Corrected sysconfig files

Removed unnecessary lines in sysconfig files

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.cli

@@ -3272,9 +3272,11 @@ show_interfaces() {
     local printed
 
     for f in ${VARDIR}/*.status; do
-	interface=$(basename $f)
-	echo "   Interface ${interface%.status} is $(interface_status $f)"
-	printed=Yes
+	if [ -f $f ]; then
+	    interface=$(basename $f)
+	    echo "   Interface ${interface%.status} is $(interface_status $f)"
+	    printed=Yes
+	fi
     done
 
     [ -n "$printed" ] && echo

Shorewall-lite/init.openwrt.sh

@@ -38,16 +38,13 @@
 
 # description: Packet filtering firewall
 
-# Product name variable
-PRODUCT=shorewall-lite
-+
 # Openwrt related
-# start and stop runlevel variable
+# Start and stop runlevel variable
 START=50
 STOP=89
-# variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument
+# Displays the status command
 EXTRA_COMMANDS="status"
-EXTRA_HELP="status displays shorewall status"
+EXTRA_HELP=" status Displays firewall status"
 
 ################################################################################
 # Get startup options (override default)
@@ -59,8 +56,8 @@ OPTIONS=
 #
 . /usr/share/shorewall/shorewallrc
 
-if [ -f ${SYSCONFDIR}/$PRODUCT ]; then
-    . ${SYSCONFDIR}/$PRODUCT
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+    . ${SYSCONFDIR}/shorewall-lite
 fi
 
 SHOREWALL_INIT_SCRIPT=1
@@ -68,7 +65,7 @@ SHOREWALL_INIT_SCRIPT=1
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
-# arg1 of init script is arg2 when rc.common is sourced; set to action variable
+# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
 command="$action"
 
 start() {
@@ -76,8 +73,8 @@ start() {
 }
 
 boot() {
-local command="start"
-start
+	local command="start"
+	start
 }
 
 restart() {
@@ -93,5 +90,5 @@ stop() {
 }
 
 status() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STATUSOPTIONS
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 }

Shorewall-lite/sysconfig

@@ -1,25 +1,26 @@
-# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
 
-# startup option(default "-vvv")
-OPTIONS=
+#
+# Start options
+#
+STARTOPTIONS=""
 
-# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
-START=50
+#
+# Restart options
+#
+RESTARTOPTIONS=""
 
-# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
-STOP=
+#
+# Reload options
+#
+RELOADOPTIONS=""
 
-# option to pass when shorewall start is executed
-STARTOPTIONS=
+#
+# Stop options
+#
+STOPOPTIONS=""
 
-# option to pass when shorewall restart is executed
-RESTARTOPTIONS=
-
-# option to pass when shorewall reload is executed
-RELOADOPTIONS=
-
-# option to pass when shorewall stop is executed
-STOPOPTIONS=
-
-# option to pass when shorewall status is executed
-STATUSOPTIONS=
+# EOF

Shorewall/Perl/Shorewall/Chains.pm

@@ -5753,8 +5753,6 @@ sub match_source_net( $;$\$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -5842,8 +5840,6 @@ sub imatch_source_net( $;$\$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -5928,8 +5924,6 @@ sub match_dest_net( $;$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & (PREROUTE_RESTRICT | INPUT_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -6011,8 +6005,6 @@ sub imatch_dest_net( $;$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & (PREROUTE_RESTRICT | INPUT_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -6215,7 +6207,7 @@ sub log_rule_limit( $$$$$$$$ ) {
 
     $matches .= ' ' if $matches && substr( $matches, -1, 1 ) ne ' ';
 
-    unless ( $matches =~ /-m limit / ) {
+    unless ( $matches =~ /-m (?:limit|hashlimit) / ) {
 	$limit = $globals{LOGLIMIT} unless $limit && $limit ne '-';
 	$matches .= $limit if $limit;
     }

Shorewall/Perl/Shorewall/Config.pm

@@ -185,6 +185,9 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       %helpers_aliases
 
 				       %actparms
+
+                                       PARMSMODIFIED
+                                       USEDCALLER
 				       
 		                       F_IPV4
 		                       F_IPV6
@@ -546,6 +549,7 @@ our %compiler_params;
 #
 our %actparms;
 our $parmsmodified;
+our $usedcaller;
 our $inline_matches;
 
 our $currentline;            # Current config file line image
@@ -596,6 +600,9 @@ use constant { MIN_VERBOSITY => -1,
 	       F_IPV6 => 6,
 	     };
 
+use constant { PARMSMODIFIED => 1,
+               USEDCALLER    => 2 };
+
 our %validlevels;            # Valid log levels.
 
 #
@@ -1045,6 +1052,7 @@ sub initialize( $;$$) {
 
     %actparms = ( 0 => 0, loglevel => '', logtag => '', chain => '', disposition => '', caller => ''  );
     $parmsmodified = 0;
+    $usedcaller    = 0;
 
     %helpers_enabled = (
 			amanda       => 1,
@@ -2502,7 +2510,7 @@ sub evaluate_expression( $$$ ) {
 	    my ( $first, $var, $rest ) = ( $1, $3, $4);
 	    $var = numeric_value( $var ) if $var =~ /^\d/;
 	    $val = $var ? $actparms{$var} : $chain;
-	    $parmsmodified ||= $var eq 'caller';
+	    $usedcaller = USEDCALLER if $var eq 'caller';
 	    $expression = join_parts( $first, $val, $rest );
 	    directive_error( "Variable Expansion Loop" , $filename, $linenumber ) if ++$count > 100;
 	}
@@ -2639,7 +2647,7 @@ sub process_compiler_directive( $$$$ ) {
 		      my $val = $actparms{$var} = evaluate_expression ( $expression,
 									$filename,
 									$linenumber );
-		      $parmsmodified = 1;
+		      $parmsmodified = PARMSMODIFIED;
 		  } else {
 		      $variables{$2} = evaluate_expression( $expression,
 							    $filename,
@@ -3174,11 +3182,13 @@ sub push_action_params( $$$$$$ ) {
     my ( $action, $chainref, $parms, $loglevel, $logtag, $caller ) = @_;
     my @parms = ( undef , split_list3( $parms , 'parameter' ) );
 
-    $actparms{modified} = $parmsmodified;
+    $actparms{modified}   = $parmsmodified;
+    $actparms{usedcaller} = $usedcaller;
 
     my %oldparms = %actparms;
 
     $parmsmodified = 0;
+    $usedcaller    = 0;
 
     %actparms = ();
 
@@ -3204,13 +3214,16 @@ sub push_action_params( $$$$$$ ) {
 
 #
 # Pop the action parameters using the passed hash reference
-# Return true of the popped parameters were modified
+# Return:
+#   1 if the popped parameters were modified
+#   2 if the action used @CALLER
 #
 sub pop_action_params( $ ) {
     my $oldparms       = shift;
     %actparms          = %$oldparms;
-    my $return         = $parmsmodified;
-    ( $parmsmodified ) = delete $actparms{modified};
+    my $return         = $parmsmodified | $usedcaller;
+    ( $parmsmodified ) = delete $actparms{modified}   || 0;
+    ( $usedcaller )    = delete $actparms{usedcaller} || 0;
     $return;
 }
 
@@ -3305,6 +3318,7 @@ sub expand_variables( \$ ) {
 	    $val = $variables{$var};
 	} elsif ( exists $actparms{$var} ) { 
 	    $val = $actparms{$var};
+	    $usedcaller = USEDCALLER if $var eq 'caller';
 	} else {
 	    fatal_error "Undefined shell variable (\$$var)" unless $config{IGNOREUNKNOWNVARIABLES} || exists $config{$var};
 	}
@@ -3323,6 +3337,7 @@ sub expand_variables( \$ ) {
 	while ( $$lineref =~ m( ^(.*?) \@({)? (\d+|[a-zA-Z_]\w*) (?(2)}) (.*)$ )x ) {
 	    my ( $first, $var, $rest ) = ( $1, $3, $4);
 	    my $val = $var ? $actparms{$var} : $actparms{chain};
+	    $usedcaller = USEDCALLER if $var eq 'caller';
 	    $val = '' unless defined $val;
 	    $$lineref = join( '', $first , $val , $rest );
 	    fatal_error "Variable Expansion Loop" if ++$count > 100;

Shorewall/Perl/Shorewall/Raw.pm

@@ -36,7 +36,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_conntrack );
 our @EXPORT_OK = qw( handle_helper_rule );
-our $VERSION = '4.6_10';
+our $VERSION = 'MODULEVERSION';
 
 our %valid_ctevent = ( new        => 1,
 		       related    => 1,

Shorewall/Perl/Shorewall/Rules.pm

@@ -79,6 +79,10 @@ use constant { NULL_SECTION          => 0x00,
 	       NEW_SECTION           => 0x40,
 	       DEFAULTACTION_SECTION => 0x80 };
 #
+# Number of elements in the action tuple
+#
+use constant { ACTION_TUPLE_ELEMENTS => 5 };
+#
 # Section => name function 
 #
 our %section_functions = ( ALL_SECTION ,        \&rules_chain,
@@ -424,6 +428,7 @@ sub print_policy($$$$) {
 sub use_policy_action( $$ );
 sub normalize_action( $$$ );
 sub normalize_action_name( $ );
+sub normalize_single_action( $ );
 
 sub process_default_action( $$$$ ) {
     my ( $originalpolicy, $policy, $default, $level ) = @_;
@@ -441,7 +446,7 @@ sub process_default_action( $$$$ ) {
 	if ( "\L$default" eq 'none' ) {
 	    if ( supplied $param || ( supplied $level && $level ne 'none' ) ) {
 		if ( $default_option ) {
-		    fatal_error "Invalid setting (originalpolicy) for $policy";
+		    fatal_error "Invalid setting ($originalpolicy) for $policy";
 		} else {
 		    fatal_error "Invalid policy ($originalpolicy)";
 		}
@@ -560,7 +565,7 @@ sub process_a_policy() {
 
     require_capability 'AUDIT_TARGET', ":audit", "s" if $audit;
 
-    my ( $policy, $default, $level, $remainder ) = split( /:/, $originalpolicy, 4 );
+    my ( $policy, $default, $level, undef, $remainder ) = split( /:/, $originalpolicy, ACTION_TUPLE_ELEMENTS );
 
     fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy;
 
@@ -944,7 +949,7 @@ sub complete_standard_chain ( $$$$ ) {
 	( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' };
 	$stdchainref->{origin} = $policychainref->{origin};
     } elsif ( $defaultaction !~ /:/ ) {
-	$defaultaction = join(":", $defaultaction, 'none', '', '' );
+	$defaultaction = normalize_single_action( $defaultaction );
     }
 
 
@@ -1169,14 +1174,15 @@ sub finish_section ( $ ) {
 #
 # Create a normalized action name from the passed pieces.
 #
-# Internally, action invocations are uniquely identified by a 4-tuple that
-# includes the action name, log level, log tag and params. The pieces of the tuple
-# are separated by ":".
+# Internally, action invocations are uniquely identified by a 5-tuple that
+# includes the action name, log level, log tag, calling chain and params.
+# The pieces of the tuple are separated by ":".
 #
 sub normalize_action( $$$ ) {
     my $action = shift;
     my $level  = shift;
     my $param  = shift;
+    my $caller = '';     #We assume that the function doesn't use @CALLER
 
     ( $level, my $tag ) = split ':', $level;
 
@@ -1185,13 +1191,23 @@ sub normalize_action( $$$ ) {
     $param = ''     unless defined $param;
     $param = ''     if $param eq '-';
 
-    join( ':', $action, $level, $tag, $param );
+    join( ':', $action, $level, $tag, $caller, $param );
+}
+
+#
+# Add the actual caller into an existing normalised name
+#
+sub insert_caller($$) {
+    my ( $normalized, $caller ) = @_;
+
+    my ( $action, $level, $tag, undef, $param ) = split /:/, $normalized;
+
+    join( ':', $action, $level, $tag, $caller, $param );
 }
 
 #
 # Accepts a rule target and returns a normalized tuple
 #
-
 sub normalize_action_name( $ ) {
     my $target = shift;
     my ( $action, $loglevel) = split_action $target;
@@ -1199,11 +1215,18 @@ sub normalize_action_name( $ ) {
     normalize_action( $action, $loglevel, '' );
 }
 
+#
+# Create an action tuple from a single target name
+#
+sub normalize_single_action( $ ) {
+    join(":", $_[0], 'none', '', '', '' );
+}
+
 #
 # Produce a recognizable target from a normalized action
 #
 sub external_name( $ ) {
-    my ( $target, $level, $tag, $params ) = split /:/, shift, 4;
+    my ( $target, $level, $tag, undef, $params ) = split /:/, shift, ACTION_TUPLE_ELEMENTS;
 
     $target  = join( '', $target, '(', $params , ')' ) if $params;
     $target .= ":$level" if $level && $level ne 'none';
@@ -1333,7 +1356,7 @@ sub createsimpleactionchain( $ ) {
 sub createactionchain( $ ) {
     my $normalized = shift;
 
-    my ( $target, $level, $tag, $param ) = split /:/, $normalized, 4;
+    my ( $target, $level, $tag, $caller, $param ) = split /:/, $normalized, ACTION_TUPLE_ELEMENTS;
 
     assert( defined $param );
 
@@ -1689,11 +1712,15 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
 #
 # Populate an action invocation chain. As new action tuples are encountered,
 # the function will be called recursively by process_rule().
+# 
+# Note that the first two parameters are passed by reference and may be
+# modified by this function.
 #
-sub process_action($$) {
-    my ( $chainref, $caller ) = @_;
-    my $wholeaction = $chainref->{action};
-    my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
+sub process_action(\$\$$) {
+    my ( $wholeactionref, $chainrefref, $caller ) = @_;
+    my $wholeaction = ${$wholeactionref};
+    my $chainref    = ${$chainrefref};
+    my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
 
     if ( $targets{$action} & BUILTIN ) {
 	$level = '' if $level =~ /none!?/;
@@ -1771,10 +1798,48 @@ sub process_action($$) {
 
     #
     # Pop the action parameters
-    # Caller should delete record of this chain if the action parameters
-    # were modified (and this function returns true
     #
-    pop_action_params( $oldparms );
+    if ( ( my $result = pop_action_params( $oldparms ) ) & PARMSMODIFIED ) {
+	#
+	# The action modified its parameters -- delete it from %usedactions
+	#
+	delete $usedactions{$wholeaction};
+    } elsif ( $result & USEDCALLER ) {
+	#
+	# The chain uses @CALLER but doesn't modify the action parameters.
+	# We need to see if this caller has already invoked this action
+	#
+	my $renormalized_action = insert_caller( $wholeaction, $caller );
+	my $chain1ref           = $usedactions{$renormalized_action};
+
+	if ( $chain1ref ) {
+	    #
+	    # It has -- use the prior chain
+	    #
+	    ${$chainrefref} = $chain1ref;
+	    #
+	    # We leave the new chain in place but delete it from %usedactions below
+	    # The optimizer will drop it from the final ruleset.
+	    #
+	} else {
+	    #
+	    # This is the first time that the current chain has invoked this action
+	    #
+	    $usedactions{$renormalized_action} = $chainref;
+	    #
+	    # Update the action member
+	    #
+	    $chainref->{action} = $renormalized_action;
+	}
+	#
+	# Delete the usedactions entry with the original normalized key
+	#
+	delete $usedactions{$wholeaction};
+	#
+	# New normalized target
+	#
+	${$wholeactionref} = $renormalized_action;
+    }
 }
 
 #
@@ -1907,11 +1972,14 @@ sub process_actions() {
 # Create a policy action if it doesn't already exist
 #
 sub use_policy_action( $$ ) {
-    my $ref = use_action( $_[0] );
+    my ( $normalized_target, $caller ) = @_;
+
+    my $ref = use_action( $normalized_target );
+
     if ( $ref ) {
-	delete $usedactions{$ref->{action}} if process_action( $ref, $_[1] );
+	process_action( $normalized_target, $ref, $caller );
     } else {
-	$ref = $usedactions{$_[0]};
+	$ref = $usedactions{$normalized_target};
     }
 
     $ref;
@@ -2661,7 +2729,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     #
     # Handle actions
     #
-    my $delete_action;
+    my $actionchain; #Name of the action chain
 
     if ( $actiontype & ACTION ) {
 	#
@@ -2677,18 +2745,29 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    #
 	    my $savestatematch = $statematch;
 	    $statematch        = '';
-
-	    $delete_action = process_action( $ref, $chain );
+	    #
+	    # process_action may modify both $normalized_target and $ref!!!
+	    #
+	    process_action( $normalized_target, $ref, $chain );
+	    #
+	    # Capture the name of the action chain
+	    #
+	    $actionchain = $ref->{name};
 	    #
 	    # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
 	    #
 	    #    - Refresh $actiontype
 	    #    - Create the associated nat and/or table chain if appropriate.
 	    #
-	    ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = $targets{$basictarget} ) & NATRULE;
-	    ensure_chain( 'raw', $ref->{name} ) if ( $actiontype & HELPER );
+	    ensure_chain( 'nat', $actionchain ) if ( $actiontype = $targets{$basictarget} ) & NATRULE;
+	    ensure_chain( 'raw', $actionchain ) if ( $actiontype & HELPER );
 
 	    $statematch = $savestatematch;
+	} else {
+	    #
+	    # We've seen this tuple before
+	    #
+	    $actionchain = $usedactions{$normalized_target}->{name};
 	}
 
 	$action = $basictarget; # Remove params, if any, from $action.
@@ -2808,7 +2887,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 			    $ports,
 			    $sports,
 			    $sourceref,
-			    ( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '',
+			    ( $actiontype & ACTION ) ? $actionchain : '',
 			    $inchain ? $chain : '' ,
 			    $user ,
 			    $rule ,
@@ -2830,7 +2909,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 				     $proto,
 				     $ports,
 				     $origdest,
-				     ( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '',
+				     ( $actiontype & ACTION ) ? $actionchain : '',
 				     $action,
 				     $sourceref,
 				     $inaction ? $chain : '',
@@ -2887,7 +2966,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     unless ( $actiontype & NATONLY ) {
 
 	if ( $actiontype & ACTION ) {
-	    $action = $usedactions{$normalized_target}{name};
+	    $action = $actionchain;
 	    $loglevel = '';
 	}
 
@@ -2918,8 +2997,6 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    unless unreachable_warning( $wildcard || $section == DEFAULTACTION_SECTION, $chainref );
     }
 
-    delete $usedactions{$normalized_target} if $delete_action;
-
     return 1;
 }
 

Shorewall/Perl/Shorewall/Tc.pm

@@ -2954,7 +2954,9 @@ sub process_traffic_shaping() {
 
 			my ( $options, $redopts ) = ( '', $tcref->{redopts} );
 
-			while ( my ( $option, $type ) = each %validredoptions ) {
+			for my $option ( sort keys %validredoptions ) {
+			    my $type = $validredoptions{$option};
+
 			    if ( my $value = $redopts->{$option} ) {
 				if ( $type == RED_NONE ) {
 				    $options = join( ' ', $options, $option ) if $value;
@@ -2971,7 +2973,9 @@ sub process_traffic_shaping() {
 
 			my ( $options, $codelopts ) = ( '', $tcref->{codelopts} );
 
-			while ( my ( $option, $type ) = each %validcodeloptions ) {
+			for my $option ( sort keys %validcodeloptions ) {
+			    my $type = $validcodeloptions{$option};
+
 			    if ( my $value = $codelopts->{$option} ) {
 				if ( $type == CODEL_NONE ) {
 				    $options = join( ' ', $options, $option );

Shorewall/install.sh

@@ -322,6 +322,9 @@ if [ $PRODUCT = shorewall ]; then
 		exit 1;
 	    fi
 
+	    cp -af Perl/Shorewall/Chains.pm Perl/Shorewall/Chains.pm.bak
+	    cp -af Perl/Shorewall/Config.pm Perl/Shorewall/Config.pm.bak
+
 	    eval sed -i \'s/Digest::SHA/Digest::$DIGEST/\' Perl/Shorewall/Chains.pm
 	    eval sed -i \'s/Digest::SHA/Digest::$DIGEST/\' Perl/Shorewall/Config.pm
 	fi
@@ -332,6 +335,9 @@ if [ $PRODUCT = shorewall ]; then
 	DIGEST=SHA
 	if ! perl -e 'use Digest::SHA;' 2> /dev/null ; then
 	    if perl -e 'use Digest::SHA1;' 2> /dev/null ; then
+		cp -af Perl/Shorewall/Chains.pm Perl/Shorewall/Chains.pm.bak
+		cp -af Perl/Shorewall/Config.pm Perl/Shorewall/Config.pm.bak
+
 		sed -i 's/Digest::SHA/Digest::SHA1/' Perl/Shorewall/Chains.pm
 		sed -i 's/Digest::SHA/Digest::SHA1/' Perl/Shorewall/Config.pm
 		DIGEST=SHA1
@@ -1115,6 +1121,10 @@ if [ -d Perl ]; then
 	install_file $f ${DESTDIR}${PERLLIBDIR}/$f 0644
 	echo "Module ${f%.*} installed as ${DESTDIR}${PERLLIBDIR}/$f"
     done
+
+    [ -f Perl/Shorewall/Chains.pm.bak ] && mv Perl/Shorewall/Chains.pm.bak Perl/Shorewall/Chains.pm
+    [ -f Perl/Shorewall/Config.pm.bak ] && mv Perl/Shorewall/Config.pm.bak Perl/Shorewall/Config.pm
+
     #
     # Install the program skeleton files
     #

Shorewall/sysconfig

@@ -1,25 +1,26 @@
-# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
 
-# startup option(default "-vvv")
-OPTIONS=
+#
+# Start options
+#
+STARTOPTIONS=""
 
-# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
-START=50
+#
+# Restart options
+#
+RESTARTOPTIONS=""
 
-# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
-STOP=
+#
+# Reload options
+#
+RELOADOPTIONS=""
 
-# option to pass when shorewall start is executed
-STARTOPTIONS=
+#
+# Stop options
+#
+STOPOPTIONS=""
 
-# option to pass when shorewall restart is executed
-RESTARTOPTIONS=
-
-# option to pass when shorewall reload is executed
-RELOADOPTIONS=
-
-# option to pass when shorewall stop is executed
-STOPOPTIONS=
-
-# option to pass when shorewall status is executed
-STATUSOPTIONS=
+# EOF

Shorewall6-lite/init.openwrt.sh

@@ -39,13 +39,13 @@
 
 # description: Packet filtering firewall
 
-# openwrt stuph
-# start and stop runlevel variable
+# Openwrt related
+# Start and stop runlevel variable
 START=50
 STOP=89
-# variable to display what the status command do when /etc/init.d/shorewall6-lite is invoke without argument
+# Displays the status command
 EXTRA_COMMANDS="status"
-EXTRA_HELP="status displays shorewall status"
+EXTRA_HELP=" status Displays firewall status"
 
 ################################################################################
 # Get startup options (override default)
@@ -57,8 +57,8 @@ OPTIONS=
 #
 . /usr/share/shorewall/shorewallrc
 
-if [ -f ${SYSCONFDIR}/$PRODUCT ]; then
-    . ${SYSCONFDIR}/$PRODUCT
+if [ -f ${SYSCONFDIR}/shorewall6-lite ]; then
+    . ${SYSCONFDIR}/shorewall6-lite
 fi
 
 SHOREWALL_INIT_SCRIPT=1
@@ -66,7 +66,7 @@ SHOREWALL_INIT_SCRIPT=1
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
-# arg1 of init script is arg2 when rc.common is sourced; set to action variable
+# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
 command="$action"
 
 start() {
@@ -74,8 +74,8 @@ start() {
 }
 
 boot() {
-local command="start"
-start
+	local command="start"
+	start
 }
 
 restart() {
@@ -91,5 +91,5 @@ stop() {
 }
 
 status() {
-	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $STATUSOPTIONS
+	exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
 }

Shorewall6-lite/sysconfig

@@ -1,25 +1,26 @@
-# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
 
-# startup option(default "-vvv")
-OPTIONS=
+#
+# Start options
+#
+STARTOPTIONS=""
 
-# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
-START=50
+#
+# Restart options
+#
+RESTARTOPTIONS=""
 
-# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
-STOP=
+#
+# Reload options
+#
+RELOADOPTIONS=""
 
-# option to pass when shorewall start is executed
-STARTOPTIONS=
+#
+# Stop options
+#
+STOPOPTIONS=""
 
-# option to pass when shorewall restart is executed
-RESTARTOPTIONS=
-
-# option to pass when shorewall reload is executed
-RELOADOPTIONS=
-
-# option to pass when shorewall stop is executed
-STOPOPTIONS=
-
-# option to pass when shorewall status is executed
-STATUSOPTIONS=
+# EOF

Shorewall6/sysconfig

@@ -1,25 +1,26 @@
-# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
 
-# startup option(default "-vvv")
-OPTIONS=
+#
+# Start options
+#
+STARTOPTIONS=""
 
-# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
-START=50
+#
+# Restart options
+#
+RESTARTOPTIONS=""
 
-# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
-STOP=
+#
+# Reload options
+#
+RELOADOPTIONS=""
 
-# option to pass when shorewall start is executed
-STARTOPTIONS=
+#
+# Stop options
+#
+STOPOPTIONS=""
 
-# option to pass when shorewall restart is executed
-RESTARTOPTIONS=
-
-# option to pass when shorewall reload is executed
-RELOADOPTIONS=
-
-# option to pass when shorewall stop is executed
-STOPOPTIONS=
-
-# option to pass when shorewall status is executed
-STATUSOPTIONS=
+# EOF

docs/dhcp.xml

@@ -72,9 +72,9 @@
 
       <listitem>
         <para>If you set 'ping-check' true in your
-        <filename>/etc/shorewall/dhcpd.conf</filename> file then you will want
-        to <ulink url="ping.html">accept 'ping'</ulink> from your firewall to
-        the zone(s) served by the firewall's DHCP server.</para>
+        <filename>/etc/dhcp/dhcpd.conf</filename> file then you will want to
+        <ulink url="ping.html">accept 'ping'</ulink> from your firewall to the
+        zone(s) served by the firewall's DHCP server.</para>
       </listitem>
     </itemizedlist>
   </section>