Fix syntax error in the generated script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Correct issues with debugging the generated script
2012-03-06 09:14:06 -08:00 · 2012-03-05 15:55:25 -08:00 · 2012-02-29 15:04:17 -08:00 · 2012-02-25 08:28:15 -08:00 · 2012-02-25 07:51:55 -08:00 · 2012-02-25 07:40:47 -08:00
629 changed files with 23367 additions and 57040 deletions
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----

 -----------------------------------------------------------------------------
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,242 +0,0 @@
-#!/bin/bash
-#
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
-#
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       Usage: ./configure [ <option>=<setting> ] ...
-#
-#
-################################################################################################
-#
-# Build updates this
-#
-VERSION=4.6.12
-
-case "$BASH_VERSION" in
-    [4-9].*)
-	;;
-    *)
-	echo "ERROR: This program requires Bash 4.0 or later" >&2
-	exit 1
-	;;
-esac
-
-declare -A params
-declare -A options
-
-getfileparams() {
-    while read option; do
-	case $option in
-	    \#*)
-		;;
-	    *)
-		on=${option%=*}
-		ov=${option#*=}
-		ov=${ov%#*}
-		[ -n "$on" ] && options[${on}]="${ov}"
-		;;
-	esac
-
-    done
-
-    return 0
-}
-
-for p in $@; do
-
-    if [ -n "${p}" ]; then
-	declare -u pn
-
-	pn=${p%=*}
-	pn=${pn#--}
-	pv=${p#*=}
-
-	if [ -n "${pn}" ]; then
-
-	    case ${pn} in
-		VENDOR)
-		    pn=HOST
-		    ;;
-		SHAREDSTATEDIR)
-		    pn=VARLIB
-		    ;;
-		DATADIR)
-		    pn=SHAREDIR
-		    ;;
-	    esac
-
-	    params[${pn}]="${pv}"
-	else
-	    echo "ERROR: Invalid option ($p)" >&2
-	    exit 1
-	fi
-    fi
-done
-
-cd $(dirname $0)
-
-vendor=${params[HOST]}
-
-if [ -z "$vendor" ]; then
-    if [ -f /etc/os-release ]; then
-	eval $(cat /etc/os-release | grep ^ID=)
-
-	case $ID in
-	    fedora|rhel)
-		vendor=redhat
-		;;
-	    debian|ubuntu)
-		vendor=debian
-		;;
-	    opensuse)
-		vendor=suse
-		;;
-	    *)
-		vendor="$ID"
-		;;
-	esac
-
-	params[HOST]="$vendor"
-    fi
-fi
-
-if [ -z "$vendor" ]; then
-    case `uname` in
-	Darwin)
-	    params[HOST]=apple
-	    rcfile=shorewallrc.apple
-	    ;;
-	cygwin*|CYGWIN*)
-	    params[HOST]=cygwin
-	    rcfile=shorewallrc.cygwin
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		params[HOST]=debian
-		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
-	    elif [ -f /etc/redhat-release ]; then
-		params[HOST]=redhat
-		rcfile=shorewallrc.redhat
-	    elif [ -f /etc/slackware-version ] ; then
-		params[HOST]=slackware
-		rcfile=shorewallrc.slackware
-	    elif [ -f /etc/SuSE-release ]; then
-		params[HOST]=suse
-		rcfile=shorewallrc.suse
-	    elif [ -f /etc/arch-release ] ; then
-		params[HOST]=archlinux
-		rcfile=shorewallrc.archlinux
-	    elif [ -f /etc/openwrt_release ]; then
-		params[HOST]=openwrt
-		rcfile=shorewallrc.openwrt
-	    else
-		params[HOST]=linux
-		rcfile=shorewallrc.default
-	    fi
-	    ;;
-    esac
-    vendor=${params[HOST]}
-else
-    if [ $vendor = linux ]; then
-	rcfile=shorewallrc.default;
-    elif [ $vendor = debian -a -f /etc/debian_version ]; then
-	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
-    else
-	rcfile=shorewallrc.$vendor
-    fi
-
-    if [ ! -f $rcfile ]; then
-	echo "ERROR: $vendor is not a recognized host type" >&2
-	exit 1
-    elif [ $vendor = default ]; then
-	params[HOST]=linux
-	vendor=linux
-    elif [[ $vendor == debian.* ]]; then
-	params[HOST]=debian
-	vendor=debian
-    fi
-fi
-
-if [ $vendor = linux ]; then
-    echo "INFO: Creating a generic Linux installation - " `date`;
-else
-    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
-fi
-
-echo
-
-getfileparams < $rcfile || exit 1
-
-for p in ${!params[@]}; do
-    options[${p}]="${params[${p}]}"
-done
-
-echo '#'                                                                 > shorewallrc
-echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
-echo "# rc file: $rcfile"                                               >> shorewallrc
-echo '#'                                                                >> shorewallrc
-
-if [ $# -gt 0 ]; then
-    echo "# Input: $@" >> shorewallrc
-    echo '#'           >> shorewallrc
-fi
-
-if [ -n "${options[VARLIB]}" ]; then
-    if [ -z "${options[VARDIR]}" ]; then
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-elif [ -n "${options[VARDIR]}" ]; then
-    if [ -z "{$options[VARLIB]}" ]; then
-	options[VARLIB]=${options[VARDIR]}
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-fi
-
-if [ -z "${options[SERVICEDIR]}" ]; then
-    options[SERVICEDIR]="${options[SYSTEMD]}"
-fi
-
-for on in \
-    HOST \
-    PREFIX \
-    SHAREDIR \
-    LIBEXECDIR \
-    PERLLIBDIR \
-    CONFDIR \
-    SBINDIR \
-    MANDIR \
-    INITDIR \
-    INITSOURCE \
-    INITFILE \
-    AUXINITSOURCE \
-    AUXINITFILE \
-    SERVICEDIR \
-    SERVICEFILE \
-    SYSCONFFILE \
-    SYSCONFDIR \
-    SPARSE \
-    ANNOTATED \
-    VARLIB \
-    VARDIR
-do
-    echo "$on=${options[${on}]}"
-    echo "$on=${options[${on}]}" >> shorewallrc
-done
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -1,222 +0,0 @@
-#! /usr/bin/perl -w
-#
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
-#
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       Usage: ./configure.pl <option>=<setting> ...
-#
-#
-################################################################################################
-use strict;
-
-#
-# Build updates this
-#
-use constant {
-    VERSION => '4.6.12'
-};
-
-my %params;
-my %options;
-
-my %aliases = ( VENDOR         => 'HOST',
-		SHAREDSTATEDIR => 'VARLIB',
-		DATADIR        => 'SHAREDIR' );
-
-for ( @ARGV ) {
-    die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
-
-    my $pn = uc $1;
-    my $pv = $2 || '';
-
-    $pn = $aliases{$pn} if exists $aliases{$pn};
-
-    $params{$pn} = $pv;
-}
-
-use File::Basename;
-chdir dirname($0);
-
-my $vendor = $params{HOST};
-my $rcfile;
-my $rcfilename;
-
-unless ( defined $vendor ) {
-    if ( -f '/etc/os-release' ) {
-	my $id = `cat /etc/os-release | grep ^ID=`;
-
-	chomp $id;
-
-	$id =~ s/ID=//;
-	
-	if ( $id eq 'fedora' || $id eq 'rhel' ) {
-	    $vendor = 'redhat';
-	} elsif ( $id eq 'opensuse' ) {
-	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
-	    my $init = `ls -l /sbin/init`;
-	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
-	} else {
-	    $vendor = $id;
-	}
-    }
-
-    $params{HOST} = $vendor;
-    $params{HOST} =~ s/\..*//;
-}
-
-if ( defined $vendor ) {
-    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
-	if ( -l '/sbin/init' ) {
-	    if ( readlink('/sbin/init') =~ /systemd/ ) {
-		$rcfilename = 'shorewallrc.debian.systemd';
-	    } else {
-		$rcfilename = 'shorewallrc.debian.sysvinit';
-	    }
-	} else {
-	    $rcfilename = 'shorewallrc.debian.sysvinit';
-	}
-    } else {
-	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
-    }
-
-    unless ( -f $rcfilename ) {
-	die qq("ERROR: $vendor" is not a recognized host type);
-    } elsif ( $vendor eq 'default' ) {
-	$params{HOST} = $vendor = 'linux';
-    } elsif ( $vendor =~ /^debian\./ ) {
-	$params{HOST} = $vendor = 'debian';
-    }
-} else {
-    if ( -f '/etc/debian_version' ) {
-	$vendor = 'debian';
-	if ( -l '/sbin/init' ) {
-	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
-		$rcfilename = 'shorewallrc.debian.systemd';
-	    } else {
-		$rcfilename = 'shorewallrc.debian.sysvinit';
-	    }
-	} else {
-	    $rcfilename = 'shorewallrc.debian.sysvinit';
-	}
-    } elsif ( -f '/etc/redhat-release' ){
-	$vendor = 'redhat';
-	$rcfilename = 'shorewallrc.redhat';
-    } elsif ( -f '/etc/slackware-version' ) {
-	$vendor = 'slackware';
-	$rcfilename = 'shorewallrc.slackware';
-    } elsif ( -f '/etc/SuSE-release' ) {
-	$vendor = 'suse';
-	$rcfilename = 'shorewallrc.suse';
-    } elsif ( -f '/etc/arch-release' ) {
-	$vendor = 'archlinux';
-	$rcfilename = 'shorewallrc.archlinux';
-    } elsif ( `uname` =~ '^Darwin' ) {
-	$vendor = 'apple';
-	$rcfilename = 'shorewallrc.apple';
-    } elsif ( `uname` =~ /^Cygwin/i ) {
-	$vendor = 'cygwin';
-	$rcfilename = 'shorewallrc.cygwin';
-    } else {
-	$vendor = 'linux';
-	$rcfilename = 'shorewallrc.default';
-    }
-
-    $params{HOST} = $vendor;
-}
-
-my @localtime = localtime;
-my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
-
-if ( $vendor eq 'linux' ) {
-    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
-} else {
-    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
-}
-
-open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
-
-while ( <$rcfile> ) {
-    s/\s*#.*//;
-    unless ( /^\s*$/ ) {
-	chomp;
-	die "ERROR: Invalid entry ($_) in $rcfilename, line $." unless /\s*(\w+)=(.*)/;
-	$options{$1} = $2;
-    }
-}
-
-close $rcfile;
-
-while ( my ( $p, $v ) = each %params ) {
-    $options{$p} = ${v};
-}
-
-my $outfile;
-
-open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
-
-printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
-print $outfile "# rc file: $rcfilename\n#\n";
-
-print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
-
-if ( $options{VARLIB} ) {
-    unless ( $options{VARDIR} ) {
-	$options{VARDIR} = '${VARLIB}/${PRODUCT}';
-    }
-} elsif ( $options{VARDIR} ) {
-    $options{VARLIB} = $options{VARDIR};
-    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
-}
-
-$options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
-
-for ( qw/ HOST
-	  PREFIX
-	  SHAREDIR
-	  LIBEXECDIR
-	  PERLLIBDIR
-	  CONFDIR
-	  SBINDIR
-	  MANDIR
-	  INITDIR
-	  INITSOURCE
-	  INITFILE
-	  AUXINITSOURCE
-	  AUXINITFILE
-	  SERVICEDIR
-	  SERVICEFILE
-	  SYSCONFFILE
-	  SYSCONFDIR
-	  SPARSE
-	  ANNOTATED
-	  VARLIB
-	  VARDIR / ) {
-
-    my $val = $options{$_} || '';
-
-    print          "$_=$val\n";
-    print $outfile "$_=$val\n";
-}
-
-close $outfile;
-
-1;
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,46 +2,39 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

 VERSION=xxx #The Build script inserts the actual version

-PRODUCT=shorewall-core
-Product="Shorewall Core"
- 
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ] "
+    echo "usage: $ME"
    echo "       $ME -v"
    echo "       $ME -h"
+    echo "       $ME -s"
+    echo "       $ME -f"
    exit $1
 }

-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 split() {
    local ifs
    ifs=$IFS
@@ -69,6 +62,15 @@ mywhich() {
    return 2
 }

+run_install()
+{
+    if ! install $*; then
+	echo
+	echo "ERROR: Failed to install $*" >&2
+	exit 1
+    fi
+}
+
 cant_autostart()
 {
    echo
@@ -82,35 +84,72 @@ delete_file() # $1 = file to delete

 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
-	fi
-    fi
-
-    echo "ERROR: Failed to install $2" >&2
-    exit 1
+    run_install $T $OWNERSHIP -m $3 $1 ${2}
 }

-require()
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
-}
-
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
+[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"

 #
 # Parse the run line
 #
+# ARGS is "yes" if we've already parsed an argument
+#
+T="-T"
+
+[ -n "${LIBEXEC:=/usr/share}" ]
+[ -n "${PERLLIB:=/usr/share/shorewall}" ]
+MACHOST=
+
+case "$LIBEXEC" in
+    /*)
+	;;
+    *)
+	LIBEXEC=/usr/${LIBEXEC}
+	;;
+esac
+
+case "$PERLLIB" in
+    /*)
+	;;
+    *)
+	PERLLIB=/usr/${PERLLIB}
+	;;
+esac
+
+INSTALLD='-D'
+
+case $(uname) in
+    CYGWIN*)
+	if [ -z "$DESTDIR" ]; then
+	    DEST=
+	    INIT=
+	fi
+
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+	CYGWIN=Yes
+	;;
+    Darwin)
+	if [ -z "$DESTDIR" ]; then
+	    DEST=
+	    INIT=
+	fi
+
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	MAC=Yes
+        MACHOST=Yes
+	INSTALLD=
+	T=
+	;;
+    *)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
+	;;
+esac
+
+OWNERSHIP="-o $OWNER -g $GROUP"
+
 finished=0

 while [ $finished -eq 0 ]; do
@@ -119,7 +158,7 @@ while [ $finished -eq 0 ]; do
    case "$option" in
 	-*)
 	    option=${option#-}
-
+	    
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
@@ -129,6 +168,14 @@ while [ $finished -eq 0 ]; do
 			echo "Shorewall Firewall Installer Version $VERSION"
 			exit 0
 			;;
+		    a*)
+			ANNOTATED=Yes
+			option=${option#a}
+			;;
+		    p*)
+			ANNOTATED=
+			option=${option#p}
+			;;
 		    *)
 			usage 1
 			;;
@@ -138,288 +185,102 @@ while [ $finished -eq 0 ]; do
 	    shift
 	    ;;
 	*)
+	    [ -n "$option" ] && usage 1
 	    finished=1
 	    ;;
    esac
 done

-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-	file=./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-	file=/usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file || exit 1
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-update=0
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=1
-elif [ -z "${VARDIR}" ]; then
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=2
-fi
-
-for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
-done
-
-[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
-
-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*|CYGWIN*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
-
-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f /etc/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f /etc/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f /etc/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f /etc/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    cygwin*)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	fi
-
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
-	;;
-    apple)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	    SPARSE=Yes
-	fi
-
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
-	;;
-esac
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 #
 # Determine where to install the firewall script
 #

-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    cygwin)
-	echo "Installing Cygwin-specific configuration..."
-	;;
-    apple)
-	echo "Installing Mac-specific configuration...";
-	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
-	;;
-    *)
-	echo "ERROR: Unknown HOST \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-if [ -z "$file" ]; then
-    if $HOST = linux; then
-	file=shorewallrc.default
-    else
-	file=shorewallrc.${HOST}
-    fi
-
-    echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
-    echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
-    echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
-    echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
-    echo "" >&2
-    echo "Example:" >&2
-    echo "" >&2
-    echo "   ./install.sh $file" &>2
-fi
-
 if [ -n "$DESTDIR" ]; then
-    if [ $BUILD != cygwin ]; then
+    if [ -z "$CYGWIN" ]; then
 	if [ `id -u` != 0 ] ; then
 	    echo "Not setting file owner/group permissions, not running as root."
+	    OWNERSHIP=""
+	fi
+    fi
+
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+
+    CYGWIN=
+    MAC=
+else
+    if [ -n "$CYGWIN" ]; then
+	echo "Installing Cygwin-specific configuration..."
+    elif [ -n "$MAC" ]; then
+	echo "Installing Mac-specific configuration..."
+    else
+	if [ -f /etc/debian_version ]; then
+	    echo "Installing Debian-specific configuration..."
+	    DEBIAN=yes
+	elif [ -f /etc/redhat-release ]; then
+	    echo "Installing Redhat/Fedora-specific configuration..."
+	    FEDORA=yes
+	elif [ -f /etc/slackware-version ] ; then
+	    echo "Installing Slackware-specific configuration..."
+	    DEST="/etc/rc.d"
+	    MANDIR="/usr/man"
+	    SLACKWARE=yes
+	elif [ -f /etc/arch-release ] ; then
+	    echo "Installing ArchLinux-specific configuration..."
+	    DEST="/etc/rc.d"
+	    INIT="shorewall"
+	    ARCHLINUX=yes
 	fi
    fi
 fi

+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
 echo "Installing Shorewall Core Version $VERSION"

 #
-# Create directories
+# Create /usr/share/shorewall
 #
-mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
-chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
-
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
-chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
-
-mkdir -p ${DESTDIR}${CONFDIR}
-chmod 755 ${DESTDIR}${CONFDIR}
-
-if [ -n "${SYSCONFDIR}" ]; then
-    mkdir -p ${DESTDIR}${SYSCONFDIR}
-    chmod 755 ${DESTDIR}${SYSCONFDIR}
-fi
-
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
-
-if [ -n "${SERVICEDIR}" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    chmod 755 ${DESTDIR}${SERVICEDIR}
-fi
-
-mkdir -p ${DESTDIR}${SBINDIR}
-chmod 755 ${DESTDIR}${SBINDIR}
-
-if [ -n "${MANDIR}" ]; then
-    mkdir -p ${DESTDIR}${MANDIR}
-    chmod 755 ${DESTDIR}${MANDIR}
-fi
-
-if [ -n "${INITFILE}" ]; then
-    mkdir -p ${DESTDIR}${INITDIR}
-    chmod 755 ${DESTDIR}${INITDIR}
-
-    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
-	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
-    fi
-fi
-#
-# Note: ${VARDIR} is created at run-time since it has always been
-#       a relocatable directory on a per-product basis
+mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
+chmod 755 ${DESTDIR}/usr/share/shorewall
 #
 # Install wait4ifup
 #
-install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
+install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755

 echo
-echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
+echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup"

 #
 # Install the libraries
 #
 for f in lib.* ; do
-    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
-    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
+    install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644
+    echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f"
 done

+if [ -z "$MACHOST" ]; then
+    eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
+    eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
+else
+    eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
+    eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
+fi
+
 #
 # Symbolically link 'functions' to lib.base
 #
-ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
+ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-
-if [ -z "${DESTDIR}" ]; then
-    if [ $update -ne 0 ]; then
-	echo "Updating $file - original saved in $file.bak"
-
-	cp $file $file.bak
-
-	echo '#'                                             >> $file
-	echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
-	echo '#'                                             >> $file
-
-	[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
-
-	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
-    fi
-fi
-
-[ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
-
-
-[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
-
-if [ ${SHAREDIR} != /usr/share ]; then
-    for f in lib.*; do
-	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-	fi
-    done
-fi
+echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion
+chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion
 #
 #  Report Success
 #
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,16 +1,15 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+# Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,81 +17,60 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# This library contains the code common to all Shorewall components except the
-# generated scripts.
+# This library contains the code common to all Shorewall components.
+#
+# - It is loaded by /sbin/shorewall.
+# - It is released as part of Shorewall[6] Lite where it is used by /sbin/shorewall[6]-lite
+#   and /usr/share/shorewall[6]-lite/shorecap.
 #

-SHOREWALL_LIBVERSION=40509
+SHOREWALL_LIBVERSION=40500
+SHOREWALL_CAPVERSION=40501

 [ -n "${g_program:=shorewall}" ]

-if [ -z "$g_readrc" ]; then
-    #
-    # This is modified by the installer when ${SHAREDIR} != /usr/share
-    #
-    . /usr/share/shorewall/shorewallrc
-
-    g_sharedir="$SHAREDIR"/$g_program
-    g_confdir="$CONFDIR"/$g_program
-    g_readrc=1
-fi
-
-g_basedir=${SHAREDIR}/shorewall
-
 case $g_program in
    shorewall)
+	SHAREDIR=/usr/share/shorewall
+	CONFDIR=/etc/shorewall
 	g_product="Shorewall"
 	g_family=4
-	g_tool=iptables
+	g_tool=
+	g_basedir=/usr/share/shorewall
 	g_lite=
 	;;
    shorewall6)
+	SHAREDIR=/usr/share/shorewall6
+	CONFDIR=/etc/shorewall6
 	g_product="Shorewall6"
 	g_family=6
-	g_tool=ip6tables
+	g_tool=
+	g_basedir=/usr/share/shorewall
 	g_lite=
 	;;
    shorewall-lite)
+	SHAREDIR=/usr/share/shorewall-lite
+	CONFDIR=/etc/shorewall-lite
 	g_product="Shorewall Lite"
 	g_family=4
 	g_tool=iptables
+	g_basedir=/usr/share/shorewall-lite
 	g_lite=Yes
 	;;
    shorewall6-lite)
+	SHAREDIR=/usr/share/shorewall6-lite
+	CONFDIR=/etc/shorewall6-lite
 	g_product="Shorewall6 Lite"
 	g_family=6
 	g_tool=ip6tables
+	g_basedir=/usr/share/shorewall6-lite
 	g_lite=Yes
 	;;
 esac

-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/$g_program
-elif [ -z "${VARDIR}" ]; then
-    VARDIR="${VARLIB}/${PRODUCT}"
-fi
-
-#
-# Fatal Error
-#
-fatal_error() # $@ = Message
-{
-    echo "   ERROR: $@" >&2
-    exit 2
-}
-
-#
-# Not configured Error
-#
-not_configured_error() # $@ = Message
-{
-    echo "   ERROR: $@" >&2
-    exit 6
-}
-
 #
 # Conditionally produce message
 #
@@ -145,6 +123,71 @@ combine_list()
    echo $o
 }

+#
+# Call this function to assert mutual exclusion with Shorewall. If you invoke the
+# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
+# the first argument. Example "shorewall nolock refresh"
+#
+# This function uses the lockfile utility from procmail if it exists.
+# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
+# behavior of lockfile.
+#
+mutex_on()
+{
+    local try
+    try=0
+    local lockf
+    lockf=${LOCKFILE:=${VARDIR}/lock}
+    local lockpid
+
+    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
+
+    if [ $MUTEX_TIMEOUT -gt 0 ]; then
+
+	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+
+	if [ -f $lockf ]; then
+	    lockpid=`cat ${lockf} 2> /dev/null`
+	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} removed"
+	    elif ! qt ps p ${lockpid}; then
+		rm -f ${lockf}
+		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
+	    fi
+	fi
+
+	if qt mywhich lockfile; then
+	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
+	    chmod u+w ${lockf}
+	    echo $$ > ${lockf}
+	    chmod u-w ${lockf}
+	else
+	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
+		sleep 1
+		try=$((${try} + 1))
+	    done
+
+	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
+	        # Create the lockfile
+		echo $$ > ${lockf}
+	    else
+		echo "Giving up on lock file ${lockf}" >&2
+	    fi
+	fi
+    fi
+}
+
+#
+# Call this function to release mutual exclusion
+#
+mutex_off()
+{
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
+}
+
+[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common
+
 #
 # Validate an IP address
 #
@@ -273,8 +316,6 @@ ip_range_explicit() {
    done
 }

-[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
-
 #
 # Netmask to VLSM
 #
@@ -303,7 +344,7 @@ ip_vlsm() {
 #
 ensure_config_path() {
    local F
-    F=${g_sharedir}/configpath
+    F=${SHAREDIR}/configpath
    if [ -z "$CONFIG_PATH" ]; then
 	[ -f $F ] || { echo "   ERROR: $F does not exist"; exit 2; }
 	. $F
@@ -414,14 +455,14 @@ mktempfile() {
    else
 	case "$MKTEMP" in
 	    BSD)
-		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
+		mktemp /tmp/shorewall.XXXXXX
 		;;
 	    STD)
 		mktemp -t shorewall.XXXXXX
 		;;
 	    None)
-		rm -f ${TMPDIR:-/tmp}/shorewall-$$
-		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
+		rm -f /tmp/shorewall-$$
+		> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
 		;;
 	    *)
 		error_message "ERROR:Internal error in mktempfile"
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,16 +1,15 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,7 +17,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated
@@ -33,7 +33,7 @@ startup_error() # $* = Error Message
    echo "   ERROR: $@: Firewall state not changed" >&2

    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%_b %d %T') "
        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
    fi

@@ -50,7 +50,7 @@ startup_error() # $* = Error Message
    esac

    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%_b %d %T') "

 	case $COMMAND in
 	    start)
@@ -65,41 +65,103 @@ startup_error() # $* = Error Message
 	esac
    fi

-    mutex_off
    kill $$
    exit 2
 }

 #
-# Create the required option string and run the passed script using
+# Get the Shorewall version of the passed script
+#
+get_script_version() { # $1 = script
+    local temp
+    local version
+    local ifs
+    local digits
+    local verbosity
+
+    verbosity="$VERBOSITY"
+    VERBOSITY=0
+
+    temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 | sed 's/-.*//' )
+
+    if [ $? -ne 0 ]; then
+	version=0
+    else
+	ifs=$IFS
+	IFS=.
+	temp=$(echo $temp)
+	IFS=$ifs
+	digits=0
+
+	for temp in $temp; do
+	    version=${version}$(printf '%02d' $temp)
+	    digits=$(($digits + 1))
+	    [ $digits -eq 3 ] && break
+	done
+    fi
+
+    echo $version
+
+    VERBOSITY="$verbosity"
+}
+
+#
+# Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
    local script
    local options
+    local version

    export VARDIR

    script=$1
    shift

-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
-	options="$1 -"
-	shift;
+    version=$(get_script_version $script)
+
+    if [ $version -lt 040408 ]; then
+	#
+	# Old script that doesn't understand 4.4.8 script options
+	#
+	export RESTOREFILE
+	export VERBOSITY
+	export NOROUTES=$g_noroutes
+	export PURGE=$g_purge
+	export TIMESTAMP=$g_timestamp
+	export RECOVERING=$g_recovering
+
+	case "$g_program" in
+	    *-lite)
+		#
+		# Shorewall Lite
+		#
+		export LOGFORMAT
+		export IPTABLES
+		;;
+	esac
    else
-	options='-'
+	#
+	# 4.4.8 or later -- no additional exports required
+	#
+	if [ x$1 = xtrace -o x$1 = xdebug ]; then
+	    options="$1 -"
+	    shift;
+	else
+	    options='-'
+	fi
+
+	[ -n "$g_noroutes" ]   && options=${options}n
+	[ -n "$g_timestamp" ]  && options=${options}t
+	[ -n "$g_purge" ]      && options=${options}p
+	[ -n "$g_recovering" ] && options=${options}r
+
+	options="${options}V $VERBOSITY"
+
+	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
    fi

-    [ -n "$g_noroutes" ]   && options=${options}n
-    [ -n "$g_timestamp" ]  && options=${options}t
-    [ -n "$g_purge" ]      && options=${options}p
-    [ -n "$g_recovering" ] && options=${options}r
-    [ -n "$g_counters" ]   && options=${options}c
-
-    options="${options}V $VERBOSITY"
-
-    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
-
    $SHOREWALL_SHELL $script $options $@
 }

@@ -109,7 +171,6 @@ run_it() {
 error_message() # $* = Error Message
 {
   echo "   $@" >&2
-   return 1
 }

 #
@@ -147,17 +208,6 @@ split() {
    IFS=$ifs
 }

-#
-# Split a comma-separated list into a space-separated list
-#
-split_list() {
-    local ifs
-    ifs=$IFS
-    IFS=,
-    echo $*
-    IFS=$ifs
-}
-
 #
 # Search a list looking for a match -- returns zero if a match found
 # 1 otherwise
@@ -222,11 +272,8 @@ shorewall6_is_started() {
 # Echos the fully-qualified name of the calling shell program
 #
 my_pathname() {
-    local pwd
-    pwd=$PWD
    cd $(dirname $0)
    echo $PWD/$(basename $0)
-    cd $pwd
 }

 #
@@ -316,33 +363,16 @@ reload_kernel_modules() {
    local moduleloader
    moduleloader=modprobe
    local uname
-    local extras

    if ! qt mywhich modprobe; then
 	moduleloader=insmod
    fi

-    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
+    [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]

-    if [ -n "$MODULESDIR" ]; then
-	case "$MODULESDIR" in
-	    +*)
-		extras="$MODULESDIR"
-		extras=${extras#+}
-		MODULESDIR=
-		;;
-	esac
-    fi
-
-    if [ -z "$MODULESDIR" ]; then
-	uname=$(uname -r)
+    [ -z "$MODULESDIR" ] && \
+	uname=$(uname -r) && \
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
-	if [ -n "$extras" ]; then
-	    for directory in $(split "$extras"); do
-		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
-	    done
-	fi
-    fi

    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)

@@ -372,33 +402,16 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    local savemoduleinfo
    savemoduleinfo=${1:-Yes} # So old compiled scripts still work
    local uname
-    local extras

    if ! qt mywhich modprobe; then
 	moduleloader=insmod
    fi

-    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
+    [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]

-    if [ -n "$MODULESDIR" ]; then
-	case "$MODULESDIR" in
-	    +*)
-		extras="$MODULESDIR"
-		extras=${extras#+}
-		MODULESDIR=
-		;;
-	esac
-    fi
-
-    if [ -z "$MODULESDIR" ]; then
-	uname=$(uname -r)
+    [ -z "$MODULESDIR" ] && \
+	uname=$(uname -r) && \
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
-	if [ -n "$extras" ]; then
-	    for directory in $(split "$extras"); do
-		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
-	    done
-	fi
-    fi

    for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@@ -533,9 +546,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name, $2 = table name (optional)
+chain_exists() # $1 = chain name
 {
-    qt1 $g_tool -t ${2:-filter} -L $1 -n
+    qt1 $g_tool -L $1 -n
 }

 #
@@ -580,7 +593,7 @@ find_first_interface_address() # $1 = interface
 	#
 	[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
 	#
-	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)	
 	# along with everything else on the line
 	#
 	echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
@@ -588,7 +601,7 @@ find_first_interface_address() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# If there wasn't one, bail out now
 	#
@@ -617,7 +630,7 @@ find_first_interface_address_if_any() # $1 = interface
 	#
 	# get the line of output containing the first IP address
 	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
+	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
 	#
 	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
 	# along with everything else on the line
@@ -626,24 +639,6 @@ find_first_interface_address_if_any() # $1 = interface
    fi
 }

-#
-#Determines if the passed interface is a loopback interface
-#
-loopback_interface() { #$1 = Interface name
-    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
-}
-
-#
-# Find Loopback Interfaces
-#
-find_loopback_interfaces() {
-    local interfaces
-
-    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
-
-    [ -n "$interfaces" ] && echo $interfaces || echo lo
-}
-
 #
 # Internal version of 'which'
 #
@@ -681,11 +676,7 @@ find_file()
 		fi
 	    done

-	    if [ -n "$g_shorewalldir" ]; then
-		echo ${g_shorewalldir}/$1
-	    else
-		echo ${g_confdir}/$1
-	    fi
+	    echo ${CONFDIR}/$1
 	    ;;
    esac
 }
@@ -726,77 +717,3 @@ truncate() # $1 = length
 {
    cut -b -${1}
 }
-
-#
-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall nolock refresh"
-#
-# This function uses the lockfile utility from procmail if it exists.
-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
-# behavior of lockfile.
-#
-mutex_on()
-{
-    local try
-    try=0
-    local lockf
-    lockf=${LOCKFILE:=${VARDIR}/lock}
-    local lockpid
-    local lockd
-
-    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-
-    if [ $MUTEX_TIMEOUT -gt 0 ]; then
-
-	lockd=$(dirname $LOCKFILE)
-
-	[ -d "$lockd" ] || mkdir -p "$lockd"
-
-	if [ -f $lockf ]; then
-	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} removed"
-	    elif [ $lockpid -eq $$ ]; then
-                return 0
-	    elif ! qt ps p ${lockpid}; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
-	    fi
-	fi
-
-	if qt mywhich lockfile; then
-	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
-	    chmod u+w ${lockf}
-	    echo $$ > ${lockf}
-	    chmod u-w ${lockf}
-	elif qt mywhich lock; then
-            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
-            chmod u+w ${lockf}
-            echo $$ > ${lockf}
-            chmod u-w ${lockf}
-	else
-	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
-		sleep 1
-		try=$((${try} + 1))
-	    done
-
-	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
-	        # Create the lockfile
-		echo $$ > ${lockf}
-	    else
-		echo "Giving up on lock file ${lockf}" >&2
-	    fi
-	fi
-    fi
-}
-
-#
-# Call this function to release mutual exclusion
-#
-mutex_off()
-{
-    rm -f ${LOCKFILE:=${VARDIR}/lock}
-}
-
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,21 +0,0 @@
-#
-# Apple OS X Shorewall 5.0 rc file
-#
-BUILD=apple
-HOST=apple
-PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/sbin                          #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Unused on OS X
-INITFILE=                              #Unused on OS X
-INITSOURCE=                            #Unused on OS X
-ANNOTATED=                             #Unused on OS X
-SERVICEDIR=                            #Unused on OS X
-SERVICEFILE=                           #Unused on OS X
-SYSCONFDIR=                            #Unused on OS X
-SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                        #Unused on OS X
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,22 +0,0 @@
-#
-# Arch Linux Shorewall 5.0 rc file
-#
-BUILD=                                 #Default is to detect the build system
-HOST=archlinux
-PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/bin                       #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                             #If non-zero, annotated configuration files are installed
-SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                        #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,21 +0,0 @@
-#
-# Cygwin Shorewall 5.0 rc file
-#
-BUILD=cygwin
-HOST=cygwin
-PREFIX=/usr                           #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share              #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share            #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall  #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                          #Directory where subsystem configurations are installed
-SBINDIR=/bin                          #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                #Directory where manpages are installed.
-INITDIR=/etc/init.d                   #Unused on Cygwin
-INITFILE=                             #Unused on Cygwin
-INITSOURCE=                           #Unused on Cygwin
-ANNOTATED=                            #Unused on Cygwin
-SERVICEDIR=                           #Unused on Cygwin
-SERVICEFILE=                          #Unused on Cygwin
-SYSCONFDIR=                           #Unused on Cygwin
-SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                       #Unused on Cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,23 +0,0 @@
-#
-# Debian Shorewall 4.5 rc file
-#
-BUILD=					#Default is to detect the build system
-HOST=debian
-PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
-CONFDIR=/etc				#Directory where subsystem configurations are installed
-SBINDIR=/sbin				#Directory where system administration programs are installed
-MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
-INITDIR=				#Directory where SysV init scripts are installed.
-INITFILE=				#Name of the product's installed SysV init script
-INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
-ANNOTATED=				#If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
-SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
-SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib				#Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -1,23 +0,0 @@
-#
-# Debian Shorewall 4.5 rc file
-#
-BUILD=                                  #Default is to detect the build system
-HOST=debian
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
-SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,23 +0,0 @@
-#
-# Default Shorewall 5.0 rc file
-#
-HOST=linux                              #Generic Linux
-BUILD=                                  #Default is to detect the build system
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=                             #Directory where SysV init parameter files are installed
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -1,23 +0,0 @@
-#
-# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
-#
-# Input: host=openwrt
-#
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=                                 #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.openwrt.sh              #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSCONFDIR=${CONFDIR}/sysconfig         #Directory where SysV init parameter files are installed
-SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/lib                             #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,23 +0,0 @@
-#
-# RedHat/FedoraShorewall 5.0 rc file
-#
-BUILD=                                  #Default is to detect the build system
-HOST=redhat
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/libexec            #Directory for executable scripts.
-PERLLIBDIR=/usr/share/perl5/vendor_perl #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                  #Directory where manpages are installed.
-INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
-SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
-SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,24 +0,0 @@
-#
-# Slackware Shorewall 5.0 rc file
-#
-BUILD=slackware
-HOST=slackware
-PREFIX=/usr                                #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                   #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share                 #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall       #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                               #Directory where subsystem configurations are installed
-SBINDIR=/sbin                              #Directory where system administration programs are installed
-MANDIR=${PREFIX}/man                       #Directory where manpages are installed.
-INITDIR=/etc/rc.d                          #Directory where SysV init scripts are installed.
-AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be installed as the SysV init script
-AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
-INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
-INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
-ANNOTATED=                                 #If non-empty, install annotated configuration files
-VARLIB=/var/lib                            #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,23 +0,0 @@
-#
-# SuSE Shorewall 5.0 rc file
-#
-BUILD=                                                #Default is to detect the build system
-HOST=suse
-PREFIX=/usr                                           #Top-level directory for shared files, libraries, etc.
-CONFDIR=/etc                                          #Directory where subsystem configurations are installed
-SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
-SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
-INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                                     #Name of the product's SysV init script
-INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
-SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                                       #Directory where persistent product data is stored.
-VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
@@ -27,22 +27,14 @@
 #       shown below. Simply run this script to remove Shorewall Firewall

 VERSION=xxx #The Build script inserts the actual version
-PRODUCT="shorewall-core"
-Product="Shorewall Core"
- 
+
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <shorewallrc file> ]"
+    echo "usage: $ME"
    exit $1
 }

-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 qt()
 {
    "$@" >/dev/null 2>&1
@@ -68,42 +60,8 @@ remove_file() # $1 = file to restore
    fi
 }

-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
+if [ -f /usr/share/shorewall/coreversion ]; then
+    INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -114,9 +72,12 @@ else
    VERSION=""
 fi

+[ -n "${LIBEXEC:=/usr/share}" ]
+[ -n "${PERLLIB:=/usr/share/shorewall}" ]
+
 echo "Uninstalling Shorewall Core $VERSION"

-rm -rf ${SHAREDIR}/shorewall
+rm -rf /usr/share/shorewall

 echo "Shorewall Core Uninstalled"

--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -2,18 +2,17 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,8 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -1,135 +0,0 @@
-#!/bin/sh
-#
-# Debian ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT compile
-	fi
-    fi
-}
-
-Debian_ppp() {
-    NEWPRODUCTS=
-    INTERFACE="$1"
-
-    case $0 in
-	/etc/ppp/ip-*)
-	    #
-	    # IPv4
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall|shorewall-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	/etc/ppp/ipv6-*)
-	    #
-	    # IPv6
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall6|shorewall6-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	*)
-	    exit 0
-	    ;;
-    esac
-
-    PRODUCTS="$NEWPRODUCTS"
-
-    case $0 in
-	*up/*)
-	    COMMAND=up
-	    ;;
-	*)
-	    COMMAND=down
-	    ;;
-    esac
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-case $0 in
-    /etc/ppp*)
-	#
-	# Debian ppp
-	#
-	Debian_ppp
-	;;
-    *)
-        #
-        # Debian ifupdown system
-        #
-	INTERFACE="$IFACE"
-
-	if [ "$MODE" = start ]; then
-	    COMMAND=up
-	elif [ "$MODE" = stop ]; then
-	    COMMAND=down
-	else
-	    exit 0
-	fi
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -1,111 +0,0 @@
-#!/bin/sh
-#
-# Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-# Get startup options (override default)
-OPTIONS=
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x "$STATEDIR/firewall" ]; then
-	if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT $OPTIONS compile
-	fi
-    fi
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-	INTERFACE="$1"
-
-	case $0 in
-	    *ip-up.local)
-		COMMAND=up
-		;;
-	    *ip-down.local)
-		COMMAND=down
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-    *)
-	#
-	# RedHat ifup/down system
-	#
-	INTERFACE="$1"
-    
-	case $0 in 
-	    *ifup*)
-		COMMAND=up
-		;;
-	    *ifdown*)
-		COMMAND=down
-		;;
-	    *dispatcher.d*)
-		COMMAND="$2"
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x "$STATEDIR/firewall" ]; then
-	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
-	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-# SuSE ifupdown script for Shorewall-based products
+# ifupdown script for Shorewall-based products
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -22,22 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/$PRODUCT compile
-	fi
-    fi
-}
-
-SuSE_ppp() {
+Debian_SuSE_ppp() {
    NEWPRODUCTS=
    INTERFACE="$1"

@@ -86,11 +71,6 @@ SuSE_ppp() {
 IFUPDOWN=0
 PRODUCTS=

-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
 if [ -f /etc/default/shorewall-init ]; then
    . /etc/default/shorewall-init
 elif [ -f /etc/sysconfig/shorewall-init ]; then
@@ -99,47 +79,117 @@ fi

 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0

-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-        #
-	# SUSE ppp
-	#
-	SuSE_ppp
-	;;
+if [ -f /etc/debian_version ]; then
+    case $0 in
+	/etc/ppp*)
+	    #
+	    # Debian ppp
+	    #
+	    Debian_SuSE_ppp
+	    ;;
 	
-    *)
-        #
-        # SuSE ifupdown system
-        #
-	INTERFACE="$2"
+	*)
+            #
+            # Debian ifupdown system
+            #
+	    INTERFACE="$IFACE"

-	case $0 in
-	    *dispatcher.d*)
-		INTERFACE="$1"
-		COMMAND="$2"
-		;;
-	    *if-up.d*)
+	    if [ "$MODE" = start ]; then
 		COMMAND=up
-		;;
-	    *if-down.d*)
+	    elif [ "$MODE" = stop ]; then
 		COMMAND=down
-		;;
-	    *)
+	    else
 		exit 0
-		;;
-	esac
-	;;
-esac
+	    fi

-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
+	    case "$PHASE" in
+		pre-*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+elif [ -f /etc/SuSE-release ]; then
+    case $0 in
+	/etc/ppp*)
+	    #
+	    # SUSE ppp
+	    #
+	    Debian_SuSE_ppp
+	    ;;
+	
+	*)
+            #
+            # SuSE ifupdown system
+            #
+	    INTERFACE="$2"
+
+	    case $0 in
+		*if-up.d*)
+		    COMMAND=up
+		    ;;
+		*if-down.d*)
+		    COMMAND=down
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+else
+    #
+    # Assume RedHat/Fedora/CentOS/Foobar/...
+    #
+    case $0 in
+	/etc/ppp*)
+	    INTERFACE="$1"
+
+	    case $0 in
+		*ip-up.local)
+		    COMMAND=up
+		    ;;
+		*ip-down.local)
+		    COMMAND=down
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+	*)
+	    #
+	    # RedHat ifup/down system
+	    #
+	    INTERFACE="$1"
+    
+	    case $0 in 
+		*ifup*)
+		    COMMAND=up
+		    ;;
+		*ifdown*)
+		    COMMAND=down
+		    ;;
+		*dispatcher.d*)
+		    COMMAND="$2"
+		    ;;
+		*)
+		    exit 0
+		    ;;
+	    esac
+	    ;;
+    esac
+fi

 for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
+    VARDIR=/var/lib/$PRODUCT
+    [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
+    if [ -x $VARDIR/firewall ]; then
+	  ( . /usr/share/$PRODUCT/lib.base
+	    mutex_on
+	    ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
+	    mutex_off
+	  )
    fi
 done

--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
@@ -36,8 +36,6 @@
 #                    bringing up the network
 ### END INIT INFO

-. /lib/lsb/init-functions
-
 export VERBOSITY=0

 if [ "$(id -u)" != "0" ]
@@ -52,119 +50,82 @@ echo_notdone () {
 }

 not_configured () {
-    echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
-    then
-	echo ""
-	echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
-    echo "#################"
-    exit 0
+	echo "#### WARNING ####"
+	echo "the firewall won't be initialized unless it is configured"
+	if [ "$1" != "stop" ]
+	then
+		echo ""
+		echo "Please read about Debian specific customization in"
+		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+	fi
+	echo "#################"
+	exit 0
 }

-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
-    else
-	return 0
-    fi
-}
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
 # check if shorewall-init is configured or not
-if [ -f "$SYSCONFDIR/shorewall-init" ]
+if [ -f "/etc/default/shorewall-init" ]
 then
-    . $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
-    then
-	not_configured
-    fi
+	. /etc/default/shorewall-init
+	if [ -z "$PRODUCTS" ]
+	then
+		not_configured
+	fi
 else
-    not_configured
+	not_configured
 fi

 # Initialize the firewall
 shorewall_start () {
-  local PRODUCT
-  local STATEDIR
+  local product
+  local VARDIR

  echo -n "Initializing \"Shorewall-based firewalls\": "
-
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-              #
-	      # Run in a sub-shell to avoid name collisions
+  for product in $PRODUCTS; do
+      VARDIR=/var/lib/$product
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
+      if [ -x ${VARDIR}/firewall ]; then
+	  #
+	  # Run in a sub-shell to avoid name collisions
+	  #
+	  ( 
+	      . /usr/share/$product/lib.base
 	      #
-	      (
-		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-		      ${STATEDIR}/firewall ${OPTIONS} stop
-		  fi
-	      )
-	  fi
+	      # Get mutex so the firewall state is stable
+	      #
+	      mutex_on
+	      if ! ${VARDIR}/firewall status > /dev/null 2>&1; then
+		  ${VARDIR}/firewall stop || echo_notdone
+	      fi
+	      mutex_off
+	  )
      fi
  done

  echo "done."

-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-
-      echo -n "Restoring ipsets: "
-
-      if ! ipset -R < "$SAVE_IPSETS"; then
-	  echo_notdone
-      fi
-
-      echo "done."
-  fi
-
  return 0
 }

 # Clear the firewall
 shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
+  local product
+  local VARDIR

  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
+  for product in $PRODUCTS; do
+      VARDIR=/var/lib/$product
+      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
+      if [ -x ${VARDIR}/firewall ]; then
+	  ( . /usr/share/$product/lib.base
+	    mutex_on
+	    ${VARDIR}/firewall clear || echo_notdone
+	    mutex_off
+	  )
      fi
  done

  echo "done."

-  if [ -n "$SAVE_IPSETS" ]; then
-
-      echo "Saving ipsets: "
-
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      else
-	  echo_notdone
-      fi
-
-      echo "done."
-  fi
-
  return 0
 }

@@ -178,7 +139,7 @@ case "$1" in
  reload|force-reload)
     ;;
  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
+     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
     exit 1
 esac

--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -13,10 +13,6 @@
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.  
 ### END INIT INFO
-#determine where the files were installed
-
-. /usr/share/shorewall/shorewallrc
-
 prog="shorewall-init"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/shorewall-init"
@@ -35,26 +31,10 @@ else
    exit 6
 fi

-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
-	${SBINDIR}/$PRODUCT $OPTIONS compile -c
-    else
-	return 0
-    fi
-}
-
 # Initialize the firewall
 start () {
-    local PRODUCT
-    local STATEDIR
+    local product
+    local vardir

    if [ -z "$PRODUCTS" ]; then
 	echo "No firewalls configured for shorewall-init"
@@ -63,26 +43,17 @@ start () {
    fi

    echo -n "Initializing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
+    for product in $PRODUCTS; do
+	vardir=/var/lib/$product
+	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+	if [ -x ${vardir}/firewall ]; then
+	    ${vardir}/firewall stop 2>&1 | $logger
+	    retval=${PIPESTATUS[0]}
+	    [ retval -ne 0 ] && break
 	fi
    done

-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	touch $lockfile 
 	success
    else
@@ -94,30 +65,21 @@ start () {

 # Clear the firewall
 stop () {
-    local PRODUCT
-    local STATEDIR
+    local product
+    local vardir

    echo -n "Clearing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
+    for product in $PRODUCTS; do
+	vardir=/var/lib/$product
+	[ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+	if [ -x ${vardir}/firewall ]; then
+	    ${vardir}/firewall clear 2>&1 | $logger
+	    retval=${PIPESTATUS[0]}
+	    [ retval -ne 0 ] && break
 	fi
    done

-    if [ $retval -eq 0 ]; then
+    if [ retval -eq 0 ]; then
 	rm -f $lockfile
 	success
    else
@@ -140,15 +102,19 @@ case "$1" in
 	status_q || exit 0
 	$1
 	;;
-    restart|reload|force-reload|condrestart|try-restart)
+    restart|reload|force-reload)
 	echo "Not implemented"
 	exit 3
 	;;
+    condrestart|try-restart)
+	echo "Not implemented"
+	exit 3
+        ;;
    status)
 	status $prog
 	;;
  *)
-	echo "Usage: $0 {start|stop|status}"
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
 	exit 1
 esac

--- a/Shorewall-init/init.openwrt.sh
+++ b/Shorewall-init/init.openwrt.sh
@@ -1,131 +0,0 @@
-#!/bin/sh /etc/rc.common
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
-#     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall-init.
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#
-
-# arg1 of init script is arg2 when rc.common is sourced
-
-case "$action" in
-  start|stop|boot)
-      if [ "$(id -u)" != "0" ]
-      then
-	  echo "You must be root to start, stop or restart \"Shorewall \"."
-	  exit 1
-      fi
-
-      # check if shorewall-init is configured or not
-      if [ -f "/etc/sysconfig/shorewall-init" ]
-      then
-	  . /etc/sysconfig/shorewall-init
-	  if [ -z "$PRODUCTS" ]
-	  then
-	      exit 0
-	  fi
-      else
-	  exit 0
-      fi
-
-      ;;
-  enable|disable|enabled)
-      # Openwrt related
-      # start and stop runlevel variable
-      START=19
-      STOP=91
-      ;;
-  *)
-      echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-      exit 1
-esac
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# Locate the current PRODUCT's statedir
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . ${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-start () {
-    local PRODUCT
-  local STATEDIR
-
-  echo -n "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
-	      fi
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-}
-
-boot () {
-    start
-}
-
-# Clear the firewall
-stop () {
-    local PRODUCT
-    local STATEDIR
-
-    echo -n "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear
-	    fi
-	fi
-    done
-
-    if [ -n "$SAVE_IPSETS" ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-	fi
-    fi
-}
-
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,24 +1,22 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2010 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -55,39 +53,18 @@ else
 	exit 0
 fi

-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# Locate the current PRODUCT's statedir
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-    else
-	return 0
-    fi
-}
-
 # Initialize the firewall
 shorewall_start () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
-	      fi
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@@ -102,14 +79,14 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
  local PRODUCT
-  local STATEDIR
+  local VARDIR

  echo -n "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done

--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,147 +0,0 @@
-#! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#       Complete documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#
-### BEGIN INIT INFO
-# Provides: shorewall-init
-# Required-Start: $local_fs
-# Required-Stop:  $local_fs
-# Default-Start:  2 3 5
-# Default-Stop:   0 1 6
-# Short-Description: Initialize the firewall at boot time
-# Description:       Place the firewall in a safe state at boot time
-#                    prior to bringing up the network.  
-### END INIT INFO
-
-#Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-
-if [ "$(id -u)" != "0" ]
-then
-  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 4
-fi
-
-# check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]
-then
-    . /etc/sysconfig/shorewall-init
-
-    if [ -z "$PRODUCTS" ]
-    then
-	echo "No PRODUCTS configured"
-	exit 6
-    fi
-else
-    echo "/etc/sysconfig/shorewall-init not found"
-    exit 6
-fi
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-shorewall_start () {
-  local PRODUCT
-  local STATEDIR
-
-  echo -n "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x $STATEDIR/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
-	      fi
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-}
-
-# Clear the firewall
-shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
-
-  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" ]; then
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      fi
-  fi
-}
-
-case "$1" in
-    start)
-	shorewall_start
-	;;
-    stop)
-	shorewall_stop
-	;;
-    reload|forced-reload)
-	;;
-    *)
-	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-	exit 1
-	;;
-esac
-
-exit 0
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,25 +2,21 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -28,25 +24,16 @@
 #

 VERSION=xxx #The Build script inserts the actual version.
-PRODUCT=shorewall-init
-Product="Shorewall Init"

 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ]"
+    echo "usage: $ME"
    echo "       $ME -v"
    echo "       $ME -h"
-    echo "       $ME -n"
    exit $1
 }

-fatal_error() 
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 split() {
    local ifs
    ifs=$IFS
@@ -66,6 +53,7 @@ mywhich() {

    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
+	    echo $dir/$1
 	    return 0
 	fi
    done
@@ -73,559 +61,336 @@ mywhich() {
    return 2
 }

+run_install()
+{
+    if ! install $*; then
+	echo
+	echo "ERROR: Failed to install $*" >&2
+	exit 1
+    fi
+}
+
 cant_autostart()
 {
    echo
    echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
 }

+delete_file() # $1 = file to delete
+{
+    rm -f $1
+}
+
 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
-	fi
+    run_install $T $OWNERSHIP -m $3 $1 ${2}
+}
+
+[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
+
+# DEST is the SysVInit script directory
+# INIT is the name of the script in the $DEST directory
+# ARGS is "yes" if we've already parsed an argument
+#
+ARGS=""
+
+if [ -z "$DEST" ] ; then
+	DEST="/etc/init.d"
+fi
+
+if [ -z "$INIT" ] ; then
+	INIT="shorewall-init"
+fi
+
+while [ $# -gt 0 ] ; do
+    case "$1" in
+	-h|help|?)
+	    usage 0
+	    ;;
+        -v)
+	    echo "Shorewall Init Installer Version $VERSION"
+	    exit 0
+	    ;;
+	*)
+	    usage 1
+	    ;;
+    esac
+    shift
+    ARGS="yes"
+done
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+
+[ -n "${LIBEXEC:=/usr/share}" ]
+
+case "$LIBEXEC" in
+    /*)
+	;;
+    *)
+	LIBEXEC=/usr/${LIBEXEC}
+	;;
+esac
+
+#
+# Determine where to install the firewall script
+#
+
+case $(uname) in
+    Darwin)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	T=
+	;;	
+    *)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
+	;;
+esac
+
+OWNERSHIP="-o $OWNER -g $GROUP"
+
+if [ -n "$DESTDIR" ]; then
+    if [ `id -u` != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
    fi
-
-    echo "ERROR: Failed to install $2" >&2
+    
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+elif [ -f /etc/debian_version ]; then
+    DEBIAN=yes
+elif [ -f /etc/SuSE-release ]; then
+    SUSE=Yes
+elif [ -f /etc/redhat-release ]; then
+    FEDORA=Yes
+elif [ -f /etc/slackware-version ] ; then
+    echo "Shorewall-init is currently not supported on Slackware" >&2
    exit 1
-}
+#   DEST="/etc/rc.d"
+#   INIT="rc.firewall"
+elif [ -f /etc/arch-release ] ; then
+    echo "Shorewall-init is currently not supported on Arch Linux" >&2
+    exit 1
+#   DEST="/etc/rc.d"
+#   INIT="shorewall-init"
+#   ARCHLINUX=yes
+elif [ -d /etc/sysconfig/network-scripts/ ]; then
+    #
+    # Assume RedHat-based
+    #
+    REDHAT=Yes
+else
+    echo "Unknown distribution: Shorewall-init support is not available" >&2
+    exit 1
+fi

-make_directory() # $1 = directory , $2 = mode
-{
-    mkdir -p $1
-    chmod 0755 $1
-    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
-}
-
-require() 
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
-}
+if [ -z "$DESTDIR" ]; then
+    if [ -f /lib/systemd/system ]; then
+	SYSTEMD=Yes
+    fi
+elif [ -n "$SYSTEMD" ]; then
+    mkdir -p ${DESTDIR}/lib/systemd/system
+fi

 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"

-#
-# Parse the run line
-#
-
-finished=0
-configure=1
-
-while [ $finished -eq 0 ] ; do
-    option="$1"
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "Shorewall-init Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    #
-    # Load packager's settings if any
-    #
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=./.shorewallrc
-     else
-	fatal_error "No configuration file specified and ~/.shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
-fi
-
-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
-done
-
-[ -n "$SANDBOX" ] && configure=0
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
-[ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
-
-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID=)
-
-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian|ubuntu)
-			BUILD=debian
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/ubuntu_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f /etc/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f /etc/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f /etc/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f /etc/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ]; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    apple)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    cygwin*|CYGWIN*)
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
- 	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
-	;;
-esac
-
-[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
-
-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    debian)
-	echo "Installing Debian-specific configuration..."
-	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
-    redhat)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    slackware)
-	echo "Shorewall-init is currently not supported on Slackware" >&2
-	exit 1
-	;;
-    archlinux)
-	echo "Shorewall-init is currently not supported on Arch Linux" >&2
-	exit 1
-	;;
-    suse)
-	echo "Installing SuSE-specific configuration..."
-	;;
-    openwrt)
-	echo "Installing Openwrt-specific configuration..."
-	;;
-    linux)
-	echo "ERROR: Shorewall-init is not supported on this system" >&2
-	exit 1
-	;;
-    *)
-	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-[ -z "$TARGET" ] && TARGET=$HOST
-
-if [ -n "$DESTDIR" ]; then
-    if [ $(id -u) != 0 ] ; then
-	echo "Not setting file owner/group permissions, not running as root."
-	OWNERSHIP=""
-    fi
-    
-    make_directory ${DESTDIR}${INITDIR} 0755
-fi
-
 echo "Installing Shorewall Init Version $VERSION"

 #
 # Check for /usr/share/shorewall-init/version
 #
-if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
+if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
    first_install=""
 else
    first_install="Yes"
 fi

-if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 0755 ${DESTDIR}${CONFDIR}/logrotate.d
-fi
-
 #
-# Install the Firewall Script
+# Install the Init Script
 #
-if [ -n "$INITFILE" ]; then
-    mkdir -p ${DESTDIR}${INITDIR}
-    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
-    
-    if [ -n "${AUXINITSOURCE}" ]; then
-	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
+if [ -z "$SYSTEMD" ]; then
+    if [ -n "$DEBIAN" ]; then
+	install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
+    elif [ -n "$FEDORA" ]; then
+	install_file init.fedora.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
+    #elif [ -n "$ARCHLINUX" ]; then
+    #    install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
+    else
+	install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
    fi

-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
-fi
-
-#
-# Install the .service file
-#
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
-
-if [ -n "$SERVICEDIR" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
-    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
-	mkdir -p ${DESTDIR}${SBINDIR}
-        chmod 0755 ${DESTDIR}${SBINDIR}
+    echo  "Shorewall Init script installed in ${DESTDIR}${DEST}/$INIT"
+else
+    #
+    # Install the .service file
+    #
+    run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
+    echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
+    if [ -n "$DESTDIR" ]; then
+	mkdir -p ${DESTDIR}/sbin/
+	chmod 755 ${DESTDIR}/sbin/
+	run_install $OWNERSHIP -m 600 shorewall-init ${DESTDIR}/sbin/shorewall-init
+	echo "CLI installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
    fi
-    install_file shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init 0700
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
-    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi

 #
 # Create /usr/share/shorewall-init if needed
 #
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
-chmod 0755 ${DESTDIR}${SHAREDIR}/shorewall-init
-
-#
-# Install logrotate file
-#
-if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
-    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
-fi
+mkdir -p ${DESTDIR}/usr/share/shorewall-init
+chmod 755 ${DESTDIR}/usr/share/shorewall-init

 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
-chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
+echo "$VERSION" > ${DESTDIR}/usr/share/shorewall-init/version
+chmod 644 ${DESTDIR}/usr/share/shorewall-init/version

 #
 # Remove and create the symbolic link to the init script
 #
 if [ -z "$DESTDIR" ]; then
-    rm -f ${SHAREDIR}/shorewall-init/init
-    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
+    rm -f /usr/share/shorewall-init/init
+    ln -s ${DEST}/${INIT} /usr/share/shorewall-init/init
 fi

-if [ $HOST = debian ]; then
+if [ -n "$DEBIAN" ]; then
    if [ -n "${DESTDIR}" ]; then
-	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
-    elif [ $configure -eq 0 ]; then
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
+	mkdir -p ${DESTDIR}/etc/network/if-up.d/
+	mkdir -p ${DESTDIR}/etc/network/if-post-down.d/
    fi

-    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
+    if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
-	    mkdir ${DESTDIR}${ETC}/default
+	    mkdir ${DESTDIR}/etc/default
 	fi

-	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
-	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
-	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+	install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
    fi
-
-    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}${SYSCONFDIR}
+	mkdir -p ${DESTDIR}/etc/sysconfig

 	if [ -z "$RPM" ]; then
-	    if [ $HOST = suse ]; then
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
-	    elif [ $HOST = gentoo ]; then
-		# Gentoo does not support if-{up,down}.d
-		/bin/true
-	    elif [ $HOST = openwrt ]; then
-		# Not implemented on openwrt
-		/bin/true
+	    if [ -n "$SUSE" ]; then
+		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
+		mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
 	    else
-		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
+		mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi

-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-	install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT 0644
-	echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-    fi
-
-    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
+    if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
+	install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
+    fi 
 fi

 #
 # Install the ifupdown script
 #

-if [ $HOST != openwrt ]; then
-    cp $IFUPDOWN ifupdown
+mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init

-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
-
-    mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
-
-    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
-fi
+install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544

 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
-    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
+    install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
 fi

-case $HOST in
-    debian)
-	if [ $configure -eq 1 ]; then
-	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
-	else
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
-	fi
-	;;
-    suse)
-	if [ -z "$RPM" ]; then
-	    if [ $configure -eq 0 ]; then
-		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
-		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
-	    fi
-
-	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
-	fi
-	;;
-    redhat)
-	if [ -z "$DESTDIR" ]; then
-	    install_local=
-
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
-		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-		else
-		    install_local=Yes
-		fi
-	    else
-		install_local=Yes
-	    fi
-
-	    if [ -n "$install_local" ]; then
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
-	    fi
-	fi
-	;;
-esac
+if [ -n "$DEBIAN" ]; then
+    install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
+    install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
+elif [ -n "$SUSE" ]; then
+    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
+    install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
+elif [ -n "$REDHAT" ]; then
+    if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
+	echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
+    else
+	install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
+	install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
+    fi
+fi

 if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "first_install" ]; then
-	if [ $HOST = debian ]; then
-	    if [ -n "$SERVICEDIR" ]; then
-		if systemctl enable ${PRODUCT}.service; then
-                    echo "Shorewall Init will start automatically at boot"
-		fi
-	    elif mywhich insserv; then
-		if insserv ${INITDIR}/shorewall-init; then
-		    echo "Shorewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif mywhich update-rc.d ; then
-		if update-rc.d $PRODUCT enable; then
-		    echo "$PRODUCT will start automatically at boot"
-		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		else
-		    cant_autostart
-		fi
-	    else
-		cant_autostart
-	    fi
-	elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-	    /etc/init.d/$PRODUCT enable
-	    if /etc/init.d/$PRODUCT enabled; then
-		echo "$Product will start automatically at boot"
-	    else
-		cant_autostart
-	    fi
-	elif [ $HOST = gentoo ]; then
-	    # On Gentoo, a service must be enabled manually by the user,
-	    # not by the installer
-	    /bin/true
+    if [ -n "$first_install" ]; then
+	if [ -n "$DEBIAN" ]; then
+	    
+	    update-rc.d shorewall-init defaults
+
+	    echo "Shorewall Init will start automatically at boot"
 	else
-	    if [ -n "$SERVICEDIR" ]; then
-		if systemctl enable shorewall-init.service; then
+	    if [ -n "$SYSTEMD" ]; then
+		if systemctl enable shorewall-init; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
-	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
-		if insserv ${INITDIR}/shorewall-init ; then
+	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+		if insserv /etc/init.d/shorewall-init ; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
-	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
+	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
 		if chkconfig --add shorewall-init ; then
 		    echo "Shorewall Init will start automatically in run levels as follows:"
 		    chkconfig --list shorewall-init
 		else
 		    cant_autostart
 		fi
-	    elif [ -x ${SBINDIR}/rc-update ]; then
+	    elif [ -x /sbin/rc-update ]; then
 		if rc-update add shorewall-init default; then
 		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
-	    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-		/etc/init.d/shorewall-inir enable
-		if /etc/init.d/shorewall-init enabled; then
-		    echo "Shorrewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    else
+	    elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
 		cant_autostart
 	    fi
+
 	fi
    fi
 else
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
-	if [ $HOST = debian ]; then
+    if [ -n "$first_install" ]; then
+	if [ -n "$DEBIAN" ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi

-	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
+	    ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
 	    echo "Shorewall Init will start automatically at boot"
 	fi
    fi
 fi

-[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
-
-if [ -d ${DESTDIR}/etc/ppp ]; then
-    case $HOST in
-	debian|suse)
-	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
-	    done
-	    ;;
-	redhat)
-	    #
-	    # Must use the dreaded ip_xxx.local file
-	    #
-	    for file in ip-up.local ip-down.local; do
-		FILE=${DESTDIR}/etc/ppp/$file
-		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
-		    else
-			echo "$FILE already exists -- ppp devices will not be handled"
-			break
-		    fi
+if [ -f ${DESTDIR}/etc/ppp ]; then
+    if [ -n "$DEBIAN" ] -o -n "$SUSE" ]; then
+	for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
+	    mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
+	    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
+	done
+    elif [ -n "$REDHAT" ]; then
+	#
+	# Must use the dreaded ip_xxx.local file
+	#
+	for file in ip-up.local ip-down.local; do
+	    FILE=${DESTDIR}/etc/ppp/$file
+	    if [ -f $FILE ]; then
+		if fgrep -q Shorewall-based $FILE ; then
+		    cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
 		else
-		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
+		    echo "$FILE already exists -- ppp devices will not be handled"
+		    break
 		fi
-	    done
-	    ;;
-    esac
+	    else
+		cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
+	    fi
+	done
+    fi
 fi
+
 #
 #  Report Success
 #
--- a/Shorewall-init/logrotate
+++ b/Shorewall-init/logrotate
@@ -1,5 +0,0 @@
-/var/log/shorewall-ifupdown.log {
-  missingok
-  notifempty
-  create 0600 root root
-}
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,124 +1,92 @@
-#!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#! /bin/bash
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#	On most distributions, this file should be called
-#	/etc/init.d/shorewall.
+#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	This program is part of Shorewall.
+#       Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by
-#	the Free Software Foundation, either version 2 of the license or,
-#	at your option, any later version.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-###############################################################################
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
-    else
-	return 0
-    fi
-}
-
-#
-# This is modified by the installer when ${SHAREDIR} <> /usr/share
-#
-. /usr/share/shorewall/shorewallrc
+#########################################################################################
+if [ "$(id -u)" != "0" ]
+then
+  echo "You must be root to start, stop or restart \"Shorewall \"."
+  exit 1
+fi

 # check if shorewall-init is configured or not
-if [ -f "$SYSCONFDIR/shorewall-init" ]; then
-    . $SYSCONFDIR/shorewall-init
+if [ -f "/etc/sysconfig/shorewall-init" ]; then
+    . /etc/sysconfig/shorewall-init
    if [ -z "$PRODUCTS" ]; then
-	echo "ERROR: No products configured" >&2
+        echo "ERROR: No products configured" >&2
 	exit 1
    fi
 else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
+    echo "ERROR: /etc/sysconfig/shorewall-init not found" >&2
    exit 1
 fi

 # Initialize the firewall
 shorewall_start () {
-    local PRODUCT
-    local STATEDIR
+  local PRODUCT
+  local VARDIR

-    echo -n "Initializing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		#
-		# Run in a sub-shell to avoid name collisions
-		#
-		(
-		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-			${STATEDIR}/firewall ${OPTIONS} stop
-		    fi
-		)
-	    fi
-	fi
-    done
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
+	      ${VARDIR}/firewall stop || exit 1
+	  fi
+      fi
+  done

-    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-	ipset -R < "$SAVE_IPSETS"
-    fi
-
-    return 0
+  return 0
 }

 # Clear the firewall
 shorewall_stop () {
-    local PRODUCT
-    local STATEDIR
+  local PRODUCT
+  local VARDIR

-    echo -n "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear
-	    fi
-	fi
-    done
+  echo -n "Clearing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      VARDIR=/var/lib/$PRODUCT
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
+      if [ -x ${VARDIR}/firewall ]; then
+	  ${VARDIR}/firewall clear || exit 1
+      fi
+  done

-    if [ -n "$SAVE_IPSETS" ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-	fi
-    fi
-
-    return 0
+  return 0
 }

 case "$1" in
-    start)
-	shorewall_start
-	;;
-    stop)
-	shorewall_stop
-	;;
-    *)
-	echo "Usage: $0 {start|stop}"
-	exit 1
+  start)
+     shorewall_start
+     ;;
+  stop)
+     shorewall_stop
+     ;;
+  *)
+     echo "Usage: $0 {start|stop}"
+     exit 1
 esac

 exit 0
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -1,20 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
-Description=Shorewall firewall (bootup security)
-Before=network-pre.target
-Wants=network-pre.target
+Description=Shorewall IPv4 firewall
+After=syslog.target
+Before=network.target

 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
+ExecStart=/sbin/shorewall-init $OPTIONS start
+ExecStop=/sbin/shorewall-init $OPTIONS stop

 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-init/shorewall-init.service.debian
+++ b/Shorewall-init/shorewall-init.service.debian
@@ -1,20 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
-#
-[Unit]
-Description=Shorewall firewall (bootup security)
-Before=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/default/shorewall-init
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
-
-[Install]
-WantedBy=basic.target
--- a/Shorewall-init/sysconfig
+++ b/Shorewall-init/sysconfig
@@ -16,11 +16,3 @@ IFUPDOWN=0
 # during 'start' and will save them there during 'stop'.
 #
 SAVE_IPSETS=""
-#
-# Where Up/Down events get logged
-#
-LOGFILE=/var/log/shorewall-ifupdown.log
-
-# Startup options - set verbosity to 0 (minimal reporting)
-OPTIONS="-V0"
-
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -1,25 +1,25 @@
-#!/bin/sh
+\#!/bin/sh
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
@@ -27,48 +27,19 @@
 #       shown below. Simply run this script to remove Shorewall Firewall

 VERSION=xxx  #The Build script inserts the actual version
-PRODUCT=shorewall-init
-Product="Shorewall Init"

 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <shorewallrc file> ]"
+    echo "usage: $ME"
    exit $1
 }

-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 qt()
 {
    "$@" >/dev/null 2>&1
 }

-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    set -- $1
-    echo $*
-    IFS=$ifs
-}
-
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    return 0
-	fi
-    done
-
-    return 2
-}
-
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
@@ -77,78 +48,8 @@ remove_file() # $1 = file to restore
    fi
 }

-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-finished=0
-configure=1
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file || exit 1
-else
-    usage 1
-fi
-
-if [ -f ${SHAREDIR}/shorewall-init/version ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
+if [ -f /usr/share/shorewall-init/version ]; then
+    INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -159,78 +60,57 @@ else
    VERSION=""
 fi

-[ -n "${LIBEXEC:=${SHAREDIR}}" ]
+[ -n "${LIBEXEC:=/usr/share}" ]

 echo "Uninstalling Shorewall Init $VERSION"

-[ -n "$SANDBOX" ] && configure=0
+INITSCRIPT=/etc/init.d/shorewall-init

-INITSCRIPT=${CONFDIR}/init.d/shorewall-init
-
-if [ -f "$INITSCRIPT" ]; then
-    if [ $configure -eq 1 ]; then
-	if [ $HOST = openwrt ]; then
-	    if /etc/init.d/shorewall-init enabled; then
-		/etc/init.d/shorewall-init disable
-	    fi
-	elif mywhich updaterc.d ; then
-	    updaterc.d shorewall-init remove
-	elif mywhich insserv ; then
-            insserv -r $INITSCRIPT
-	elif mywhich chkconfig ; then
-	    chkconfig --del $(basename $INITSCRIPT)
-	fi
+if [ -n "$INITSCRIPT" ]; then
+    if [ -x /usr/sbin/updaterc.d ]; then
+	updaterc.d shorewall-init remove
+    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+        insserv -r $INITSCRIPT
+    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+	chkconfig --del $(basename $INITSCRIPT)
+    elif [ -x /sbin/systemctl ]; then
+	systemctl disable shorewall-init
+    else
+	rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
    fi

    remove_file $INITSCRIPT
 fi

-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
+[ "$(readlink -m -q /sbin/ifup-local)"   = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local
+[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local

-if [ -n "$SERVICEDIR" ]; then
-    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
-    rm -f $SERVICEDIR/shorewall-init.service
-fi
+remove_file /etc/default/shorewall-init
+remove_file /etc/sysconfig/shorewall-init

-if [ $HOST = openwrt ]; then
-    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
-else
-    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
-fi
+remove_file /etc/NetworkManager/dispatcher.d/01-shorewall

-remove_file ${CONFDIR}/default/shorewall-init
-remove_file ${CONFDIR}/sysconfig/shorewall-init
+remove_file /etc/network/if-up.d/shorewall
+remove_file /etc/network/if-down.d/shorewall

-remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
+remove_file /etc/sysconfig/network/if-up.d/shorewall
+remove_file /etc/sysconfig/network/if-down.d/shorewall
+remove_file /lib/systemd/system/shorewall.service

-remove_file ${CONFDIR}/network/if-up.d/shorewall
-remove_file ${CONFDIR}/network/if-down.d/shorewall
-remove_file ${CONFDIR}/network/if-post-down.d/shorewall
-
-remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
-remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
-
-if [ -d ${CONFDIR}/ppp ]; then
+if [ -d /etc/ppp ]; then
    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-	remove_file ${CONFDIR}/ppp/$directory/shorewall
+	remove_file /etc/ppp/$directory/shorewall
    done

    for file in if-up.local if-down.local; do
-	if [ -f ${CONFDIR}/ppp/$file ]; then
-	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
-		remove_file ${CONFDIR}/ppp/$FILE
-	    fi
+	if fgrep -q Shorewall-based /etc/ppp/$FILE; then
+	    remove_file /etc/ppp/$FILE
 	fi
    done
 fi

-rm -f  ${SBINDIR}/shorewall-init
-rm -rf ${SHAREDIR}/shorewall-init
-rm -rf ${LIBEXECDIR}/shorewall-init
+rm -rf /usr/share/shorewall-init
+rm -rf ${LIBEXEC}/shorewall-init

 echo "Shorewall Init Uninstalled"

--- a/Shorewall-lite/Makefile
+++ b/Shorewall-lite/Makefile
@@ -3,16 +3,16 @@ VARDIR=$(shell /sbin/shorewall-lite show vardir)
 SHAREDIR=/usr/share/shorewall-lite
 RESTOREFILE?=.restore

-all: $(VARDIR)/$(RESTOREFILE)
+all: $(VARDIR)/${RESTOREFILE}

-$(VARDIR)/$(RESTOREFILE): $(VARDIR)/firewall
+$(VARDIR)/${RESTOREFILE}: $(VARDIR)/firewall
 	@/sbin/shorewall-lite -q save >/dev/null; \
 	if \
 	    /sbin/shorewall-lite -q restart >/dev/null 2>&1; \
 	then \
 	    /sbin/shorewall-lite -q save >/dev/null; \
 	else \
-	    /sbin/shorewall-lite -q restart 2>&1 | tail >&2; exit 1; \
+	    /sbin/shorewall-lite -q restart 2>&1 | tail >&2; \
 	fi

 # EOF
--- a/Shorewall-lite/configpath
+++ b/Shorewall-lite/configpath
@@ -1,7 +1,7 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #

-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite
--- a/Shorewall-lite/init.archlinux.sh
+++ b/Shorewall-lite/init.archlinux.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+OPTIONS="-f"
+
+if [ -f /etc/sysconfig/shorewall ] ; then
+	. /etc/sysconfig/shorewall
+elif [ -f /etc/default/shorewall ] ; then
+	. /etc/default/shorewall
+fi
+
+# if you want to override options, do so in /etc/sysconfig/shorewall or
+# in /etc/default/shorewall --
+# i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
+
+case "$1" in
+	start)
+		stat_busy "Starting $DAEMON_NAME"
+		/sbin/shorewall-lite $OPTIONS start &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			add_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+
+	stop)
+		stat_busy "Stopping $DAEMON_NAME"
+		/sbin/shorewall-lite stop &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			rm_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+	restart|reload)
+		stat_busy "Restarting $DAEMON_NAME"
+		/sbin/shorewall-lite restart &>/dev/null
+		if [ $? -gt 0  ]; then
+			stat_fail
+		else
+			stat_done
+		fi
+		;;
+
+	*)
+		echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
+
--- a/Shorewall-lite/init.debian.sh
+++ b/Shorewall-lite/init.debian.sh
@@ -11,7 +11,7 @@
 #                    /etc/shorewall-lite
 ### END INIT INFO

-. /lib/lsb/init-functions
+

 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
@@ -23,7 +23,7 @@ export SHOREWALL_INIT_SCRIPT
 test -x $SRWL || exit 0
 test -x $WAIT_FOR_IFUP || exit 0
 test -n "$INITLOG" || {
-	echo "INITLOG cannot be empty, please configure $0" ;
+	echo "INITLOG cannot be empty, please configure $0" ; 
 	exit 1;
 }

@@ -35,9 +35,9 @@ fi

 echo_notdone () {

-  if [ "$INITLOG" = "/dev/null" ] ; then
+  if [ "$INITLOG" = "/dev/null" ] ; then 
 	  echo "not done."
-  else
+  else 
 	  echo "not done (check $INITLOG)."
  fi

@@ -57,23 +57,17 @@ not_configured () {
 	exit 0
 }

-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
-
-if [ -f "$CONFDIR/shorewall-lite/params" ]
+if [ -f "/etc/shorewall-lite/params" ]
 then
-	. $CONFDIR/shorewall-lite/params
+	. /etc/shorewall-lite/params
 fi

 # check if shorewall is configured or not
-if [ -f "$SYSCONFDIR/shorewall-lite" ]
+if [ -f "/etc/default/shorewall-lite" ]
 then
-	. $SYSCONFDIR/shorewall-lite
+	. /etc/default/shorewall-lite
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
--- a/Shorewall-lite/init.fedora.sh
+++ b/Shorewall-lite/init.fedora.sh
@@ -20,31 +20,26 @@
 # Source function library.
 . /etc/rc.d/init.d/functions

-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
 prog="shorewall-lite"
-shorewall="${SBINDIR}/$prog"
+shorewall="/sbin/$prog"
 logger="logger -i -t $prog"
 lockfile="/var/lock/subsys/$prog"

 # Get startup options (override default)
 OPTIONS=

-if [ -f ${SYSCONFDIR}/$prog ]; then
-    . ${SYSCONFDIR}/$prog
+if [ -f /etc/sysconfig/$prog ]; then
+    . /etc/sysconfig/$prog
 fi

 start() {
    echo -n $"Starting Shorewall: "
-    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS start 2>&1 | $logger
    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
+    if [[ $retval == 0 ]]; then 
 	touch $lockfile
 	success
-    else
+    else 
 	failure
    fi
    echo
@@ -55,10 +50,10 @@ stop() {
    echo -n $"Stopping Shorewall: "
    $shorewall $OPTIONS stop 2>&1 | $logger
    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
+    if [[ $retval == 0 ]]; then 
 	rm -f $lockfile
 	success
-    else
+    else 
 	failure
    fi
    echo
@@ -69,9 +64,9 @@ restart() {
 # Note that we don't simply stop and start since shorewall has a built in
 # restart which stops the firewall if running and then starts it.
    echo -n $"Restarting Shorewall: "
-    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
+    $shorewall $OPTIONS restart 2>&1 | $logger
    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
+    if [[ $retval == 0 ]]; then 
 	touch $lockfile
 	success
    else # Failed to start, clean up lock file if present
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -1,94 +0,0 @@
-#!/bin/sh /etc/rc.common
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
-#     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
-#
-#	On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#	If an error occurs while starting or restarting the firewall, the
-#	firewall is automatically stopped.
-#
-#	Commands are:
-#
-#	   shorewall-lite start			  Starts the firewall
-#	   shorewall-lite restart		  Restarts the firewall
-#	   shorewall-lite reload		  Reload the firewall
-#	   shorewall-lite stop			  Stops the firewall
-#	   shorewall-lite status		  Displays firewall status
-#
-
-# description: Packet filtering firewall
-
-# Openwrt related
-# Start and stop runlevel variable
-START=50
-STOP=89
-# Displays the status command
-EXTRA_COMMANDS="status"
-EXTRA_HELP=" status Displays firewall status"
-
-################################################################################
-# Get startup options (override default)
-################################################################################
-OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
-fi
-
-SHOREWALL_INIT_SCRIPT=1
-
-################################################################################
-# E X E C U T I O N    B E G I N S   H E R E				       #
-################################################################################
-# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
-command="$action"
-
-start() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STARTOPTIONS
-}
-
-boot() {
-	local command="start"
-	start
-}
-
-restart() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RESTARTOPTIONS
-}
-
-reload() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RELOADOPTION
-}
-
-stop() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STOPOPTIONS
-}
-
-status() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
-}
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -1,20 +1,19 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
@@ -61,14 +61,10 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
+if [ -f /etc/sysconfig/shorewall ]; then
+    . /etc/sysconfig/shorewall
+elif [ -f /etc/default/shorewall ] ; then
+    . /etc/default/shorewall
 fi

 SHOREWALL_INIT_SCRIPT=1
@@ -80,13 +76,13 @@ command="$1"

 case "$command" in
    start)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
+	exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 	;;
    restart|reload)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+	exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
 	;;
    status|stop)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
+	exec /sbin/shorewall-lite $OPTIONS $command $@
 	;;
    *)
 	usage
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -1,92 +0,0 @@
-#!/bin/sh
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#	On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#	If an error occurs while starting or restarting the firewall, the
-#	firewall is automatically stopped.
-#
-#	Commands are:
-#
-#	   shorewall start			  Starts the firewall
-#	   shorewall restart			  Restarts the firewall
-#	   shorewall reload			  Reload the firewall
-#						  (same as restart)
-#	   shorewall stop			  Stops the firewall
-#	   shorewall status			  Displays firewall status
-#
-
-
-### BEGIN INIT INFO
-# Provides:	  shorewall-lite
-# Required-Start: $network $remote_fs
-# Required-Stop:  
-# Default-Start:  2 3 5
-# Default-Stop:	  0 1 6
-# Description:	  starts and stops the shorewall firewall
-# Short-Description: Packet filtering firewall
-### END INIT INFO
-
-################################################################################
-# Give Usage Information						       #
-################################################################################
-usage() {
-    echo "Usage: $0 start|stop|reload|restart|status"
-    exit 1
-}
-
-################################################################################
-# Get startup options (override default)
-################################################################################
-OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
-fi
-
-SHOREWALL_INIT_SCRIPT=1
-
-################################################################################
-# E X E C U T I O N    B E G I N S   H E R E				       #
-################################################################################
-command="$1"
-
-case "$command" in
-    start)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
-	;;
-    restart|reload)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
-	;;
-    status|stop)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
-	;;
-    *)
-	usage
-	;;
-esac
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

 VERSION=xxx #The Build script inserts the actual version
@@ -27,19 +27,12 @@ VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ]"
+    echo "usage: $ME"
    echo "       $ME -v"
    echo "       $ME -h"
-    echo "       $ME -n"
    exit $1
 }

-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 split() {
    local ifs
    ifs=$IFS
@@ -67,6 +60,15 @@ mywhich() {
    return 2
 }

+run_install()
+{
+    if ! install $*; then
+	echo
+	echo "ERROR: Failed to install $*" >&2
+	exit 1
+    fi
+}
+
 cant_autostart()
 {
    echo
@@ -80,33 +82,7 @@ delete_file() # $1 = file to delete

 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
-	fi
-    fi
-
-    echo "ERROR: Failed to install $2" >&2
-    exit 1
-}
-
-make_directory() # $1 = directory , $2 = mode
-{
-    mkdir -p $1
-    chmod 755 $1
-    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
-
-}
-
-require()
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
+    run_install $T $OWNERSHIP -m $3 $1 ${2}
 }

 #
@@ -122,249 +98,137 @@ else
    Product="Shorewall6 Lite"
 fi

+[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
+
 #
 # Parse the run line
 #
-finished=0
-configure=1
-
-while [ $finished -eq 0 ] ; do
-
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-
+# DEST is the SysVInit script directory
+# INIT is the name of the script in the $DEST directory
 #
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc || exit 1
-	file=./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
+if [ -z "$DEST" ] ; then
+	DEST="/etc/init.d"
 fi

-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
+if [ -z "$INIT" ] ; then
+	INIT="$PRODUCT"
 fi

-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
+while [ $# -gt 0 ] ; do
+    case "$1" in
+	-h|help|?)
+	    usage 0
+	    ;;
+        -v)
+	    echo "$Product Firewall Installer Version $VERSION"
+	    exit 0
+	    ;;
+	*)
+	    usage 1
+	    ;;
+    esac
+    shift
 done

-[ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

-PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
+[ -n "${LIBEXEC:=/usr/share}" ]

-[ -n "$SANDBOX" ] && configure=0
+case "$LIBEXEC" in
+    /*)
+	;;
+    *)
+	LIBEXEC=/usr/${LIBEXEC}
+	;;
+esac

 #
 # Determine where to install the firewall script
 #
-cygwin=
+CYGWIN=
+INSTALLD='-D'
+T='-T'

-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*|CYGWIN*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
+case $(uname) in
+    CYGWIN*)
+	if [ -z "$DESTDIR" ]; then
+	    DEST=
+	    INIT=
+	fi

-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f ${CONFDIR}/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f ${CONFDIR}/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f ${CONFDIR}/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f ${CONFDIR}/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f ${CONFDIR}/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ]; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    cygwin*|CYGWIN*)
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
-    apple)
+    Darwin)
+	INSTALLD=
+	T=
+	;;	   
+    *)
 	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
+	[ -z "$GROUP" ] && GROUP=root
 	;;
 esac

-[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
-
-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    cygwin)
-	echo "$PRODUCT is not supported on Cygwin" >&2
-	exit 1
-	;;
-    apple)
-	echo "$PRODUCT is not supported on OS X" >&2
-	exit 1
-	;;
-    debian)
-	echo "Installing Debian-specific configuration..."
-	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
-    redhat)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    slackware)
-	echo "Installing Slackware-specific configuration..."
-	;;
-    archlinux)
-	echo "Installing ArchLinux-specific configuration..."
-	;;
-    suse)
-	echo "Installing Suse-specific configuration..."
-	;;
-    openwrt)
-	echo "Installing OpenWRT-specific configuration..."
-	;;
-    linux)
-	;;
-    *)
-	echo "ERROR: Unknown HOST \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
+OWNERSHIP="-o $OWNER -g $GROUP"

 if [ -n "$DESTDIR" ]; then
    if [ `id -u` != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
 	OWNERSHIP=""
    fi
+    
+    install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
+    install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
+elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
+    DEBIAN=yes
+elif [ -f /etc/redhat-release ]; then
+    FEDORA=yes
+elif [ -f /etc/slackware-version ] ; then
+    DEST="/etc/rc.d"
+    INIT="rc.firewall"
+elif [ -f /etc/arch-release ] ; then
+      DEST="/etc/rc.d"
+      INIT="$PRODUCT"
+      ARCHLINUX=yes
+fi

-    make_directory ${DESTDIR}${SBINDIR} 755
-    make_directory ${DESTDIR}${INITDIR} 755
-
-else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+if [ -z "$DESTDIR" ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi
+
+    if [ -f /lib/systemd/system ]; then
+	SYSTEMD=Yes
+    fi
+elif [ -n "$SYSTEMD" ]; then
+    mkdir -p ${DESTDIR}/lib/systemd/system
 fi

 echo "Installing $Product Version $VERSION"

 #
-# Check for ${CONFDIR}/$PRODUCT
+# Check for /etc/$PRODUCT
 #
-if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
+if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then
+    if [ ! -f /usr/share/shorewall/coreversion ]; then
 	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
 	exit 1
    fi

-    [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
-	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+    [ -f /etc/$PRODUCT/shorewall.conf ] && \
+	mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf
 else
-    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${SHAREDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${VARDIR}
-    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
+    rm -rf ${DESTDIR}/etc/$PRODUCT
+    rm -rf ${DESTDIR}/usr/share/$PRODUCT
+    rm -rf ${DESTDIR}/var/lib/$PRODUCT
+    [ "$LIBEXEC" = /usr/share ] || rm -rf /usr/share/$PRODUCT/wait4ifup /usr/share/$PRODUCT/shorecap
 fi

 #
-# Check for ${SBINDIR}/$PRODUCT
+# Check for /sbin/$PRODUCT
 #
-if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
+if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
    first_install=""
 else
    first_install="Yes"
@@ -372,123 +236,113 @@ fi

 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules

-install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
-[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
+install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544

-echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
+echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"

 #
-# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
+# Install the Firewall Script
 #
-mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${VARDIR}
+if [ -n "$DEBIAN" ]; then
+    install_file init.debian.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$FEDORA" ]; then
+    install_file init.fedora.sh ${DESTDIR}/etc/init.d/$PRODUCT 0544
+elif [ -n "$ARCHLINUX" ]; then
+    install_file init.archlinux.sh ${DESTDIR}/${DEST}/$INIT 0544
+else
+    install_file init.sh ${DESTDIR}/${DEST}/$INIT 0544
+fi

-chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
-chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
+echo  "$Product script installed in ${DESTDIR}${DEST}/$INIT"
+
+#
+# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
+#
+mkdir -p ${DESTDIR}/etc/$PRODUCT
+mkdir -p ${DESTDIR}/usr/share/$PRODUCT
+mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
+mkdir -p ${DESTDIR}/var/lib/$PRODUCT
+
+chmod 755 ${DESTDIR}/etc/$PRODUCT
+chmod 755 ${DESTDIR}/usr/share/$PRODUCT

 if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
-    mkdir -p ${DESTDIR}${INITDIR}
-    chmod 755 ${DESTDIR}${INITDIR}
+    mkdir -p ${DESTDIR}/etc/logrotate.d
+    chmod 755 ${DESTDIR}/etc/logrotate.d
 fi

-if [ -n "$INITFILE" ]; then
-    if [ -f "${INITSOURCE}" ]; then
-	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
-	install_file ${INITSOURCE} "$initfile" 0544
-
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
-
-	echo  "SysV init script $INITSOURCE installed in $initfile"
-    fi
-fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
+if [ -n "$SYSTEMD" ]; then
+    run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
+    echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
 fi

-if [ -n "$SERVICEDIR" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
-fi
 #
 # Install the config file
 #
-if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
-   install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
-   echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
+if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
+   install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744
+   echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
 fi

-if [ $HOST = archlinux ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
-elif [ $HOST = gentoo ]; then
-    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
-    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+if [ -n "$ARCHLINUX" ] ; then
+   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
 fi

 #
 # Install the  Makefile
 #
-install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
-[ $SBINDIR = /sbin ]       || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\'       ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
-echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
+run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
+echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"

 #
 # Install the default config path file
 #
-install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
-echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
+install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
+echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"

 #
 # Install the libraries
 #
 for f in lib.* ; do
    if [ -f $f ]; then
-	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+	install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
+	echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
    fi
 done

-ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
+ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions

-echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
+echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions"

 #
 # Install Shorecap
 #

-install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
+install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755

 echo
-echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
+echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap"

 #
 # Install the Modules files
 #

 if [ -f modules ]; then
-    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
-    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
+    run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT
+    echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
 fi

 if [ -f helpers ]; then
-    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
-    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
+    run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT
+    echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
 fi

 for f in modules.*; do
-    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
-    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
+    echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
 done

 #
@@ -498,18 +352,18 @@ done
 if [ -d manpages ]; then
    cd manpages

-    mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/

    for f in *.5; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz
+	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz"
    done

    for f in *.8; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
+	run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz
+	echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz"
    done

    cd ..
@@ -517,101 +371,73 @@ if [ -d manpages ]; then
    echo "Man Pages Installed"
 fi

-if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
-    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
+if [ -d ${DESTDIR}/etc/logrotate.d ]; then
+    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
+    echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
 fi

 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
-chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
+chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #

-if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
-    rm -f ${SHAREDIR}/$PRODUCT/init
-    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
+if [ -z "$DESTDIR" ]; then
+    rm -f /usr/share/$PRODUCT/init
+    ln -s ${DEST}/${INIT} /usr/share/$PRODUCT/init
 fi

-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
+delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common
+delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli
+delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup

-#
-# Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
-#
-if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-    if [ ${DESTDIR} ]; then
-	mkdir -p ${DESTDIR}${SYSCONFDIR}
-	chmod 755 ${DESTDIR}${SYSCONFDIR}
-    fi
+if [ -z "$DESTDIR" ]; then
+    touch /var/log/$PRODUCT-init.log

-    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
-    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-fi
+    if [ -n "$first_install" ]; then
+	if [ -n "$DEBIAN" ]; then
+	    run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT

-if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
-fi
+	    update-rc.d $PRODUCT defaults
+
+	    if [ -x /sbin/insserv ]; then
+		insserv /etc/init.d/$PRODUCT
+	    else
+		ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
+	    fi

-if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
-	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
-	fi
-    elif mywhich insserv; then
-	if insserv ${INITDIR}/${INITFILE} ; then
-	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+	else
+	    if [ -n "$SYSTEMD" ]; then
+		if systemctl enable $PRODUCT; then
+		    echo "$Product will start automatically at boot"
+		fi
+	    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+		if insserv /etc/init.d/$PRODUCT ; then
+		    echo "$Product will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+		if chkconfig --add $PRODUCT ; then
+		    echo "$Product will start automatically in run levels as follows:"
+		    chkconfig --list $PRODUCT
+		else
+		    cant_autostart
+		fi
+	    elif [ -x /sbin/rc-update ]; then
+		if rc-update add $PRODUCT default; then
+		    echo "$Product will start automatically at boot"
+		else
+		    cant_autostart
+		fi
+	    elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
+		cant_autostart
 	    fi
-	else
-	    cant_autostart
 	fi
-    elif mywhich chkconfig; then
-	if chkconfig --add $PRODUCT ; then
-	    echo "$PRODUCT will start automatically in run levels as follows:"
-	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
-	    chkconfig --list $PRODUCT
-	else
-	    cant_autostart
-	fi
-    elif mywhich update-rc.d ; then
-	echo "$PRODUCT will start automatically at boot"
-	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	update-rc.d $PRODUCT enable
-    elif mywhich rc-update ; then
-	if rc-update add $PRODUCT default; then
-	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
-	    fi
-	else
-	    cant_autostart
-	fi
-    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-	/etc/init.d/$PRODUCT enable
-	if /etc/init.d/$PRODUCT enabled; then
-            echo "$PRODUCT will start automatically at boot"
-	else
-            cant_autostart
-	fi
-    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
-	cant_autostart
    fi
 fi

--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,16 +1,15 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	This program is free software; you can redisribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,16 +17,18 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.

 g_program=shorewall-lite
 g_family=4
-#
-# This may be altered by the installer
-#
 g_basedir=/usr/share/shorewall

-. ${g_basedir}/lib.base
+[ -n "${VARDIR:=/var/lib/$g_program}" ]
+[ -n "${SHAREDIR:=/usr/share/$g_program}" ]
+[ -n "${CONFDIR:=/etc/$g_program}" ]
+
+. /usr/share/shorewall/lib.base

--- a/Shorewall-lite/manpages/shorewall-lite-vardir.xml
+++ b/Shorewall-lite/manpages/shorewall-lite-vardir.xml
@@ -1,13 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
 <refentry>
  <refmeta>
    <refentrytitle>shorewall-lite-vardir</refentrytitle>

    <manvolnum>5</manvolnum>
-
-    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -38,28 +34,6 @@
    directory. If you add this file, you should copy the files from
    <filename>/var/lib/shorewall-lite</filename> to the new directory before
    performing a <command>shorewall-lite restart</command>.</para>
-
-    <note>
-      <para>Beginning with Shorewall 4.5.2, use of this file is deprecated in
-      favor of specifying VARDIR in the <filename>shorewallrc</filename> file
-      used during installation of Shorewall Core. While the name of the
-      variable remains VARDIR, the meaning is slightly different. When set in
-      shorewallrc, Shorewall Lite, will create a directory under the specified
-      path name to hold state information.</para>
-
-      <para>Example:</para>
-
-      <blockquote>
-        <para>VARDIR=<filename><filename>/opt/var/lib/</filename></filename></para>
-
-        <para>The state directory for Shorewall Lite will be
-        /opt/var/lib/shorewall-lite/.</para>
-      </blockquote>
-
-      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
-      will save its state in the <replaceable>directory</replaceable>
-      specified.</para>
-    </note>
  </refsect1>

  <refsect1>
@@ -87,4 +61,4 @@
    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
    shorewall-zones(5)</para>
  </refsect1>
-</refentry>
+</refentry>
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite.conf</refentrytitle>

    <manvolnum>5</manvolnum>
-
-    <refmiscinfo>Configuration Files</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -143,7 +141,7 @@
          stops. Creating and removing this file allows Shorewall to work with
          your distribution's initscripts. For RedHat, this should be set to
          /var/lock/subsys/shorewall. For Debian, the value is
-          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+          /var/state/shorewall and in LEAF it is /var/run/shorwall.</para>
        </listitem>
      </varlistentry>

--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -6,8 +6,6 @@
    <refentrytitle>shorewall-lite</refentrytitle>

    <manvolnum>8</manvolnum>
-
-    <refmiscinfo>Administrative Commands</refmiscinfo>
  </refmeta>

  <refnamediv>
@@ -47,19 +45,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>

-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>allow</option></arg>
-
-      <arg choice="plain"><replaceable>address</replaceable></arg>
-    </cmdsynopsis>
-
    <cmdsynopsis>
      <command>shorewall-lite</command>

@@ -72,21 +57,6 @@
      choice="plain"><option>clear</option><arg><option>-f</option></arg></arg>
    </cmdsynopsis>

-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>close</option><arg choice="req">
-      <replaceable>open-number</replaceable> |
-      <replaceable>source</replaceable><replaceable>dest</replaceable><arg><replaceable>protocol</replaceable><arg>
-      <replaceable>port</replaceable> </arg></arg></arg><replaceable>
-      </replaceable></arg>
-    </cmdsynopsis>
-
    <cmdsynopsis>
      <command>shorewall-lite</command>

@@ -144,8 +114,6 @@
      <arg><option>-l</option></arg>

      <arg><option>-m</option></arg>
-
-      <arg><option>-c</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -293,29 +261,6 @@
      expression</replaceable></arg>
    </cmdsynopsis>

-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="plain"><option>open</option><replaceable>
-      source</replaceable><replaceable> dest</replaceable><arg>
-      <replaceable>protocol</replaceable><arg> <replaceable>port</replaceable>
-      </arg> </arg></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>reenable</option></arg>
-
-      <arg choice="plain">{ <replaceable>interface</replaceable> |
-      <replaceable>provider</replaceable> }</arg>
-    </cmdsynopsis>
-
    <cmdsynopsis>
      <command>shorewall-lite</command>

@@ -329,21 +274,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>

-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>reload</option></arg>
-
-      <arg><option>-n</option></arg>
-
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
-    </cmdsynopsis>
-
    <cmdsynopsis>
      <command>shorewall-lite</command>

@@ -367,7 +297,9 @@

      <arg><option>-n</option></arg>

-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
+      <arg><option>-p</option></arg>
+
+      <arg><replaceable>directory</replaceable></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -380,8 +312,6 @@

      <arg choice="plain"><option>restore</option></arg>

-      <arg><option>-C</option></arg>
-
      <arg><replaceable>filename</replaceable></arg>
    </cmdsynopsis>

@@ -393,38 +323,11 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="plain"><option>run</option></arg>
-
-      <arg choice="plain">function</arg>
-
-      <arg><replaceable>parameter ...</replaceable></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg
-      choice="plain"><option>save</option><arg><option>-C</option></arg></arg>
+      <arg choice="plain"><option>save</option></arg>

      <arg choice="opt"><replaceable>filename</replaceable></arg>
    </cmdsynopsis>

-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>savesets</option></arg>
-    </cmdsynopsis>
-
    <cmdsynopsis>
      <command>shorewall-lite</command>

@@ -432,9 +335,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
-
-      <arg><option>-b</option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-x</option></arg>

@@ -454,21 +355,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
-
-      <arg><option>-x</option></arg>
-
-      <arg choice="plain"><option>{bl|blacklists}</option></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-f</option></arg>

@@ -482,10 +369,10 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|zones|policies|marks</option></arg>
+      choice="req"><option>classifiers|connections|config|filters|ip|ipa|zones|policies|marks</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -495,38 +382,11 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
-
-      <arg choice="plain"><option>event</option><arg
-      choice="plain"><replaceable>event</replaceable></arg></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="req"><option>show | list | ls </option></arg>
-
-      <arg><option>-c</option></arg>
-
-      <arg choice="plain"><option>routing</option></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-x</option></arg>

-      <arg choice="req"><option>mangle|nat|raw|rawpost</option></arg>
+      <arg choice="req"><option>mangle|nat|routing|raw|rawpost</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -536,7 +396,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
@@ -548,7 +408,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="req"><option>show | list | ls </option></arg>
+      <arg choice="plain"><option>show</option></arg>

      <arg><option>-m</option></arg>

@@ -568,10 +428,6 @@
      <arg><option>-n</option></arg>

      <arg><option>-p</option></arg>
-
-      <arg><option>-f</option></arg>
-
-      <arg><option>-C</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -592,8 +448,7 @@

      <arg>-<replaceable>options</replaceable></arg>

-      <arg choice="plain"><arg
-      choice="plain"><option>status</option><arg><option>-i</option></arg></arg></arg>
+      <arg choice="plain"><option>status</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
@@ -624,9 +479,8 @@

    <para>The nolock <option>option</option> prevents the command from
    attempting to acquire the Shorewall-lite lockfile. It is useful if you
-    need to include <command>shorewall</command> commands in the
-    <filename>started</filename> <ulink
-    url="../shorewall_extension_scripts.html">extension script</ulink>.</para>
+    need to include <command>shorewall</command> commands in
+    <filename>/etc/shorewall/started</filename>.</para>

    <para>The <emphasis>options</emphasis> control the amount of output that
    the command produces. They consist of a sequence of the letters <emphasis
@@ -636,9 +490,9 @@
    url="shorewall.conf.html">shorewall.conf</ulink>(5). Each <emphasis
    role="bold">v</emphasis> adds one to the effective verbosity and each
    <emphasis role="bold">q</emphasis> subtracts one from the effective
-    VERBOSITY. Alternately, <emphasis role="bold">v</emphasis> may be followed
-    immediately with one of -1,0,1,2 to specify VERBOSITY. There may be no
-    white-space between <emphasis role="bold">v</emphasis> and the
+    VERBOSITY. Anternately, <emphasis role="bold">v</emphasis> may be followed
+    immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may
+    be no white space between <emphasis role="bold">v</emphasis> and the
    VERBOSITY.</para>

    <para>The <emphasis>options</emphasis> may also include the letter
@@ -653,10 +507,7 @@

    <variablelist>
      <varlistentry>
-        <term><emphasis role="bold">add </emphasis>{
-        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
-        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
-        <replaceable>host-list</replaceable> }</term>
+        <term><emphasis role="bold">add</emphasis></term>

        <listitem>
          <para>Adds a list of hosts or subnets to a dynamic zone usually used
@@ -681,8 +532,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">allow
-        </emphasis><replaceable>address</replaceable></term>
+        <term><emphasis role="bold">allow</emphasis></term>

        <listitem>
          <para>Re-enables receipt of packets from hosts previously
@@ -694,25 +544,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">call <replaceable>function</replaceable> [
-        <replaceable>parameter</replaceable> ... ]</emphasis></term>
-
-        <listitem>
-          <para>Added in Shorewall 4.6.10. Allows you to call a function in
-          one of the Shorewall libraries or in your compiled script. function
-          must name the shell function to be called. The listed parameters are
-          passed to the function.</para>
-
-          <para>The function is first searched for in
-          <filename>lib.base</filename>, <filename>lib.common</filename> and
-          <filename>lib.cli</filename>. If it is not found, the call command
-          is passed to the generated script to be executed.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">clear
-        </emphasis>[-<option>f</option>]</term>
+        <term><emphasis role="bold">clear</emphasis></term>

        <listitem>
          <para>Clear will remove all rules and chains installed by
@@ -723,38 +555,13 @@
          <para>If <option>-f</option> is given, the command will be processed
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
-          role="bold">reload</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">close</emphasis> {
-        <replaceable>open-number</replaceable> |
-        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
-        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
-        ] ] }</term>
-
-        <listitem>
-          <para>Added in Shorewall 4.5.8. This command closes a temporary open
-          created by the <command>open</command> command. In the first form,
-          an <replaceable>open-number</replaceable> specifies the open to be
-          closed. Open numbers are displayed in the <emphasis
-          role="bold">num</emphasis> column of the output of the
-          <command>shorewall-lite show opens </command>command.</para>
-
-          <para>When the second form of the command is used, the parameters
-          must match those given in the earlier <command>open</command>
-          command.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">delete </emphasis>{
-        <replaceable>interface</replaceable>[:<replaceable>host-list</replaceable>]...
-        <replaceable>zone</replaceable> | <replaceable>zone</replaceable>
-        <replaceable>host-list</replaceable> }</term>
+        <term><emphasis role="bold">delete</emphasis></term>

        <listitem>
          <para>The delete command reverses the effect of an earlier <emphasis
@@ -769,9 +576,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">disable </emphasis>{
-        <replaceable>interface</replaceable> |
-        <replaceable>provider</replaceable> }</term>
+        <term><emphasis role="bold">disable</emphasis></term>

        <listitem>
          <para>Added in Shorewall 4.4.26. Disables the optional provider
@@ -783,8 +588,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">drop
-        </emphasis><replaceable>address</replaceable></term>
+        <term><emphasis role="bold">drop</emphasis></term>

        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -793,9 +597,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">dump </emphasis>[-<option>x</option>]
-        [-<option>l</option>] [-<option>m</option>]
-        [-<option>c</option>]</term>
+        <term><emphasis role="bold">dump</emphasis></term>

        <listitem>
          <para>Produces a verbose report about the firewall configuration for
@@ -809,16 +611,11 @@

          <para>The <emphasis role="bold">-l</emphasis> option causes the rule
          number for each Netfilter rule to be displayed.</para>
-
-          <para>The <option>-c</option> option causes the route cache to be
-          dumped in addition to the other routing information.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">enable </emphasis>{
-        <replaceable>interface</replaceable> |
-        <replaceable>provider</replaceable> }</term>
+        <term><emphasis role="bold">enable</emphasis></term>

        <listitem>
          <para>Added in Shorewall 4.4.26. Enables the optional provider
@@ -830,11 +627,10 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">forget </emphasis>[
-        <replaceable>filename</replaceable> ]</term>
+        <term><emphasis role="bold">forget</emphasis></term>

        <listitem>
-          <para>Deletes /var/lib/shorewall-lite/<emphasis>filename</emphasis>
+          <para>Deletes /var/lib/shorewall-lite/<emphasis>filenam</emphasis>e
          and /var/lib/shorewall-lite/save. If no
          <emphasis>filename</emphasis> is given then the file specified by
          RESTOREFILE in <ulink
@@ -852,8 +648,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">hits </emphasis>
-        [-<option>t</option>]</term>
+        <term><emphasis role="bold">hits</emphasis></term>

        <listitem>
          <para>Generates several reports from Shorewall-lite log messages in
@@ -863,8 +658,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">ipcalc </emphasis>{ address mask |
-        address/vlsm }</term>
+        <term><emphasis role="bold">ipcalc</emphasis></term>

        <listitem>
          <para>Ipcalc displays the network address, broadcast address,
@@ -874,8 +668,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">iprange
-        </emphasis><replaceable>address1</replaceable>-<replaceable>address2</replaceable></term>
+        <term><emphasis role="bold">iprange</emphasis></term>

        <listitem>
          <para>Iprange decomposes the specified range of IP addresses into
@@ -884,8 +677,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">iptrace </emphasis><replaceable>iptables
-        match expression</replaceable></term>
+        <term><emphasis role="bold">iptrace</emphasis></term>

        <listitem>
          <para>This is a low-level debugging command that causes iptables
@@ -896,7 +688,7 @@
          and raw table PREROUTING chains.</para>

          <para>The trace records are written to the kernel's log buffer with
-          facility = kernel and priority = warning, and they are routed from
+          faciility = kernel and priority = warning, and they are routed from
          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
          Shorewall-lite has no control over where the messages go; consult
          your logging daemon's documentation.</para>
@@ -904,17 +696,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">list</emphasis></term>
-
-        <listitem>
-          <para><command>list</command> is a synonym for
-          <command>show</command> -- please see below.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">logdrop
-        </emphasis><replaceable>address</replaceable></term>
+        <term><emphasis role="bold">logdrop</emphasis></term>

        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -925,8 +707,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">logwatch </emphasis>[-<option>m</option>]
-        [<replaceable>refresh-interval</replaceable>]</term>
+        <term><emphasis role="bold">logwatch</emphasis></term>

        <listitem>
          <para>Monitors the log file specified by the LOGFILE option in
@@ -945,8 +726,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">logreject
-        </emphasis><replaceable>address</replaceable></term>
+        <term><emphasis role="bold">logreject</emphasis></term>

        <listitem>
          <para>Causes traffic from the listed <emphasis>address</emphasis>es
@@ -957,17 +737,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">ls</emphasis></term>
-
-        <listitem>
-          <para><command>ls</command> is a synonym for <command>show</command>
-          -- please see below.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">noiptrace </emphasis><replaceable>iptables
-        match expression</replaceable></term>
+        <term><emphasis role="bold">noiptrace</emphasis></term>

        <listitem>
          <para>This is a low-level debugging command that cancels a trace
@@ -975,83 +745,26 @@

          <para>The <replaceable>iptables match expression</replaceable> must
          be one given in the <command>iptrace</command> command being
-          canceled.</para>
+          cancelled.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">open</emphasis>
-        <replaceable>source</replaceable> <replaceable>dest</replaceable> [
-        <replaceable>protocol</replaceable> [ <replaceable>port</replaceable>
-        ] ]</term>
+        <term><emphasis role="bold">reset</emphasis></term>

        <listitem>
-          <para>Added in Shorewall 4.6.8. This command requires that the
-          firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in
-          <ulink url="/manpages/shorewall.conf.html">shorewall.conf
-          (5)</ulink>. The effect of the command is to temporarily open the
-          firewall for connections matching the parameters.</para>
-
-          <para>The <replaceable>source</replaceable> and
-          <replaceable>dest</replaceable> parameters may each be specified as
-          <emphasis role="bold">all</emphasis> if you don't wish to restrict
-          the connection source or destination respectively. Otherwise, each
-          must contain a host or network address or a valid DNS name.</para>
-
-          <para>The <replaceable>protocol</replaceable> may be specified
-          either as a number or as a name listed in /etc/protocols. The
-          <replaceable>port</replaceable> may be specified numerically or as a
-          name listed in /etc/services.</para>
-
-          <para>To reverse the effect of a successful <command>open</command>
-          command, use the <command>close</command> command with the same
-          parameters or simply restart the firewall.</para>
-
-          <para>Example: To open the firewall for SSH connections to address
-          192.168.1.1, the command would be:</para>
-
-          <programlisting>    shorewall-lite open all 192.168.1.1 tcp 22</programlisting>
-
-          <para>To reverse that command, use:</para>
-
-          <screen>    shorewall-lite close all 192.168.1.1 tcp 22</screen>
+          <para>All the packet and byte counters in the firewall are
+          reset.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">reenable</emphasis>{
-        <replaceable>interface</replaceable> |
-        <replaceable>provider</replaceable> }</term>
+        <term><emphasis role="bold">restart</emphasis></term>

        <listitem>
-          <para>Added in Shorewall 4.6.9. This is equivalent to a
-          <command>disable</command> command followed by an
-          <command>enable</command> command on the specified
-          <replaceable>interface</replaceable> or
-          <replaceable>provider</replaceable>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">reject</emphasis><replaceable>
-        address</replaceable></term>
-
-        <listitem>
-          <para>Causes traffic from the listed <emphasis>address</emphasis>es
-          to be silently rejected.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
-        [-<option>C</option>]</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0, <emphasis
-          role="bold">reload</emphasis> is similar to <emphasis
-          role="bold">shorewall-lite start</emphasis> except that it assumes
-          that the firewall is already started. Existing connections are
-          maintained.</para>
+          <para>Restart is similar to <emphasis role="bold">shorewall-lite
+          start</emphasis> except that it assumes that the firewall is already
+          started. Existing connections are maintained.</para>

          <para>The <option>-n</option> option causes Shorewall-lite to avoid
          updating the routing table(s).</para>
@@ -1059,56 +772,11 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
-          If the specified (or implicit) firewall script is the one that
-          generated the current running configuration, then the running
-          netfilter configuration will be reloaded as is so as to preserve the
-          iptables packet and byte counters.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
-        ...]</emphasis><acronym/></term>
-
-        <listitem>
-          <para>Resets the packet and byte counters in the specified
-          <replaceable>chain</replaceable>(s). If no
-          <replaceable>chain</replaceable> is specified, all the packet and
-          byte counters in the firewall are reset.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">restart </emphasis>[-n] [-p]
-        [-<option>C</option>]</term>
-
-        <listitem>
-          <para>Beginning with Shorewall 5.0.0, this command performs a true
-          restart. The firewall is completely stopped as if a
-          <command>stop</command> command had been issued then it is started
-          again.</para>
-
-          <para>The <option>-n</option> option causes Shorewall-lite to avoid
-          updating the routing table(s).</para>
-
-          <para>The <option>-p</option> option causes the connection tracking
-          table to be flushed; the <command>conntrack</command> utility must
-          be installed to use this option.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
-          If the specified (or implicit) firewall script is the one that
-          generated the current running configuration, then the running
-          netfilter configuration will be reloaded as is so as to preserve the
-          iptables packet and byte counters.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">restore </emphasis>[-<option>n</option>]
-        [-<option>p</option>] [-<option>C</option>] [
-        <replaceable>filename</replaceable> ]</term>
+        <term><emphasis role="bold">restore</emphasis></term>

        <listitem>
          <para>Restore Shorewall-lite to a state saved using the <emphasis
@@ -1119,52 +787,11 @@
          <emphasis>filename</emphasis> is given then Shorewall-lite will be
          restored from the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
-
-          <caution>
-            <para>If your iptables ruleset depends on variables that are
-            detected at run-time, either in your params file or by
-            Shorewall-generated code, <command>restore</command> will use the
-            values that were current when the ruleset was saved, which may be
-            different from the current values.</para>
-          </caution>
-
-          <para>The <option>-n</option> option causes Shorewall to avoid
-          updating the routing table(s).</para>
-
-          <para>The <option>-p</option> option, added in Shorewall 4.6.5,
-          causes the connection tracking table to be flushed; the
-          <command>conntrack</command> utility must be installed to use this
-          option.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
-          If the <option>-C</option> option was specified during <emphasis
-          role="bold">shorewall save</emphasis>, then the counters saved by
-          that operation will be restored.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">run
-        </emphasis><replaceable>command</replaceable> [
-        <replaceable>parameter</replaceable> ... ]</term>
-
-        <listitem>
-          <para>Added in Shorewall 4.6.3. Executes
-          <replaceable>command</replaceable> in the context of the generated
-          script passing the supplied <replaceable>parameter</replaceable>s.
-          Normally, the <replaceable>command</replaceable> will be a function
-          declared in <filename>lib.private</filename>.</para>
-
-          <para>Before executing the <replaceable>command</replaceable>, the
-          script will detect the configuration, setting all SW_* variables and
-          will run your <filename>init</filename> extension script with
-          $COMMAND = 'run'.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">save </emphasis>[-<option>C</option>] [
-        <replaceable>filename</replaceable> ]</term>
+        <term><emphasis role="bold">save</emphasis></term>

        <listitem>
          <para>The dynamic blacklist is stored in
@@ -1174,24 +801,6 @@
          <emphasis>filename</emphasis> is not given then the state is saved
          in the file specified by the RESTOREFILE option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
-
-          <para>The <option>-C</option> option, added in Shorewall 4.6.5,
-          causes the iptables packet and byte counters to be saved along with
-          the chains and rules.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><emphasis role="bold">savesets</emphasis></term>
-
-        <listitem>
-          <para>Added in shorewall 4.6.8. Performs the same action as the
-          <command>stop</command> command with respect to saving ipsets (see
-          the SAVE_IPSETS option in <ulink
-          url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
-          This command may be used to proactively save your ipset contents in
-          the event that a system failure occurs prior to issuing a
-          <command>stop</command> command.</para>
        </listitem>
      </varlistentry>

@@ -1204,22 +813,7 @@

          <variablelist>
            <varlistentry>
-              <term><emphasis role="bold">bl|blacklists
-              </emphasis>[-<option>x</option>]</term>
-
-              <listitem>
-                <para>Added in Shorewall 4.6.2. Displays the dynamic chain
-                along with any chains produced by entries in
-                shorewall-blrules(5).The <emphasis role="bold">-x</emphasis>
-                option is passed directly through to iptables and causes
-                actual packet and byte counts to be displayed. Without this
-                option, those counts are abbreviated.</para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
-              <term>[-<option>f</option>] <emphasis
-              role="bold">capabilities</emphasis></term>
+              <term><emphasis role="bold">capabilities</emphasis></term>

              <listitem>
                <para>Displays your kernel/iptables capabilities. The
@@ -1230,10 +824,8 @@
            </varlistentry>

            <varlistentry>
-              <term>[-<option>b</option>] [-<option>x</option>]
-              [-<option>l</option>] [-<option>t</option>
-              {<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>|<option>rawpost</option>}]
-              [ <emphasis>chain</emphasis>... ]</term>
+              <term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
+              ]</term>

              <listitem>
                <para>The rules in each <emphasis>chain</emphasis> are
@@ -1249,12 +841,6 @@
                Netfilter table to display. The default is <emphasis
                role="bold">filter</emphasis>.</para>

-                <para>The <emphasis role="bold">-b</emphasis> ('brief') option
-                causes rules which have not been used (i.e. which have zero
-                packet and byte counts) to be omitted from the output. Chains
-                with no rules displayed are also omitted from the
-                output.</para>
-
                <para>The <emphasis role="bold">-l</emphasis> option causes
                the rule number for each Netfilter rule to be
                displayed.</para>
@@ -1281,42 +867,16 @@
              <term><emphasis role="bold">config</emphasis></term>

              <listitem>
-                <para>Displays distribution-specific defaults.</para>
+                <para>Dispays distribution-specific defaults.</para>
              </listitem>
            </varlistentry>

            <varlistentry>
-              <term><emphasis role="bold">connections
-              [<replaceable>filter_parameter</replaceable>
-              ...]</emphasis></term>
+              <term><emphasis role="bold">connections</emphasis></term>

              <listitem>
                <para>Displays the IP connections currently being tracked by
                the firewall.</para>
-
-                <para>If the <command>conntrack</command> utility is
-                installed, beginning with Shorewall 4.6.11 the set of
-                connections displayed can be limited by including conntrack
-                filter parameters (-p , -s, --dport, etc). See conntrack(8)
-                for details.</para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
-              <term><emphasis role="bold">event</emphasis><replaceable>
-              event</replaceable></term>
-
-              <listitem>
-                <para>Added in Shorewall 4.5.19. Displays the named
-                event.</para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
-              <term><emphasis role="bold">events</emphasis></term>
-
-              <listitem>
-                <para>Added in Shorewall 4.5.19. Displays all events.</para>
              </listitem>
            </varlistentry>

@@ -1340,8 +900,7 @@
            </varlistentry>

            <varlistentry>
-              <term>[-<option>m</option>] <emphasis
-              role="bold">log</emphasis></term>
+              <term><emphasis role="bold">log</emphasis></term>

              <listitem>
                <para>Displays the last 20 Shorewall-lite messages from the
@@ -1353,20 +912,6 @@
              </listitem>
            </varlistentry>

-            <varlistentry>
-              <term>[-<option>x</option>] <emphasis
-              role="bold">mangle</emphasis></term>
-
-              <listitem>
-                <para>Displays the Netfilter mangle table using the command
-                <emphasis role="bold">iptables -t mangle -L -n -v</emphasis>.
-                The <emphasis role="bold">-x</emphasis> option is passed
-                directly through to iptables and causes actual packet and byte
-                counts to be displayed. Without this option, those counts are
-                abbreviated.</para>
-              </listitem>
-            </varlistentry>
-
            <varlistentry>
              <term><emphasis role="bold">marks</emphasis></term>

@@ -1390,16 +935,6 @@
              </listitem>
            </varlistentry>

-            <varlistentry>
-              <term><emphasis role="bold">opens</emphasis></term>
-
-              <listitem>
-                <para>Added in Shorewall 4.5.8. Displays the iptables rules in
-                the 'dynamic' chain created through use of the <command>open
-                </command>command..</para>
-              </listitem>
-            </varlistentry>
-
            <varlistentry>
              <term><emphasis role="bold">policies</emphasis></term>

@@ -1416,9 +951,7 @@
              <term><emphasis role="bold">routing</emphasis></term>

              <listitem>
-                <para>Displays the system's IPv4 routing configuration. The -c
-                option causes the route cache to be displayed in addition to
-                the other routing information.</para>
+                <para>Displays the system's IPv4 routing configuration.</para>
              </listitem>
            </varlistentry>

@@ -1457,9 +990,7 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">start</emphasis> [-<option>p</option>]
-        [-<option>n</option>] [<option>-f</option>]
-        [-<option>C</option>]</term>
+        <term><emphasis role="bold">start</emphasis></term>

        <listitem>
          <para>Start Shorewall Lite. Existing connections through
@@ -1470,22 +1001,6 @@
          <para>The <option>-p</option> option causes the connection tracking
          table to be flushed; the <command>conntrack</command> utility must
          be installed to use this option.</para>
-
-          <para>The <option>-n</option> option prevents the firewall script
-          from modifying the current routing configuration.</para>
-
-          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
-          If the RESTOREFILE named in <ulink
-          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
-          executable and is not older than the current filewall script, then
-          that saved configuration is restored.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5
-          and is only meaningful when the <option>-f</option> option is also
-          specified. If the previously-saved configuration is restored, and if
-          the <option>-C</option> option was also specified in the <emphasis
-          role="bold">save</emphasis> command, then the packet and byte
-          counters will be restored.</para>
        </listitem>
      </varlistentry>

@@ -1517,10 +1032,6 @@
        <listitem>
          <para>Produces a short report about the state of the
          Shorewall-configured firewall.</para>
-
-          <para>The <option>-i </option>option was added in Shorewall 4.6.2
-          and causes the status of each optional or provider interface to be
-          displayed.</para>
        </listitem>
      </varlistentry>

@@ -1536,23 +1047,6 @@
    </variablelist>
  </refsect1>

-  <refsect1>
-    <title>EXIT STATUS</title>
-
-    <para>In general, when a command succeeds, status 0 is returned; when the
-    command fails, a non-zero status is returned.</para>
-
-    <para>The <command>status</command> command returns exit status as
-    follows:</para>
-
-    <para>0 - Firewall is started.</para>
-
-    <para>3 - Firewall is stopped or cleared</para>
-
-    <para>4 - Unknown state; usually means that the firewall has never been
-    started.</para>
-  </refsect1>
-
  <refsect1>
    <title>FILES</title>

--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -2,18 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,7 +20,9 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.
@@ -38,25 +39,23 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
+#        MODULE_SUFFIX - "o gz ko o.gz ko.gz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
 #    require Shorewall to be installed.

-
+SHAREDIR=/usr/share/shorewall-lite
+VARDIR=/var/lib/shorewall-lite
+CONFDIR=/etc/shorewall-lite
 g_program=shorewall-lite
+g_product="Shorewall Lite"
+g_family=4
+g_base=shorewall
+g_basedir=/usr/share/shorewall-lite

-#
-# This is modified by the installer when ${SHAREDIR} != /usr/share
-#
-. /usr/share/shorewall/shorewallrc
-
-g_sharedir="$SHAREDIR"/shorewall-lite
-g_confdir="$CONFDIR"/shorewall-lite
-g_readrc=1
-
-. ${SHAREDIR}/shorewall/lib.cli
+. /usr/share/shorewall-lite/lib.base
+. /usr/share/shorewall/lib.cli
 . /usr/share/shorewall-lite/configpath

 [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -2,17 +2,16 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 - 
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,23 +19,14 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
 ################################################################################################
-PRODUCT=shorewall-lite
+g_program=shorewall-lite

-#
-# This is modified by the installer when ${SHAREDIR} != /usr/share
-#
-. /usr/share/shorewall/shorewallrc
-
-g_program=$PRODUCT
-g_sharedir="$SHAREDIR"/shorewall-lite
-g_confdir="$CONFDIR"/shorewall-lite
-g_readrc=1
-
-. ${SHAREDIR}/shorewall/lib.cli
+. /usr/share/shorewall/lib.cli

 shorewall_cli $@
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following 
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -1,21 +1,20 @@
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
 #
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com)
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
-Wants=network-online.target
-After=network-online.target
-Conflicts=iptables.service firewalld.service
+After=syslog.target
+After=network.target

 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStart=/sbin/shorewall-lite $OPTIONS start
 ExecStop=/sbin/shorewall-lite $OPTIONS stop

 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -1,23 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
-#
-[Unit]
-Description=Shorewall IPv4 firewall (lite)
-Wants=network-online.target
-After=network-online.target
-Conflicts=iptables.service firewalld.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/default/shorewall-lite
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS stop
-ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
-
-[Install]
-WantedBy=basic.target
--- a/Shorewall-lite/sysconfig
+++ b/Shorewall-lite/sysconfig
@@ -1,26 +0,0 @@
-#
-# Global start/restart/reload/stop options
-#
-OPTIONS=""
-
-#
-# Start options
-#
-STARTOPTIONS=""
-
-#
-# Restart options
-#
-RESTARTOPTIONS=""
-
-#
-# Reload options
-#
-RELOADOPTIONS=""
-
-#
-# Stop options
-#
-STOPOPTIONS=""
-
-# EOF
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #    Usage:
 #
@@ -27,50 +27,29 @@
 #       shown below. Simply run this script to remove Shorewall Firewall

 VERSION=xxx  #The Build script inserts the actual version
-PRODUCT=shorewall-lite
-Product="Shorewall Lite"

 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
-    echo "where <option> is one of"
-    echo "  -h"
-    echo "  -v"
-    echo "  -n"
+    echo "usage: $ME"
    exit $1
 }

-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 qt()
 {
    "$@" >/dev/null 2>&1
 }

-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    set -- $1
-    echo $*
-    IFS=$ifs
-}
-
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    return 0
-	fi
-    done
-
-    return 2
+restore_file() # $1 = file to restore
+{
+    if [ -f ${1}-shorewall.bkout ]; then
+	if (mv -f ${1}-shorewall-lite.bkout $1); then
+	    echo
+	    echo "$1 restored"
+        else
+	    exit 1
+        fi
+    fi
 }

 remove_file() # $1 = file to restore
@@ -81,73 +60,8 @@ remove_file() # $1 = file to restore
    fi
 }

-finished=0
-configure=1
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=./.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
+if [ -f /usr/share/shorewall-lite/version ]; then
+    INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
 	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
@@ -158,64 +72,50 @@ else
    VERSION=""
 fi

+[ -n "${LIBEXEC:=/usr/share}" ]
+
 echo "Uninstalling Shorewall Lite $VERSION"

-[ -n "$SANDBOX" ] && configure=0
-
-if [ $configure -eq 1 ]; then
-    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-	shorewall-lite clear
-    fi
+if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
+   /sbin/shorewall-lite clear
 fi

-if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
-    if [ $HOST = openwrt ]; then
-	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
-	    /etc/init.d/shorewall-lite disable
-	fi
-	
-	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
+if [ -L /usr/share/shorewall-lite/init ]; then
+    FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init)
+else
+    FIREWALL=/etc/init.d/shorewall-lite
+fi
+
+if [ -n "$FIREWALL" ]; then
+    if [ -x /usr/sbin/updaterc.d ]; then
+	updaterc.d shorewall-lite remove
+    elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+        insserv -r $FIREWALL
+    elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+	chkconfig --del $(basename $FIREWALL)
+    elif [ -x /sbin/systemctl ]; then
+	systemctl disable shorewall-lite
    else
-	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
-    fi
-elif [ -n "$INITFILE" ]; then
-    FIREWALL=${INITDIR}/${INITFILE}
-fi
-
-if [ -f "$FIREWALL" ]; then
-    if [ $configure -eq 1 ]; then
-	if mywhich updaterc.d ; then
-	    updaterc.d shorewall-lite remove
-	elif mywhich insserv ; then
-            insserv -r $FIREWALL
-	elif mywhich chkconfig ; then
-	    chkconfig --del $(basename $FIREWALL)
-	fi
+	rm -f /etc/rc*.d/*$(basename $FIREWALL)
    fi

    remove_file $FIREWALL
+    rm -f ${FIREWALL}-*.bkout
 fi

-[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"
+rm -f /sbin/shorewall-lite
+rm -f /sbin/shorewall-lite-*.bkout

-if [ -n "$SERVICEDIR" ]; then
-    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
-    rm -f $SERVICEDIR/shorewall-lite.service
-fi
-
-rm -f ${SBINDIR}/shorewall-lite
-
-rm -rf ${CONFDIR}/shorewall-lite
-rm -rf ${VARDIR}
-rm -rf ${SHAREDIR}/shorewall-lite
-rm -rf ${LIBEXECDIR}/shorewall-lite
-rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
-rm -f  ${SYSCONFDIR}/shorewall-lite
-
-if [ -n "${MANDIR}" ]; then
-    rm -f ${MANDIR}/man5/shorewall-lite*
-    rm -f ${MANDIR}/man8/shorewall-lite*
-fi
+rm -rf /etc/shorewall-lite
+rm -rf /etc/shorewall-lite-*.bkout
+rm -rf /var/lib/shorewall-lite
+rm -rf /var/lib/shorewall-lite-*.bkout
+rm -rf /usr/share/shorewall-lite
+rm -rf ${LIBEXEC}/shorewall-lite
+rm -rf /usr/share/shorewall-lite-*.bkout
+rm -f  /etc/logrotate.d/shorewall-lite
+rm -f  /lib/systemd/system/shorewall-lite.service

 echo "Shorewall Lite Uninstalled"

+
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----

 -----------------------------------------------------------------------------
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,10 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.AMQP
-#
-# This macro handles AMQP traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM	-	-	tcp	5672
-PARAM	-	-	udp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,12 +1,15 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
+# Shorewall version 4 - Audited AllowICMPs Macro
 #
-# This macro audits and accepts needed ICMP types.
+# /usr/share/shorewall/macro.AAllowICMPs
+#
+#	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#					PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types

 A_ACCEPT       -	-	icmp	fragmentation-needed
 A_ACCEPT       -	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,11 +1,14 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
+# Shorewall version 4 - Audited DropDNSrep Macro
 #
-# This macro audits and drops DNS UDP replies.
+# /usr/share/shorewall/macro.ADropDNSrep
+#
+#	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies

 A_DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,11 +1,14 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
+# Shorewall version 4 - ADropUPnP Macro
 #
-# This macro audits and drops UPnP probes on UDP port 1900.
+# /usr/share/shorewall/macro.ADropUPnP
+#
+#	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT UPnP
+COMMENT UPnP

 A_DROP	-	-	udp	1900
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,37 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.ActiveDir
-#
-# This macro handles ports for Samba 4 Active Directory Service.
-# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
-# do not want open.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM   -       -       tcp     389 	#LDAP services
-PARAM   -       -       udp	389  
-PARAM   -       -       tcp     636	#LDAP SSL
-PARAM   -       -       tcp     3268	#LDAP GC
-PARAM   -       -       tcp     3269	#LDAP GC SSL
-PARAM   -       -       tcp     88	#Kerberos
-PARAM   -       -       udp	88
-
-# Use macro.DNS for DNS sevice
-
-PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
-PARAM   -       -       udp	445
-
-# Use macro.SMTP for Mail service
-
-PARAM   -       -       tcp     135	#RPC, EPM
-PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
-PARAM   -       -       udp	123	#Windows Time
-PARAM   -       -       tcp     464	#Kerberosb change/set password
-PARAM   -       -       udp	464
-PARAM   -       -       udp	138	#DFS, Group Policy
-PARAM   -       -       tcp     9389	#SOAP
-PARAM   -       -       tcp     2535	#MADCAP
-PARAM   -       -       udp	2535
-PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
-PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
-  
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,12 +1,15 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
+# Shorewall version 4 - AllowICMPs Macro
 #
-# This macro ACCEPTs needed ICMP types.
+# /usr/share/shorewall/macro.AllowICMPs
+#
+#	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Needed ICMP types
+COMMENT Needed ICMP types

 DEFAULT ACCEPT
 PARAM	-	-	icmp	fragmentation-needed
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,20 +1,16 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Amanda
+# Shorewall version 4 - Amanda Macro
 #
-# This macro handles connections required by the AMANDA backup system
-# to back up remote nodes.  It does not provide the ability to restore
-# files from those nodes.
+# /usr/share/shorewall/macro.Amanda
+#
+#	This macro handles connections required by the AMANDA backup system
+#	to back up remote nodes.  It does not provide the ability to restore
+#	files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
- PARAM	-	-	udp	10080 { helper=amanda }
-?else
- PARAM	-	-	udp	10080
-?endif
-
-PARAM	-	-	tcp	10080
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	udp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
 # it should not be necessary to use this.  The ip_conntrack_amanda
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Auth
+# Shorewall version 4 - Auth Macro
 #
-# This macro handles Auth (identd) traffic.
+# /usr/share/shorewall/macro.Auth
+#
+#	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.BGP
+# Shorewall version 4 - BGP Macro
 #
-# This macro handles BGP4 traffic.
+# /usr/share/shorewall/macro.BGP
+#
+#	This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -1,13 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.blacklist
-#
-# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-?if $BLACKLIST_LOGLEVEL
-blacklog
-?else
-$BLACKLIST_DISPOSITION
-?endif
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,16 +1,18 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.BitTorrent
+# Shorewall version 4 - BitTorrent Macro
 #
-# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
+# /usr/share/shorewall/macro.BitTorrent
 #
-# If you are running BitTorrent 3.2 or later, you should use the
-# BitTorrent32 macro.
+#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
+#	If you are running BitTorrent 3.2 or later, you should use the
+#	BitTorrent32 macro.
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
+#
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,13 +1,16 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
+# Shorewall version 4 - BitTorrent 3.2 Macro
 #
-# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
+# /usr/share/shorewall/macro.BitTorrent32
+#
+#	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
+#
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.CVS
+# Shorewall version 4 - CVS Macro
 #
-# This macro handles connections to the CVS pserver.
+# /usr/share/shorewall/macro.CVS
+#
+#	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,12 +1,14 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Citrix
+# Shorewall version 4 - Citrix/ICA Macro
 #
-# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-# ICA Session Reliability)
+# /usr/share/shorewall/macro.Citrix
 #
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
+#	ICA Session Reliability)
+#
+####################################################################################
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,11 +1,13 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.DAAP
+# Shorewall version 4 - DAAP Macro
 #
-# This macro handles DAAP (Digital Audio Access Protocol) traffic.
-# The protocol is used by iTunes, Rythmbox and other similar daemons.
+# /usr/share/shorewall/macro.DAAP
+#
+#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
+#	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.DCC
+# Shorewall version 4 - DCC Macro
 #
-# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-# DCC is a distributed spam filtering mechanism.
+# /usr/share/shorewall/macro.DCC
+#
+#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
+#	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM	-	-	udp	6277
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
+# Shorewall version 4 - DHCPfwd Macro
 #
-# This macro (bidirectional) handles forwarded DHCP traffic
+# /usr/share/shorewall/macro.DHCPfwd
+#
+#	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S) PORT(S) LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,10 +1,12 @@
 #
-# Shorewall --  /usr/share/shorewall/macro.DNS
+# Shorewall version 4 - DNS Macro
 #
-# This macro handles DNS traffic.
+# /usr/share/shorewall/macro.DNS
+#
+#	This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Distcc
+# Shorewall version 4 - Distcc Macro
 #
-# This macro handles connections to the Distributed Compiler service.
+# /usr/share/shorewall/macro.Distcc
+#
+#	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,19 +1,22 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Drop
+# Shorewall version 4 - Drop Macro
 #
-# This macro generates the same rules as the Drop default action
-# It is used in place of action.Drop when USE_ACTIONS=No.
+# /usr/share/shorewall/macro.Drop
 #
-# Example:
+#	This macro generates the same rules as the Drop default action
+#	It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	Drop	net	all
+#	Example:
+#
+#		Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 #
-# Don't log 'auth' DROP
+# Don't log 'auth' REJECT
 #
-DROP	-	-	tcp	113
+REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,12 +1,15 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
+# Shorewall version 4 - DropDNSrep Macro
 #
-# This macro silently drops DNS UDP replies
+# /usr/share/shorewall/macro.DropDNSrep
+#
+#	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT Late DNS Replies
+COMMENT Late DNS Replies

 DEFAULT DROP
 PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,12 +1,15 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.DropUPnP
+# Shorewall version 4 - DropUPnP Macro
 #
-# This macro silently drops UPnP probes on UDP port 1900
+# /usr/share/shorewall/macro.DropUPnP
+#
+#	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP

-?COMMENT UPnP
+COMMENT UPnP

 DEFAULT DROP
 PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,31 +1,34 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Edonkey
+# Shorewall version 4 - Edonkey Macro
 #
-# This macro handles Edonkey traffic.
+# /usr/share/shorewall/macro.Edonkey
 #
-# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-# says to use udp 5737 rather than 4665.
+#	This macro handles Edonkey traffic.
 #
-# http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-# 4661 TCP (outgoing) Port, on which a server listens for connection
-# (defined by server).
+#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+#	says to use udp 5737 rather than 4665.
 #
-# 4665 UDP (outgoing) used for global server searches and global source
-# queries. This is always Server TCP port (in this case 4661) + 4.
+#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-# 4662 TCP (outgoing and incoming) Client to client transfers.
+#	4661 TCP (outgoing) Port, on which a server listens for connection
+#	(defined by server).
 #
-# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-# Rating, File Reask Ping
+#	4665 UDP (outgoing) used for global server searches and global source
+#	queries. This is always Server TCP port (in this case 4661) + 4.
 #
-# 4711 TCP WebServer listening port.
+#	4662 TCP (outgoing and incoming) Client to client transfers.
 #
-# 4712 TCP External Connection port. Used to communicate aMule with other
-# applications such as aMule WebServer or aMuleCMD.
+#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+#	Rating, File Reask Ping
+#
+#	4711 TCP WebServer listening port.
+#
+#	4712 TCP External Connection port. Used to communicate aMule with other
+#	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,13 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.FTP
+# Shorewall version 4 - FTP Macro
 #
-# This macro handles FTP traffic.
+# /usr/share/shorewall/macro.FTP
+#
+#	This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
- PARAM	-	-	tcp	21 { helper=ftp }
-?else
- PARAM	-	-	tcp	21
-?endif
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	21
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Finger
+# Shorewall version 4 - Finger Macro
 #
-# This macro handles Finger protocol.
-# You should not generally open your finger information to internet.
+# /usr/share/shorewall/macro.Finger
+#
+#	This macro handles Finger protocol. You should not generally open
+#	your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,11 +1,13 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.GNUnet
+# Shorewall version 4 - GNUnet Macro
 #
-# This macro handles GNUnet (secure peer-to-peer networking) traffic.
+# /usr/share/shorewall/macro.GNUnet
+#
+#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,10 +1,13 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.GRE
+# Shorewall version 4 - GRE Macro
 #
-# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
+# /usr/share/shorewall/macro.GRE
+#
+#	This macro (bi-directional) handles Generic Routing Encapsulation
+#	traffic (RFC 1701)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Git
+# Shorewall version 4 - Git Macro
 #
-# This macro handles Git traffic.
+# /usr/share/shorewall/macro.Git
+#
+#	This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Gnutella
+# Shorewall version 4 - Gnutella Macro
 #
-# This macro handles Gnutella traffic.
+# /usr/share/shorewall/macro.Gnutella
+#
+#	This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,11 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
-#
-# This macro handles Citrix/Goto Meeting.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
-HTTP
-HTTPS
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.HKP
+# Shorewall version 4 - HKP Macro
 #
-# This macro handles OpenPGP HTTP keyserver protocol traffic.
+# /usr/share/shorewall/macro.HKP
+#
+#	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.HTTP
+# Shorewall version 4 - HTTP Macro
 #
-# This macro handles plaintext HTTP (WWW) traffic.
+# /usr/share/shorewall/macro.HTTP
+#
+#	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.HTTPS
+# Shorewall version 4 - HTTPS Macro
 #
-# This macro handles HTTPS (WWW over TLS) traffic.
+# /usr/share/shorewall/macro.HTTPS
+#
+#	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -1,9 +1,11 @@
 #
-# Shorewall - /usr/share/shorewall/macro.ICPV2
+# Shorewall version 4 - ICPV2 Macro
 #
-# This macro handles Internet Cache Protocol V2 (Squid) traffic.
+# /usr/share/shorewall/macro.ICPV2
+#
+#	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.ICQ
+# Shorewall version 4 - ICQ Macro
 #
-# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
+# /usr/share/shorewall/macro.ICQ
+#
+#	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,19 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.ILO
-#
-# This macro handles console redirection with HP ILO 2+,
-# Use this macro to open access to your ILO interface from management
-# workstations.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM	-	-	tcp	3002		# Raw serial data
-PARAM	-	-	tcp	9300		# Shared Remote Console
-PARAM	-	-	tcp	17988		# Virtual Media
-PARAM	-	-	tcp	17990		# Console Replay
-HTTP
-HTTPS
-RDP
-SSH
-Telnet						# Remote Console/Telnet
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IMAP
+# Shorewall version 4 - IMAP Macro
 #
-# This macro handles plaintext and STARTTLS IMAP traffic.
-# For SSL (TLS) IMAP, see macro.IMAPS.
+# /usr/share/shorewall/macro.IMAP
+#
+#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
+#	see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -1,11 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IMAPS
+# Shorewall version 4 - IMAPS Macro
 #
-# This macro handles SSL (TLS) IMAP traffic.
-# For plaintext (not recommended) and STARTLS (recommended) IMAP see
-# macro.IMAP.
+# /usr/share/shorewall/macro.IMAPS
+#
+#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
+#	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -1,10 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPIP
+# Shorewall version 4 - IPIP Macro
 #
-# This macro (bidirectional) handles IPIP capsulation traffic
+# /usr/share/shorewall/macro.IPIP
+#
+#	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,23 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.IPMI
-#
-# This macro handles IPMI console redirection with RMCP protocol.
-# Tested to work with with Asus (AMI),
-# Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
-# Use this macro to open access to your IPMI interface from management
-# workstations.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-PARAM	-	-	tcp	623		# RMCP
-PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
-PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
-PARAM	-	-	tcp	5900,5901	# Remote Console (Aten, Dell)
-PARAM	-	-	tcp	7578		# Remote Console (AMI)
-PARAM	-	-	udp	623		# RMCP
-HTTP
-HTTPS
-SNMP
-SSH						# Serial over Lan
-Telnet
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -1,9 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPP
+# Shorewall version 3.2 - IPP Macro
 #
-# This macro handles Internet Printing Protocol (IPP).
+# /usr/share/shorewall/macro.IPP
+#
+#	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -1,11 +1,12 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPPbrd
+# Shorewall version 4 - IPP Broadcast Macro
 #
-# This macro handles Internet Printing Protocol (IPP) broadcasts.
-# If you also need to handle TCP 631 connections in the opposite
-# direction, use the IPPserver Macro
+# /usr/share/shorewall/macro.IPPbrd
 #
+#	This macro handles Internet Printing Protocol (IPP) broadcasts.
+#       If you also need to handle TCP 631 connections in the opposite
+#       direction, use the IPPserver Macro
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,28 +1,29 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPPserver
+# Shorewall version 4 - IPPserver Macro
 #
-# This macro handles Internet Printing Protocol (IPP), indicating
-# that DEST is a printing server for SOURCE.  The macro allows
-# print queue broadcasts from the server to the client, and
-# printing connections from the client to the server.
+# /usr/share/shorewall/macro.IPPserver
 #
-# Example usage on a single-interface firewall which is a print client:
+#	This macro handles Internet Printing Protocol (IPP), indicating
+#	that DEST is a printing server for SOURCE.  The macro allows
+#	print queue broadcasts from the server to the client, and
+#	printing connections from the client to the server.
 #
-#	IPPserver(ACCEPT)	$FW	net
+#	Example usage on a single-interface firewall which is a print
+#	client:
+#		IPPserver/ACCEPT $FW net
 #
-# Example for a two-interface firewall which acts as a print server for loc:
+#	Example for a two-interface firewall which acts as a print
+#	server for loc:
+#		IPPserver/ACCEPT loc $FW
 #
-#	IPPserver(ACCEPT)	loc	$FW
-#
-# NOTE: If you want both to serve requests for local printers and listen to
-# requests for remote printers (i.e. your CUPS server is also a client),
-# you need to apply the rule twice, e.g.
-#
-#	IPPserver(ACCEPT)	loc	$FW
-#	IPPserver(ACCEPT)	$FW	loc
+#	NOTE: If you want both to serve requests for local printers and
+#	listen to requests for remote printers (i.e. your CUPS server is
+#	also a client), you need to apply the rule twice, e.g.
+#		IPPserver/ACCEPT loc $FW
+#		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -1,11 +1,13 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPsec
+# Shorewall version 4 - IPsec Macro
 #
-# This macro (bidirectional) handles IPsec traffic
+# /usr/share/shorewall/macro.IPsec
+#
+#	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -1,12 +1,14 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.IPsecah
+# Shorewall version 4 - IPsecah Macro
 #
-# This macro (bidirectional) handles IPsec authentication (AH) traffic.
-# This is insecure. You should use ESP with encryption for security.
+# /usr/share/shorewall/macro.IPsecah
+#
+#	This macro (bidirectional) handles IPsec authentication (AH) traffic.
+#       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	25760aa653	Fix syntax error in the generated script Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-03-06 09:14:06 -08:00
Tom Eastep	649f73a360	Correct issues with debugging the generated script a) Rename DEBUG to g_debug_iptablesb b) Clear all of the tables prior to handling iptables-restore input.	2012-03-05 15:55:25 -08:00
Tom Eastep	93df86c90a	Add /sbin/shorewall-init for use with service.d Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-29 15:04:17 -08:00
Tom Eastep	d4e21314d0	Update the release model web page Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-25 08:28:15 -08:00
Tom Eastep	428e67dc9e	Fix incorrect manpage Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-25 07:51:55 -08:00
Tom Eastep	d3f4f59e36	Attempt to fix incorrect manpage Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-25 07:40:47 -08:00
Roberto C. Sanchez	1983d314b8	FIx typos	2012-02-25 07:32:01 -08:00
Tom Eastep	4ae5ee20aa	Fix broken init scripts. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-21 15:24:08 -08:00
Tom Eastep	408340ada2	Merge branch '4.5.0' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.5.0	2012-02-18 13:26:01 -08:00
Tom Eastep	12b92acef1	Fix compiler crash from unknown interface Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-18 11:05:47 -08:00
Tom Eastep	966597ee9d	Correct usage text for 'update'. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-18 11:05:27 -08:00
Tom Eastep	98aa70bcae	Correct a typo in the blrules manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-18 11:05:11 -08:00
Tom Eastep	71a8ffca2e	Install the correct init script on Fedora	2012-02-17 13:47:49 -08:00
Tom Eastep	eef85fbcbc	Apply Simon Mater's patch for LIBEXEC/PERLLIB Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-02-13 07:02:48 -08:00