore_default_route $config{USE_DEFAULT_RT}";
 

Shorewall/configfiles/arprules

@@ -1,5 +1,5 @@
 #
-# Shorewall - arprules File
+# Shorewall - Arprules File
 #
 # For information about entries in this file, type "man shorewall-arprules"
 #

Shorewall/configfiles/blrules

@@ -1,5 +1,5 @@
 #
-# Shorewall - Blacklist Rules File
+# Shorewall - Blrules File
 #
 # For information about entries in this file, type "man shorewall-blrules"
 #
@@ -9,4 +9,3 @@
 ################################################################################################################################################################################################
 #ACTION		SOURCE			DEST			PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME	HEADERS		SWITCH
 #									PORT	PORT(S)		DEST		LIMIT		GROUP
-

Shorewall/configfiles/clear

@@ -1,5 +1,5 @@
 #
-# Shorewall - clear File
+# Shorewall - Clear File
 #
 # /etc/shorewall/clear
 #

Shorewall/configfiles/conntrack

@@ -1,5 +1,5 @@
 #
-# Shorewall - conntrack File
+# Shorewall - Conntrack File
 #
 # For information about entries in this file, type "man shorewall-conntrack"
 #

Shorewall/configfiles/isusable

@@ -1,5 +1,5 @@
 #
-# Shorewall - isusable File
+# Shorewall - Isusable File
 #
 # /etc/shorewall/isusable
 #

Shorewall/configfiles/lib.private

@@ -1,5 +1,5 @@
 #
-# Shorewall - lib.private File
+# Shorewall - Lib.private File
 #
 # /etc/shorewall/lib.private
 #

Shorewall/configfiles/netmap

@@ -1,5 +1,5 @@
 #
-# Shorewall	 - Netmap File
+# Shorewall - Netmap File
 #
 # For information about entries in this file, type "man shorewall-netmap"
 #

Shorewall/configfiles/refresh

@@ -1,5 +1,5 @@
 #
-# Shorewall - refresh File
+# Shorewall - Refresh File
 #
 # /etc/shorewall/refresh
 #

Shorewall/configfiles/refreshed

@@ -1,5 +1,5 @@
 #
-# Shorewall - refreshed File
+# Shorewall - Refreshed File
 #
 # /etc/shorewall/refreshed
 #

Shorewall/configfiles/routes

@@ -1,9 +1,8 @@
 #
-# Shorewall - routes File
+# Shorewall - Routes File
 #
 # For information about entries in this file, type "man shorewall-routes"
 #
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ###############################################################################
 #PROVIDER		DEST			GATEWAY		DEVICE	OPTIONS
-

Shorewall/configfiles/rtrules

@@ -1,5 +1,5 @@
 #
-# Shorewall - route rules File
+# Shorewall - Rtrules File
 #
 # For information about entries in this file, type "man shorewall-rtrules"
 #

Shorewall/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall - Show Connections Filter
+# Shorewall - Scfilter Filter
 #
 # /etc/shorewall/scfilter
 #

Shorewall/configfiles/secmarks

@@ -6,8 +6,3 @@
 ############################################################################################################
 #SECMARK			CHAIN:	SOURCE		DEST		PROTO	DEST	SOURCE	USER/	MARK
 #				STATE						PORT(S)	PORT(S) GROUP
-
-
-
-
-

Shorewall/configfiles/stoppedrules

@@ -1,5 +1,5 @@
 #
-# Shorewall - Stopped Rules File
+# Shorewall - Stoppedrules File
 #
 # For information about entries in this file, type "man shorewall-stoppedrules"
 #

Shorewall/configfiles/tcclear

@@ -1,5 +1,5 @@
 #
-# Shorewall - tcclear File
+# Shorewall - Tcclear File
 #
 # /etc/shorewall/tcclear
 #

Shorewall/configfiles/tcpri

@@ -8,6 +8,3 @@
 #
 ###############################################################################
 #BAND	PROTO	PORT(S)		ADDRESS		IN-INTERFACE	HELPER
-
-
-

Shorewall/install.sh

@@ -389,7 +389,7 @@ if [ -z "${DESTDIR}" -a $PRODUCT = shorewall -a ! -f ${SHAREDIR}/$PRODUCT/coreve
 fi
 
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/${PRODUCT}
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/${PRODUCT}
 echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 
 #
@@ -468,16 +468,16 @@ if [ -z "$first_install" ]; then
     #
     # Delete obsolete config files and manpages
     #
-    delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/tos
-    delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/tcrules
-    delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/stoppedrules
-    delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/notrack
-    delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/blacklist
-    delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-tos
-    delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-tcrules
-    delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-stoppedrules
-    delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-notrack
-    delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-blacklist
+    delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/tos
+    delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/tcrules
+    delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/stoppedrules
+    delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/notrack
+    delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/blacklist
+    delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-tos
+    delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-tcrules
+    delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-stoppedrules
+    delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-notrack
+    delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-blacklist
 fi
 
 #
@@ -1082,7 +1082,7 @@ if [ $PRODUCT = shorewall6 ]; then
     # Symbolically link 'functions' to lib.base
     #
     ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
-    [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base
+    [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
 fi
 
 if [ -d Perl ]; then

Shorewall/lib.cli-std

@@ -31,6 +31,7 @@
 #
 get_config() {
     local prog
+    local lib
 
     ensure_config_path
 
@@ -70,15 +71,7 @@ get_config() {
 	# This block is avoided for compile for export and when the user isn't root
 	#
 	if [ "$3" = Yes ]; then
-	    if [ -n "$LOGFILE" ]; then
-		if [ -n "$(syslog_circular_buffer)" ]; then
-		    g_logread="logread | tac"
-		elif [ -r $LOGFILE ]; then
-		    g_logread="tac $LOGFILE"
-		else
-		    fatal_error "LOGFILE ($LOGFILE) does not exist!"
-		fi
-	    fi
+	    setup_logread
 	fi
 
 	if [ $g_family -eq 4 ]; then
@@ -322,6 +315,10 @@ get_config() {
     fi
 
     g_loopback=$(find_loopback_interfaces)
+
+    lib=$(find_file lib.cli-user)
+
+    [ -f $lib ] && . $lib
 }
 
 #
@@ -1394,6 +1391,7 @@ remote_reload_command() # $* = original arguments less the command.
     local sharedir
     sharedir=${SHAREDIR}
     local litedir
+    local exitstatus
 
     while [ $finished -eq 0 -a $# -gt 0 ]; do
 	option=$1
@@ -1510,32 +1508,60 @@ remote_reload_command() # $* = original arguments less the command.
 
     g_file="$g_shorewalldir/firewall"
 
-    if compiler $g_debugging compiler "$g_file" && \
-	progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
-	rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir}
-    then
-	save=$(find_file save);
+    exitstatus=0
 
-	[ -f $save ] && progress_message3 "Copying $save to ${system}:${confdir}/${g_program}-lite/" && rcp_command $save ${confdir}/shorewall-lite/
+    if compiler $g_debugging compiler "$g_file"; then
+	progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..."
+	if rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir};  then
+	    save=$(find_file save);
 
-	progress_message3 "Copy complete"
+	    if [ -f $save ]; then
+		progress_message3 "Copying $save to ${system}:${confdir}/${g_program}-lite/"
+		rcp_command $save ${confdir}/shorewall-lite/
+		exitstatus=$?
+	    fi
 
-	if [ $COMMAND = remote-reload ]; then
-	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp reload" && \
-	    progress_message3 "System $system reloaded" || saveit=
-	elif [ $COMMAND = remote-restart ]; then
-	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
-	    progress_message3 "System $system restarted" || saveit=
+	    if [ $exitstatus -eq 0 ]; then
+
+		progress_message3 "Copy complete"
+
+		if [ $COMMAND = remote-reload ]; then
+		    if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp reload"; then
+			progress_message3 "System $system reloaded"
+		    else
+			exitstatus=$?
+			savit=
+		    fi
+		elif [ $COMMAND = remote-restart ]; then
+		    if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart"; then
+			progress_message3 "System $system restarted"
+		    else
+			exitstatus=$?
+			saveit=
+		    fi
+		elif rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start"; then
+		    progress_message3 "System $system started"
+		else
+		    exitstatus=$?
+		    saveit=
+		fi
+
+		if [ -n "$saveit" ]; then
+		    if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save"; then
+			progress_message3 "Configuration on system $system saved"
+		    else
+			exitstatus=$?
+		    fi
+		fi
+	    fi
 	else
-	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
-	    progress_message3 "System $system started" || saveit=
-	fi
-
-	if [ -n "$saveit" ]; then
-	    rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
-	    progress_message3 "Configuration on system $system saved"
+	    exitstatus=$?
 	fi
+    else
+	exitstatus=$?
     fi
+
+    return $exitstatus
 }
 
 #
@@ -1645,7 +1671,7 @@ compiler_command() {
 	    shift
 	    update_command $@
 	    ;;
-	remote-start|remote-reload-reload|remote-restart)
+	remote-start|remote-reload|remote-restart)
 	    shift
 	    remote_reload_command $@
 	    ;;

Shorewall/manpages/shorewall.xml

@@ -424,7 +424,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_start</option></arg>
+      <arg choice="plain"><option>remote-start</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -448,7 +448,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_reload</option></arg>
+      <arg choice="plain"><option>remote-reload</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -472,7 +472,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_restart</option></arg>
+      <arg choice="plain"><option>remote-restart</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -1522,7 +1522,7 @@
         <listitem>
           <para>This command was re-implemented in Shorewall 5.0.0. The
           pre-5.0.0 <command>reload</command> command is now called
-          <command>remote_restart</command> (see below).</para>
+          <command>remote-restart</command> (see below).</para>
 
           <para>Reload is similar to <emphasis role="bold">shorewall
           start</emphasis> except that it assumes that the firewall is already
@@ -1575,7 +1575,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_start</emphasis>
+        <term><emphasis role="bold">remote-start</emphasis>
         [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
         <replaceable>root-user-name</replaceable>] [-<option>T</option>]
         [-<option>i</option>] [ <replaceable>directory</replaceable> ]
@@ -1637,7 +1637,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_reload
+        <term><emphasis role="bold">remote-reload
         </emphasis>[-<option>s</option>] [-<option>c</option>]
         [-<option>r</option> <replaceable>root-user-name</replaceable>]
         [-<option>T</option>] [-<option>i</option>] [
@@ -1699,7 +1699,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_restart
+        <term><emphasis role="bold">remote-restart
         </emphasis>[-<option>s</option>] [-<option>c</option>]
         [-<option>r</option> <replaceable>root-user-name</replaceable>]
         [-<option>T</option>] [-<option>i</option>] [

Shorewall6-lite/default.openwrt

@@ -0,0 +1,25 @@
+# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+
+# startup option(default "-vvv")
+OPTIONS=
+
+# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
+START=50
+
+# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
+STOP=
+
+# option to pass when shorewall start is executed
+STARTOPTIONS=
+
+# option to pass when shorewall restart is executed
+RESTARTOPTIONS=
+
+# option to pass when shorewall reload is executed
+RELOADOPTIONS=
+
+# option to pass when shorewall stop is executed
+STOPOPTIONS=
+
+# option to pass when shorewall status is executed
+STATUSOPTIONS=

Shorewall6-lite/init.openwrt.sh

@@ -0,0 +1,98 @@
+#!/bin/sh /etc/rc.common
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
+#
+#	On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically stopped.
+#
+#	Commands are:
+#
+#	   shorewall6-lite start			  Starts the firewall
+#	   shorewall6-lite restart		  Restarts the firewall
+#	   shorewall6-lite reload		  Reload the firewall
+#						  (same as restart)
+#	   shorewall6-lite stop			  Stops the firewall
+#	   shorewall6-lite status		  Displays firewall status
+#
+
+# description: Packet filtering firewall
+
+# openwrt stuph
+# start and stop runlevel variable
+#START=21
+#STOP=91
+# variable to display what the status command do when /etc/init.d/shorewall6-lite is invoke without argument
+EXTRA_COMMANDS="status"
+EXTRA_HELP="Displays shorewall status"
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS="-vvv"
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall6-lite ]; then
+    . ${SYSCONFDIR}/shorewall6-lite
+fi
+
+START=${START:-21}
+STOP=${STOP:-91}
+
+SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N    B E G I N S   H E R E				       #
+################################################################################
+# arg1 of init script is arg2 when rc.common is sourced; set to action variable
+command="$action"
+
+start() {
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STARTOPTIONS:-$@}
+}
+
+boot() {
+local command="start"
+start
+}
+
+restart() {
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${RESTARTOPTIONS:-$@}
+}
+
+reload() {
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${RELOADOPTION:-$@}
+}
+
+stop() {
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STOPOPTIONS:-$@}
+}
+
+status() {
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STATUSOPTIONS:-$@}
+}

Shorewall6-lite/uninstall.sh

@@ -164,7 +164,15 @@ if [ $configure -eq 1 ]; then
 fi
 
 if [ -f ${SHAREDIR}/shorewall6-lite/init ]; then
-    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
+    if [ $HOST = openwrt ]; then
+	if [ $configure -eq 1 ] && /etc/init.d/shorewall6-lite enabled; then
+	    /etc/init.d/shorewall6-lite disable
+	fi
+	
+	FIREWALL$(readlink ${SHAREDIR}/shorewall6-lite/init)
+    else
+	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
+    fi
 elif [ -n "$INITFILE" ]; then
     FIREWALL=${INITDIR}/${INITFILE}
 fi
@@ -196,6 +204,7 @@ rm -rf ${VARDIR}/shorewall6-lite
 rm -rf ${SHAREDIR}/shorewall6-lite
 rm -rf ${LIBEXECDIR}/shorewall6-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall6-lite
+rm -f  ${SYSCONFDIR}/shorewall6-lite
 [ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall6-lite.service
 
 rm -f ${MANDIR}/man5/shorewall6-lite*

Shorewall6/configfiles/blrules

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - Blacklist File
+# Shorewall6 - Blrules File
 #
 # For information about entries in this file, type "man shorewall6-blrules"
 #

Shorewall6/configfiles/clear

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - clear File
+# Shorewall6 - Clear File
 #
 # /etc/shorewall6/clear
 #

Shorewall6/configfiles/conntrack

@@ -1,7 +1,7 @@
 #
-# Shorewall - conntrack File
+# Shorewall6 - Conntrack File
 #
-# For information about entries in this file, type "man shorewal6-conntrack"
+# For information about entries in this file, type "man shorewall6-conntrack"
 #
 ##############################################################################################################
 ?FORMAT 2

Shorewall6/configfiles/isusable

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - isusable File
+# Shorewall6 - Isusable File
 #
 # /etc/shorewall6/isusable
 #

Shorewall6/configfiles/lib.private

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - lib.private File
+# Shorewall6 - Lib.private File
 #
 # /etc/shorewall6/lib.private
 #

Shorewall6/configfiles/masq

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - MASQUERADE/SNAT file
+# Shorewall6 - Masq file
 #
 # For information about entries in this file, type "man shorewall6-masq"
 #

Shorewall6/configfiles/netmap

@@ -1,5 +1,5 @@
 #
-# Shorewall6	 - Netmap File
+# Shorewall6 - Netmap File
 #
 # For information about entries in this file, type "man shorewall-netmap"
 #

Shorewall6/configfiles/refresh

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - refresh File
+# Shorewall6 - Refresh File
 #
 # /etc/shorewall6/refresh
 #

Shorewall6/configfiles/refreshed

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - refreshed File
+# Shorewall6 - Refreshed File
 #
 # /etc/shorewall6/refreshed
 #

Shorewall6/configfiles/routes

@@ -1,9 +1,8 @@
 #
-# Shorewall6 - routes File
+# Shorewall6 - Routes File
 #
 # For information about entries in this file, type "man shorewall6-routes"
 #
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ###############################################################################
 #PROVIDER		DEST			GATEWAY		DEVICE	OPTIONS
-

Shorewall6/configfiles/rtrules

@@ -1,5 +1,5 @@
 #
-# Shorewall6 - route rules File
+# Shorewall6 - Rtrules File
 #
 # For information about entries in this file, type "man shorewall6-rtrules"
 #

Shorewall6/configfiles/scfilter

@@ -1,5 +1,5 @@
 #
-# Shorewall - Show Connections Filter
+# Shorewall - Scfilter File
 #
 # /etc/shorewall/scfilter
 #

Shorewall6/configfiles/stoppedrules

@@ -1,7 +1,8 @@
 #
-# Shorewall6 - Stopped Rules File
+# Shorewall6 - Stoppedrules File
 #
-# For information about entries in this file, type "man shorewall6-stoppedrules"
+# For information about entries in this file,
+# type "man shorewall6-stoppedrules"
 #
 # The manpage is also online at
 # http://www.shorewall.net/manpages/shorewall6-stoppedrules.html

Shorewall6/configfiles/tcinterfaces

@@ -1,11 +1,11 @@
 #
 # Shorewall6 - Tcinterfaces File
 #
-# For information about entries in this file, type "man shorewall6-tcinterfaces"
+# For information about entries in this file,
+# type "man shorewall6-tcinterfaces"
 #
 # See http://shorewall.net/simple_traffic_shaping.htm for additional
 # information.
 #
 ###############################################################################
 #INTERFACE		TYPE	IN-BANDWIDTH		OUT-INTERFACE
-

Shorewall6/configfiles/tcpri

@@ -8,6 +8,3 @@
 #
 ###############################################################################
 #BAND	PROTO	PORT(S)		ADDRESS		IN-INTERFACE	HELPER
-
-
-

Shorewall6/manpages/shorewall6.xml

@@ -378,7 +378,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_start</option></arg>
+      <arg choice="plain"><option>remote-start</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -402,7 +402,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_reload</option></arg>
+      <arg choice="plain"><option>remote-reload</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -426,7 +426,7 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>remote_restart</option></arg>
+      <arg choice="plain"><option>remote-restart</option></arg>
 
       <arg><option>-s</option></arg>
 
@@ -1457,7 +1457,7 @@
         <listitem>
           <para>This command was re-implemented in Shorewall 5.0.0. The
           pre-5.0.0 <command>reload</command> command is now called
-          <command>remote_restart</command> (see below).</para>
+          <command>remote-restart</command> (see below).</para>
 
           <para>Reload is similar to <command>shorewall6 start</command>
           except that it assumes that the firewall is already started.
@@ -1511,7 +1511,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_reload
+        <term><emphasis role="bold">remote-reload
         </emphasis>[-<option>s</option>] [-<option>c</option>]
         [-<option>r</option> <replaceable>root-user-name</replaceable>]
         [-<option>T</option>] [-<option>i</option>] [
@@ -1573,7 +1573,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_ restart
+        <term><emphasis role="bold">remote- restart
         </emphasis>[-<option>s</option>] [-<option>c</option>]
         [-<option>r</option> <replaceable>root-user-name</replaceable>]
         [-<option>T</option>] [-<option>i</option>] [
@@ -1636,7 +1636,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">remote_start </emphasis>
+        <term><emphasis role="bold">remote-start </emphasis>
         [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
         <replaceable>root-user-name</replaceable>] [-<option>T</option>]
         [-<option>i</option>] [ <replaceable>directory</replaceable> ]

docs/Shorewall-5.xml

@@ -323,7 +323,7 @@
       <title>load</title>
 
       <para>The function performed by the Shorewall-4 <command>load</command>
-      command is now performed by the <command>remote_start</command>
+      command is now performed by the <command>remote-start</command>
       command.</para>
     </section>
 
@@ -334,7 +334,7 @@
       the same function as the <command>restart</command> command did in
       Shorewall 4. The action taken by the Shorewall-4
       <command>reload</command> command is now performed by the
-      <command>remote_restart</command> command.</para>
+      <command>remote-restart</command> command.</para>
 
       <para>For those that can't get used to the idea of using
       <command>reload</command> in place of <command>restart</command>, a

docs/shorewall_extension_scripts.xml

@@ -175,7 +175,7 @@ esac</programlisting><caution>
             url="manpages/shorewall.conf.html">shorewall.conf</ulink>(8) and
             output on an interface is not allowed by <ulink
             url="manpages/shorewall-stoppedrules.html">stoppedrules</ulink>(8)
-	    then the isuasable script must blow it's own holes in the firewall
+            then the isuasable script must blow it's own holes in the firewall
             before probing.</para>
           </caution></para>
       </listitem>
@@ -227,6 +227,13 @@ cat -</programlisting>
         /sbin/shorewall</emphasis> after a script has been compiled. $1 is the
         path name of the compiled script.</para>
       </listitem>
+
+      <listitem>
+        <para><filename>lib.cli-user</filename> -- Added in Shorewall 5.0.2.
+        This is actually a shell library (set of function declarations) that
+        can be used to augment or replace functions in the standard CLI
+        libraries.</para>
+      </listitem>
     </itemizedlist>
 
     <para><emphasis role="bold">If your version of Shorewall doesn't have the
@@ -264,7 +271,7 @@ cat -</programlisting>
           <row>
             <entry>continue</entry>
 
-            <entry></entry>
+            <entry/>
           </row>
 
           <row>
@@ -459,10 +466,10 @@ cat -</programlisting>
             <para>VARDIR - The product state directory. Defaults <filename
             class="directory">/var/lib/shorewall</filename>, <filename
             class="directory">/var/lib/shorewall6/</filename>, <filename
-            class="directory">/var/lib/shorewall-lite</filename>, or
-            <filename class="directory">/var/lib/shorewall6-lite</filename>
-            depending on which product is running, but may be overridden by an
-            entry in ${CONFDIR}/vardir.</para>
+            class="directory">/var/lib/shorewall-lite</filename>, or <filename
+            class="directory">/var/lib/shorewall6-lite</filename> depending on
+            which product is running, but may be overridden by an entry in
+            ${CONFDIR}/vardir.</para>
           </listitem>
         </itemizedlist>
       </listitem>
@@ -474,7 +481,7 @@ cat -</programlisting>
       </listitem>
     </itemizedlist>
 
-    <para></para>
+    <para/>
 
     <section id="Perl">
       <title>Compile-time vs Run-time Scripts</title>
@@ -524,43 +531,43 @@ cat -</programlisting>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>stop</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>stopped</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>tcclear</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>refresh</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>refreshed</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>restored</entry>
               </row>
 
               <row>
-                <entry></entry>
+                <entry/>
 
                 <entry>scfilter</entry>
               </row>

docs/upgrade_issues.xml

@@ -37,7 +37,7 @@
 
       <holder>Thomas M. Eastep</holder>
 
-      <holder></holder>
+      <holder/>
     </copyright>
 
     <legalnotice>
@@ -78,6 +78,13 @@
     zones.</para>
   </section>
 
+  <section>
+    <title>Version &gt;= 5.0.0</title>
+
+    <para>See the <ulink url="Shorewall-5.html">Shorewall 5
+    documentation</ulink>.</para>
+  </section>
+
   <section>
     <title>Version &gt;= 4.6.0</title>
 
@@ -85,7 +92,7 @@
       <listitem>
         <para>Beginning with Shorewall 4.6.0, ection headers are now preceded
         by '?' (e.g., '?SECTION ...'). If your configuration contains any bare
-        'SECTION' entries, the following warning is issued: </para>
+        'SECTION' entries, the following warning is issued:</para>
 
         <programlisting>WARNING: 'SECTION' is deprecated in favor of '?SECTION' - consider running 'shorewall update -D' ...</programlisting>
 
@@ -111,7 +118,7 @@
       </listitem>
 
       <listitem>
-        <para> Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are
+        <para>Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are
         deprecated and a warning will be issued for each FORMAT-1 action or
         macro found.</para>
 
@@ -119,8 +126,8 @@
 
         <programlisting>WARNING: FORMAT-1 macros are deprecated and support will be dropped in a future release.</programlisting>
 
-        <para> To eliminate these warnings, add the following line before the
-        first rule in the action or macro: </para>
+        <para>To eliminate these warnings, add the following line before the
+        first rule in the action or macro:</para>
 
         <programlisting>?FORMAT 2</programlisting>
 
@@ -325,7 +332,7 @@
           <para>?ENDIF.</para>
         </blockquote>
 
-        <para></para>
+        <para/>
       </listitem>
 
       <listitem>