Clarify DEST column in DNAT rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
One more manual with BROADCAST columns
2014-06-04 15:01:39 -07:00 · 2014-06-04 14:55:23 -07:00 · 2014-06-04 14:43:13 -07:00 · 2014-06-02 14:22:40 -07:00
524 changed files with 11278 additions and 14259 deletions
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -28,7 +28,7 @@
 #
 # Build updates this
 #
-VERSION=4.6.12
+VERSION=4.5.2.1
 case "$BASH_VERSION" in
    [4-9].*)
@@ -91,8 +91,6 @@ for p in $@; do
    fi
 done
 cd $(dirname $0)
 vendor=${params[HOST]}
 if [ -z "$vendor" ]; then
@@ -124,6 +122,7 @@ if [ -z "$vendor" ]; then
 	    params[HOST]=apple
 	    rcfile=shorewallrc.apple
 	    ;;
 	cygwin*|CYGWIN*)
 	    params[HOST]=cygwin
 	    rcfile=shorewallrc.cygwin
@@ -131,7 +130,7 @@ if [ -z "$vendor" ]; then
 	*)
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
-		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
+		rcfile=shorewallrc.debian
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
@@ -144,41 +143,28 @@ if [ -z "$vendor" ]; then
 	    elif [ -f /etc/arch-release ] ; then
 		params[HOST]=archlinux
 		rcfile=shorewallrc.archlinux
 	    elif [ -f /etc/openwrt_release ]; then
 		params[HOST]=openwrt
 		rcfile=shorewallrc.openwrt
 	    else
 		params[HOST]=linux
 		rcfile=shorewallrc.default
 	    fi
 	    ;;
    esac
    vendor=${params[HOST]}
 else
    if [ $vendor = linux ]; then
 	rcfile=shorewallrc.default;
    elif [ $vendor = debian -a -f /etc/debian_version ]; then
 	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
    else
 	rcfile=shorewallrc.$vendor
    fi
    vendor=${params[HOST]}
 elif [ $vendor = linux ]; then
    rcfile=shorewallrc.default;
 else
    rcfile=shorewallrc.$vendor
    if [ ! -f $rcfile ]; then
 	echo "ERROR: $vendor is not a recognized host type" >&2
 	exit 1
    elif [ $vendor = default ]; then
 	params[HOST]=linux
 	vendor=linux
    elif [[ $vendor == debian.* ]]; then
 	params[HOST]=debian
 	vendor=debian
    fi
 fi
 if [ $vendor = linux ]; then
    echo "INFO: Creating a generic Linux installation - " `date`;
 else
-    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
+    echo "INFO: Creating a ${vendor}-specific installation - " `date`;
 fi
 echo
@@ -191,7 +177,6 @@ done
 echo '#'                                                                 > shorewallrc
 echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
 echo "# rc file: $rcfile"                                               >> shorewallrc
 echo '#'                                                                >> shorewallrc
 if [ $# -gt 0 ]; then
@@ -210,10 +195,6 @@ elif [ -n "${options[VARDIR]}" ]; then
    fi
 fi
 if [ -z "${options[SERVICEDIR]}" ]; then
    options[SERVICEDIR]="${options[SYSTEMD]}"
 fi
 for on in \
    HOST \
    PREFIX \
@@ -228,7 +209,7 @@ for on in \
    INITFILE \
    AUXINITSOURCE \
    AUXINITFILE \
-    SERVICEDIR \
+    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -31,7 +31,7 @@ use strict;
 # Build updates this
 #
 use constant {
-    VERSION => '4.6.12'
+    VERSION => '4.5.2.1'
 };
 my %params;
@@ -52,9 +52,6 @@ for ( @ARGV ) {
    $params{$pn} = $pv;
 }
 use File::Basename;
 chdir dirname($0);
 my $vendor = $params{HOST};
 my $rcfile;
 my $rcfilename;
@@ -71,52 +68,23 @@ unless ( defined $vendor ) {
 	    $vendor = 'redhat';
 	} elsif ( $id eq 'opensuse' ) {
 	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
+	} elsif ( $id eq 'ubuntu' ) {
-	    my $init = `ls -l /sbin/init`;
+	    $vendor = 'debian';
 	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
 	} else {
 	    $vendor = $id;
 	}
    }
    $params{HOST} = $vendor;
    $params{HOST} =~ s/\..*//;
 }
 if ( defined $vendor ) {
-    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
+    $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
-	if ( -l '/sbin/init' ) {
+    die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename;
 	    if ( readlink('/sbin/init') =~ /systemd/ ) {
 		$rcfilename = 'shorewallrc.debian.systemd';
 	    } else {
 		$rcfilename = 'shorewallrc.debian.sysvinit';
 	    }
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } else {
 	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
    }
    unless ( -f $rcfilename ) {
 	die qq("ERROR: $vendor" is not a recognized host type);
    } elsif ( $vendor eq 'default' ) {
 	$params{HOST} = $vendor = 'linux';
    } elsif ( $vendor =~ /^debian\./ ) {
 	$params{HOST} = $vendor = 'debian';
    }
 } else {
    if ( -f '/etc/debian_version' ) {
 	$vendor = 'debian';
-	if ( -l '/sbin/init' ) {
+	$rcfilename = 'shorewallrc.debian';
 	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
 		$rcfilename = 'shorewallrc.debian.systemd';
 	    } else {
 		$rcfilename = 'shorewallrc.debian.sysvinit';
 	    }
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
@@ -132,7 +100,7 @@ if ( defined $vendor ) {
    } elsif ( `uname` =~ '^Darwin' ) {
 	$vendor = 'apple';
 	$rcfilename = 'shorewallrc.apple';
-    } elsif ( `uname` =~ /^Cygwin/i ) {
+    } elsif ( `uname` =~ '^Cygwin' ) {
 	$vendor = 'cygwin';
 	$rcfilename = 'shorewallrc.cygwin';
    } else {
@@ -149,7 +117,7 @@ my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
 if ( $vendor eq 'linux' ) {
    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 } else {
-    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
+    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $vendor, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
 }
 open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
@@ -173,8 +141,7 @@ my $outfile;
 open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
-printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
+printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
 print $outfile "# rc file: $rcfilename\n#\n";
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
@@ -187,8 +154,6 @@ if ( $options{VARLIB} ) {
    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
 }
 $options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
 for ( qw/ HOST
 	  PREFIX
 	  SHAREDIR
@@ -202,8 +167,8 @@ for ( qw/ HOST
 	  INITFILE
 	  AUXINITSOURCE
 	  AUXINITFILE
-	  SERVICEDIR
+	  SYSTEMD
-	  SERVICEFILE
+          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
 	  SPARSE
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -66,6 +66,15 @@ mywhich() {
    return 2
 }
 run_install()
 {
    if ! install $*; then
 	echo
 	echo "ERROR: Failed to install $*" >&2
 	exit 1
    fi
 }
 cant_autostart()
 {
    echo
@@ -79,20 +88,7 @@ delete_file() # $1 = file to delete
 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
+    run_install $T $OWNERSHIP -m $3 $1 ${2}
 	if chmod $3 $2; then
 	    if [ -n "$OWNER" ]; then
 		if chown $OWNER:$GROUP $2; then
 		    return
 		fi
 	    else
 		return 0
 	    fi
 	fi
    fi
    echo "ERROR: Failed to install $2" >&2
    exit 1
 }
 require()
@@ -185,9 +181,13 @@ done
 [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
 T="-T"
 INSTALLD='-D'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
@@ -198,7 +198,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
@@ -226,8 +226,6 @@ if [ -z "$BUILD" ]; then
 		BUILD=suse
 	    elif [ -f /etc/arch-release ] ; then
 		BUILD=archlinux
 	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
 		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -254,15 +252,17 @@ case $BUILD in
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
 	INSTALLD=
 	T=
 	;;
    *)
-	if [ $(id -u) -eq 0 ]; then
+	[ -z "$OWNER" ] && OWNER=root
-	    [ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
 	    [ -z "$GROUP" ] && GROUP=root
 	fi
 	;;
 esac
 OWNERSHIP="-o $OWNER -g $GROUP"
 #
 # Determine where to install the firewall script
 #
@@ -276,7 +276,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse)
 	;;
    *)
 	echo "ERROR: Unknown HOST \"$HOST\"" >&2
@@ -305,6 +305,7 @@ if [ -n "$DESTDIR" ]; then
    if [ $BUILD != cygwin ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
 	    OWNERSHIP=""
 	fi
    fi
 fi
@@ -328,13 +329,9 @@ if [ -n "${SYSCONFDIR}" ]; then
    chmod 755 ${DESTDIR}${SYSCONFDIR}
 fi
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "${SYSTEMD}" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
-fi
+    chmod 755 ${DESTDIR}${SYSTEMD}
 if [ -n "${SERVICEDIR}" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    chmod 755 ${DESTDIR}${SERVICEDIR}
 fi
 mkdir -p ${DESTDIR}${SBINDIR}
@@ -406,9 +403,9 @@ fi
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
 	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
 	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f
 	fi
    done
 fi
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+# Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -75,24 +75,6 @@ elif [ -z "${VARDIR}" ]; then
    VARDIR="${VARLIB}/${PRODUCT}"
 fi
 #
 # Fatal Error
 #
 fatal_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 2
 }
 #
 # Not configured Error
 #
 not_configured_error() # $@ = Message
 {
    echo "   ERROR: $@" >&2
    exit 6
 }
 #
 # Conditionally produce message
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -33,7 +33,7 @@ startup_error() # $* = Error Message
    echo "   ERROR: $@: Firewall state not changed" >&2
    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%_b %d %T') "
        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
    fi
@@ -50,7 +50,7 @@ startup_error() # $* = Error Message
    esac
    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%_b %d %T') "
 	case $COMMAND in
 	    start)
@@ -71,35 +71,98 @@ startup_error() # $* = Error Message
 }
 #
-# Create the required option string and run the passed script using
+# Get the Shorewall version of the passed script
 #
 get_script_version() { # $1 = script
    local temp
    local version
    local ifs
    local digits
    local verbosity
    verbosity="$VERBOSITY"
    VERBOSITY=0
    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )
    if [ -z "$temp" ]; then
 	version=0
    else
 	ifs=$IFS
 	IFS=.
 	temp=$(echo $temp)
 	IFS=$ifs
 	digits=0
 	for temp in $temp; do
 	    version=${version}$(printf '%02d' $temp)
 	    digits=$(($digits + 1))
 	    [ $digits -eq 3 ] && break
 	done
    fi
    echo $version
    VERBOSITY="$verbosity"
 }
 #
 # Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
    local script
    local options
    local version
    export VARDIR
    script=$1
    shift
-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
+    version=$(get_script_version $script)
-	options="$1 -"
+
-	shift;
+    if [ $version -lt 040408 ]; then
 	#
 	# Old script that doesn't understand 4.4.8 script options
 	#
 	export RESTOREFILE
 	export VERBOSITY
 	export NOROUTES=$g_noroutes
 	export PURGE=$g_purge
 	export TIMESTAMP=$g_timestamp
 	export RECOVERING=$g_recovering
 	case "$g_program" in
 	    *-lite)
 		#
 		# Shorewall Lite
 		#
 		export LOGFORMAT
 		export IPTABLES
 		;;
 	esac
    else
-	options='-'
+	#
 	# 4.4.8 or later -- no additional exports required
 	#
 	if [ x$1 = xtrace -o x$1 = xdebug ]; then
 	    options="$1 -"
 	    shift;
 	else
 	    options='-'
 	fi
 	[ -n "$g_noroutes" ]   && options=${options}n
 	[ -n "$g_timestamp" ]  && options=${options}t
 	[ -n "$g_purge" ]      && options=${options}p
 	[ -n "$g_recovering" ] && options=${options}r
 	options="${options}V $VERBOSITY"
 	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    fi
    [ -n "$g_noroutes" ]   && options=${options}n
    [ -n "$g_timestamp" ]  && options=${options}t
    [ -n "$g_purge" ]      && options=${options}p
    [ -n "$g_recovering" ] && options=${options}r
    [ -n "$g_counters" ]   && options=${options}c
    options="${options}V $VERBOSITY"
    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    $SHOREWALL_SHELL $script $options $@
 }
@@ -109,7 +172,6 @@ run_it() {
 error_message() # $* = Error Message
 {
   echo "   $@" >&2
   return 1
 }
 #
@@ -147,17 +209,6 @@ split() {
    IFS=$ifs
 }
 #
 # Split a comma-separated list into a space-separated list
 #
 split_list() {
    local ifs
    ifs=$IFS
    IFS=,
    echo $*
    IFS=$ifs
 }
 #
 # Search a list looking for a match -- returns zero if a match found
 # 1 otherwise
@@ -316,33 +367,16 @@ reload_kernel_modules() {
    local moduleloader
    moduleloader=modprobe
    local uname
    local extras
    if ! qt mywhich modprobe; then
 	moduleloader=insmod
    fi
-    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
+    [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]
-    if [ -n "$MODULESDIR" ]; then
+    [ -z "$MODULESDIR" ] && \
-	case "$MODULESDIR" in
+	uname=$(uname -r) && \
 	    +*)
 		extras="$MODULESDIR"
 		extras=${extras#+}
 		MODULESDIR=
 		;;
 	esac
    fi
    if [ -z "$MODULESDIR" ]; then
 	uname=$(uname -r)
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
 	if [ -n "$extras" ]; then
 	    for directory in $(split "$extras"); do
 		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
 	    done
 	fi
    fi
    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
@@ -372,33 +406,16 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    local savemoduleinfo
    savemoduleinfo=${1:-Yes} # So old compiled scripts still work
    local uname
    local extras
    if ! qt mywhich modprobe; then
 	moduleloader=insmod
    fi
-    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
+    [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
-    if [ -n "$MODULESDIR" ]; then
+    [ -z "$MODULESDIR" ] && \
-	case "$MODULESDIR" in
+	uname=$(uname -r) && \
 	    +*)
 		extras="$MODULESDIR"
 		extras=${extras#+}
 		MODULESDIR=
 		;;
 	esac
    fi
    if [ -z "$MODULESDIR" ]; then
 	uname=$(uname -r)
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
 	if [ -n "$extras" ]; then
 	    for directory in $(split "$extras"); do
 		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
 	    done
 	fi
    fi
    for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@@ -533,9 +550,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name, $2 = table name (optional)
+chain_exists() # $1 = chain name
 {
-    qt1 $g_tool -t ${2:-filter} -L $1 -n
+    qt1 $g_tool -L $1 -n
 }
 #
@@ -626,24 +643,6 @@ find_first_interface_address_if_any() # $1 = interface
    fi
 }
 #
 #Determines if the passed interface is a loopback interface
 #
 loopback_interface() { #$1 = Interface name
    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
 }
 #
 # Find Loopback Interfaces
 #
 find_loopback_interfaces() {
    local interfaces
    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
    [ -n "$interfaces" ] && echo $interfaces || echo lo
 }
 #
 # Internal version of 'which'
 #
@@ -743,15 +742,12 @@ mutex_on()
    local lockf
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    local lockd
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
    if [ $MUTEX_TIMEOUT -gt 0 ]; then
-	lockd=$(dirname $LOCKFILE)
+	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
 	[ -d "$lockd" ] || mkdir -p "$lockd"
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
@@ -771,11 +767,6 @@ mutex_on()
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
            chmod u+w ${lockf}
            echo $$ > ${lockf}
            chmod u-w ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.0 rc file
+# Apple OS X Shorewall 4.5 rc file
 #
 BUILD=apple
 HOST=apple
@@ -14,7 +14,7 @@ INITDIR=                               #Unused on OS X
 INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
-SERVICEDIR=                            #Unused on OS X
+SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.0 rc file
+# Arch Linux Shorewall 4.5 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
@@ -8,14 +8,14 @@ SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/bin                       #Directory where system administration programs are installed
+SBINDIR=/usr/sbin                      #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
 INITDIR=                               #Directory where SysV init scripts are installed.
 INITFILE=                              #Name of the product's installed SysV init script
 INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.0 rc file
+# Cygwin Shorewall 4.5 rc file
 #
 BUILD=cygwin
 HOST=cygwin
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                   #Unused on Cygwin
 INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
-SERVICEDIR=                           #Unused on Cygwin
+SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -15,9 +15,9 @@ INITFILE=$PRODUCT                       #Name of the product's installed SysV in
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,23 +0,0 @@
 #
 # Debian Shorewall 4.5 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
 PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
 CONFDIR=/etc				#Directory where subsystem configurations are installed
 SBINDIR=/sbin				#Directory where system administration programs are installed
 MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
 INITDIR=				#Directory where SysV init scripts are installed.
 INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
 ANNOTATED=				#If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.0 rc file
+# Default Shorewall 4.5 rc file
 #
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                     #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -1,26 +0,0 @@
 #
 # Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
 #
 # Input: host=openwrt
 #
 HOST=openwrt
 PREFIX=/usr                             
 SHAREDIR=${PREFIX}/share                
 LIBEXECDIR=${PREFIX}/share              
 PERLLIBDIR=${PREFIX}/share/shorewall    
 CONFDIR=/etc                            
 SBINDIR=/sbin                           
 MANDIR=${PREFIX}/man                    
 INITDIR=/etc/init.d                     
 INITSOURCE=init.openwrt.sh
 INITFILE=$PRODUCT                       
 AUXINITSOURCE=
 AUXINITFILE=
 SERVICEDIR=                             
 SERVICEFILE=                            
 SYSCONFFILE=default.openwrt
 SYSCONFDIR=${CONFDIR}/sysconfig
 SPARSE=                                 
 ANNOTATED=                              
 VARLIB=/lib
 VARDIR=${VARLIB}/$PRODUCT               
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.0 rc file
+# RedHat/FedoraShorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
@@ -14,7 +14,7 @@ INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.0 rc file
+# Slackware Shorewall 4.5 rc file
 #
 BUILD=slackware
 HOST=slackware
@@ -15,7 +15,7 @@ AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be i
 AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.0 rc file
+# SuSE Shorewall 4.5 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
@@ -8,13 +8,13 @@ CONFDIR=/etc                                          #Directory where subsystem
 SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
-SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
+SBINDIR=/sbin                                         #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
 INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                                     #Name of the product's SysV init script
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -35,12 +35,6 @@ usage() # $1 = exit status
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -28,7 +28,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -31,7 +31,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x "$STATEDIR/firewall" ]; then
 	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -28,7 +28,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ ! -x $STATEDIR/firewall ]; then
 	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -71,12 +71,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone
    else
 	return 0
    fi
 }
@@ -105,33 +103,26 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-              #
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	      # Run in a sub-shell to avoid name collisions
+          #
-	      #
+	  # Run in a sub-shell to avoid name collisions
-	      (
+	  #
-		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+	  ( 
-		      ${STATEDIR}/firewall ${OPTIONS} stop
+	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
-		  fi
+		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || echo_notdone
-	      )
+	      else
-	  fi
+		  echo_notdone
 	      fi
 	  )
      else
 	  echo echo_notdone
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      echo -n "Restoring ipsets: "
      if ! ipset -R < "$SAVE_IPSETS"; then
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
@@ -142,29 +133,15 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  fi
+	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || echo_notdone
      fi
  done
  echo "done."
  if [ -n "$SAVE_IPSETS" ]; then
      echo "Saving ipsets: "
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  echo_notdone
      fi
      echo "done."
  fi
  return 0
 }
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -42,7 +42,7 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	${SBINDIR}/$PRODUCT $OPTIONS compile -c
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
@@ -67,12 +67,12 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+    if [ ! -x $STATEDIR/firewall ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-    else
+	    ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-	return 0
+	fi
    fi
 }
@@ -83,11 +83,11 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+      if [ -x ${STATEDIR}/firewall ]; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      fi
+	      ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
 	  fi
      fi
  done
@@ -106,10 +106,10 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/firewall ]; then
-	  fi
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
      fi
  done
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -38,7 +38,7 @@
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
+# 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
@@ -77,12 +77,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit
    else
 	return 0
    fi
 }
@@ -93,12 +91,14 @@ shorewall_start () {
  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x $STATEDIR/firewall ]; then
+
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+      if [ -x $STATEDIR/firewall ]; then
-		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
+	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      fi
+	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit
 	  fi
      else
 	  exit 6
      fi
  done
@@ -114,10 +114,12 @@ shorewall_stop () {
  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
+      setstatedir
-	  if [ -x ${STATEDIR}/firewall ]; then
+
-	      ${STATEDIR}/firewall ${OPTIONS} clear
+      if [ -x ${STATEDIR}/firewall ]; then
-	  fi
+	  ${STATEDIR}/firewall ${OPTIONS} clear || exit
      else
 	  exit 6
      fi
  done
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -35,7 +35,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -106,12 +105,9 @@ PRODUCT=shorewall-init
 T='-T'
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-    option="$1"
+    case "$1" in
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -124,10 +120,6 @@ while [ $finished -eq 0 ] ; do
 			echo "Shorewall-init Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -184,12 +176,8 @@ for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
 [ -n "$SANDBOX" ] && configure=0
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 [ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
 if [ -z "$BUILD" ]; then
    case $(uname) in
 	cygwin*)
@@ -203,7 +191,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID=)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian|ubuntu)
@@ -318,7 +306,6 @@ fi
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
    mkdir -p ${DESTDIR}${INITDIR}
    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
@@ -332,17 +319,13 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
-    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
+    if [ -n "$DESTDIR" ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
@@ -381,23 +364,16 @@ fi
 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
-	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
+	mkdir -p ${DESTDIR}/etc/network/if-up.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
+	mkdir -p ${DESTDIR}/etc/network/if-down.d/
 	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
    elif [ $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
 	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
    fi
-    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
+    if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
-	    mkdir ${DESTDIR}${ETC}/default
+	    mkdir ${DESTDIR}/etc/default
 	fi
-	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
+	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
 	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
 	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
    fi
    IFUPDOWN=ifupdown.debian.sh
@@ -407,13 +383,13 @@ else
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
+		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    else
-		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
+		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
@@ -439,29 +415,17 @@ mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
+    install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
 case $HOST in
    debian)
-	if [ $configure -eq 1 ]; then
+	install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
+	install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	else
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
 	fi
 	;;
    suse)
 	if [ -z "$RPM" ]; then
 	    if [ $configure -eq 0 ]; then
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
 		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
 	    fi
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
 	fi
@@ -489,13 +453,9 @@ case $HOST in
 esac
 if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
-	    if [ -n "$SERVICEDIR" ]; then
+	    if mywhich insserv; then
 		if systemctl enable ${PRODUCT}.service; then
                    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif mywhich insserv; then
 		if insserv ${INITDIR}/shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
@@ -516,7 +476,7 @@ if [ -z "$DESTDIR" ]; then
 	    # not by the installer
 	    /bin/true
 	else
-	    if [ -n "$SERVICEDIR" ]; then
+	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable shorewall-init.service; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
@@ -545,7 +505,7 @@ if [ -z "$DESTDIR" ]; then
 	fi
    fi
 else
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ -n "$first_install" ]; then
 	if [ $HOST = debian ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
@@ -559,7 +519,7 @@ fi
 [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
-if [ -d ${DESTDIR}/etc/ppp ]; then
+if [ -f ${DESTDIR}/etc/ppp ]; then
    case $HOST in
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,19 +1,18 @@
-#!/bin/bash
+#! /bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	On most distributions, this file should be called
+#       On most distributions, this file should be called /etc/init.d/shorewall.
 #	/etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is part of Shorewall.
+#       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by
+#	it under the terms of the GNU General Public License as published by the
-#	the Free Software Foundation, either version 2 of the license or,
+#       Free Software Foundation, either version 2 of the license or, at your
-#	at your option, any later version.
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,7 +22,7 @@
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
-###############################################################################
+#########################################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
@@ -31,12 +30,10 @@ setstatedir() {
 	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
    fi
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
    else
 	return 0
    fi
 }
@@ -49,7 +46,7 @@ setstatedir() {
 if [ -f "$SYSCONFDIR/shorewall-init" ]; then
    . $SYSCONFDIR/shorewall-init
    if [ -z "$PRODUCTS" ]; then
-	echo "ERROR: No products configured" >&2
+        echo "ERROR: No products configured" >&2
 	exit 1
    fi
 else
@@ -59,66 +56,70 @@ fi
 # Initialize the firewall
 shorewall_start () {
-    local PRODUCT
+  local PRODUCT
-    local STATEDIR
+  local STATEDIR
-    echo -n "Initializing \"Shorewall-based firewalls\": "
+  echo -n "Initializing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
+      setstatedir
 	    if [ -x ${STATEDIR}/firewall ]; then
 		#
 		# Run in a sub-shell to avoid name collisions
 		#
 		(
 		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 			${STATEDIR}/firewall ${OPTIONS} stop
 		    fi
 		)
 	    fi
 	fi
    done
-    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	ipset -R < "$SAVE_IPSETS"
+          #
-    fi
+	  # Run in a sub-shell to avoid name collisions
 	  #
 	  (
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1
 	      else
 		  exit 1
 	      fi
 	  )
      else
 	  exit 1
      fi
  done
-    return 0
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 # Clear the firewall
 shorewall_stop () {
-    local PRODUCT
+  local PRODUCT
-    local STATEDIR
+  local STATEDIR
-    echo -n "Clearing \"Shorewall-based firewalls\": "
+  echo -n "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
+      setstatedir
 	    if [ -x ${STATEDIR}/firewall ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	fi
    done
-    if [ -n "$SAVE_IPSETS" ]; then
+      if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
+	  ${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
+      fi
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+  done
 	fi
    fi
-    return 0
+  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      fi
  fi
  return 0
 }
 case "$1" in
-    start)
+  start)
-	shorewall_start
+     shorewall_start
-	;;
+     ;;
-    stop)
+  stop)
-	shorewall_stop
+     shorewall_stop
-	;;
+     ;;
-    *)
+  *)
-	echo "Usage: $0 {start|stop}"
+     echo "Usage: $0 {start|stop}"
-	exit 1
+     exit 1
 esac
 exit 0
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -1,10 +1,11 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
-Description=Shorewall firewall (bootup security)
+Description=Shorewall IPv4 firewall
 After=syslog.target
 Before=network.target
 [Service]
@@ -12,8 +13,8 @@ Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
+ExecStart=/sbin/shorewall-init $OPTIONS start
-ExecStop=/sbin/shorewall-init stop
+ExecStop=/sbin/shorewall-init $OPTIONS stop
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-init/shorewall-init.service.214
+++ b/Shorewall-init/shorewall-init.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/shorewall-init.service.214.debian
+++ b/Shorewall-init/shorewall-init.service.214.debian
@@ -1,21 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/shorewall-init.service.debian
+++ b/Shorewall-init/shorewall-init.service.debian
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
 Before=network.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+\#!/bin/sh
 #
 # Script to back uninstall Shoreline Firewall
 #
@@ -35,12 +35,6 @@ usage() # $1 = exit status
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
@@ -75,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -156,33 +114,22 @@ fi
 echo "Uninstalling Shorewall Init $VERSION"
 [ -n "$SANDBOX" ] && configure=0
 INITSCRIPT=${CONFDIR}/init.d/shorewall-init
 if [ -f "$INITSCRIPT" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-init remove
-	    updaterc.d shorewall-init remove
+    elif mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $INITSCRIPT
-            insserv -r $INITSCRIPT
+    elif mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $INITSCRIPT)
-	    chkconfig --del $(basename $INITSCRIPT)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-init
    fi
    remove_file $INITSCRIPT
 fi
 if [ -z "${SERVICEDIR}" ]; then
    SERVICEDIR="$SYSTEMD"
 fi
 if [ -n "$SERVICEDIR" ]; then
    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
    rm -f $SERVICEDIR/shorewall-init.service
 fi
 [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
 [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
@@ -206,17 +153,14 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
    for file in if-up.local if-down.local; do
-	if [ -f ${CONFDIR}/ppp/$file ]; then
+	if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
-	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
+	    remove_file ${CONFDIR}/ppp/$FILE
 		remove_file ${CONFDIR}/ppp/$FILE
 	    fi
 	fi
    done
 fi
 rm -f  ${SBINDIR}/shorewall-init
 rm -rf ${SHAREDIR}/shorewall-init
-rm -rf ${LIBEXECDIR}/shorewall-init
+rm -rf ${LIBEXEC}/shorewall-init
 echo "Shorewall Init Uninstalled"
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -1,5 +1,5 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #
--- a/Shorewall-lite/default.openwrt
+++ b/Shorewall-lite/default.openwrt
@@ -1,25 +0,0 @@
 # sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
 # startup option(default "-vvv")
 OPTIONS=
 # change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
 START=50
 # change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
 STOP=
 # option to pass when shorewall start is executed
 STARTOPTIONS=
 # option to pass when shorewall restart is executed
 RESTARTOPTIONS=
 # option to pass when shorewall reload is executed
 RELOADOPTIONS=
 # option to pass when shorewall stop is executed
 STOPOPTIONS=
 # option to pass when shorewall status is executed
 STATUSOPTIONS=
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -39,7 +39,7 @@ fi
 start() {
    echo -n $"Starting Shorewall: "
-    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS start 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
@@ -69,7 +69,7 @@ restart() {
 # Note that we don't simply stop and start since shorewall has a built in
 # restart which stops the firewall if running and then starts it.
    echo -n $"Restarting Shorewall: "
-    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS restart 2>&1 | $logger
    retval=${PIPESTATUS[0]}
    if [[ $retval == 0 ]]; then
 	touch $lockfile
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -1,98 +0,0 @@
 #!/bin/sh /etc/rc.common
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
 #
 #	Commands are:
 #
 #	   shorewall-lite start			  Starts the firewall
 #	   shorewall-lite restart		  Restarts the firewall
 #	   shorewall-lite reload		  Reload the firewall
 #						  (same as restart)
 #	   shorewall-lite stop			  Stops the firewall
 #	   shorewall-lite status		  Displays firewall status
 #
 # description: Packet filtering firewall
 # openwrt stuph
 # start and stop runlevel variable
 #START=21
 #STOP=91
 # variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument
 EXTRA_COMMANDS="status"
 EXTRA_HELP="Displays shorewall status"
 ################################################################################
 # Get startup options (override default)
 ################################################################################
 OPTIONS="-vvv"
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
    . ${SYSCONFDIR}/shorewall-lite
 fi
 START=${START:-21}
 STOP=${STOP:-91}
 SHOREWALL_INIT_SCRIPT=1
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
 # arg1 of init script is arg2 when rc.common is sourced; set to action variable
 command="$action"
 start() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STARTOPTIONS:-$@}
 }
 boot() {
 local command="start"
 start
 }
 restart() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RESTARTOPTIONS:-$@}
 }
 reload() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RELOADOPTION:-$@}
 }
 stop() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STOPOPTIONS:-$@}
 }
 status() {
 	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STATUSOPTIONS:-$@}
 }
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -30,7 +30,6 @@ usage() # $1 = exit status
    echo "usage: $ME [ <configuration-file> ]"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -n"
    exit $1
 }
@@ -67,6 +66,15 @@ mywhich() {
    return 2
 }
 run_install()
 {
    if ! install $*; then
 	echo
 	echo "ERROR: Failed to install $*" >&2
 	exit 1
    fi
 }
 cant_autostart()
 {
    echo
@@ -80,28 +88,7 @@ delete_file() # $1 = file to delete
 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
+    run_install $T $OWNERSHIP -m $3 $1 ${2}
 	if chmod $3 $2; then
 	    if [ -n "$OWNER" ]; then
 		if chown $OWNER:$GROUP $2; then
 		    return
 		fi
 	    else
 		return 0
 	    fi
 	fi
    fi
    echo "ERROR: Failed to install $2" >&2
    exit 1
 }
 make_directory() # $1 = directory , $2 = mode
 {
    mkdir -p $1
    chmod 755 $1
    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
 }
 require()
@@ -126,13 +113,9 @@ fi
 # Parse the run line
 #
 finished=0
 configure=1
 while [ $finished -eq 0 ] ; do
-
+    case "$1" in
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
@@ -145,10 +128,6 @@ while [ $finished -eq 0 ] ; do
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
@@ -199,7 +178,7 @@ elif [ -z "${VARDIR}" ]; then
    VARDIR=${VARLIB}/${PRODUCT}
 fi
-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
+for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do
    require $var
 done
@@ -207,16 +186,16 @@ done
 PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
 [ -n "$SANDBOX" ] && configure=0
 #
 # Determine where to install the firewall script
 #
 cygwin=
 INSTALLD='-D'
 T='-T'
 if [ -z "$BUILD" ]; then
    case $(uname) in
-	cygwin*|CYGWIN*)
+	cygwin*)
 	    BUILD=cygwin
 	    ;;
 	Darwin)
@@ -227,7 +206,7 @@ if [ -z "$BUILD" ]; then
 		eval $(cat /etc/os-release | grep ^ID)
 		case $ID in
-		    fedora|rhel|centos|foobar)
+		    fedora|rhel)
 			BUILD=redhat
 			;;
 		    debian)
@@ -255,8 +234,6 @@ if [ -z "$BUILD" ]; then
 		BUILD=slackware
 	    elif [ -f ${CONFDIR}/arch-release ] ; then
 		BUILD=archlinux
 	    elif [ -f ${CONFDIR}/openwrt_release ]; then
 		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -265,23 +242,23 @@ if [ -z "$BUILD" ]; then
 fi
 case $BUILD in
-    cygwin*|CYGWIN*)
+    cygwin*)
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
    apple)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=wheel
 	INSTALLD=
 	T=
 	;;
    *)
-	if [ $(id -u) -eq 0 ]; then
+	[ -z "$OWNER" ] && OWNER=root
-	    [ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
 	    [ -z "$GROUP" ] && GROUP=root
 	fi
 	;;
 esac
-[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
+OWNERSHIP="-o $OWNER -g $GROUP"
 [ -n "$HOST" ] || HOST=$BUILD
@@ -312,9 +289,6 @@ case "$HOST" in
    suse)
 	echo "Installing Suse-specific configuration..."
 	;;
    openwrt)
 	echo "Installing OpenWRT-specific configuration..."
 	;;
    linux)
 	;;
    *)
@@ -331,9 +305,8 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
    fi
-    make_directory ${DESTDIR}${SBINDIR} 755
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
-    make_directory ${DESTDIR}${INITDIR} 755
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
 else
    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
@@ -373,7 +346,6 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
 [ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
@@ -386,7 +358,7 @@ mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
 mkdir -p ${DESTDIR}${VARDIR}
 chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
-chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+chmod 755 ${DESTDIR}/usr/share/$PRODUCT
 if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
@@ -397,7 +369,7 @@ fi
 if [ -n "$INITFILE" ]; then
    if [ -f "${INITSOURCE}" ]; then
-	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
+	initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
 	install_file ${INITSOURCE} "$initfile" 0544
 	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
@@ -408,16 +380,12 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi
 #
 # Install the config file
@@ -437,9 +405,9 @@ fi
 #
 # Install the  Makefile
 #
-install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
+run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
-[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
+[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile
 echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
 #
@@ -454,7 +422,7 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
 for f in lib.* ; do
    if [ -f $f ]; then
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+	echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
    fi
 done
@@ -467,7 +435,7 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
 #
 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
+[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap
 echo
 echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@@ -477,17 +445,17 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 #
 if [ -f modules ]; then
-    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
+    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
 fi
 if [ -f helpers ]; then
-    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
+    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
-    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
@@ -498,18 +466,18 @@ done
 if [ -d manpages ]; then
    cd manpages
-    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
    done
    for f in *.8; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
+	echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
    done
    cd ..
@@ -518,7 +486,7 @@ if [ -d manpages ]; then
 fi
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
+    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
@@ -531,7 +499,7 @@ chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 # Remove and create the symbolic link to the init script
 #
-if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
+if [ -z "$DESTDIR" ]; then
    rm -f ${SHAREDIR}/$PRODUCT/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
 fi
@@ -549,17 +517,17 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
-    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
+    run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
 fi
-if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
+if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
+    if [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
@@ -603,13 +571,6 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	else
 	    cant_autostart
 	fi
    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
 	/etc/init.d/$PRODUCT enable
 	if /etc/init.d/$PRODUCT enabled; then
            echo "$PRODUCT will start automatically at boot"
 	else
            cant_autostart
 	fi
    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
 	cant_autostart
    fi
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -47,19 +47,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>allow</option></arg>
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -72,21 +59,6 @@
      choice="plain"><option>clear</option><arg><option>-f</option></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>close</option><arg choice="req">
      <replaceable>open-number</replaceable> |
      <replaceable>source</replaceable><replaceable>dest</replaceable><arg><replaceable>protocol</replaceable><arg>
      <replaceable>port</replaceable> </arg></arg></arg><replaceable>
      </replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -144,8 +116,6 @@
      <arg><option>-l</option></arg>
      <arg><option>-m</option></arg>
      <arg><option>-c</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -293,29 +263,6 @@
      expression</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="plain"><option>open</option><replaceable>
      source</replaceable><replaceable> dest</replaceable><arg>
      <replaceable>protocol</replaceable><arg> <replaceable>port</replaceable>
      </arg> </arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>reenable</option></arg>
      <arg choice="plain">{ <replaceable>interface</replaceable> |
      <replaceable>provider</replaceable> }</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -329,21 +276,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>reload</option></arg>
      <arg><option>-n</option></arg>
      <arg><option>-p</option><arg><option>-C</option></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -367,7 +299,9 @@
      <arg><option>-n</option></arg>
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
+      <arg><option>-p</option></arg>
      <arg><replaceable>directory</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -380,8 +314,6 @@
      <arg choice="plain"><option>restore</option></arg>
      <arg><option>-C</option></arg>
      <arg><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
@@ -393,38 +325,11 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><option>run</option></arg>
+      <arg choice="plain"><option>save</option></arg>
      <arg choice="plain">function</arg>
      <arg><replaceable>parameter ...</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg
      choice="plain"><option>save</option><arg><option>-C</option></arg></arg>
      <arg choice="opt"><replaceable>filename</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="plain"><option>savesets</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
@@ -432,7 +337,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-b</option></arg>
@@ -454,21 +359,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
      <arg choice="plain"><option>{bl|blacklists}</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-f</option></arg>
@@ -482,7 +373,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg
      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
@@ -495,7 +386,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg choice="plain"><option>event</option><arg
      choice="plain"><replaceable>event</replaceable></arg></arg>
@@ -508,25 +399,11 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-c</option></arg>
      <arg choice="plain"><option>routing</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall-lite</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>-<replaceable>options</replaceable></arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-x</option></arg>
-      <arg choice="req"><option>mangle|nat|raw|rawpost</option></arg>
+      <arg choice="req"><option>mangle|nat|routing|raw|rawpost</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -536,7 +413,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -548,7 +425,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="opt"><option>show | list | ls </option></arg>
      <arg><option>-m</option></arg>
@@ -568,10 +445,6 @@
      <arg><option>-n</option></arg>
      <arg><option>-p</option></arg>
      <arg><option>-f</option></arg>
      <arg><option>-C</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -592,8 +465,7 @@
      <arg>-<replaceable>options</replaceable></arg>
-      <arg choice="plain"><arg
+      <arg choice="plain"><option>status</option></arg>
      choice="plain"><option>status</option><arg><option>-i</option></arg></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -624,9 +496,8 @@
    <para>The nolock <option>option</option> prevents the command from
    attempting to acquire the Shorewall-lite lockfile. It is useful if you
-    need to include <command>shorewall</command> commands in the
+    need to include <command>shorewall</command> commands in
-    <filename>started</filename> <ulink
+    <filename>/etc/shorewall/started</filename>.</para>
    url="../shorewall_extension_scripts.html">extension script</ulink>.</para>
    <para>The <emphasis>options</emphasis> control the amount of output that
    the command produces. They consist of a sequence of the letters <emphasis
@@ -637,8 +508,8 @@
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
-    immediately with one of -1,0,1,2 to specify VERBOSITY. There may be no
+    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
-    white-space between <emphasis role="bold">v</emphasis> and the
+    be no white-space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>
    <para>The <emphasis>options</emphasis> may also include the letter
@@ -653,10 +524,7 @@
    <variablelist>
      <varlistentry>
-        <term><emphasis role="bold">add </emphasis>{
+        <term><emphasis role="bold">add</emphasis></term>
        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
        <replaceable>host-list</replaceable> }</term>
        <listitem>
          <para>Adds a list of hosts or subnets to a dynamic zone usually used
@@ -681,8 +549,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">allow
+        <term><emphasis role="bold">allow</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Re-enables receipt of packets from hosts previously
@@ -694,25 +561,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">call <replaceable>function</replaceable> [
+        <term><emphasis role="bold">clear</emphasis></term>
        <replaceable>parameter</replaceable> ... ]</emphasis></term>
        <listitem>
          <para>Added in Shorewall 4.6.10. Allows you to call a function in
          one of the Shorewall libraries or in your compiled script. function
          must name the shell function to be called. The listed parameters are
          passed to the function.</para>
          <para>The function is first searched for in
          <filename>lib.base</filename>, <filename>lib.common</filename> and
          <filename>lib.cli</filename>. If it is not found, the call command
          is passed to the generated script to be executed.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">clear
        </emphasis>[-<option>f</option>]</term>
        <listitem>
          <para>Clear will remove all rules and chains installed by
@@ -723,38 +572,13 @@
          <para>If <option>-f</option> is given, the command will be processed
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
          role="bold">reload</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">close</emphasis> {
+        <term><emphasis role="bold">delete</emphasis></term>
        <replaceable>open-number</replaceable> |
        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
        ] ] }</term>
        <listitem>
          <para>Added in Shorewall 4.5.8. This command closes a temporary open
          created by the <command>open</command> command. In the first form,
          an <replaceable>open-number</replaceable> specifies the open to be
          closed. Open numbers are displayed in the <emphasis
          role="bold">num</emphasis> column of the output of the
          <command>shorewall-lite show opens </command>command.</para>
          <para>When the second form of the command is used, the parameters
          must match those given in the earlier <command>open</command>
          command.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">delete </emphasis>{
        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
        <replaceable>host-list</replaceable> }</term>
        <listitem>
          <para>The delete command reverses the effect of an earlier <emphasis
@@ -769,9 +593,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">disable </emphasis>{
+        <term><emphasis role="bold">disable</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
          <para>Added in Shorewall 4.4.26. Disables the optional provider
@@ -783,8 +605,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">drop
+        <term><emphasis role="bold">drop</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -793,9 +614,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
+        <term><emphasis role="bold">dump</emphasis></term>
        [-<option>l</option>] [-<option>m</option>]
        [-<option>c</option>]</term>
        <listitem>
          <para>Produces a verbose report about the firewall configuration for
@@ -809,16 +628,11 @@
          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
          <para>The <option>-c</option> option causes the route cache to be
          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">enable </emphasis>{
+        <term><emphasis role="bold">enable</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
          <para>Added in Shorewall 4.4.26. Enables the optional provider
@@ -830,8 +644,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">forget </emphasis>[
+        <term><emphasis role="bold">forget</emphasis></term>
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
@@ -852,8 +665,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">hits </emphasis>
+        <term><emphasis role="bold">hits</emphasis></term>
        [-<option>t</option>]</term>
        <listitem>
          <para>Generates several reports from Shorewall-lite log messages in
@@ -863,8 +675,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">ipcalc </emphasis>{ address mask |
+        <term><emphasis role="bold">ipcalc</emphasis></term>
        address/vlsm }</term>
        <listitem>
          <para>Ipcalc displays the network address, broadcast address,
@@ -874,8 +685,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">iprange
+        <term><emphasis role="bold">iprange</emphasis></term>
        </emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
        <listitem>
          <para>Iprange decomposes the specified range of IP addresses into
@@ -884,8 +694,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">iptrace </emphasis><replaceable>iptables
+        <term><emphasis role="bold">iptrace</emphasis></term>
        match expression</replaceable></term>
        <listitem>
          <para>This is a low-level debugging command that causes iptables
@@ -904,17 +713,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">list</emphasis></term>
+        <term><emphasis role="bold">logdrop</emphasis></term>
        <listitem>
          <para><command>list</command> is a synonym for
          <command>show</command> -- please see below.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">logdrop
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -925,8 +724,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
+        <term><emphasis role="bold">logwatch</emphasis></term>
        [<replaceable>refresh-interval</replaceable>]</term>
        <listitem>
          <para>Monitors the log file specified by the LOGFILE option in
@@ -945,8 +743,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">logreject
+        <term><emphasis role="bold">logreject</emphasis></term>
        </emphasis><replaceable>address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -957,17 +754,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">ls</emphasis></term>
+        <term><emphasis role="bold">noiptrace</emphasis></term>
        <listitem>
          <para><command>ls</command> is a synonym for <command>show</command>
          -- please see below.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
        match expression</replaceable></term>
        <listitem>
          <para>This is a low-level debugging command that cancels a trace
@@ -980,78 +767,21 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">open</emphasis>
+        <term><emphasis role="bold">reset</emphasis></term>
        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
        ] ]</term>
        <listitem>
-          <para>Added in Shorewall 4.6.8. This command requires that the
+          <para>All the packet and byte counters in the firewall are
-          firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in
+          reset.</para>
          <ulink url="/manpages/shorewall.conf.html">shorewall.conf
          (5)</ulink>. The effect of the command is to temporarily open the
          firewall for connections matching the parameters.</para>
          <para>The <replaceable>source</replaceable> and
          <replaceable>dest</replaceable> parameters may each be specified as
          <emphasis role="bold">all</emphasis> if you don't wish to restrict
          the connection source or destination respectively. Otherwise, each
          must contain a host or network address or a valid DNS name.</para>
          <para>The <replaceable>protocol</replaceable> may be specified
          either as a number or as a name listed in /etc/protocols. The
          <replaceable>port</replaceable> may be specified numerically or as a
          name listed in /etc/services.</para>
          <para>To reverse the effect of a successful <command>open</command>
          command, use the <command>close</command> command with the same
          parameters or simply restart the firewall.</para>
          <para>Example: To open the firewall for SSH connections to address
          192.168.1.1, the command would be:</para>
          <programlisting>    shorewall-lite open all 192.168.1.1 tcp 22</programlisting>
          <para>To reverse that command, use:</para>
          <screen>    shorewall-lite close all 192.168.1.1 tcp 22</screen>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">reenable</emphasis>{
+        <term><emphasis role="bold">restart</emphasis></term>
        <replaceable>interface</replaceable> |
        <replaceable>provider</replaceable> }</term>
        <listitem>
-          <para>Added in Shorewall 4.6.9. This is equivalent to a
+          <para>Restart is similar to <emphasis role="bold">shorewall-lite
-          <command>disable</command> command followed by an
+          start</emphasis> except that it assumes that the firewall is already
-          <command>enable</command> command on the specified
+          started. Existing connections are maintained.</para>
          <replaceable>interface</replaceable> or
          <replaceable>provider</replaceable>.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reject</emphasis><replaceable>
        address</replaceable></term>
        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
          to be silently rejected.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
        [-<option>C</option>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.0, <emphasis
          role="bold">reload</emphasis> is similar to <emphasis
          role="bold">shorewall-lite start</emphasis> except that it assumes
          that the firewall is already started. Existing connections are
          maintained.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
@@ -1059,56 +789,11 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
+        <term><emphasis role="bold">restore</emphasis></term>
        ...]</emphasis><acronym/></term>
        <listitem>
          <para>Resets the packet and byte counters in the specified
          <replaceable>chain</replaceable>(s). If no
          <replaceable>chain</replaceable> is specified, all the packet and
          byte counters in the firewall are reset.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">restart </emphasis>[-n] [-p]
        [-<option>C</option>]</term>
        <listitem>
          <para>Beginning with Shorewall 5.0.0, this command performs a true
          restart. The firewall is completely stopped as if a
          <command>stop</command> command had been issued then it is started
          again.</para>
          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the specified (or implicit) firewall script is the one that
          generated the current running configuration, then the running
          netfilter configuration will be reloaded as is so as to preserve the
          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
        [-<option>p</option>] [-<option>C</option>] [
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>Restore Shorewall-lite to a state saved using the <emphasis
@@ -1119,52 +804,11 @@
          <emphasis>filename</emphasis> is given then Shorewall-lite will be
          restored from the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <caution>
            <para>If your iptables ruleset depends on variables that are
            detected at run-time, either in your params file or by
            Shorewall-generated code, <command>restore</command> will use the
            values that were current when the ruleset was saved, which may be
            different from the current values.</para>
          </caution>
          <para>The <option>-n</option> option causes Shorewall to avoid
          updating the routing table(s).</para>
          <para>The <option>-p</option> option, added in Shorewall 4.6.5,
          causes the connection tracking table to be flushed; the
          <command>conntrack</command> utility must be installed to use this
          option.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
          If the <option>-C</option> option was specified during <emphasis
          role="bold">shorewall save</emphasis>, then the counters saved by
          that operation will be restored.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">run
+        <term><emphasis role="bold">save</emphasis></term>
        </emphasis><replaceable>command</replaceable> [
        <replaceable>parameter</replaceable> ... ]</term>
        <listitem>
          <para>Added in Shorewall 4.6.3. Executes
          <replaceable>command</replaceable> in the context of the generated
          script passing the supplied <replaceable>parameter</replaceable>s.
          Normally, the <replaceable>command</replaceable> will be a function
          declared in <filename>lib.private</filename>.</para>
          <para>Before executing the <replaceable>command</replaceable>, the
          script will detect the configuration, setting all SW_* variables and
          will run your <filename>init</filename> extension script with
          $COMMAND = 'run'.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
        <replaceable>filename</replaceable> ]</term>
        <listitem>
          <para>The dynamic blacklist is stored in
@@ -1174,24 +818,6 @@
          <emphasis>filename</emphasis> is not given then the state is saved
          in the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-C</option> option, added in Shorewall 4.6.5,
          causes the iptables packet and byte counters to be saved along with
          the chains and rules.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">savesets</emphasis></term>
        <listitem>
          <para>Added in shorewall 4.6.8. Performs the same action as the
          <command>stop</command> command with respect to saving ipsets (see
          the SAVE_IPSETS option in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
          This command may be used to proactively save your ipset contents in
          the event that a system failure occurs prior to issuing a
          <command>stop</command> command.</para>
        </listitem>
      </varlistentry>
@@ -1204,22 +830,7 @@
          <variablelist>
            <varlistentry>
-              <term><emphasis role="bold">bl|blacklists
+              <term><emphasis role="bold">capabilities</emphasis></term>
              </emphasis>[-<option>x</option>]</term>
              <listitem>
                <para>Added in Shorewall 4.6.2. Displays the dynamic chain
                along with any chains produced by entries in
                shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
                option is passed directly through to iptables and causes
                actual packet and byte counts to be displayed. Without this
                option, those counts are abbreviated.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>[-<option>f</option>] <emphasis
              role="bold">capabilities</emphasis></term>
              <listitem>
                <para>Displays your kernel/iptables capabilities. The
@@ -1230,10 +841,8 @@
            </varlistentry>
            <varlistentry>
-              <term>[-<option>b</option>] [-<option>x</option>]
+              <term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
-              [-<option>l</option>] [-<option>t</option>
+              ]</term>
              {<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
              [ <emphasis>chain</emphasis>... ]</term>
              <listitem>
                <para>The rules in each <emphasis>chain</emphasis> are
@@ -1286,19 +895,11 @@
            </varlistentry>
            <varlistentry>
-              <term><emphasis role="bold">connections
+              <term><emphasis role="bold">connections</emphasis></term>
              [<replaceable>filter_parameter</replaceable>
              ...]</emphasis></term>
              <listitem>
                <para>Displays the IP connections currently being tracked by
                the firewall.</para>
                <para>If the <command>conntrack</command> utility is
                installed, beginning with Shorewall 4.6.11 the set of
                connections displayed can be limited by including conntrack
                filter parameters (-p , -s, --dport, etc). See conntrack(8)
                for details.</para>
              </listitem>
            </varlistentry>
@@ -1340,8 +941,7 @@
            </varlistentry>
            <varlistentry>
-              <term>[-<option>m</option>] <emphasis
+              <term><emphasis role="bold">log</emphasis></term>
              role="bold">log</emphasis></term>
              <listitem>
                <para>Displays the last 20 Shorewall-lite messages from the
@@ -1353,20 +953,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>[-<option>x</option>] <emphasis
              role="bold">mangle</emphasis></term>
              <listitem>
                <para>Displays the Netfilter mangle table using the command
                <emphasis role="bold">iptables -t mangle -L -n -v</emphasis>.
                The <emphasis role="bold">-x</emphasis> option is passed
                directly through to iptables and causes actual packet and byte
                counts to be displayed. Without this option, those counts are
                abbreviated.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">marks</emphasis></term>
@@ -1390,16 +976,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">opens</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.5.8. Displays the iptables rules in
                the 'dynamic' chain created through use of the <command>open
                </command>command..</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">policies</emphasis></term>
@@ -1416,9 +992,7 @@
              <term><emphasis role="bold">routing</emphasis></term>
              <listitem>
-                <para>Displays the system's IPv4 routing configuration. The -c
+                <para>Displays the system's IPv4 routing configuration.</para>
                option causes the route cache to be displayed in addition to
                the other routing information.</para>
              </listitem>
            </varlistentry>
@@ -1457,9 +1031,7 @@
      </varlistentry>
      <varlistentry>
-        <term><emphasis role="bold">start</emphasis> [-<option>p</option>]
+        <term><emphasis role="bold">start</emphasis></term>
        [-<option>n</option>] [<option>-f</option>]
        [-<option>C</option>]</term>
        <listitem>
          <para>Start Shorewall Lite. Existing connections through
@@ -1470,22 +1042,6 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
          <para>The <option>-n</option> option prevents the firewall script
          from modifying the current routing configuration.</para>
          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
          If the RESTOREFILE named in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
          executable and is not older than the current filewall script, then
          that saved configuration is restored.</para>
          <para>The <option>-C</option> option was added in Shorewall 4.6.5
          and is only meaningful when the <option>-f</option> option is also
          specified. If the previously-saved configuration is restored, and if
          the <option>-C</option> option was also specified in the <emphasis
          role="bold">save</emphasis> command, then the packet and byte
          counters will be restored.</para>
        </listitem>
      </varlistentry>
@@ -1517,10 +1073,6 @@
        <listitem>
          <para>Produces a short report about the state of the
          Shorewall-configured firewall.</para>
          <para>The <option>-i </option>option was added in Shorewall 4.6.2
          and causes the status of each optional or provider interface to be
          displayed.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -38,7 +38,7 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
+#        MODULE_SUFFIX - "o gz ko o.gz ko.gz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -1,21 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
-Wants=network-online.target
+After=syslog.target
-After=network-online.target
+After=network.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStart=/sbin/shorewall-lite $OPTIONS start
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-lite/shorewall-lite.service.214
+++ b/Shorewall-lite/shorewall-lite.service.214
@@ -1,21 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -1,23 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #     Copyright 2015 Tom Eastep <teastep@shorewall.net>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -27,25 +27,14 @@
 #       shown below. Simply run this script to remove Shorewall Firewall
 VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-lite
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <shorewallrc file> ]"
    echo "where <option> is one of"
    echo "  -h"
    echo "  -v"
    echo "  -n"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
@@ -80,42 +69,6 @@ remove_file() # $1 = file to restore
    fi
 }
 finished=0
 configure=1
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
 			configure=0
 			option=${option#n}
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
@@ -159,60 +112,39 @@ fi
 echo "Uninstalling Shorewall Lite $VERSION"
-[ -n "$SANDBOX" ] && configure=0
+if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-
+   shorewall-lite clear
 if [ $configure -eq 1 ]; then
    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
 	shorewall-lite clear
    fi
 fi
 if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    if [ $HOST = openwrt ]; then
+    FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
 	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
 	    /etc/init.d/shorewall-lite disable
 	fi
 	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
    else
 	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
    fi
 elif [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
 fi
 if [ -f "$FIREWALL" ]; then
-    if [ $configure -eq 1 ]; then
+    if mywhich updaterc.d ; then
-	if mywhich updaterc.d ; then
+	updaterc.d shorewall-lite remove
-	    updaterc.d shorewall-lite remove
+    elif mywhich insserv ; then
-	elif mywhich insserv ; then
+        insserv -r $FIREWALL
-            insserv -r $FIREWALL
+    elif [ mywhich chkconfig ; then
-	elif mywhich chkconfig ; then
+	chkconfig --del $(basename $FIREWALL)
-	    chkconfig --del $(basename $FIREWALL)
+    elif mywhich systemctl ; then
-	fi
+	systemctl disable shorewall-lite
    fi
    remove_file $FIREWALL
 fi
 [ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"
 if [ -n "$SERVICEDIR" ]; then
    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
    rm -f $SERVICEDIR/shorewall-lite.service
 fi
 rm -f ${SBINDIR}/shorewall-lite
-rm -rf ${CONFDIR}/shorewall-lite
+rm -rf ${SBINDIR}/shorewall-lite
 rm -rf ${VARDIR}/shorewall-lite
 rm -rf ${SHAREDIR}/shorewall-lite
-rm -rf ${LIBEXECDIR}/shorewall-lite
+rm -rf ${LIBEXEC}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
-rm -f  ${SYSCONFDIR}/shorewall-lite
+[ -n "$SYSTEMD" ] && rm -f  ${SYSTEMD}/shorewall-lite.service
 rm -f ${MANDIR}/man5/shorewall-lite*
 rm -f ${MANDIR}/man8/shorewall-lite*
 echo "Shorewall Lite Uninstalled"
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 -----------------------------------------------------------------------------
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,11 +1,13 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall version 4 - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #
 #	This macro handles AMQP traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,11 +1,13 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall version 4 - Audited AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.A_AllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,11 +1,13 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall version 4 - Audited DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.A_DropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,11 +1,13 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall version 4 - ADropUPnP Macro
 #
 # /usr/share/shorewall/macro.A_DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,5 +1,5 @@
 #
-# Shorewall - Samba 4 Macro
+# Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
@@ -9,8 +9,8 @@
 #
 # 
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#                               PORT(S) PORT(S) LIMIT   GROUP
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,11 +1,13 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall version 4 - AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.AllowICMPs
 #
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,5 +1,5 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall version 4 - Amanda Macro
 #
 # /usr/share/shorewall/macro.Amanda
 #
@@ -8,11 +8,13 @@
 #	files from those nodes.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
- PARAM	-	-	udp	10080 { helper=amanda }
+ PARAM	-	-	udp	10080 ; helper=amanda
 ?else
 PARAM	-	-	udp	10080
 ?endif
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,11 +1,13 @@
 #
-# Shorewall - Auth Macro
+# Shorewall version 4 - Auth Macro
 #
 # /usr/share/shorewall/macro.Auth
 #
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,11 +1,13 @@
 #
-# Shorewall - BGP Macro
+# Shorewall version 4 - BGP Macro
 #
 # /usr/share/shorewall/macro.BGP
 #
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -1,11 +1,13 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall version 4 - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,5 +1,5 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall version 4 - BitTorrent Macro
 #
 # /usr/share/shorewall/macro.BitTorrent
 #
@@ -9,6 +9,8 @@
 #	BitTorrent32 macro.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,11 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall version 4 - BitTorrent 3.2 Macro
 #
 # /usr/share/shorewall/macro.BitTorrent32
 #
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,11 +1,13 @@
 #
-# Shorewall - CVS Macro
+# Shorewall version 4 - CVS Macro
 #
 # /usr/share/shorewall/macro.CVS
 #
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,5 +1,5 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall version 4 - Citrix/ICA Macro
 #
 # /usr/share/shorewall/macro.Citrix
 #
@@ -7,6 +7,8 @@
 #	ICA Session Reliability)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,5 +1,5 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall version 4 - DAAP Macro
 #
 # /usr/share/shorewall/macro.DAAP
 #
@@ -7,6 +7,8 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,5 +1,5 @@
 #
-# Shorewall - DCC Macro
+# Shorewall version 4 - DCC Macro
 #
 # /usr/share/shorewall/macro.DCC
 #
@@ -7,6 +7,8 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,11 +1,13 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall version 4 - DHCPfwd Macro
 #
 # /usr/share/shorewall/macro.DHCPfwd
 #
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,11 +1,13 @@
 #
-# Shorewall - DNS Macro
+# Shorewall version 4 - DNS Macro
 #
 # /usr/share/shorewall/macro.DNS
 #
 #	This macro handles DNS traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,11 +1,13 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall version 4 - Distcc Macro
 #
 # /usr/share/shorewall/macro.Distcc
 #
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,5 +1,5 @@
 #
-# Shorewall - Drop Macro
+# Shorewall version 4 - Drop Macro
 #
 # /usr/share/shorewall/macro.Drop
 #
@@ -11,6 +11,8 @@
 #		Drop	net	all
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,11 +1,13 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall version 4 - DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.DropDNSrep
 #
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,11 +1,13 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall version 4 - DropUPnP Macro
 #
 # /usr/share/shorewall/macro.DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,5 +1,5 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall version 4 - Edonkey Macro
 #
 # /usr/share/shorewall/macro.Edonkey
 #
@@ -28,6 +28,8 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,15 +1,17 @@
 #
-# Shorewall - FTP Macro
+# Shorewall version 4 - FTP Macro
 #
 # /usr/share/shorewall/macro.FTP
 #
 #	This macro handles FTP traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
- PARAM	-	-	tcp	21 { helper=ftp }
+ PARAM	-	-	tcp	21 ; helper=ftp
 ?else
 PARAM	-	-	tcp	21
 ?endif
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,5 +1,5 @@
 #
-# Shorewall - Finger Macro
+# Shorewall version 4 - Finger Macro
 #
 # /usr/share/shorewall/macro.Finger
 #
@@ -7,6 +7,8 @@
 #	your finger information to internet.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,11 +1,13 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall version 4 - GNUnet Macro
 #
 # /usr/share/shorewall/macro.GNUnet
 #
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,5 +1,5 @@
 #
-# Shorewall - GRE Macro
+# Shorewall version 4 - GRE Macro
 #
 # /usr/share/shorewall/macro.GRE
 #
@@ -7,6 +7,8 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,11 +1,13 @@
 #
-# Shorewall - Git Macro
+# Shorewall version 4 - Git Macro
 #
 # /usr/share/shorewall/macro.Git
 #
 #	This macro handles Git traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -1,11 +1,13 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall version 4 - Gnutella Macro
 #
 # /usr/share/shorewall/macro.Gnutella
 #
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,12 +0,0 @@
 #
 # Shorewall - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter
 #       This macro handles Citrix/Goto Meeting
 #       Assumes that ports 80 and 443 are already open
 #       If needed, use the macros that open Http and Https to reduce redundancy
 ####################################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -1,11 +1,13 @@
 #
-# Shorewall - HKP Macro
+# Shorewall version 4 - HKP Macro
 #
 # /usr/share/shorewall/macro.HKP
 #
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -1,11 +1,13 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall version 4 - HTTP Macro
 #
 # /usr/share/shorewall/macro.HTTP
 #
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -1,11 +1,13 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall version 4 - HTTPS Macro
 #
 # /usr/share/shorewall/macro.HTTPS
 #
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -1,11 +1,13 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall version 4 - ICPV2 Macro
 #
 # /usr/share/shorewall/macro.ICPV2
 #
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -1,11 +1,13 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall version 4 - ICQ Macro
 #
 # /usr/share/shorewall/macro.ICQ
 #
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,21 +0,0 @@
 #
 # Shorewall - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #
 #	This macro handles console redirection with HP ILO 2+,
 #	Use this macro to open access to your ILO interface from management
 #	workstations.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media
 PARAM	-	-	tcp	17990		# Console Replay
 HTTP
 HTTPS
 RDP
 SSH
 Telnet						# Remote Console/Telnet
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -1,5 +1,5 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall version 4 - IMAP Macro
 #
 # /usr/share/shorewall/macro.IMAP
 #
@@ -7,6 +7,8 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -1,5 +1,5 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall version 4 - IMAPS Macro
 #
 # /usr/share/shorewall/macro.IMAPS
 #
@@ -7,6 +7,8 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -1,11 +1,13 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall version 4 - IPIP Macro
 #
 # /usr/share/shorewall/macro.IPIP
 #
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,24 +1,19 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall version 4 - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #
-#	This macro handles IPMI console redirection with Asus (AMI),
+#	This macro handles IPMI used by Asus, Dell, MSI, and Supermicro.
 #	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
 #	Use this macro to open access to your IPMI interface from management
 #	workstations.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	623		# RMCP
-PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
+PARAM	-	-	tcp	5900,5901	# Remote Console
-PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
+PARAM	-	-	tcp	8889		# WS-MAN
 PARAM	-	-	tcp	5900,5901	# Remote Console (Aten, Dell)
 PARAM	-	-	tcp	7578		# Remote Console (AMI)
 PARAM	-	-	udp	623		# RMCP
 SSH
 HTTP
 HTTPS
 SNMP
 SSH						# Serial over Lan
 Telnet
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -1,11 +1,13 @@
 #
-# Shorewall - IPP Macro
+# Shorewall version 3.2 - IPP Macro
 #
 # /usr/share/shorewall/macro.IPP
 #
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -1,5 +1,5 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall version 4 - IPP Broadcast Macro
 #
 # /usr/share/shorewall/macro.IPPbrd
 #
@@ -8,6 +8,8 @@
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,5 +1,5 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall version 4 - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #
@@ -23,6 +23,8 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -1,11 +1,13 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall version 4 - IPsec Macro
 #
 # /usr/share/shorewall/macro.IPsec
 #
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -1,5 +1,5 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall version 4 - IPsecah Macro
 #
 # /usr/share/shorewall/macro.IPsecah
 #
@@ -7,6 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -1,11 +1,13 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall version 4 - IPsecnat Macro
 #
 # /usr/share/shorewall/macro.IPsecnat
 #
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -1,16 +1,18 @@
 #
-# Shorewall IRC Macro
+# Shorewall version 4 IRC Macro
 #
 # /usr/share/shorewall/macro.IRC
 #
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
- PARAM	-	-	tcp	6667 { helper=irc }
+ PARAM	-	-	tcp	6667 ; helper=irc
 ?else
 PARAM	-	-	tcp	6667
 ?endif
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -1,5 +1,5 @@
 #
-# Shorewall - JAP Macro
+# Shorewall version 4 - JAP Macro
 #
 # /usr/share/shorewall/macro.JAP
 #
@@ -8,6 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
--- a/Shorewall/Macros/macro.Jabber
+++ b/Shorewall/Macros/macro.Jabber
@@ -1,11 +0,0 @@
 #
 # Shorewall - Jabber Macro
 #
 # /usr/share/shorewall/macro.Jabber
 #
 #	This macro accepts Jabber traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -1,12 +1,13 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall version 3.4 - JabberPlain Macro
 #
 # /usr/share/shorewall/macro.JabberPlain
 #
-#	This macro accepts Jabber traffic (plaintext). This macro is
+#	This macro accepts Jabber traffic (plaintext).
 #	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-Jabber
+PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -1,13 +1,13 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall version 3.4 - JabberSecure (ssl) Macro
 #
 # /usr/share/shorewall/macro.JabberSecure
 #
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
+#	This macro accepts Jabber traffic (ssl).
 #	is deprecated, please configure Jabber with STARTTLS and use
 #	Jabber macro instead.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -1,11 +1,13 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall version 3.4 - Jabberd (server intercommunication)
 #
 # /usr/share/shorewall/macro.Jabberd
 #
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -1,11 +1,13 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall version 3.2 - Jetdirect Macro
 #
 # /usr/share/shorewall/macro.Jetdirect
 #
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,11 +1,13 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -1,5 +1,5 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall version 4 - L2TP Macro
 #
 # /usr/share/shorewall/macro.L2TP
 #
@@ -7,6 +7,8 @@
 #	(RFC 2661)
 #
 ###############################################################################
 ?FORMAT 2
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	e021285199	Clarify DEST column in DNAT rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 15:01:39 -07:00
Tom Eastep	4dad6d2bb9	One more manual with BROADCAST columns Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 14:55:23 -07:00
Tom Eastep	b537fab05d	Eradicate mention of the BROADCAST column in the interfaces file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-06-04 14:43:13 -07:00
Tom Eastep	fbfb688346	Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.0	2014-06-02 14:22:40 -07:00