Fix syntax error in the generated script

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/install.sh

@@ -210,24 +210,30 @@ fi
 #
 # Install the Init Script
 #
-if [ -n "$DEBIAN" ]; then
+if [ -z "$SYSTEMD" ]; then
+    if [ -n "$DEBIAN" ]; then
 	install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
-elif [ -n "$FEDORA" ]; then
+    elif [ -n "$FEDORA" ]; then
-    install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
+	install_file init.fedora.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
-#elif [ -n "$ARCHLINUX" ]; then
+    #elif [ -n "$ARCHLINUX" ]; then
-#    install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
+    #    install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
-else
+    else
 	install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
-fi
+    fi
 
-echo  "Shorewall Init script installed in ${DESTDIR}${DEST}/$INIT"
+    echo  "Shorewall Init script installed in ${DESTDIR}${DEST}/$INIT"
-
+else
-#
+    #
-# Install the .service file
+    # Install the .service file
-#
+    #
-if [ -n "$SYSTEMD" ]; then
     run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
     echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
+    if [ -n "$DESTDIR" ]; then
+	mkdir -p ${DESTDIR}/sbin/
+	chmod 755 ${DESTDIR}/sbin/
+	run_install $OWNERSHIP -m 600 shorewall-init ${DESTDIR}/sbin/shorewall-init
+	echo "CLI installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
+    fi
 fi
 
 #

Shorewall-init/shorewall-init

@@ -0,0 +1,92 @@
+#! /bin/bash
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall.
+#
+#       Complete documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#########################################################################################
+if [ "$(id -u)" != "0" ]
+then
+  echo "You must be root to start, stop or restart \"Shorewall \"."
+  exit 1
+fi
+
+# check if shorewall-init is configured or not
+if [ -f "/etc/sysconfig/shorewall-init" ]; then
+    . /etc/sysconfig/shorewall-init
+    if [ -z "$PRODUCTS" ]; then
+        echo "ERROR: No products configured" >&2
+	exit 1
+    fi
+else
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
+    exit 1
+fi
+
+# Initialize the firewall
+shorewall_start () {
+  local PRODUCT
+  local VARDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	      ${VARDIR}/firewall stop || exit 1
+	  fi
+      fi
+  done
+
+  return 0
+}
+
+# Clear the firewall
+shorewall_stop () {
+  local PRODUCT
+  local VARDIR
+
+  echo -n "Clearing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  ${VARDIR}/firewall clear || exit 1
+      fi
+  done
+
+  return 0
+}
+
+case "$1" in
+  start)
+     shorewall_start
+     ;;
+  stop)
+     shorewall_stop
+     ;;
+  *)
+     echo "Usage: $0 {start|stop}"
+     exit 1
+esac
+
+exit 0

Shorewall-lite/init.sh

@@ -76,10 +76,10 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS $@
+	exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS $@
+	exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
 	exec /sbin/shorewall-lite $OPTIONS $command $@

Shorewall-lite/manpages/shorewall-lite.xml

@@ -517,15 +517,17 @@
           defined in the <ulink
           url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
           file. A <emphasis>host-list</emphasis> is comma-separated list whose
-          elements are host or network addresses.<caution>
+          elements are host or network addresses.</para>
+
+          <caution>
             <para>The <command>add</command> command is not very robust. If
-              there are errors in the <replaceable>host-list</replaceable>,
+            there are errors in the <replaceable>host-list</replaceable>, you
-              you may see a large number of error messages yet a subsequent
+            may see a large number of error messages yet a subsequent
-              <command>shorewall-lite show zones</command> command will
+            <command>shorewall-lite show zones</command> command will indicate
-              indicate that all hosts were added. If this happens, replace
+            that all hosts were added. If this happens, replace
             <command>add</command> by <command>delete</command> and run the
             same command again. Then enter the correct command.</para>
-            </caution></para>
+          </caution>
         </listitem>
       </varlistentry>
 

Shorewall/Perl/Shorewall/Chains.pm

@@ -6413,7 +6413,7 @@ sub create_netfilter_load( $ ) {
     #
     emit(  'exec 3>&-',
 	   '',
-	   '[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY,
+	   '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY,
 	   '',
 	   'progress_message2 "Running $command..."',
 	   '',

Shorewall/Perl/Shorewall/Zones.pm

@@ -1814,7 +1814,7 @@ sub process_host( ) {
 	$interface = $1;
 	$hosts = $2;
 
-	fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface})->{root};
+	fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface}) && $interfaceref->{root};
     } else {
 	fatal_error "Invalid HOST(S) column contents: $hosts" 
     }

Shorewall/Perl/prog.footer

@@ -62,12 +62,14 @@ checkkernelversion() {
 #
 # Start trace if first arg is "debug" or "trace"
 #
+g_debug_iptables=
+
 if [ $# -gt 1 ]; then
     if [ "x$1" = "xtrace" ]; then
 	set -x
 	shift
     elif [ "x$1" = "xdebug" ]; then
-	DEBUG=Yes
+	g_debug_iptables=Yes
 	shift
     fi
 fi

Shorewall/init.sh

@@ -78,13 +78,13 @@ shift
 
 case "$command" in
     start)
-	exec /sbin/shorewall $OPTIONS start $STARTOPTIONS $@
+	exec /sbin/shorewall $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS $@
+	exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
-	exec /sbin/shorewall $OPTIONS $command $@
+	exec /sbin/shorewall $OPTIONS $command
 	;;
     *)
 	usage

Shorewall/lib.cli-std

@@ -1579,7 +1579,7 @@ usage() # $1 = exit status
     echo "   status"
     echo "   stop"
     echo "   try <directory> [ <timeout> ]"
-    echo "   update [ -b ] [ -r ] [ -T ] [ <directory> ]"
+    echo "   update [ -a ] [ -b ] [ -r ] [ -T ] [ <directory> ]"
     echo "   version [ -a ]"
     echo
     exit $1

Shorewall/lib.core

@@ -510,6 +510,20 @@ debug_restore_input() {
 	qt1 $g_tool -t raw -P $chain ACCEPT
     done
 
+    qt1 $g_tool -t rawpost -F
+    qt1 $g_tool -t rawpost    -X
+
+    for chain in POSTROUTING; do
+	qt1 $g_tool -t rawpost -P $chain ACCEPT
+    done
+
+    qt1 $g_tool -t nat    -F
+    qt1 $g_tool -t nat    -X
+
+    for chain in PREROUTING POSTROUTING; do
+        qt1 $g_tool -t nat -P $chain ACCEPT
+    done
+
     qt1 $g_tool -t filter -F
     qt1 $g_tool -t filter -X
 

Shorewall/manpages/shorewall-blrules.xml

@@ -40,7 +40,7 @@
       <varlistentry>
         <term><emphasis role="bold">ACTION- {<emphasis
         role="bold">ACCEPT</emphasis>|CONTINUE|DROP|A_DROP|REJECT|A_REJECT|<emphasis
-        role="bold">WHITELIES</emphasis>|<emphasis
+        role="bold">WHITELIST</emphasis>|<emphasis
         role="bold">LOG</emphasis>|<emphasis
         role="bold">QUEUE</emphasis>|<emphasis
         role="bold">NFQUEUE</emphasis>[<emphasis
@@ -292,10 +292,9 @@
     <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
     shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5),
     shoewall6-netmap(5),shorewall-params(5), shorewall-policy(5),
-    shorewall-providers(5), shorewall-rtrules(5),
+    shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5),
-    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+    shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
-    shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
-    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
+    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
-    shorewall-zones(5)</para>
   </refsect1>
 </refentry>

Shorewall/manpages/shorewall.xml

@@ -1243,7 +1243,7 @@
           directory is given, then Shorewall will look in that directory first
           when opening configuration files.</para>
 
-          <para>Begining with Shorewall 4.5.0, you may specify a different
+          <para>Beginning with Shorewall 4.5.0, you may specify a different
           <replaceable>timeout</replaceable> value using the
           <option>-t</option> option. The numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
@@ -1265,7 +1265,7 @@
           Shorewall will look in that directory first when opening
           configuration files.</para>
 
-          <para>Begining with Shorewall 4.5.0, you may specify a different
+          <para>Beginning with Shorewall 4.5.0, you may specify a different
           <replaceable>timeout</replaceable> value using the
           <option>-t</option> option. The numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
@@ -1600,7 +1600,7 @@
           role="bold">restore</emphasis> is performed after
           <replaceable>timeout</replaceable> seconds.</para>
 
-          <para>Begining with Shorewall 4.5.0, the numeric
+          <para>Beginning with Shorewall 4.5.0, the numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
           <option>s</option>, <option>m</option> or <option>h</option> suffix
           (e.g., 5m) to specify seconds, minutes or hours respectively. If the

Shorewall6-lite/init.sh

@@ -76,10 +76,10 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS $@
+	exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS $@
+	exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
 	exec /sbin/shorewall6-lite $OPTIONS $command $@

Shorewall6/init.sh

@@ -77,10 +77,10 @@ command="$1"
 
 case "$command" in
     start)
-	exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS $@
+	exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS
 	;;
     restart|reload)
-	exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS $@
+	exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS
 	;;
     status|stop)
 	exec /sbin/shorewall6 $OPTIONS $command $@

Shorewall6/manpages/shorewall6-blrules.xml

@@ -41,7 +41,7 @@
       <varlistentry>
         <term><emphasis role="bold">ACTION- {<emphasis
         role="bold">ACCEPT</emphasis>|CONTINUE|DROP|A_DROP|REJECT|A_REJECT|<emphasis
-        role="bold">WHITELIES</emphasis>|<emphasis
+        role="bold">WHITELIST</emphasis>|<emphasis
         role="bold">LOG</emphasis>|<emphasis
         role="bold">QUEUE</emphasis>|<emphasis
         role="bold">NFQUEUE</emphasis>[<emphasis

Shorewall6/manpages/shorewall6.xml

@@ -1108,7 +1108,7 @@
           directory is given, then Shorewall6 will look in that directory
           first when opening configuration files.</para>
 
-          <para>Begining with Shorewall 4.5.0, you may specify a different
+          <para>Beginning with Shorewall 4.5.0, you may specify a different
           <replaceable>timeout</replaceable> value using the
           <option>-t</option> option. The numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
@@ -1130,7 +1130,7 @@
           Shorewall6 will look in that directory first when opening
           configuration files.</para>
 
-          <para>Begining with Shorewall 4.5.0, you may specify a different
+          <para>Beginning with Shorewall 4.5.0, you may specify a different
           <replaceable>timeout</replaceable> value using the
           <option>-t</option> option. The numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
@@ -1422,7 +1422,7 @@
           role="bold">restore</emphasis> is performed after
           <replaceable>timeout</replaceable> seconds.</para>
 
-          <para>Begining with Shorewall 4.5.0, the numeric
+          <para>Beginning with Shorewall 4.5.0, the numeric
           <replaceable>timeout</replaceable> may optionally be followed by an
           <option>s</option>, <option>m</option> or <option>h</option> suffix
           (e.g., 5m) to specify seconds, minutes or hours respectively. If the

docs/ReleaseModel.xml

@@ -32,6 +32,8 @@
 
       <year>2010</year>
 
+      <year>2012</year>
+
       <holder>Thomas M. Eastep</holder>
     </copyright>
 
@@ -52,81 +54,64 @@
     <orderedlist>
       <listitem>
         <para>Releases have a three-level identification
-        <firstterm>x.y.z</firstterm> (e.g., 2.0.3).</para>
+        <firstterm>x.y.z</firstterm> (e.g., 4.5.0).</para>
       </listitem>
 
       <listitem>
         <para>The first two levels (<emphasis>x.y</emphasis>) designate the
-        <firstterm>Major Release Number</firstterm> (e.g., 2.0).</para>
+        <firstterm>major release number</firstterm> (e.g., 4.5).</para>
       </listitem>
 
       <listitem>
-        <para>The third level (<emphasis>z</emphasis>) designates the
+        <para>The third level (<emphasis>y</emphasis>) designates the
-        <firstterm>Minor Release Number</firstterm>.</para>
+        <firstterm>minor release Number</firstterm>.</para>
       </listitem>
 
       <listitem>
-        <para>Even numbered major releases (e.g., 1.4, 2.0, 2.2, ...) are
+        <para>Installing a new minor release involves no migration issues
-        <firstterm>Stable Releases</firstterm>. No major new features are
+        unless you want to take advantage of an enhancement. For example, if
-        added to stable releases and new minor releases of a stable release
+        you are running 4.5.0 and I release 4.5.1, your current configuration
-        will only contain bug fixes and simple low-risk enhancements.
+        is 100% compatible with the new release.</para>
-        Installing a new minor release for the major release that you are
+      </listitem>
-        currently running involves no migration issues unless you want to take
+
-        advantage of an enhancement (for example, if you are running 1.4.10
+      <listitem>
-        and I release 1.4.11, your current configuration is 100% compatible
+        <para>A major release may have migration issues. These are listed in
-        with the new release).</para>
+        the release notes and on the <ulink url="upgrade_issues.htm">upgrade
+        issues page</ulink>.</para>
       </listitem>
 
       <listitem>
         <para>Support is available through the <ulink
         url="http://sourceforge.net/mail/?group_id=22587">Mailing List</ulink>
-        for the two or three most recent Stable Releases. Three releases are
+        for the two most recent Major Releases. Fixes will only be provided
-        supported when the Shorewall release in the Stable Debian distribution
+        for the last minor release in the previous Major Release. For example,
-        is two releases behind the current Shorewall development. In that
+        only 4.5.0 was released, the only fixes for major issues with 4.4.27
-        case, only the minor release in Stable is supported.</para>
+        would be released for the 4.4 series.</para>
       </listitem>
 
       <listitem>
-        <para>Odd numbered major releases (e.g., 2.1, 2.3, ...) are
+        <para>Once a minor release has been announced, work begins on the next
-        <firstterm>Development Releases</firstterm>. Development releases are
+        minor release. Periodic Beta releases are made available through
-        where new functionality is introduced. Documentation for new features
+        announcements on the Shorewall Development and Shorewall User mailing
-        will be available but it may not be up to the standards of the stable
+        lists. Those Beta releases are numberd w.x.y-Beta1, ...Beta2, etc.
-        release documentation. Sites running Development Releases should be
+        Support for the Beta releases is offered through the Shorewall
-        prepared to play an active role in testing new features. Bug fixes and
+        Development mailing list in the form of emailed patches. There is no
-        problem resolution for the development release take a back seat to
+        guarantee of compatability between one Beta release and the next as
-        support of the stable releases. Problem reports for the current
+        features are tweaked.</para>
-        development release should be sent to the <ulink
-        url="mailto:shorewall-devel@lists.shorewall.net">Shorewall Development
-        Mailing List</ulink>.</para>
       </listitem>
 
       <listitem>
-        <para>When the level of functionality of the current development
+        <para>When the next minor release is functionally complete, one or
-        release is judged adequate, the <firstterm>Beta period</firstterm> for
+        more <firstterm>release candidates</firstterm> are announced on the
-        a new Stable release will begin. Beta releases have identifications of
+        Shorewall Development and Shorewall User mailing lists. These release
-        the form <emphasis>x.y.0-BetaN</emphasis> where
+        candidates are numbered w.x.y-RC1, ...-RC2, etc.</para>
-        <emphasis>x.y</emphasis> is the number of the next Stable Release and
-        <emphasis>N</emphasis>=1,2,3... . Betas are expected to occur roughly
-        once per year. Beta releases may contain new functionality not present
-        in the previous beta release (e.g., 2.2.0-Beta4 may contain
-        functionality not present in 2.2.0-Beta3). When I'm confident that the
-        current Beta release is stable, I will release the first
-        <firstterm>Release Candidate</firstterm>. Release candidates have
-        identifications of the form <emphasis>x.y.0-RCn</emphasis> where
-        <emphasis>x.y</emphasis> is the number of the next Stable Release and
-        <emphasis>n</emphasis>=1,2,3... . Release candidates contain no new
-        functionality -- they only contain bug fixes. When the stability of
-        the current release candidate is judged to be sufficient then that
-        release candidate will be released as the new stable release (e.g.,
-        2.2.0). At that time, the new stable release and the prior stable
-        release are those that are supported.</para>
       </listitem>
 
       <listitem>
         <para>What does it mean for a major release to be
-        <firstterm>supported</firstterm>? It means that I will answer
+        <firstterm>supported</firstterm>? It means that that if a bug is
-        questions about the release and that if a bug is found, I will fix the
+        found, we will fix the bug and include the fix in the next minor
-        bug and include the fix in the next minor release.</para>
+        release.</para>
       </listitem>
 
       <listitem>
@@ -135,16 +120,8 @@
         four-level identification <emphasis>x.y.z.N</emphasis> where x.y.z is
         the minor release being fixed and N = 1.2.3...</para>
       </listitem>
-
-      <listitem>
-        <para>Additionally, bug fixes may be made available in the form of a
-        <firstterm>patch release</firstterm>. Patch releases have four-level
-        identifications (e.g., 4.0.6.1); the first three identify the minor
-        release and the fourth identifies the patch level.</para>
-      </listitem>
     </orderedlist>
 
-    <para>The currently-supported major releases are and 4.0.10., 4.2.x. and
+    <para>The currently-supported major releases are 4.4 and 4.5.</para>
-    4.4.x.</para>
   </section>
 </article>