Update TRACK_PROVIDER description in the man pages.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Samples/LICENSE

@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
   Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
 		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -158,7 +158,7 @@ Library.
   You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
   2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
   Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
   6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
   7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
   11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
   14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
 		     END OF TERMS AND CONDITIONS
-
+
            How to Apply These Terms to Your New Libraries
 
   If you develop a new library, and you want it to be of the greatest

Samples/one-interface/README.txt

@@ -3,7 +3,7 @@ For instructions on using this sample configuration, please see
 http://www.shorewall.net/standalone.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2015 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples/one-interface/interfaces

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Stoppedrules File for two-interface configuration.
-# Copyright (C) 2012-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Interfaces File for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -9,9 +9,7 @@
 #
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
-# For information about entries in this file, type "man shorewall-stoppedrules"
+# For information about entries in this file, type "man shorewall-interfaces"
 ###############################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST		SOURCE
-#							PORT(S)		PORT(S)
-ACCEPT		eth1		-
-ACCEPT		-		eth1
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          dhcp,tcpflags,logmartians,nosmurfs

Samples/one-interface/policy

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Policy File for one-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Policy File for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples/one-interface/rules

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Rules File for one-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Shorewall version 4.0 - Sample Rules File for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-# Drop packets in the INVALID state
-
-Invalid(DROP)  net    	        $FW		tcp
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 

Samples/one-interface/shorewall.conf

@@ -1,8 +1,8 @@
 ###############################################################################
 #
-# Shorewall - Sample shorewall.conf for one-interface
+# Shorewall version 4.0 - Sample shorewall.conf for one-interface
 #                         configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -13,7 +13,7 @@
 #
 # For information about the settings in this file, type "man shorewall.conf"
 #
-# The manpage is also online at
+# The manpage is also online at 
 # http://shorewall.net/manpages/shorewall.conf.html
 #
 ###############################################################################
@@ -29,243 +29,186 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 
 ###############################################################################
-#			        P A G E R
+#			       L O G G I N G
 ###############################################################################
 
-PAGER=
-
-###############################################################################
-#			     F I R E W A L L
-###############################################################################
-
-FIREWALL=
-
-###############################################################################
-#		                L O G G I N G
-###############################################################################
-
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_MARTIANS=Yes
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
 LOGFILE=/var/log/messages
 
-LOGFORMAT="%s %s "
+STARTUP_LOG=/var/log/shorewall-init.log
+
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
 
 LOGTAGONLY=No
 
-LOGLIMIT="s:1/sec:10"
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
 
 MACLIST_LOG_LEVEL=info
 
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL=info
 
 SMURF_LOG_LEVEL=info
 
-STARTUP_LOG=/var/log/shorewall-init.log
-
-TCP_FLAGS_LOG_LEVEL=info
-
-UNTRACKED_LOG_LEVEL=
+LOG_MARTIANS=Yes
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-ARPTABLES=
-
-CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IPTABLES=
 
 IP=
 
+TC=
+
 IPSET=
 
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+
+RESTOREFILE=
+
+IPSECFILE=zones
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
+IP_FORWARDING=Off
 
-ACCOUNTING_TABLE=filter
-
-ADD_IP_ALIASES=No
+ADD_IP_ALIASES=Yes
 
 ADD_SNAT_ALIASES=No
 
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=No
-
-CLEAR_TC=Yes
-
-COMPLETE=No
-
-DEFER_DNS_RESOLUTION=Yes
-
-DISABLE_IPV6=No
-
-DOCKER=No
-
-DELETE_THEN_ADD=Yes
-
-DETECT_DNAT_IPADDRS=No
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=No
-
-FORWARD_CLEAR_MARK=
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=Off
-
-KEEP_RT_TABLES=No
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MAPOLDACTIONS=No
-
-MINIUPNPD=No
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MULTICAST=No
-
-MUTEX_TIMEOUT=60
-
-NULL_ROUTE_RFC1918=No
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=No
-
-RESTART=restart
-
-RESTORE_DEFAULT_ROUTE=Yes
-
-RESTORE_ROUTEMARKS=Yes
-
 RETAIN_ALIASES=No
 
-ROUTE_FILTER=No
-
-SAVE_ARPTABLES=No
-
-SAVE_IPSETS=No
-
-TC_ENABLED=Internal
+TC_ENABLED=Simple
 
 TC_EXPERT=No
 
 TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
 
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=No
+
+ROUTE_FILTER=No
+
+DETECT_DNAT_IPADDRS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+DELAYBLACKLISTLOAD=No
+
+MODULE_SUFFIX=ko
+
+DISABLE_IPV6=No
+
+BRIDGING=No
+
+DYNAMIC_ZONES=No
+
+PKTTYPE=Yes
+
+NULL_ROUTE_RFC1918=No
+
+MACLIST_TABLE=filter
+
+MACLIST_TTL=
+
+SAVE_IPSETS=No
+
+MAPOLDACTIONS=No
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+USE_ACTIONS=Yes
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=Yes
+
+KEEP_RT_TABLES=No
+
+DELETE_THEN_ADD=Yes
+
+MULTICAST=No
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+USE_DEFAULT_RT=No
+
+RESTORE_DEFAULT_ROUTE=Yes
+
+AUTOMAKE=No
+
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -273,32 +216,8 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
 MACLIST_DISPOSITION=REJECT
 
-RELATED_DISPOSITION=ACCEPT
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
-SFILTER_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples/one-interface/zones

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Zones File for one-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Zones File for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples/three-interfaces/README.txt

@@ -3,7 +3,7 @@ For instructions on using these sample configurations, please see
 http://www.shorewall.net/three-interface.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2014 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples/three-interfaces/interfaces

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Interfaces File for two-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Interfaces File for three-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -11,8 +11,7 @@
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-interfaces"
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ZONE	INTERFACE	OPTIONS
-net     eth0            dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
-loc     eth1            tcpflags,nosmurfs,routefilter,logmartians
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          tcpflags,dhcp,nosmurfs,routefilter,logmartians
+loc     eth1            detect          tcpflags,nosmurfs,routefilter,logmartians
+dmz     eth2            detect		tcpflags,nosmurfs,routefilter,logmartians

Samples/three-interfaces/masq

@@ -0,0 +1,18 @@
+#
+# Shorewall version 3.4 - Sample Masq file for three-interface configuration.
+# Copyright (C) 2006,2007 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall-masq"
+##############################################################################
+#INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
+eth0			10.0.0.0/8,\
+			169.254.0.0/16,\
+			172.16.0.0/12,\
+			192.168.0.0/16

Samples/three-interfaces/policy

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Policy File for three-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 3.4 - Sample Policy File for three-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples/three-interfaces/routestopped

@@ -0,0 +1,16 @@
+#
+# Shorewall version 4.0 - Sample Routestopped File for three-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall-routestopped"
+##############################################################################
+#INTERFACE	HOST(S)
+eth1		-
+eth2		-

Samples/three-interfaces/rules

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Rules File for three-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Rules File for three-interface configuration.
+# Copyright (C) 2006,2007 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-#       Don't allow connection pickup from the net
-#
-Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the Internet
 #

Samples/three-interfaces/shorewall.conf

@@ -1,8 +1,8 @@
 ###############################################################################
 #
-# Shorewall - Sample shorewall.conf for two-interface
+# Shorewall version 4.0 - Sample shorewall.conf for three-interface
 #                         configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -13,7 +13,7 @@
 #
 # For information about the settings in this file, type "man shorewall.conf"
 #
-# The manpage is also online at
+# The manpage is also online at 
 # http://shorewall.net/manpages/shorewall.conf.html
 #
 ###############################################################################
@@ -29,243 +29,186 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 
 ###############################################################################
-#			        P A G E R
+#			       L O G G I N G
 ###############################################################################
 
-PAGER=
-
-###############################################################################
-#			     F I R E W A L L
-###############################################################################
-
-FIREWALL=
-
-###############################################################################
-#		                L O G G I N G
-###############################################################################
-
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_MARTIANS=Yes
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
 LOGFILE=/var/log/messages
 
-LOGFORMAT="%s %s "
+STARTUP_LOG=/var/log/shorewall-init.log
+
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
 
 LOGTAGONLY=No
 
-LOGLIMIT="s:1/sec:10"
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
 
 MACLIST_LOG_LEVEL=info
 
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL=info
 
 SMURF_LOG_LEVEL=info
 
-STARTUP_LOG=/var/log/shorewall-init.log
-
-TCP_FLAGS_LOG_LEVEL=info
-
-UNTRACKED_LOG_LEVEL=
+LOG_MARTIANS=Yes
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-ARPTABLES=
-
-CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IPTABLES=
 
 IP=
 
+TC=
+
 IPSET=
 
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+
+RESTOREFILE=
+
+IPSECFILE=zones
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
+IP_FORWARDING=On
 
-ACCOUNTING_TABLE=filter
-
-ADD_IP_ALIASES=No
+ADD_IP_ALIASES=Yes
 
 ADD_SNAT_ALIASES=No
 
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=Yes
-
-CLEAR_TC=Yes
-
-COMPLETE=No
-
-DEFER_DNS_RESOLUTION=Yes
-
-DISABLE_IPV6=No
-
-DOCKER=No
-
-DELETE_THEN_ADD=Yes
-
-DETECT_DNAT_IPADDRS=No
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=No
-
-FORWARD_CLEAR_MARK=
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=On
-
-KEEP_RT_TABLES=No
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MAPOLDACTIONS=No
-
-MINIUPNPD=No
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MULTICAST=No
-
-MUTEX_TIMEOUT=60
-
-NULL_ROUTE_RFC1918=No
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=No
-
-RESTART=restart
-
-RESTORE_DEFAULT_ROUTE=Yes
-
-RESTORE_ROUTEMARKS=Yes
-
 RETAIN_ALIASES=No
 
-ROUTE_FILTER=No
-
-SAVE_ARPTABLES=No
-
-SAVE_IPSETS=No
-
-TC_ENABLED=Internal
+TC_ENABLED=Simple
 
 TC_EXPERT=No
 
 TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
 
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=Yes
+
+ROUTE_FILTER=No
+
+DETECT_DNAT_IPADDRS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+DELAYBLACKLISTLOAD=No
+
+MODULE_SUFFIX=ko
+
+DISABLE_IPV6=No
+
+BRIDGING=No
+
+DYNAMIC_ZONES=No
+
+PKTTYPE=Yes
+
+NULL_ROUTE_RFC1918=No
+
+MACLIST_TABLE=filter
+
+MACLIST_TTL=
+
+SAVE_IPSETS=No
+
+MAPOLDACTIONS=No
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+USE_ACTIONS=Yes
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=Yes
+
+KEEP_RT_TABLES=No
+
+DELETE_THEN_ADD=Yes
+
+MULTICAST=No
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+USE_DEFAULT_RT=No
+
+RESTORE_DEFAULT_ROUTE=Yes
+
+AUTOMAKE=No
+
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -273,32 +216,8 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
 MACLIST_DISPOSITION=REJECT
 
-RELATED_DISPOSITION=ACCEPT
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
-SFILTER_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples/three-interfaces/zones

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Zones File for three-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Zones File for three-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples/two-interfaces/README.txt

@@ -3,7 +3,7 @@ For instructions on using these sample configurations, please see
 http://www.shorewall.net/two-interface.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2015 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples/two-interfaces/interfaces

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Interfaces File for one-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Interfaces File for two-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -11,7 +11,6 @@
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-interfaces"
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ZONE	INTERFACE	OPTIONS
-net     eth0            dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          dhcp,tcpflags,nosmurfs,routefilter,logmartians
+loc     eth1            detect          tcpflags,nosmurfs,routefilter,logmartians

Samples/two-interfaces/masq

@@ -0,0 +1,18 @@
+#
+# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall-masq"
+###############################################################################
+#INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
+eth0			10.0.0.0/8,\
+			169.254.0.0/16,\
+			172.16.0.0/12,\
+			192.168.0.0/16

Samples/two-interfaces/policy

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Policy File for two-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Policy File for two-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples/two-interfaces/routestopped

@@ -0,0 +1,15 @@
+#
+# Shorewall version 4.0 - Sample Routestopped File for two-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall-routestopped"
+##############################################################################
+#INTERFACE	HOST(S)                  OPTIONS
+eth1		-

Samples/two-interfaces/rules

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Rules File for two-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall version 4.0 - Sample Rules File for two-interface configuration.
+# Copyright (C) 2006,2007 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-#       Don't allow connection pickup from the net
-#
-Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the network
 #

Samples/two-interfaces/shorewall.conf

@@ -1,8 +1,8 @@
 ###############################################################################
 #
-# Shorewall - Sample shorewall.conf for three-interface
+# Shorewall version 4.0 - Sample shorewall.conf for two-interface
 #                         configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Copyright (C) 2006,2007 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -13,10 +13,13 @@
 #
 # For information about the settings in this file, type "man shorewall.conf"
 #
-# The manpage is also online at
+# The manpage is also online at 
 # http://shorewall.net/manpages/shorewall.conf.html
 #
 ###############################################################################
+#		       S T A R T U P   E N A B L E D
+###############################################################################
+
 STARTUP_ENABLED=No
 
 ###############################################################################
@@ -26,243 +29,193 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 
 ###############################################################################
-#			        P A G E R
+#                              C O M P I L E R
+#      (setting this to 'perl' requires installation of Shorewall-perl)
 ###############################################################################
 
-PAGER=
+SHOREWALL_COMPILER=
 
 ###############################################################################
-#			     F I R E W A L L
+#			       L O G G I N G
 ###############################################################################
 
-FIREWALL=
-
-###############################################################################
-#		                L O G G I N G
-###############################################################################
-
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_MARTIANS=Yes
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
 LOGFILE=/var/log/messages
 
-LOGFORMAT="%s %s "
+STARTUP_LOG=/var/log/shorewall-init.log
+
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
 
 LOGTAGONLY=No
 
-LOGLIMIT="s:1/sec:10"
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
 
 MACLIST_LOG_LEVEL=info
 
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL=info
 
 SMURF_LOG_LEVEL=info
 
-STARTUP_LOG=/var/log/shorewall-init.log
-
-TCP_FLAGS_LOG_LEVEL=info
-
-UNTRACKED_LOG_LEVEL=
+LOG_MARTIANS=Yes
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-ARPTABLES=
-
-CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IPTABLES=
 
 IP=
 
+TC=
+
 IPSET=
 
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+
+RESTOREFILE=
+
+IPSECFILE=zones
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
+IP_FORWARDING=On
 
-ACCOUNTING_TABLE=filter
-
-ADD_IP_ALIASES=No
+ADD_IP_ALIASES=Yes
 
 ADD_SNAT_ALIASES=No
 
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=Yes
-
-CLEAR_TC=Yes
-
-COMPLETE=No
-
-DEFER_DNS_RESOLUTION=Yes
-
-DISABLE_IPV6=No
-
-DOCKER=No
-
-DELETE_THEN_ADD=Yes
-
-DETECT_DNAT_IPADDRS=No
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=No
-
-FORWARD_CLEAR_MARK=
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=On
-
-KEEP_RT_TABLES=No
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MAPOLDACTIONS=No
-
-MINIUPNPD=No
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MULTICAST=No
-
-MUTEX_TIMEOUT=60
-
-NULL_ROUTE_RFC1918=No
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=No
-
-RESTART=restart
-
-RESTORE_DEFAULT_ROUTE=Yes
-
-RESTORE_ROUTEMARKS=Yes
-
 RETAIN_ALIASES=No
 
-ROUTE_FILTER=No
-
-SAVE_ARPTABLES=No
-
-SAVE_IPSETS=No
-
-TC_ENABLED=Internal
+TC_ENABLED=Simple
 
 TC_EXPERT=No
 
 TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
 
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=Yes
+
+ROUTE_FILTER=No
+
+DETECT_DNAT_IPADDRS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+DELAYBLACKLISTLOAD=No
+
+MODULE_SUFFIX=ko
+
+DISABLE_IPV6=No
+
+BRIDGING=No
+
+DYNAMIC_ZONES=No
+
+PKTTYPE=Yes
+
+NULL_ROUTE_RFC1918=No
+
+MACLIST_TABLE=filter
+
+MACLIST_TTL=
+
+SAVE_IPSETS=No
+
+MAPOLDACTIONS=No
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+USE_ACTIONS=Yes
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=Yes
+
+KEEP_RT_TABLES=No
+
+DELETE_THEN_ADD=Yes
+
+MULTICAST=No
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+USE_DEFAULT_RT=No
+
+RESTORE_DEFAULT_ROUTE=Yes
+
+AUTOMAKE=No
+
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -270,32 +223,8 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
 MACLIST_DISPOSITION=REJECT
 
-RELATED_DISPOSITION=ACCEPT
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
-SFILTER_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples/two-interfaces/zones

@@ -1,6 +1,6 @@
 #
-# Shorewall - Sample Zones File for two-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Shorewall version 4.0 - Sample Zones File for two-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples6/LICENSE

@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
   Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
 		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -158,7 +158,7 @@ Library.
   You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
   2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
   Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
   6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
   7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
   11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
   14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
 		     END OF TERMS AND CONDITIONS
-
+
            How to Apply These Terms to Your New Libraries
 
   If you develop a new library, and you want it to be of the greatest

Samples6/one-interface/README.txt

@@ -3,7 +3,7 @@ For instructions on using this sample configuration, please see
 http://www.shorewall.net/standalone.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2015 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples6/one-interface/interfaces

@@ -0,0 +1,15 @@
+#
+# Shorewall6 version 4 - Sample Interfaces File for one-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall6-interfaces"
+###############################################################################
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          tcpflags

Samples6/one-interface/policy

@@ -1,6 +1,6 @@
 #
-# Shorewall6 version 5 - Sample Policy File for one-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall6 version 4 - Sample Policy File for one-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples6/one-interface/rules

@@ -1,6 +1,6 @@
 #
-# Shorewall6 version 5 - Sample Rules File for one-interface configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall6 version 4 - Sample Rules File for one-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-# Drop packets in the INVALID state
-
-Invalid(DROP)  net    	        $FW		tcp
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 

Samples6/one-interface/shorewall6.conf

@@ -1,12 +1,19 @@
 ###############################################################################
 #
-#  Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
-# Copyright (C) 2012-2015 by the Shorewall Team
+# Shorewall6 version 4 - Sample shorewall.conf for one-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
-#  For information about the settings in this file, type "man shorewall6.conf"
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
 #
-#  Manpage also online at
-#  http://www.shorewall.net/manpages6/shorewall6.conf.html
+# See the file README.txt for further details.
+#
+# For information about the settings in this file, type "man shorewall6.conf"
+#
+# The manpage is also online at 
+# http://shorewall.net/manpages6/shorewall6.conf.html
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################
@@ -19,214 +26,139 @@ STARTUP_ENABLED=No
 
 VERBOSITY=1
 
-###############################################################################
-#			        P A G E R
-###############################################################################
-
-PAGER=
-
-###############################################################################
-#			     F I R E W A L L
-###############################################################################
-
-FIREWALL=
-
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
 
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
-LOGFILE=
-
-LOGFORMAT="%s %s "
-
-LOGLIMIT="s:1/sec:10"
-
-LOGTAGONLY=No
-
-MACLIST_LOG_LEVEL=info
-
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
-
-SMURF_LOG_LEVEL=info
+LOGFILE=/var/log/messages
 
 STARTUP_LOG=/var/log/shorewall6-init.log
 
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
+
+LOGTAGONLY=No
+
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
+
 TCP_FLAGS_LOG_LEVEL=info
 
-UNTRACKED_LOG_LEVEL=
+SMURF_LOG_LEVEL=info
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IP6TABLES=
 
-IP=
-
-IPSET=
-
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6:/usr/share/shorewall
+
+RESTOREFILE=
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
-
-ACCOUNTING_TABLE=filter
-
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=No
-
-CLEAR_TC=No
-
-COMPLETE=No
-
-DEFER_DNS_RESOLUTION=Yes
-
-DELETE_THEN_ADD=Yes
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=No
-
-FORWARD_CLEAR_MARK=Yes
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=Keep
-
-KEEP_RT_TABLES=Yes
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MUTEX_TIMEOUT=60
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=No
-
-RESTART=restart
-
-RESTORE_ROUTEMARKS=Yes
-
-SAVE_IPSETS=No
+IP_FORWARDING=Off
 
 TC_ENABLED=No
 
 TC_EXPERT=No
 
-TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+MODULE_SUFFIX=ko
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+HIGH_ROUTE_MARKS=No
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=No
+
+KEEP_RT_TABLES=Yes
+
+DELETE_THEN_ADD=Yes
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+AUTOMAKE=No
+
+WIDE_TC_MARKS=Yes
 
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -234,32 +166,6 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
-MACLIST_DISPOSITION=REJECT
-
-RELATED_DISPOSITION=ACCEPT
-
-SFILTER_DISPOSITION=DROP
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples6/one-interface/zones

@@ -1,6 +1,6 @@
 #
-# Shorewall6 version 5 - Sample Zones File for one-interface IPv6 configuration.
-# Copyright (C) 2006-2015 by the Shorewall Team
+# Shorewall6 version 4 - Sample Zones File for one-interface IPv6 configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples6/three-interfaces/README.txt

@@ -3,7 +3,7 @@ For instructions on using these sample configurations, please see
 http://www.shorewall.net/three-interface.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2015 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples6/three-interfaces/interfaces

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4 - Sample Interfaces File for three-interface configuration.
-# Copyright (C) 2006-2014by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -11,9 +11,7 @@
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-interfaces"
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ZONE	INTERFACE	OPTIONS
-net     eth0            tcpflags,forward=1,sourceroute=0
-loc     eth1            tcpflags,forward=1
-dmz     eth2            tcpflags,forward=1
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          tcpflags
+loc     eth1            detect          tcpflags
+dmz     eth2            detect

Samples6/three-interfaces/policy

@@ -1,6 +1,6 @@
 #
 # Shorewall6 Version 4 - Sample Policy File for three-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples6/three-interfaces/routestopped

@@ -1,6 +1,6 @@
 #
-# Shorewall6 version 4.5 Sample Stoppedrules File for three-interface configuration.
-# Copyright (C) 2012-2014 by the Shorewall Team
+# Shorewall6 version 4 - Sample Routestopped File for three-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -9,12 +9,12 @@
 #
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
-# For information about entries in this file, type "man shorewall-stoppedrules"
-###############################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST		SOURCE
-#							PORT(S)		PORT(S)
-ACCEPT		eth1		-
-ACCEPT		-		eth1
-ACCEPT		eth2		-
-ACCEPT		-		eth2
-
+# For information about entries in this file, type "man shorewall6-routestopped"
+#
+# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
+# information.
+#
+##############################################################################
+#INTERFACE	HOST(S)
+eth1		-
+eth2		-

Samples6/three-interfaces/rules

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4.0 - Sample Rules File for three-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2007,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-#       Don't allow connection pickup from the net
-#
-Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the Internet
 #

Samples6/three-interfaces/shorewall6.conf

@@ -1,11 +1,19 @@
 ###############################################################################
 #
-#  Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
+# Shorewall6 version 4 - Sample shorewall.conf for one-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
-#  For information about the settings in this file, type "man shorewall6.conf"
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
 #
-#  Manpage also online at
-#  http://www.shorewall.net/manpages6/shorewall6.conf.html
+# See the file README.txt for further details.
+#
+# For information about the settings in this file, type "man shorewall6.conf"
+#
+# The manpage is also online at 
+# http://shorewall.net/manpages6/shorewall6.conf.html
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################
@@ -18,214 +26,139 @@ STARTUP_ENABLED=No
 
 VERBOSITY=1
 
-###############################################################################
-#			        P A G E R
-###############################################################################
-
-PAGER=
-
-###############################################################################
-#			     F I R E W A L L
-###############################################################################
-
-FIREWALL=
-
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
 
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
 LOGFILE=/var/log/messages
 
-LOGFORMAT="%s %s "
-
-LOGLIMIT="s:1/sec:10"
-
-LOGTAGONLY=No
-
-MACLIST_LOG_LEVEL=info
-
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
-
-SMURF_LOG_LEVEL=info
-
 STARTUP_LOG=/var/log/shorewall6-init.log
 
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
+
+LOGTAGONLY=No
+
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
+
 TCP_FLAGS_LOG_LEVEL=info
 
-UNTRACKED_LOG_LEVEL=
+SMURF_LOG_LEVEL=info
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IP6TABLES=
 
-IP=
-
-IPSET=
-
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall6/:/usr/share/shorewall6:/usr/share/shorewall
+
+RESTOREFILE=
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
-
-ACCOUNTING_TABLE=filter
-
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=No
-
-CLEAR_TC=No
-
-COMPLETE=No
-
-DEFER_DNS_RESOLUTION=Yes
-
-DELETE_THEN_ADD=Yes
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=No
-
-FORWARD_CLEAR_MARK=
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=Keep
-
-KEEP_RT_TABLES=Yes
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MUTEX_TIMEOUT=60
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=No
-
-RESTART=restart
-
-RESTORE_ROUTEMARKS=Yes
-
-SAVE_IPSETS=No
+IP_FORWARDING=On
 
 TC_ENABLED=No
 
 TC_EXPERT=No
 
-TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+MODULE_SUFFIX=ko
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+HIGH_ROUTE_MARKS=No
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=Yes
+
+KEEP_RT_TABLES=Yes
+
+DELETE_THEN_ADD=Yes
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+AUTOMAKE=No
+
+WIDE_TC_MARKS=Yes
 
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -233,32 +166,6 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
-MACLIST_DISPOSITION=REJECT
-
-RELATED_DISPOSITION=ACCEPT
-
-SFILTER_DISPOSITION=DROP
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples6/three-interfaces/zones

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4 - Sample Zones File for three-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -15,6 +15,6 @@
 #ZONE	TYPE	OPTIONS			IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-net	ipv6
-loc	ipv6
-dmz	ipv6
+net	ipv4
+loc	ipv4
+dmz	ipv4

Samples6/two-interfaces/README.txt

@@ -3,7 +3,7 @@ For instructions on using these sample configurations, please see
 http://www.shorewall.net/two-interface.htm
 
     Shorewall Samples
-    Copyright (C) 2006-2014 by the following authors:
+    Copyright (C) 2006 by the following authors:
 	Thomas M. Eastep
 	Paul D. Gear
 	Cristian Rodriguez

Samples6/two-interfaces/interfaces

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4.0 - Sample Interfaces File for two-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -11,8 +11,6 @@
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-interfaces"
 ###############################################################################
-?FORMAT 2
-###############################################################################
-#ZONE	INTERFACE	OPTIONS
-net     eth0            tcpflags,forward=1,sourceroute=0
-loc     eth1            tcpflags,forward=1
+#ZONE	INTERFACE	BROADCAST	OPTIONS
+net     eth0            detect          tcpflags
+loc     eth1            detect          tcpflags

Samples6/two-interfaces/policy

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4 - Sample Policy File for two-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Samples6/two-interfaces/routestopped

@@ -0,0 +1,19 @@
+#
+# Shorewall6 version 4.0 - Sample Routestopped File for two-interface configuration.
+# Copyright (C) 2006,2008 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall6-routestopped"
+#
+# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
+# information.
+#
+##############################################################################
+#INTERFACE	HOST(S)                  OPTIONS
+eth1		-

Samples6/two-interfaces/rules

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4.0 - Sample Rules File for two-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006-2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -10,19 +10,9 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
+#############################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
-?SECTION ALL
-?SECTION ESTABLISHED
-?SECTION RELATED
-?SECTION INVALID
-?SECTION UNTRACKED
-?SECTION NEW
-
-#       Don't allow connection pickup from the net
-#
-Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the network
 #

Samples6/two-interfaces/shorewall6.conf

@@ -1,16 +1,24 @@
 ###############################################################################
 #
-#  Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
+# Shorewall version 3.4 - Sample shorewall.conf for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
 #
-#  For information about the settings in this file, type "man shorewall6.conf"
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
 #
-#  Manpage also online at
-#  http://www.shorewall.net/manpages6/shorewall6.conf.html
+# See the file README.txt for further details.
+#
+# For information about the settings in this file, type "man shorewall6.conf"
+#
+# The manpage is also online at 
+# http://shorewall.net/manpages6/shorewall6.conf.html
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################
 
-STARTUP_ENABLED=Yes
+STARTUP_ENABLED=No
 
 ###############################################################################
 #		              V E R B O S I T Y
@@ -18,214 +26,139 @@ STARTUP_ENABLED=Yes
 
 VERBOSITY=1
 
-###############################################################################
-#			        P A G E R
-###############################################################################
-
-PAGER=
-
-###############################################################################
-#			     F I R E W A L L
-###############################################################################
-
-FIREWALL=
-
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
 
-BLACKLIST_LOG_LEVEL=
-
-INVALID_LOG_LEVEL=
-
-LOG_BACKEND=
-
-LOG_VERBOSITY=2
-
-LOGALLNEW=
-
-LOGFILE=
-
-LOGFORMAT="%s %s "
-
-LOGLIMIT="s:1/sec:10"
-
-LOGTAGONLY=No
-
-MACLIST_LOG_LEVEL=info
-
-RELATED_LOG_LEVEL=
-
-RPFILTER_LOG_LEVEL=info
-
-SFILTER_LOG_LEVEL=info
-
-SMURF_LOG_LEVEL=info
+LOGFILE=/var/log/messages
 
 STARTUP_LOG=/var/log/shorewall6-init.log
 
+LOG_VERBOSITY=2
+
+LOGFORMAT="Shorewall:%s:%s:"
+
+LOGTAGONLY=No
+
+LOGRATE=
+
+LOGBURST=
+
+LOGALLNEW=
+
+BLACKLIST_LOGLEVEL=
+
 TCP_FLAGS_LOG_LEVEL=info
 
-UNTRACKED_LOG_LEVEL=
+SMURF_LOG_LEVEL=info
 
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
-
-GEOIPDIR=/usr/share/xt_geoip/LE
-
 IP6TABLES=
 
-IP=
-
-IPSET=
-
-LOCKFILE=
-
-MODULESDIR=
-
-NFACCT=
-
-PERL=/usr/bin/perl
-
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 
-RESTOREFILE=restore
-
 SHOREWALL_SHELL=/bin/sh
 
 SUBSYSLOCK=
 
-TC=
+MODULESDIR=
+
+CONFIG_PATH=/etc/shorewall6/:/usr/share/shorewall6:/usr/share/shorewall/
+
+RESTOREFILE=
+
+LOCKFILE=
 
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
 DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"
+NFQUEUE_DEFAULT="none"
 
 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
 ###############################################################################
 
-RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 RSH_COMMAND='ssh ${root}@${system} ${command}'
+RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 
 ###############################################################################
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-ACCOUNTING=Yes
-
-ACCOUNTING_TABLE=filter
-
-ADMINISABSENTMINDED=Yes
-
-AUTOCOMMENT=Yes
-
-AUTOHELPERS=Yes
-
-AUTOMAKE=Yes
-
-BASIC_FILTERS=No
-
-BLACKLIST="NEW,INVALID,UNTRACKED"
-
-CLAMPMSS=No
-
-CLEAR_TC=No
-
-COMPLETE=Yes
-
-DEFER_DNS_RESOLUTION=Yes
-
-DELETE_THEN_ADD=Yes
-
-DONT_LOAD=
-
-DYNAMIC_BLACKLIST=Yes
-
-EXPAND_POLICIES=Yes
-
-EXPORTMODULES=Yes
-
-FASTACCEPT=Yes
-
-FORWARD_CLEAR_MARK=
-
-HELPERS=
-
-IGNOREUNKNOWNVARIABLES=No
-
-IMPLICIT_CONTINUE=No
-
-INLINE_MATCHES=Yes
-
-IPSET_WARNINGS=Yes
-
-IP_FORWARDING=Keep
-
-KEEP_RT_TABLES=Yes
-
-LOAD_HELPERS_ONLY=Yes
-
-MACLIST_TABLE=filter
-
-MACLIST_TTL=
-
-MANGLE_ENABLED=Yes
-
-MARK_IN_FORWARD_CHAIN=No
-
-MODULE_SUFFIX="ko ko.xz"
-
-MUTEX_TIMEOUT=60
-
-OPTIMIZE=All
-
-OPTIMIZE_ACCOUNTING=No
-
-REJECT_ACTION=
-
-REQUIRE_INTERFACE=Yes
-
-RESTART=restart
-
-RESTORE_ROUTEMARKS=Yes
-
-SAVE_IPSETS=No
+IP_FORWARDING=On
 
 TC_ENABLED=No
 
 TC_EXPERT=No
 
-TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
+CLEAR_TC=Yes
+
+MARK_IN_FORWARD_CHAIN=No
+
+CLAMPMSS=No
+
+MUTEX_TIMEOUT=60
+
+ADMINISABSENTMINDED=Yes
+
+BLACKLISTNEWONLY=Yes
+
+MODULE_SUFFIX=ko
+
+FASTACCEPT=No
+
+IMPLICIT_CONTINUE=No
+
+HIGH_ROUTE_MARKS=No
+
+OPTIMIZE=7
+
+EXPORTPARAMS=No
+
+EXPAND_POLICIES=No
+
+KEEP_RT_TABLES=Yes
+
+DELETE_THEN_ADD=Yes
+
+DONT_LOAD=
+
+AUTO_COMMENT=Yes
+
+MANGLE_ENABLED=Yes
+
+AUTOMAKE=No
+
+WIDE_TC_MARKS=Yes
 
 TRACK_PROVIDERS=Yes
 
-TRACK_RULES=No
+ZONE2ZONE=2
 
-USE_DEFAULT_RT=Yes
+ACCOUNTING=Yes
 
-USE_PHYSICAL_NAMES=No
+OPTIMIZE_ACCOUNTING=No
 
-USE_RT_NAMES=No
+DYNAMIC_BLACKLIST=Yes
 
-VERBOSE_MESSAGES=Yes
+###############################################################################
+# MARK Layout
+###############################################################################
+TC_BITS=8
 
-WARNOLDCAPVERSION=Yes
+MASK_BITS=8
 
-WORKAROUNDS=No
+PROVIDER_BITS=8
 
-ZERO_MARKS=No
-
-ZONE2ZONE=-
+PROVIDER_OFFSET=8
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -233,32 +166,6 @@ ZONE2ZONE=-
 
 BLACKLIST_DISPOSITION=DROP
 
-INVALID_DISPOSITION=CONTINUE
-
-MACLIST_DISPOSITION=REJECT
-
-RELATED_DISPOSITION=ACCEPT
-
-SFILTER_DISPOSITION=DROP
-
-RPFILTER_DISPOSITION=DROP
-
-SMURF_DISPOSITION=DROP
-
 TCP_FLAGS_DISPOSITION=DROP
 
-UNTRACKED_DISPOSITION=CONTINUE
-
-################################################################################
-#			P A C K E T  M A R K  L A Y O U T
-################################################################################
-
-TC_BITS=
-
-PROVIDER_BITS=
-
-PROVIDER_OFFSET=
-
-MASK_BITS=
-
-ZONE_BITS=0
+#LAST LINE -- DO NOT REMOVE

Samples6/two-interfaces/zones

@@ -1,6 +1,6 @@
 #
 # Shorewall6 version 4.0 - Sample Zones File for two-interface configuration.
-# Copyright (C) 2006-2014 by the Shorewall Team
+# Copyright (C) 2006,2008 by the Shorewall Team
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public

Shorewall-core/COPYING

@@ -1,341 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          51 Franklin Street, Fifth Floor,
-			  Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) 19yy name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.

Shorewall-core/INSTALL

@@ -1,24 +0,0 @@
-Shoreline Firewall (Shorewall) Version 5
------         ----
-
------------------------------------------------------------------------------
-
-     This program is free software; you can redistribute it and/or modify
-     it under the terms of Version 2 of the GNU General Public License
-     as published by the Free Software Foundation.
-
-     This program is distributed in the hope that it will be useful,
-     but WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-     GNU General Public License for more details.
-
-     You should have received a copy of the GNU General Public License
-     along with this program; if not, write to the Free Software
-     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
----------------------------------------------------------------------------
-
-Please see http://www.shorewall.net/Install.htm for installation
-instructions.
-
-

Shorewall-core/configure

@@ -1,243 +0,0 @@
-#!/bin/bash
-#
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
-#
-#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       Usage: ./configure [ <option>=<setting> ] ...
-#
-#
-################################################################################################
-#
-# Build updates this
-#
-VERSION=4.6.12
-
-case "$BASH_VERSION" in
-    [4-9].*)
-	;;
-    *)
-	echo "ERROR: This program requires Bash 4.0 or later" >&2
-	exit 1
-	;;
-esac
-
-declare -A params
-declare -A options
-
-getfileparams() {
-    while read option; do
-	case $option in
-	    \#*)
-		;;
-	    *)
-		on=${option%=*}
-		ov=${option#*=}
-		ov=${ov%#*}
-		[ -n "$on" ] && options[${on}]="${ov}"
-		;;
-	esac
-
-    done
-
-    return 0
-}
-
-for p in $@; do
-
-    if [ -n "${p}" ]; then
-	declare -u pn
-
-	pn=${p%=*}
-	pn=${pn#--}
-	pv=${p#*=}
-
-	if [ -n "${pn}" ]; then
-
-	    case ${pn} in
-		VENDOR)
-		    pn=HOST
-		    ;;
-		SHAREDSTATEDIR)
-		    pn=VARLIB
-		    ;;
-		DATADIR)
-		    pn=SHAREDIR
-		    ;;
-	    esac
-
-	    params[${pn}]="${pv}"
-	else
-	    echo "ERROR: Invalid option ($p)" >&2
-	    exit 1
-	fi
-    fi
-done
-
-cd $(dirname $0)
-
-vendor=${params[HOST]}
-
-if [ -z "$vendor" ]; then
-    if [ -f /etc/os-release ]; then
-	eval $(cat /etc/os-release | grep ^ID=)
-
-	case $ID in
-	    fedora|rhel)
-		vendor=redhat
-		;;
-	    debian|ubuntu)
-		vendor=debian
-		;;
-	    opensuse)
-		vendor=suse
-		;;
-	    *)
-		vendor="$ID"
-		;;
-	esac
-
-	params[HOST]="$vendor"
-    fi
-fi
-
-if [ -z "$vendor" ]; then
-    case `uname` in
-	Darwin)
-	    params[HOST]=apple
-	    rcfile=shorewallrc.apple
-	    ;;
-	cygwin*|CYGWIN*)
-	    params[HOST]=cygwin
-	    rcfile=shorewallrc.cygwin
-	    ;;
-	*)
-	    if [ -f /etc/debian_version ]; then
-		params[HOST]=debian
-		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
-	    elif [ -f /etc/redhat-release ]; then
-		params[HOST]=redhat
-		rcfile=shorewallrc.redhat
-	    elif [ -f /etc/slackware-version ] ; then
-		params[HOST]=slackware
-		rcfile=shorewallrc.slackware
-	    elif [ -f /etc/SuSE-release ]; then
-		params[HOST]=suse
-		rcfile=shorewallrc.suse
-	    elif [ -f /etc/arch-release ] ; then
-		params[HOST]=archlinux
-		rcfile=shorewallrc.archlinux
-	    elif [ -f /etc/openwrt_release ]; then
-		params[HOST]=openwrt
-		rcfile=shorewallrc.openwrt
-	    else
-		params[HOST]=linux
-		rcfile=shorewallrc.default
-	    fi
-	    ;;
-    esac
-    vendor=${params[HOST]}
-else
-    if [ $vendor = linux ]; then
-	rcfile=shorewallrc.default;
-    elif [ $vendor = debian -a -f /etc/debian_version ]; then
-	ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
-    else
-	rcfile=shorewallrc.$vendor
-    fi
-
-    if [ ! -f $rcfile ]; then
-	echo "ERROR: $vendor is not a recognized host type" >&2
-	exit 1
-    elif [ $vendor = default ]; then
-	params[HOST]=linux
-	vendor=linux
-    elif [[ $vendor == debian.* ]]; then
-	params[HOST]=debian
-	vendor=debian
-    fi
-fi
-
-if [ $vendor = linux ]; then
-    echo "INFO: Creating a generic Linux installation - " `date`;
-else
-    echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
-fi
-
-echo
-
-getfileparams < $rcfile || exit 1
-
-for p in ${!params[@]}; do
-    options[${p}]="${params[${p}]}"
-done
-
-echo '#'                                                                 > shorewallrc
-echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
-echo "# rc file: $rcfile"                                               >> shorewallrc
-echo '#'                                                                >> shorewallrc
-
-if [ $# -gt 0 ]; then
-    echo "# Input: $@" >> shorewallrc
-    echo '#'           >> shorewallrc
-fi
-
-if [ -n "${options[VARLIB]}" ]; then
-    if [ -z "${options[VARDIR]}" ]; then
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-elif [ -n "${options[VARDIR]}" ]; then
-    if [ -z "{$options[VARLIB]}" ]; then
-	options[VARLIB]=${options[VARDIR]}
-	options[VARDIR]='${VARLIB}/${PRODUCT}'
-    fi
-fi
-
-if [ -z "${options[SERVICEDIR]}" ]; then
-    options[SERVICEDIR]="${options[SYSTEMD]}"
-fi
-
-for on in \
-    HOST \
-    PREFIX \
-    SHAREDIR \
-    LIBEXECDIR \
-    PERLLIBDIR \
-    CONFDIR \
-    SBINDIR \
-    MANDIR \
-    INITDIR \
-    INITSOURCE \
-    INITFILE \
-    AUXINITSOURCE \
-    AUXINITFILE \
-    SERVICEDIR \
-    SERVICEFILE \
-    SYSCONFFILE \
-    SYSCONFDIR \
-    SPARSE \
-    ANNOTATED \
-    VARLIB \
-    VARDIR \
-    DEFAULT_PAGER
-do
-    echo "$on=${options[${on}]}"
-    echo "$on=${options[${on}]}" >> shorewallrc
-done

Shorewall-core/configure.pl

@@ -1,223 +0,0 @@
-#! /usr/bin/perl -w
-#
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
-#
-#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       Usage: ./configure.pl <option>=<setting> ...
-#
-#
-################################################################################################
-use strict;
-
-#
-# Build updates this
-#
-use constant {
-    VERSION => '4.6.12'
-};
-
-my %params;
-my %options;
-
-my %aliases = ( VENDOR         => 'HOST',
-		SHAREDSTATEDIR => 'VARLIB',
-		DATADIR        => 'SHAREDIR' );
-
-for ( @ARGV ) {
-    die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
-
-    my $pn = uc $1;
-    my $pv = $2 || '';
-
-    $pn = $aliases{$pn} if exists $aliases{$pn};
-
-    $params{$pn} = $pv;
-}
-
-use File::Basename;
-chdir dirname($0);
-
-my $vendor = $params{HOST};
-my $rcfile;
-my $rcfilename;
-
-unless ( defined $vendor ) {
-    if ( -f '/etc/os-release' ) {
-	my $id = `cat /etc/os-release | grep ^ID=`;
-
-	chomp $id;
-
-	$id =~ s/ID=//;
-	
-	if ( $id eq 'fedora' || $id eq 'rhel' ) {
-	    $vendor = 'redhat';
-	} elsif ( $id eq 'opensuse' ) {
-	    $vendor = 'suse';
-	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
-	    my $init = `ls -l /sbin/init`;
-	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
-	} else {
-	    $vendor = $id;
-	}
-    }
-
-    $params{HOST} = $vendor;
-    $params{HOST} =~ s/\..*//;
-}
-
-if ( defined $vendor ) {
-    if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
-	if ( -l '/sbin/init' ) {
-	    if ( readlink('/sbin/init') =~ /systemd/ ) {
-		$rcfilename = 'shorewallrc.debian.systemd';
-	    } else {
-		$rcfilename = 'shorewallrc.debian.sysvinit';
-	    }
-	} else {
-	    $rcfilename = 'shorewallrc.debian.sysvinit';
-	}
-    } else {
-	$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
-    }
-
-    unless ( -f $rcfilename ) {
-	die qq("ERROR: $vendor" is not a recognized host type);
-    } elsif ( $vendor eq 'default' ) {
-	$params{HOST} = $vendor = 'linux';
-    } elsif ( $vendor =~ /^debian\./ ) {
-	$params{HOST} = $vendor = 'debian';
-    }
-} else {
-    if ( -f '/etc/debian_version' ) {
-	$vendor = 'debian';
-	if ( -l '/sbin/init' ) {
-	    if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
-		$rcfilename = 'shorewallrc.debian.systemd';
-	    } else {
-		$rcfilename = 'shorewallrc.debian.sysvinit';
-	    }
-	} else {
-	    $rcfilename = 'shorewallrc.debian.sysvinit';
-	}
-    } elsif ( -f '/etc/redhat-release' ){
-	$vendor = 'redhat';
-	$rcfilename = 'shorewallrc.redhat';
-    } elsif ( -f '/etc/slackware-version' ) {
-	$vendor = 'slackware';
-	$rcfilename = 'shorewallrc.slackware';
-    } elsif ( -f '/etc/SuSE-release' ) {
-	$vendor = 'suse';
-	$rcfilename = 'shorewallrc.suse';
-    } elsif ( -f '/etc/arch-release' ) {
-	$vendor = 'archlinux';
-	$rcfilename = 'shorewallrc.archlinux';
-    } elsif ( `uname` =~ '^Darwin' ) {
-	$vendor = 'apple';
-	$rcfilename = 'shorewallrc.apple';
-    } elsif ( `uname` =~ /^Cygwin/i ) {
-	$vendor = 'cygwin';
-	$rcfilename = 'shorewallrc.cygwin';
-    } else {
-	$vendor = 'linux';
-	$rcfilename = 'shorewallrc.default';
-    }
-
-    $params{HOST} = $vendor;
-}
-
-my @localtime = localtime;
-my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
-
-if ( $vendor eq 'linux' ) {
-    printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
-} else {
-    printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
-}
-
-open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
-
-while ( <$rcfile> ) {
-    s/\s*#.*//;
-    unless ( /^\s*$/ ) {
-	chomp;
-	die "ERROR: Invalid entry ($_) in $rcfilename, line $." unless /\s*(\w+)=(.*)/;
-	$options{$1} = $2;
-    }
-}
-
-close $rcfile;
-
-while ( my ( $p, $v ) = each %params ) {
-    $options{$p} = ${v};
-}
-
-my $outfile;
-
-open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
-
-printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
-print $outfile "# rc file: $rcfilename\n#\n";
-
-print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
-
-if ( $options{VARLIB} ) {
-    unless ( $options{VARDIR} ) {
-	$options{VARDIR} = '${VARLIB}/${PRODUCT}';
-    }
-} elsif ( $options{VARDIR} ) {
-    $options{VARLIB} = $options{VARDIR};
-    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
-}
-
-$options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
-
-for ( qw/ HOST
-	  PREFIX
-	  SHAREDIR
-	  LIBEXECDIR
-	  PERLLIBDIR
-	  CONFDIR
-	  SBINDIR
-	  MANDIR
-	  INITDIR
-	  INITSOURCE
-	  INITFILE
-	  AUXINITSOURCE
-	  AUXINITFILE
-	  SERVICEDIR
-	  SERVICEFILE
-	  SYSCONFFILE
-	  SYSCONFDIR
-	  SPARSE
-	  ANNOTATED
-	  VARLIB
-	  VARDIR
-          DEFAULT_PAGER / ) {
-
-    my $val = $options{$_} || '';
-
-    print          "$_=$val\n";
-    print $outfile "$_=$val\n";
-}
-
-close $outfile;
-
-1;

Shorewall-core/install.sh

@@ -1,457 +0,0 @@
-#!/bin/sh
-#
-# Script to install Shoreline Firewall Core Modules
-#
-#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-
-VERSION=xxx #The Build script inserts the actual version
-
-PRODUCT=shorewall-core
-Product="Shorewall Core"
- 
-usage() # $1 = exit status
-{
-    ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ] "
-    echo "       $ME -v"
-    echo "       $ME -h"
-    exit $1
-}
-
-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    set -- $1
-    echo $*
-    IFS=$ifs
-}
-
-qt()
-{
-    "$@" >/dev/null 2>&1
-}
-
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    echo $dir/$1
-	    return 0
-	fi
-    done
-
-    return 2
-}
-
-cant_autostart()
-{
-    echo
-    echo  "WARNING: Unable to configure shorewall to start automatically at boot" >&2
-}
-
-delete_file() # $1 = file to delete
-{
-    rm -f $1
-}
-
-install_file() # $1 = source $2 = target $3 = mode
-{
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
-	fi
-    fi
-
-    echo "ERROR: Failed to install $2" >&2
-    exit 1
-}
-
-require()
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
-}
-
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-#
-# Parse the run line
-#
-finished=0
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "Shorewall Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-	file=./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-	file=/usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file || exit 1
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-update=0
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=1
-elif [ -z "${VARDIR}" ]; then
-    VARDIR="${VARLIB}/${PRODUCT}"
-    update=2
-fi
-
-for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
-done
-
-[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
-
-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*|CYGWIN*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
-
-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f /etc/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f /etc/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f /etc/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f /etc/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    cygwin*)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	fi
-
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
-	;;
-    apple)
-	if [ -z "$DESTDIR" ]; then
-	    DEST=
-	    INIT=
-	    SPARSE=Yes
-	fi
-
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
-	;;
-esac
-
-#
-# Determine where to install the firewall script
-#
-
-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    cygwin)
-	echo "Installing Cygwin-specific configuration..."
-	;;
-    apple)
-	echo "Installing Mac-specific configuration...";
-	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
-	;;
-    *)
-	echo "ERROR: Unknown HOST \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-if [ -z "$file" ]; then
-    if $HOST = linux; then
-	file=shorewallrc.default
-    else
-	file=shorewallrc.${HOST}
-    fi
-
-    echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
-    echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
-    echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
-    echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
-    echo "" >&2
-    echo "Example:" >&2
-    echo "" >&2
-    echo "   ./install.sh $file" &>2
-fi
-
-if [ -n "$DESTDIR" ]; then
-    if [ $BUILD != cygwin ]; then
-	if [ `id -u` != 0 ] ; then
-	    echo "Not setting file owner/group permissions, not running as root."
-	fi
-    fi
-fi
-
-echo "Installing Shorewall Core Version $VERSION"
-
-#
-# Create directories
-#
-mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
-chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
-
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
-chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
-
-mkdir -p ${DESTDIR}${CONFDIR}
-chmod 755 ${DESTDIR}${CONFDIR}
-
-if [ -n "${SYSCONFDIR}" ]; then
-    mkdir -p ${DESTDIR}${SYSCONFDIR}
-    chmod 755 ${DESTDIR}${SYSCONFDIR}
-fi
-
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
-
-if [ -n "${SERVICEDIR}" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    chmod 755 ${DESTDIR}${SERVICEDIR}
-fi
-
-mkdir -p ${DESTDIR}${SBINDIR}
-chmod 755 ${DESTDIR}${SBINDIR}
-
-if [ -n "${MANDIR}" ]; then
-    mkdir -p ${DESTDIR}${MANDIR}
-    chmod 755 ${DESTDIR}${MANDIR}
-fi
-
-if [ -n "${INITFILE}" ]; then
-    mkdir -p ${DESTDIR}${INITDIR}
-    chmod 755 ${DESTDIR}${INITDIR}
-
-    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
-	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
-	echo  "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
-    fi
-fi
-#
-# Note: ${VARDIR} is created at run-time since it has always been
-#       a relocatable directory on a per-product basis
-#
-# Install the CLI
-#
-install_file shorewall ${DESTDIR}${SBINDIR}/shorewall 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall
-echo "Shorewall CLI program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
-#
-# Install wait4ifup
-#
-install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
-
-echo
-echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
-
-#
-# Install the libraries
-#
-for f in lib.* ; do
-    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
-    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
-done
-
-if [ $SHAREDIR != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.core
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.cli
-fi
-
-#
-# Install the Man Pages
-#
-if [ -n "$MANDIR" ]; then
-    cd manpages
-
-    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man8/
-
-    for f in *.8; do
-	gzip -9c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
-    done
-
-    cd ..
-
-    echo "Man Pages Installed"
-fi
-
-#
-# Symbolically link 'functions' to lib.base
-#
-ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
-#
-# Create the version file
-#
-echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-
-if [ -z "${DESTDIR}" ]; then
-    if [ $update -ne 0 ]; then
-	echo "Updating $file - original saved in $file.bak"
-
-	cp $file $file.bak
-
-	echo '#'                                             >> $file
-	echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
-	echo '#'                                             >> $file
-
-	[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
-
-	echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
-    fi
-fi
-
-[ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
-
-
-[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
-
-if [ ${SHAREDIR} != /usr/share ]; then
-    for f in lib.*; do
-	if [ $BUILD != apple ]; then
-	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-	else
-	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-	fi
-    done
-fi
-#
-#  Report Success
-#
-echo "Shorewall Core Version $VERSION Installed"

Shorewall-core/lib.base

@@ -1,41 +0,0 @@
-#
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
-#
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# This library is a compatibility wrapper around lib.core.
-#
-
-if [ -z "$PRODUCT" ]; then
-    #
-    # This is modified by the installer when ${SHAREDIR} != /usr/share
-    #
-    . /usr/share/shorewall/shorewallrc
-
-    g_basedir=${SHAREDIR}/shorewall
-
-    if [ -z "$SHOREWALL_LIBVERSION" ]; then
-	. ${g_basedir}/lib.core
-    fi
-
-    set_default_product
-
-    setup_product_environment
-fi

Shorewall-core/lib.common

@@ -1,817 +0,0 @@
-#
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
-#
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# The purpose of this library is to hold those functions used by both the CLI and by the
-# generated firewall scripts. To avoid versioning issues, it is copied into generated
-# scripts rather than loaded at run-time.
-#
-#########################################################################################
-#
-# Wrapper around logger that sets the tag according to $SW_LOGGERTAG
-#
-mylogger() {
-    local level
-
-    level=$1
-    shift
-
-    if [ -n "$SW_LOGGERTAG" ]; then
-	logger -p $level -t "$SW_LOGGERTAG" $*
-    else
-	logger -p $level $*
-    fi
-}
-
-#
-# Issue a message and stop
-#
-startup_error() # $* = Error Message
-{
-    echo "   ERROR: $@: Firewall state not changed" >&2
-
-    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %e %T') "
-        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
-    fi
-
-    case $COMMAND in
-        start)
-	    mylogger kern.err "ERROR:$g_product start failed:Firewall state not changed"
-	    ;;
-	restart)
-	    mylogger kern.err "ERROR:$g_product restart failed:Firewall state not changed"
-	    ;;
-	restore)
-	    mylogger kern.err "ERROR:$g_product restore failed:Firewall state not changed"
-	    ;;
-    esac
-
-    if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %e %T') "
-
-	case $COMMAND in
-	    start)
-		echo "${timestamp}  ERROR:$g_product start failed:Firewall state not changed" >> $STARTUP_LOG
-		;;
-	    restart)
-		echo "${timestamp}  ERROR:$g_product restart failed:Firewall state not changed" >> $STARTUP_LOG
-		;;
-	    restore)
-		echo "${timestamp}  ERROR:$g_product restore failed:Firewall state not changed" >> $STARTUP_LOG
-		;;
-	esac
-    fi
-
-    mutex_off
-    kill $$
-    exit 2
-}
-
-#
-# Create the required option string and run the passed script using
-# $SHOREWALL_SHELL
-#
-run_it() {
-    local script
-    local options
-
-    export VARDIR
-
-    script=$1
-    shift
-
-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
-	options="$1 -"
-	shift;
-    else
-	options='-'
-    fi
-
-    [ -n "$g_noroutes" ]   && options=${options}n
-    [ -n "$g_timestamp" ]  && options=${options}t
-    [ -n "$g_purge" ]      && options=${options}p
-    [ -n "$g_recovering" ] && options=${options}r
-    [ -n "$g_counters" ]   && options=${options}c
-
-    options="${options}V $VERBOSITY"
-
-    [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
-
-    $SHOREWALL_SHELL $script $options $@
-}
-
-#
-# Message to stderr
-#
-error_message() # $* = Error Message
-{
-   echo "   $@" >&2
-   return 1
-}
-
-#
-# Undo the effect of 'split()'
-#
-join()
-{
-    local f
-    local o
-    o=
-
-    for f in $* ; do
-        o="${o:+$o:}$f"
-    done
-
-    echo $o
-}
-
-#
-# Return the number of elements in a list
-#
-list_count() # $* = list
-{
-    return $#
-}
-
-#
-# Split a colon-separated list into a space-separated list
-#
-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    echo $*
-    IFS=$ifs
-}
-
-#
-# Split a comma-separated list into a space-separated list
-#
-split_list() {
-    local ifs
-    ifs=$IFS
-    IFS=,
-    echo $*
-    IFS=$ifs
-}
-
-#
-# Search a list looking for a match -- returns zero if a match found
-# 1 otherwise
-#
-list_search() # $1 = element to search for , $2-$n = list
-{
-    local e
-    e=$1
-
-    while [ $# -gt 1 ]; do
-	shift
-	[ "x$e" = "x$1" ] && return 0
-    done
-
-    return 1
-}
-
-#
-# Suppress all output for a command
-#
-qt()
-{
-    "$@" >/dev/null 2>&1
-}
-
-#
-# Suppress all output and input - mainly for preventing leaked file descriptors
-# to avoid SELinux denials
-#
-qtnoin()
-{
-    "$@" </dev/null >/dev/null 2>&1
-}
-
-qt1()
-{
-    local status
-
-    while [ 1 ]; do
-	"$@" </dev/null >/dev/null 2>&1
-	status=$?
-	[ $status -ne 4 ] && return $status
-    done
-}
-
-#
-# Determine if Shorewall[6] is "running"
-#
-product_is_started() {
-    qt1 $g_tool -L shorewall -n
-}
-
-shorewall_is_started() {
-    qt1 $IPTABLES -L shorewall -n
-}
-
-shorewall6_is_started() {
-    qt1 $IP6TABLES -L shorewall -n
-}
-
-#
-# Echos the fully-qualified name of the calling shell program
-#
-my_pathname() {
-    local pwd
-    pwd=$PWD
-    cd $(dirname $0)
-    echo $PWD/$(basename $0)
-    cd $pwd
-}
-
-#
-# Source a user exit file if it exists
-#
-run_user_exit() # $1 = file name
-{
-    local user_exit
-    user_exit=$(find_file $1)
-
-    if [ -f $user_exit ]; then
-	progress_message "Processing $user_exit ..."
-	. $user_exit
-    fi
-}
-
-#
-# Load a Kernel Module -- assumes that the variable 'moduledirectories' contains
-#                         a space-separated list of directories to search for
-#                         the module and that 'moduleloader' contains the
-#                         module loader command.
-#
-loadmodule() # $1 = module name, $2 - * arguments
-{
-    local modulename
-    modulename=$1
-    local modulefile
-    local suffix
-
-    if [ -d /sys/module/ ]; then
-	if ! list_search $modulename $DONT_LOAD; then
-	    if [ ! -d /sys/module/$modulename ]; then
-		shift
-
-		for suffix in $MODULE_SUFFIX ; do
-		    for directory in $moduledirectories; do
-			modulefile=$directory/${modulename}.${suffix}
-
-			if [ -f $modulefile ]; then
-			    case $moduleloader in
-				insmod)
-				    insmod $modulefile $*
-				    ;;
-				*)
-				    modprobe $modulename $*
-				    ;;
-			    esac
-			    break 2
-			fi
-		    done
-		done
-	    fi
-	fi
-    elif ! list_search $modulename $DONT_LOAD $MODULES; then
-	shift
-
-	for suffix in $MODULE_SUFFIX ; do
-	    for directory in $moduledirectories; do
-		modulefile=$directory/${modulename}.${suffix}
-
-		if [ -f $modulefile ]; then
-		    case $moduleloader in
-			insmod)
-			    insmod $modulefile $*
-			    ;;
-			*)
-			    modprobe $modulename $*
-			    ;;
-		    esac
-		    break 2
-		fi
-	    done
-	done
-    fi
-}
-
-#
-# Reload the Modules
-#
-reload_kernel_modules() {
-
-    local save_modules_dir
-    save_modules_dir=$MODULESDIR
-    local directory
-    local moduledirectories
-    moduledirectories=
-    local moduleloader
-    moduleloader=modprobe
-    local uname
-    local extras
-
-    if ! qt mywhich modprobe; then
-	moduleloader=insmod
-    fi
-
-    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
-
-    if [ -n "$MODULESDIR" ]; then
-	case "$MODULESDIR" in
-	    +*)
-		extras="$MODULESDIR"
-		extras=${extras#+}
-		MODULESDIR=
-		;;
-	esac
-    fi
-
-    if [ -z "$MODULESDIR" ]; then
-	uname=$(uname -r)
-	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
-	if [ -n "$extras" ]; then
-	    for directory in $(split "$extras"); do
-		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
-	    done
-	fi
-    fi
-
-    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
-
-    for directory in $(split $MODULESDIR); do
-	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
-    done
-
-    [ -n "$moduledirectories" ] && while read command; do
-	eval $command
-    done
-
-    MODULESDIR=$save_modules_dir
-}
-
-#
-# Load kernel modules required for Shorewall
-#
-load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
-{
-    local save_modules_dir
-    save_modules_dir=$MODULESDIR
-    local directory
-    local moduledirectories
-    moduledirectories=
-    local moduleloader
-    moduleloader=modprobe
-    local savemoduleinfo
-    savemoduleinfo=${1:-Yes} # So old compiled scripts still work
-    local uname
-    local extras
-
-    if ! qt mywhich modprobe; then
-	moduleloader=insmod
-    fi
-
-    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
-
-    if [ -n "$MODULESDIR" ]; then
-	case "$MODULESDIR" in
-	    +*)
-		extras="$MODULESDIR"
-		extras=${extras#+}
-		MODULESDIR=
-		;;
-	esac
-    fi
-
-    if [ -z "$MODULESDIR" ]; then
-	uname=$(uname -r)
-	MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
-	if [ -n "$extras" ]; then
-	    for directory in $(split "$extras"); do
-		MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
-	    done
-	fi
-    fi
-
-    for directory in $(split $MODULESDIR); do
-	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
-    done
-
-    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
-
-    if [ -f $modules -a -n "$moduledirectories" ]; then
-	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
-	progress_message "Loading Modules..."
-	. $modules
-	if [ $savemoduleinfo = Yes ]; then
-	    [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-	    echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir
-	    cp -f $modules ${VARDIR}/.modules
-	fi
-    elif [ $savemoduleinfo = Yes ]; then
-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-	> ${VARDIR}/.modulesdir
-	> ${VARDIR}/.modules
-    fi
-
-    MODULESDIR=$save_modules_dir
-}
-
-#
-#  Note: The following set of IP address manipulation functions have anomalous
-#        behavior when the shell only supports 32-bit signed arithmetic and
-#        the IP address is 128.0.0.0 or 128.0.0.1.
-#
-
-LEFTSHIFT='<<'
-
-#
-# Convert an IP address in dot quad format to an integer
-#
-decodeaddr() {
-    local x
-    local temp
-    temp=0
-    local ifs
-    ifs=$IFS
-
-    IFS=.
-
-    for x in $1; do
-	temp=$(( $(( $temp $LEFTSHIFT 8 )) | $x ))
-    done
-
-    echo $temp
-
-    IFS=$ifs
-}
-
-#
-# convert an integer to dot quad format
-#
-encodeaddr() {
-    addr=$1
-    local x
-    local y
-    y=$(($addr & 255))
-
-    for x in 1 2 3 ; do
-	addr=$(($addr >> 8))
-	y=$(($addr & 255)).$y
-    done
-
-    echo $y
-}
-
-#
-# Netmask from CIDR
-#
-ip_netmask() {
-    local vlsm
-    vlsm=${1#*/}
-
-    [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 $LEFTSHIFT $(( 32 - $vlsm )) ))
-}
-
-#
-# Network address from CIDR
-#
-ip_network() {
-    local decodedaddr
-    decodedaddr=$(decodeaddr ${1%/*})
-    local netmask
-    netmask=$(ip_netmask $1)
-
-    echo $(encodeaddr $(($decodedaddr & $netmask)))
-}
-
-#
-# The following hack is supplied to compensate for the fact that many of
-# the popular light-weight Bourne shell derivatives don't support XOR ("^").
-#
-ip_broadcast() {
-    local x
-    x=$(( 32 - ${1#*/} ))
-
-    [ $x -eq 32 ] && echo -1 || echo $(( $(( 1 $LEFTSHIFT $x )) - 1 ))
-}
-
-#
-# Calculate broadcast address from CIDR
-#
-broadcastaddress() {
-    local decodedaddr
-    decodedaddr=$(decodeaddr ${1%/*})
-    local netmask
-    netmask=$(ip_netmask $1)
-    local broadcast
-    broadcast=$(ip_broadcast $1)
-
-    echo $(encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast )))
-}
-
-#
-# Test for network membership
-#
-in_network() # $1 = IP address, $2 = CIDR network
-{
-    local netmask
-    netmask=$(ip_netmask $2)
-    #
-    # Use string comparison to work around a broken BusyBox ash in OpenWRT
-    #
-    test $(( $(decodeaddr $1) & $netmask)) = $(( $(decodeaddr ${2%/*}) & $netmask ))
-}
-
-#
-# Query NetFilter about the existence of a filter chain
-#
-chain_exists() # $1 = chain name, $2 = table name (optional)
-{
-    qt1 $g_tool -t ${2:-filter} -L $1 -n
-}
-
-#
-# Find the interface with the passed MAC address
-#
-
-find_interface_by_mac() {
-    local mac
-    mac=$1
-    local first
-    local second
-    local rest
-    local dev
-
-    $IP link list | while read first second rest; do
-	case $first in
-	    *:)
-                dev=$second
-		;;
-	    *)
-	        if [ "$second" = $mac ]; then
-		    echo ${dev%:}
-		    return
-		fi
-	esac
-    done
-}
-
-#
-# Find interface address--returns the first IP address assigned to the passed
-# device
-#
-find_first_interface_address() # $1 = interface
-{
-    if [ $g_family -eq 4 ]; then
-	#
-	# get the line of output containing the first IP address
-	#
-	addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
-	#
-	# If there wasn't one, bail out now
-	#
-	[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
-	#
-	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
-	# along with everything else on the line
-	#
-	echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
-    else
-	#
-	# get the line of output containing the first IP address
-	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
-	#
-	# If there wasn't one, bail out now
-	#
-	[ -n "$addr" ] || startup_error "Can't determine the IPv6 address of $1"
-	#
-	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
-	# along with everything else on the line
-	#
-	echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
-    fi
-}
-
-find_first_interface_address_if_any() # $1 = interface
-{
-    if [ $g_family -eq 4 ]; then
-	#
-	# get the line of output containing the first IP address
-	#
-	addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
-	#
-	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
-	# along with everything else on the line
-	#
-	[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
-    else
-	#
-	# get the line of output containing the first IP address
-	#
-	addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
-	#
-	# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
-	# along with everything else on the line
-	#
-	[ -n "$addr" ] && echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//' || echo ::
-    fi
-}
-
-#
-#Determines if the passed interface is a loopback interface
-#
-loopback_interface() { #$1 = Interface name
-    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
-}
-
-#
-# Find Loopback Interfaces
-#
-find_loopback_interfaces() {
-    local interfaces
-
-    [ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
-
-    [ -n "$interfaces" ] && echo $interfaces || echo lo
-}
-
-#
-# Internal version of 'which'
-#
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    echo $dir/$1
-	    return 0
-	fi
-    done
-
-    return 2
-}
-
-#
-# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
-#
-find_file()
-{
-    local saveifs
-    saveifs=
-    local directory
-
-    case $1 in
-	/*)
-	    echo $1
-	    ;;
-	*)
-	    for directory in $(split $CONFIG_PATH); do
-		if [ -f $directory/$1 ]; then
-		    echo $directory/$1
-		    return
-		fi
-	    done
-
-	    if [ -n "$g_shorewalldir" ]; then
-		echo ${g_shorewalldir}/$1
-	    else
-		echo ${g_confdir}/$1
-	    fi
-	    ;;
-    esac
-}
-
-#
-# Set the Shorewall state
-#
-set_state () # $1 = state
-{
-    if [ $# -gt 1 ]; then
-	echo "$1 $(date) from $2" > ${VARDIR}/state
-    else
-	echo "$1 $(date)" > ${VARDIR}/state
-    fi
-}
-
-#
-# Perform variable substitution on the passed argument and echo the result
-#
-expand() # $@ = contents of variable which may be the name of another variable
-{
-    eval echo \"$@\"
-}
-
-#
-# Function for including one file into another
-#
-INCLUDE() {
-    . $(find_file $(expand $@))
-}
-
-# Function to truncate a string -- It uses 'cut -b -<n>'
-# rather than ${v:first:last} because light-weight shells like ash and
-# dash do not support that form of expansion.
-#
-
-truncate() # $1 = length
-{
-    cut -b -${1}
-}
-
-#
-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall nolock refresh"
-#
-# This function uses the lockfile utility from procmail if it exists.
-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
-# behavior of lockfile.
-#
-mutex_on()
-{
-    local try
-    try=0
-    local lockf
-    lockf=${LOCKFILE:=${VARDIR}/lock}
-    local lockpid
-    local lockd
-
-    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-
-    if [ $MUTEX_TIMEOUT -gt 0 ]; then
-
-	lockd=$(dirname $LOCKFILE)
-
-	[ -d "$lockd" ] || mkdir -p "$lockd"
-
-	if [ -f $lockf ]; then
-	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} removed"
-	    elif [ $lockpid -eq $$ ]; then
-                return 0
-	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
-		rm -f ${lockf}
-		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
-	    fi
-	fi
-
-	if qt mywhich lockfile; then
-	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
-	    chmod u+w ${lockf}
-	    echo $$ > ${lockf}
-	    chmod u-w ${lockf}
-	elif qt mywhich lock; then
-            lock ${lockf}
-            chmod u=r ${lockf}
-	else
-	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
-		sleep 1
-		try=$((${try} + 1))
-	    done
-
-	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
-	        # Create the lockfile
-		echo $$ > ${lockf}
-	    else
-		echo "Giving up on lock file ${lockf}" >&2
-	    fi
-	fi
-    fi
-}
-
-#
-# Call this function to release mutual exclusion
-#
-mutex_off()
-{
-    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
-    rm -f ${LOCKFILE:=${VARDIR}/lock}
-}
-

Shorewall-core/lib.core

@@ -1,440 +0,0 @@
-#
-# Shorewall 5.0 -- /usr/share/shorewall/lib.core
-#
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# This library contains the code common to all Shorewall components except the
-# generated scripts.
-#
-
-SHOREWALL_LIBVERSION=50100
-
-#
-# Fatal Error
-#
-fatal_error() # $@ = Message
-{
-    echo "   ERROR: $@" >&2
-    exit 2
-}
-
-setup_product_environment() { # $1 = if non-empty, source shorewallrc again now that we have the correct product
-    g_basedir=${SHAREDIR}/shorewall
-
-    g_sharedir="$SHAREDIR"/$PRODUCT
-    g_confdir="$CONFDIR"/$PRODUCT
-
-    case $PRODUCT in
-	shorewall)
-	    g_product="Shorewall"
-	    g_family=4
-	    g_tool=iptables
-	    g_lite=
-	    ;;
-	shorewall6)
-	    g_product="Shorewall6"
-	    g_family=6
-	    g_tool=ip6tables
-	    g_lite=
-	    ;;
-	shorewall-lite)
-	    g_product="Shorewall Lite"
-	    g_family=4
-	    g_tool=iptables
-	    g_lite=Yes
-	    ;;
-	shorewall6-lite)
-	    g_product="Shorewall6 Lite"
-	    g_family=6
-	    g_tool=ip6tables
-	    g_lite=Yes
-	    ;;
-	*)
-	    fatal_error "Unknown PRODUCT ($PRODUCT)"
-	    ;;
-    esac
-
-    [ -f ${SHAREDIR}/${PRODUCT}/version ] || fatal_error "$g_product does not appear to be installed on this system"
-    #
-    # We need to do this again, now that we have the correct product
-    #
-    [ -n "$1" ] && . ${g_basedir}/shorewallrc
-
-    if [ -z "${VARLIB}" ]; then
-	VARLIB=${VARDIR}
-	VARDIR=${VARLIB}/${PRODUCT}
-    elif [ -z "${VARDIR}" ]; then
-	VARDIR="${VARLIB}/${PRODUCT}"
-    fi
-}
-
-set_default_product() {
-    case $(basename $0) in
-	shorewall6)
-	    PRODUCT=shorewall6
-	    ;;
-	shorewall4)
-	    PRODUCT=shorewall
-	    ;;
-	shorewall-lite)
-	    PRODUCT=shorewall-lite
-	    ;;
-	shorewall6-lite)
-	    PRODUCT=shorewall6-lite
-	    ;;
-	*)
-	    if [ -f ${g_basedir}/version ]; then
-		PRODUCT=shorewall
-	    elif [ -f ${SHAREDIR}/shorewall-lite/version ]; then
-		PRODUCT=shorewall-lite
-	    elif [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
-		PRODUCT=shorewall6-lite
-	    else
-		fatal_error "No Shorewall firewall product is installed"
-	    fi
-	    ;;
-    esac
-}
-
-# Not configured Error
-#
-not_configured_error() # $@ = Message
-{
-    echo "   ERROR: $@" >&2
-    exit 6
-}
-
-#
-# Conditionally produce message
-#
-progress_message() # $* = Message
-{
-    local timestamp
-    timestamp=
-
-    if [ $VERBOSITY -gt 1 ]; then
-	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
-	echo "${timestamp}$@"
-    fi
-}
-
-progress_message2() # $* = Message
-{
-    local timestamp
-    timestamp=
-
-    if [ $VERBOSITY -gt 0 ]; then
-	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
-	echo "${timestamp}$@"
-    fi
-}
-
-progress_message3() # $* = Message
-{
-    local timestamp
-    timestamp=
-
-    if [ $VERBOSITY -ge 0 ]; then
-	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
-	echo "${timestamp}$@"
-    fi
-}
-
-#
-# Undo the effect of 'separate_list()'
-#
-combine_list()
-{
-    local f
-    local o
-    o=
-
-    for f in $* ; do
-        o="${o:+$o,}$f"
-    done
-
-    echo $o
-}
-
-#
-# Validate an IP address
-#
-valid_address() {
-    local x
-    local y
-    local ifs
-    ifs=$IFS
-
-    IFS=.
-
-    for x in $1; do
-	case $x in
-	    [0-9]|[0-9][0-9]|[1-2][0-9][0-9])
-		[ $x -lt 256 ] || { IFS=$ifs; return 2; }
-                ;;
-	    *)
-	        IFS=$ifs
-		return 2
-		;;
-	esac
-    done
-
-    IFS=$ifs
-
-    return 0
-}
-
-#
-# Miserable Hack to work around broken BusyBox ash in OpenWRT
-#
-addr_comp() {
-    test $(bc <<EOF
-$1 > $2
-EOF
-) -eq 1
-
-}
-
-#
-# Enumerate the members of an IP range -- When using a shell supporting only
-# 32-bit signed arithmetic, the range cannot span 128.0.0.0.
-#
-# Comes in two flavors:
-#
-# ip_range() - produces a mimimal list of network/host addresses that spans
-#              the range.
-#
-# ip_range_explicit() - explicitly enumerates the range.
-#
-ip_range() {
-    local first
-    local last
-    local l
-    local x
-    local y
-    local z
-    local vlsm
-
-    case $1 in
-	!*)
-	    #
-	    # Let iptables complain if it's a range
-	    #
-	    echo $1
-	    return
-	    ;;
-	[0-9]*.*.*.*-*.*.*.*)
-            ;;
-	*)
-	    echo $1
-	    return
-	    ;;
-    esac
-
-    first=$(decodeaddr ${1%-*})
-    last=$(decodeaddr ${1#*-})
-
-    if addr_comp $first $last; then
-	fatal_error "Invalid IP address range: $1"
-    fi
-
-    l=$(( $last + 1 ))
-
-    while addr_comp $l $first; do
-	vlsm=
-	x=31
-	y=2
-	z=1
-
-	while [ $(( $first % $y )) -eq 0 ] && ! addr_comp $(( $first + $y )) $l; do
-	    vlsm=/$x
-	    x=$(( $x - 1 ))
-	    z=$y
-	    y=$(( $y * 2 ))
-	done
-
-	echo $(encodeaddr $first)$vlsm
-	first=$(($first + $z))
-    done
-}
-
-ip_range_explicit() {
-    local first
-    local last
-
-    case $1 in
-    [0-9]*.*.*.*-*.*.*.*)
-	;;
-    *)
-	echo $1
-	return
-	;;
-    esac
-
-    first=$(decodeaddr ${1%-*})
-    last=$(decodeaddr ${1#*-})
-
-    if addr_comp $first $last; then
-	fatal_error "Invalid IP address range: $1"
-    fi
-
-    while ! addr_comp $first $last; do
-	echo $(encodeaddr $first)
-	first=$(($first + 1))
-    done
-}
-
-[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
-
-#
-# Netmask to VLSM
-#
-ip_vlsm() {
-    local mask
-    mask=$(decodeaddr $1)
-    local vlsm
-    vlsm=0
-    local x
-    x=$(( 128 << 24 )) # 0x80000000
-
-    while [ $(( $x & $mask )) -ne 0 ]; do
-	[ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Not all shells shift 0x80000000 left properly.
-	vlsm=$(($vlsm + 1))
-    done
-
-    if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff
-	echo "Invalid net mask: $1" >&2
-    else
-	echo $vlsm
-    fi
-}
-
-#
-# Set default config path
-#
-ensure_config_path() {
-    local F
-    F=${g_sharedir}/configpath
-    if [ -z "$CONFIG_PATH" ]; then
-	[ -f $F ] || { echo "   ERROR: $F does not exist"; exit 2; }
-	. $F
-    fi
-
-    if [ -n "$g_shorewalldir" ]; then
-	[ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ] || CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
-    fi
-}
-
-#
-# Get fully-qualified name of file
-#
-resolve_file() # $1 = file name
-{
-    local pwd
-    pwd=$PWD
-
-    case $1 in
-	/*)
-	    echo $1
-	    ;;
-	.)
-	    echo $pwd
-	    ;;
-	./*)
-	    echo ${pwd}${1#.}
-	    ;;
-	..)
-	    cd ..
-	    echo $PWD
-	    cd $pwd
-	    ;;
-	../*)
-	    cd ..
-	    resolve_file ${1#../}
-	    cd $pwd
-	    ;;
-	*)
-	    echo $pwd/$1
-	    ;;
-    esac
-}
-
-# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
-#
-#     None - No mktemp
-#     BSD  - BSD mktemp (Mandrake)
-#     STD  - mktemp.org mktemp
-#
-find_mktemp() {
-    local mktemp
-    mktemp=`mywhich mktemp 2> /dev/null`
-
-    if [ -n "$mktemp" ]; then
-	if qt mktemp -V ; then
-	    MKTEMP=STD
-	else
-	    MKTEMP=BSD
-	fi
-    else
-	MKTEMP=None
-    fi
-}
-
-#
-# create a temporary file. If a directory name is passed, the file will be created in
-# that directory. Otherwise, it will be created in a temporary directory.
-#
-mktempfile() {
-
-    [ -z "$MKTEMP" ] && find_mktemp
-
-    if [ $# -gt 0 ]; then
-	case "$MKTEMP" in
-	    BSD)
-		mktemp $1/shorewall.XXXXXX
-		;;
-	    STD)
-		mktemp -p $1 shorewall.XXXXXX
-		;;
-	    None)
-		> $1/shorewall-$$ && echo $1/shorewall-$$
-		;;
-	    *)
-		error_message "ERROR:Internal error in mktempfile"
-		;;
-	esac
-    else
-	case "$MKTEMP" in
-	    BSD)
-		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
-		;;
-	    STD)
-		mktemp -t shorewall.XXXXXX
-		;;
-	    None)
-		rm -f ${TMPDIR:-/tmp}/shorewall-$$
-		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
-		;;
-	    *)
-		error_message "ERROR:Internal error in mktempfile"
-		;;
-	esac
-    fi
-}

Shorewall-core/shorewall

@@ -1,39 +0,0 @@
-#!/bin/sh
-#
-#     Shorewall Packet Filtering Firewall Control Program - V5.0
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015 -
-#         Tom Eastep (teastep@shorewall.net)
-#
-#	Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
-#
-################################################################################################
-PRODUCT=shorewall
-
-#
-# This is modified by the installer when ${SHAREDIR} != /usr/share
-#
-. /usr/share/shorewall/shorewallrc
-
-g_basedir=${SHAREDIR}/shorewall
-
-. ${g_basedir}/lib.cli
-
-shorewall_cli $@

Shorewall-core/shorewallrc.apple

@@ -1,22 +0,0 @@
-#
-# Apple OS X Shorewall 5.0 rc file
-#
-BUILD=apple
-HOST=apple
-PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/sbin                          #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Unused on OS X
-INITFILE=                              #Unused on OS X
-INITSOURCE=                            #Unused on OS X
-ANNOTATED=                             #Unused on OS X
-SERVICEDIR=                            #Unused on OS X
-SERVICEFILE=                           #Unused on OS X
-SYSCONFDIR=                            #Unused on OS X
-SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                        #Unused on OS X
-DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.archlinux

@@ -1,23 +0,0 @@
-#
-# Arch Linux Shorewall 5.0 rc file
-#
-BUILD=                                 #Default is to detect the build system
-HOST=archlinux
-PREFIX=/usr                            #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share               #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share             #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall   #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                           #Directory where subsystem configurations are installed
-SBINDIR=/usr/bin                       #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                 #Directory where manpages are installed.
-INITDIR=                               #Directory where SysV init scripts are installed.
-INITFILE=                              #Name of the product's installed SysV init script
-INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                             #If non-zero, annotated configuration files are installed
-SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SERVICEDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                        #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
-DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.cygwin

@@ -1,22 +0,0 @@
-#
-# Cygwin Shorewall 5.0 rc file
-#
-BUILD=cygwin
-HOST=cygwin
-PREFIX=/usr                           #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share              #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share            #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall  #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                          #Directory where subsystem configurations are installed
-SBINDIR=/bin                          #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                #Directory where manpages are installed.
-INITDIR=/etc/init.d                   #Unused on Cygwin
-INITFILE=                             #Unused on Cygwin
-INITSOURCE=                           #Unused on Cygwin
-ANNOTATED=                            #Unused on Cygwin
-SERVICEDIR=                           #Unused on Cygwin
-SERVICEFILE=                          #Unused on Cygwin
-SYSCONFDIR=                           #Unused on Cygwin
-SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
-VARLIB=/var/lib                       #Unused on Cygwin
-DEFAULT_PAGER=			      #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.debian.systemd

@@ -1,24 +0,0 @@
-#
-# Debian Shorewall 4.5 rc file
-#
-BUILD=					#Default is to detect the build system
-HOST=debian
-PREFIX=/usr				#Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share		#Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share		#Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall	#Directory to install Shorewall Perl module directory
-CONFDIR=/etc				#Directory where subsystem configurations are installed
-SBINDIR=/sbin				#Directory where system administration programs are installed
-MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
-INITDIR=				#Directory where SysV init scripts are installed.
-INITFILE=				#Name of the product's installed SysV init script
-INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
-ANNOTATED=				#If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
-SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
-SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib				#Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
-DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.debian.sysvinit

@@ -1,24 +0,0 @@
-#
-# Debian Shorewall 4.5 rc file
-#
-BUILD=                                  #Default is to detect the build system
-HOST=debian
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
-SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
-DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.default

@@ -1,24 +0,0 @@
-#
-# Default Shorewall 5.0 rc file
-#
-HOST=linux                              #Generic Linux
-BUILD=                                  #Default is to detect the build system
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=                             #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=                             #Directory where SysV init parameter files are installed
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
-DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.openwrt

@@ -1,24 +0,0 @@
-#
-# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
-#
-# Input: host=openwrt
-#
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=                                 #Directory where manpages are installed.
-INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.openwrt.sh              #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSCONFDIR=${CONFDIR}/sysconfig         #Directory where SysV init parameter files are installed
-SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/lib                             #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
-DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.redhat

@@ -1,24 +0,0 @@
-#
-# RedHat/FedoraShorewall 5.0 rc file
-#
-BUILD=                                  #Default is to detect the build system
-HOST=redhat
-PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/libexec            #Directory for executable scripts.
-PERLLIBDIR=/usr/share/perl5/vendor_perl #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                            #Directory where subsystem configurations are installed
-SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man                  #Directory where manpages are installed.
-INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
-INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
-SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
-SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
-SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                         #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
-DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.slackware

@@ -1,25 +0,0 @@
-#
-# Slackware Shorewall 5.0 rc file
-#
-BUILD=slackware
-HOST=slackware
-PREFIX=/usr                                #Top-level directory for shared files, libraries, etc.
-SHAREDIR=${PREFIX}/share                   #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/share                 #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/share/shorewall       #Directory to install Shorewall Perl module directory
-CONFDIR=/etc                               #Directory where subsystem configurations are installed
-SBINDIR=/sbin                              #Directory where system administration programs are installed
-MANDIR=${PREFIX}/man                       #Directory where manpages are installed.
-INITDIR=/etc/rc.d                          #Directory where SysV init scripts are installed.
-AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be installed as the SysV init script
-AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
-INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
-INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SERVICEDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
-ANNOTATED=                                 #If non-empty, install annotated configuration files
-VARLIB=/var/lib                            #Directory where product variable data is stored.
-VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
-DEFAULT_PAGER=				   #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.suse

@@ -1,24 +0,0 @@
-#
-# SuSE Shorewall 5.0 rc file
-#
-BUILD=                                                #Default is to detect the build system
-HOST=suse
-PREFIX=/usr                                           #Top-level directory for shared files, libraries, etc.
-CONFDIR=/etc                                          #Directory where subsystem configurations are installed
-SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
-LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/lib/perl5/site-perl              #Directory to install Shorewall Perl module directory
-SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
-MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
-INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
-INITFILE=                                             #Name of the product's SysV init script
-INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
-ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=/usr/lib/systemd/system                    #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=$PRODUCT.service          		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
-SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
-SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
-SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
-VARLIB=/var/lib                                       #Directory where persistent product data is stored.
-VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
-DEFAULT_PAGER=				   	      #Pager to use if none specified in shorewall[6].conf

Shorewall-core/uninstall.sh

@@ -1,123 +0,0 @@
-#!/bin/sh
-#
-# Script to back uninstall Shoreline Firewall
-#
-#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://www.shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#    Usage:
-#
-#       You may only use this script to uninstall the version
-#       shown below. Simply run this script to remove Shorewall Firewall
-
-VERSION=xxx #The Build script inserts the actual version
-PRODUCT="shorewall-core"
-Product="Shorewall Core"
- 
-usage() # $1 = exit status
-{
-    ME=$(basename $0)
-    echo "usage: $ME [ <shorewallrc file> ]"
-    exit $1
-}
-
-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
-qt()
-{
-    "$@" >/dev/null 2>&1
-}
-
-restore_file() # $1 = file to restore
-{
-    if [ -f ${1}-shorewall.bkout ]; then
-	if (mv -f ${1}-shorewall.bkout $1); then
-	    echo
-	    echo "$1 restored"
-        else
-	    exit 1
-        fi
-    fi
-}
-
-remove_file() # $1 = file to restore
-{
-    if [ -f $1 -o -L $1 ] ; then
-	rm -f $1
-	echo "$1 Removed"
-    fi
-}
-
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
-    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
-	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
-	echo "         and this is the $VERSION uninstaller."
-	VERSION="$INSTALLED_VERSION"
-    fi
-else
-    echo "WARNING: Shorewall Core Version $VERSION is not installed"
-    VERSION=""
-fi
-
-echo "Uninstalling Shorewall Core $VERSION"
-
-rm -rf ${SHAREDIR}/shorewall
-rm -f ~/.shorewallrc
-
-echo "Shorewall Core Uninstalled"
-
-

Shorewall-init/COPYING

@@ -1,341 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          51 Franklin Street, Fifth Floor,
-			  Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) 19yy name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.

Shorewall-init/ifupdown.debian.sh

@@ -1,137 +0,0 @@
-#!/bin/sh
-#
-# Debian ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall ]; then
-	    ${SBINDIR}/shorewall compile
-	elif [ $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/shorewall -6 compile
-	fi
-    fi
-}
-
-Debian_ppp() {
-    NEWPRODUCTS=
-    INTERFACE="$1"
-
-    case $0 in
-	/etc/ppp/ip-*)
-	    #
-	    # IPv4
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall|shorewall-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	/etc/ppp/ipv6-*)
-	    #
-	    # IPv6
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall6|shorewall6-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	*)
-	    exit 0
-	    ;;
-    esac
-
-    PRODUCTS="$NEWPRODUCTS"
-
-    case $0 in
-	*up/*)
-	    COMMAND=up
-	    ;;
-	*)
-	    COMMAND=down
-	    ;;
-    esac
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-case $0 in
-    /etc/ppp*)
-	#
-	# Debian ppp
-	#
-	Debian_ppp
-	;;
-    *)
-        #
-        # Debian ifupdown system
-        #
-	INTERFACE="$IFACE"
-
-	if [ "$MODE" = start ]; then
-	    COMMAND=up
-	elif [ "$MODE" = stop ]; then
-	    COMMAND=down
-	else
-	    exit 0
-	fi
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0

Shorewall-init/ifupdown.fedora.sh

@@ -1,113 +0,0 @@
-#!/bin/sh
-#
-# Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-# Get startup options (override default)
-OPTIONS=
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall ]; then
-	    ${SBINDIR}/shorewall compile
-	elif [ $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/shorewall -6 compile
-	fi
-    fi
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-	INTERFACE="$1"
-
-	case $0 in
-	    *ip-up.local)
-		COMMAND=up
-		;;
-	    *ip-down.local)
-		COMMAND=down
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-    *)
-	#
-	# RedHat ifup/down system
-	#
-	INTERFACE="$1"
-    
-	case $0 in 
-	    *ifup*)
-		COMMAND=up
-		;;
-	    *ifdown*)
-		COMMAND=down
-		;;
-	    *dispatcher.d*)
-		COMMAND="$2"
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x "$STATEDIR/firewall" ]; then
-	  echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
-	  ( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0

Shorewall-init/ifupdown.suse.sh

@@ -1,148 +0,0 @@
-#!/bin/sh
-#
-# SuSE ifupdown script for Shorewall-based products
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ ! -x $STATEDIR/firewall ]; then
-	if [ $PRODUCT = shorewall ]; then
-	    ${SBINDIR}/shorewall compile
-	elif [ $PRODUCT = shorewall6 ]; then
-	    ${SBINDIR}/shorewall -6 compile
-	fi
-    fi
-}
-
-SuSE_ppp() {
-    NEWPRODUCTS=
-    INTERFACE="$1"
-
-    case $0 in
-	/etc/ppp/ip-*)
-	    #
-	    # IPv4
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall|shorewall-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	/etc/ppp/ipv6-*)
-	    #
-	    # IPv6
-	    #
-	    for product in $PRODUCTS; do
-		case $product in
-		    shorewall6|shorewall6-lite)
-			NEWPRODUCTS="$NEWPRODUCTS $product";
-			;;
-		esac
-	    done
-	    ;;
-	*)
-	    exit 0
-	    ;;
-    esac
-
-    PRODUCTS="$NEWPRODUCTS"
-
-    case $0 in
-	*up/*)
-	    COMMAND=up
-	    ;;
-	*)
-	    COMMAND=down
-	    ;;
-    esac
-}
-
-IFUPDOWN=0
-PRODUCTS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f /etc/default/shorewall-init ]; then
-    . /etc/default/shorewall-init
-elif [ -f /etc/sysconfig/shorewall-init ]; then
-    . /etc/sysconfig/shorewall-init
-fi
-
-[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
-
-PHASE=''
-
-case $0 in
-    /etc/ppp*)
-        #
-	# SUSE ppp
-	#
-	SuSE_ppp
-	;;
-	
-    *)
-        #
-        # SuSE ifupdown system
-        #
-	INTERFACE="$2"
-
-	case $0 in
-	    *dispatcher.d*)
-		INTERFACE="$1"
-		COMMAND="$2"
-		;;
-	    *if-up.d*)
-		COMMAND=up
-		;;
-	    *if-down.d*)
-		COMMAND=down
-		;;
-	    *)
-		exit 0
-		;;
-	esac
-	;;
-esac
-
-[ -n "$LOGFILE" ] || LOGFILE=/dev/null
-
-for PRODUCT in $PRODUCTS; do
-    setstatedir
-
-    if [ -x $VARLIB/$PRODUCT/firewall ]; then
-	  ( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
-    fi
-done
-
-exit 0

Shorewall-init/init.debian.sh

@@ -1,187 +0,0 @@
-#!/bin/sh
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#       Complete documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-### BEGIN INIT INFO
-# Provides:          shorewall-init
-# Required-Start:    $local_fs
-# X-Start-Before:    $network
-# Required-Stop:     $local_fs
-# X-Stop-After:      $network
-# Default-Start:     S
-# Default-Stop:      0 1 6
-# Short-Description: Initialize the firewall at boot time
-# Description:       Place the firewall in a safe state at boot time prior to
-#                    bringing up the network
-### END INIT INFO
-
-. /lib/lsb/init-functions
-
-export VERBOSITY=0
-
-if [ "$(id -u)" != "0" ]
-then
-  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 1
-fi
-
-echo_notdone () {
-  echo "not done."
-  exit 1
-}
-
-not_configured () {
-    echo "#### WARNING ####"
-    echo "the firewall won't be initialized unless it is configured"
-    if [ "$1" != "stop" ]
-    then
-	echo ""
-	echo "Please read about Debian specific customization in"
-	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-    fi
-    echo "#################"
-    exit 0
-}
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall ]; then
-	${SBINDIR}/shorewall compile
-    elif [ $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/shorewall -6 compile
-    else
-	return 0
-    fi
-}
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# check if shorewall-init is configured or not
-if [ -f "$SYSCONFDIR/shorewall-init" ]
-then
-    . $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]
-    then
-	not_configured
-    fi
-else
-    not_configured
-fi
-
-# Initialize the firewall
-shorewall_start () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Initializing \"Shorewall-based firewalls\": "
-
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-              #
-	      # Run in a sub-shell to avoid name collisions
-	      #
-	      (
-		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-		      ${STATEDIR}/firewall ${OPTIONS} stop
-		  fi
-	      )
-	  fi
-      fi
-  done
-
-  echo "done."
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-
-      printf "Restoring ipsets: "
-
-      if ! ipset -R < "$SAVE_IPSETS"; then
-	  echo_notdone
-      fi
-
-      echo "done."
-  fi
-
-  return 0
-}
-
-# Clear the firewall
-shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
-      fi
-  done
-
-  echo "done."
-
-  if [ -n "$SAVE_IPSETS" ]; then
-
-      echo "Saving ipsets: "
-
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      else
-	  echo_notdone
-      fi
-
-      echo "done."
-  fi
-
-  return 0
-}
-
-case "$1" in
-  start)
-     shorewall_start
-     ;;
-  stop)
-     shorewall_stop
-     ;;
-  reload|force-reload)
-     ;;
-  *)
-     echo "Usage: $0 {start|stop|reload|force-reload}"
-     exit 1
-esac
-
-exit 0

Shorewall-init/init.fedora.sh

@@ -1,157 +0,0 @@
-#! /bin/bash
-#
-# chkconfig: - 09 91
-# description: Initialize the shorewall firewall at boot time
-#
-### BEGIN INIT INFO
-# Provides: shorewall-init
-# Required-Start: $local_fs
-# Required-Stop:  $local_fs
-# Default-Start:
-# Default-Stop:	  0 1 2 3 4 5 6
-# Short-Description: Initialize the shorewall firewall at boot time
-# Description:       Place the firewall in a safe state at boot time
-#                    prior to bringing up the network.  
-### END INIT INFO
-#determine where the files were installed
-
-. /usr/share/shorewall/shorewallrc
-
-prog="shorewall-init"
-logger="logger -i -t $prog"
-lockfile="/var/lock/subsys/shorewall-init"
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Get startup options (override default)
-OPTIONS=
-
-# check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]; then
-    . /etc/sysconfig/shorewall-init
-else
-    echo "/etc/sysconfig/shorewall-init not found"
-    exit 6
-fi
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall ]; then
-	${SBINDIR}/shorewall compile
-    elif [ $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/shorewall -6 compile
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-start () {
-    local PRODUCT
-    local STATEDIR
-
-    if [ -z "$PRODUCTS" ]; then
-	echo "No firewalls configured for shorewall-init"
-	failure
-	return 6 #Not configured
-    fi
-
-    printf "Initializing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
-	fi
-    done
-
-    if [ $retval -eq 0 ]; then
-	touch $lockfile 
-	success
-    else
-	failure
-    fi
-    echo
-    return $retval
-}
-
-# Clear the firewall
-stop () {
-    local PRODUCT
-    local STATEDIR
-
-    printf "Clearing \"Shorewall-based firewalls\": "
-
-    for PRODUCT in $PRODUCTS; do
-	setstatedir
-	retval=$?
-
-	if [ $retval -eq 0 ]; then
-	    if [ -x "${STATEDIR}/firewall" ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
-		retval=${PIPESTATUS[0]}
-		[ $retval -ne 0 ] && break
-	    else
-		retval=6 #Product not configured
-		break
-	    fi
-	else
-	    break
-	fi
-    done
-
-    if [ $retval -eq 0 ]; then
-	rm -f $lockfile
-	success
-    else
-	failure
-    fi
-    echo
-    return $retval
-}
-
-status_q() {
-    status > /dev/null 2>&1
-}
-
-case "$1" in
-    start)
-	status_q && exit 0
-	$1
-	;;
-    stop)
-	status_q || exit 0
-	$1
-	;;
-    restart|reload|force-reload|condrestart|try-restart)
-	echo "Not implemented"
-	exit 3
-	;;
-    status)
-	status $prog
-	;;
-  *)
-	echo "Usage: $0 {start|stop|status}"
-	exit 1
-esac
-
-exit 0

Shorewall-init/init.openwrt.sh

@@ -1,133 +0,0 @@
-#!/bin/sh /etc/rc.common
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
-#     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall-init.
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#
-
-# arg1 of init script is arg2 when rc.common is sourced
-
-case "$action" in
-  start|stop|boot)
-      if [ "$(id -u)" != "0" ]
-      then
-	  echo "You must be root to start, stop or restart \"Shorewall \"."
-	  exit 1
-      fi
-
-      # check if shorewall-init is configured or not
-      if [ -f "/etc/sysconfig/shorewall-init" ]
-      then
-	  . /etc/sysconfig/shorewall-init
-	  if [ -z "$PRODUCTS" ]
-	  then
-	      exit 0
-	  fi
-      else
-	  exit 0
-      fi
-
-      ;;
-  enable|disable|enabled)
-      # Openwrt related
-      # start and stop runlevel variable
-      START=19
-      STOP=91
-      ;;
-  *)
-      echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-      exit 1
-esac
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# Locate the current PRODUCT's statedir
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . ${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall ]; then
-	${SBINDIR}/shorewall compile
-    elif [ $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/shorewall -6 compile
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-start () {
-    local PRODUCT
-  local STATEDIR
-
-  printf "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
-	      fi
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-}
-
-boot () {
-    start
-}
-
-# Clear the firewall
-stop () {
-    local PRODUCT
-    local STATEDIR
-
-    printf "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear
-	    fi
-	fi
-    done
-
-    if [ -n "$SAVE_IPSETS" ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-	fi
-    fi
-}
-

Shorewall-init/init.sh

@@ -1,138 +0,0 @@
-#! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# chkconfig: - 09 91
-#
-### BEGIN INIT INFO
-# Provides: shorewall-init
-# Required-start: $local_fs
-# Required-stop:  $local_fs
-# Default-Start:  2 3 5
-# Default-Stop:   6
-# Short-Description: Initialize the firewall at boot time
-# Description:       Place the firewall in a safe state at boot time
-#                    prior to bringing up the network.  
-### END INIT INFO
-
-if [ "$(id -u)" != "0" ]
-then
-  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 1
-fi
-
-# check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]
-then
-	. /etc/sysconfig/shorewall-init
-	if [ -z "$PRODUCTS" ]
-	then
-		exit 0
-	fi
-else
-	exit 0
-fi
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# Locate the current PRODUCT's statedir
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-shorewall_start () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  ${STATEDIR}/firewall ${OPTIONS} stop
-	      fi
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-
-  return 0
-}
-
-# Clear the firewall
-shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" ]; then
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      fi
-  fi
-
-  return 0
-}
-
-case "$1" in
-  start)
-     shorewall_start
-     ;;
-  stop)
-     shorewall_stop
-     ;;
-  *)
-     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-     exit 1
-esac
-
-exit 0

Shorewall-init/init.suse.sh

@@ -1,149 +0,0 @@
-#! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#       On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#       Complete documentation is available at http://shorewall.net
-#
-#       This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
-#
-#       This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#
-### BEGIN INIT INFO
-# Provides: shorewall-init
-# Required-Start: $local_fs
-# Required-Stop:  $local_fs
-# Default-Start:  2 3 5
-# Default-Stop:   0 1 6
-# Short-Description: Initialize the firewall at boot time
-# Description:       Place the firewall in a safe state at boot time
-#                    prior to bringing up the network.  
-### END INIT INFO
-
-#Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-
-if [ "$(id -u)" != "0" ]
-then
-  echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 4
-fi
-
-# check if shorewall-init is configured or not
-if [ -f "/etc/sysconfig/shorewall-init" ]
-then
-    . /etc/sysconfig/shorewall-init
-
-    if [ -z "$PRODUCTS" ]
-    then
-	echo "No PRODUCTS configured"
-	exit 6
-    fi
-else
-    echo "/etc/sysconfig/shorewall-init not found"
-    exit 6
-fi
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall ]; then
-	${SBINDIR}/shorewall compile
-    elif [ $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/shorewall -6 compile
-    else
-	return 0
-    fi
-}
-
-# Initialize the firewall
-shorewall_start () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Initializing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x $STATEDIR/firewall ]; then
-	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
-	      fi
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-      ipset -R < "$SAVE_IPSETS"
-  fi
-}
-
-# Clear the firewall
-shorewall_stop () {
-  local PRODUCT
-  local STATEDIR
-
-  printf "Clearing \"Shorewall-based firewalls\": "
-  for PRODUCT in $PRODUCTS; do
-      if setstatedir; then
-	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} clear
-	  fi
-      fi
-  done
-
-  if [ -n "$SAVE_IPSETS" ]; then
-      mkdir -p $(dirname "$SAVE_IPSETS")
-      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-      fi
-  fi
-}
-
-case "$1" in
-    start)
-	shorewall_start
-	;;
-    stop)
-	shorewall_stop
-	;;
-    reload|forced-reload)
-	;;
-    *)
-	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-	exit 1
-	;;
-esac
-
-exit 0

Shorewall-init/install.sh

@@ -1,632 +0,0 @@
-#!/bin/sh
-#
-# Script to install Shoreline Firewall Init
-#
-#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
-#     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
-#
-#       Shorewall documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#       You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-
-VERSION=xxx #The Build script inserts the actual version.
-PRODUCT=shorewall-init
-Product="Shorewall Init"
-
-usage() # $1 = exit status
-{
-    ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ]"
-    echo "       $ME -v"
-    echo "       $ME -h"
-    echo "       $ME -n"
-    exit $1
-}
-
-fatal_error() 
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    set -- $1
-    echo $*
-    IFS=$ifs
-}
-
-qt()
-{
-    "$@" >/dev/null 2>&1
-}
-
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    return 0
-	fi
-    done
-
-    return 2
-}
-
-cant_autostart()
-{
-    echo
-    echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
-}
-
-install_file() # $1 = source $2 = target $3 = mode
-{
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
-	fi
-    fi
-
-    echo "ERROR: Failed to install $2" >&2
-    exit 1
-}
-
-make_directory() # $1 = directory , $2 = mode
-{
-    mkdir -p $1
-    chmod 0755 $1
-    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
-}
-
-require() 
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
-}
-
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-#
-# Parse the run line
-#
-
-finished=0
-configure=1
-
-while [ $finished -eq 0 ] ; do
-    option="$1"
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "Shorewall-init Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    #
-    # Load packager's settings if any
-    #
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc || exit 1
-	file=./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-	file=~/.shorewallrc
-     else
-	fatal_error "No configuration file specified and ~/.shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
-fi
-
-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
-done
-
-[ -n "$SANDBOX" ] && configure=0
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
-
-[ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
-
-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID=)
-
-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian|ubuntu)
-			BUILD=debian
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f /etc/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/ubuntu_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f /etc/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f /etc/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f /etc/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f /etc/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ]; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    apple)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    cygwin*|CYGWIN*)
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
- 	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
-	;;
-esac
-
-[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
-
-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    debian)
-	echo "Installing Debian-specific configuration..."
-	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
-    redhat)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    slackware)
-	echo "Shorewall-init is currently not supported on Slackware" >&2
-	exit 1
-	;;
-    archlinux)
-	echo "Shorewall-init is currently not supported on Arch Linux" >&2
-	exit 1
-	;;
-    suse)
-	echo "Installing SuSE-specific configuration..."
-	;;
-    openwrt)
-	echo "Installing Openwrt-specific configuration..."
-	;;
-    linux)
-	echo "ERROR: Shorewall-init is not supported on this system" >&2
-	exit 1
-	;;
-    *)
-	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-[ -z "$TARGET" ] && TARGET=$HOST
-
-if [ -n "$DESTDIR" ]; then
-    if [ $(id -u) != 0 ] ; then
-	echo "Not setting file owner/group permissions, not running as root."
-	OWNERSHIP=""
-    fi
-    
-    make_directory ${DESTDIR}${INITDIR} 0755
-fi
-
-echo "Installing Shorewall Init Version $VERSION"
-
-#
-# Check for /usr/share/shorewall-init/version
-#
-if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
-    first_install=""
-else
-    first_install="Yes"
-fi
-
-if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 0755 ${DESTDIR}${CONFDIR}/logrotate.d
-fi
-
-#
-# Install the Firewall Script
-#
-if [ -n "$INITFILE" ]; then
-    mkdir -p ${DESTDIR}${INITDIR}
-    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
-    
-    if [ -n "${AUXINITSOURCE}" ]; then
-	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
-    fi
-
-    echo  "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
-fi
-
-#
-# Install the .service file
-#
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
-
-if [ -n "$SERVICEDIR" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
-    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
-	mkdir -p ${DESTDIR}${SBINDIR}
-        chmod 0755 ${DESTDIR}${SBINDIR}
-    fi
-    install_file shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init 0700
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
-    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
-fi
-
-#
-# Create /usr/share/shorewall-init if needed
-#
-mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
-chmod 0755 ${DESTDIR}${SHAREDIR}/shorewall-init
-
-#
-# Install logrotate file
-#
-if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
-    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
-fi
-
-#
-# Create the version file
-#
-echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
-chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
-
-#
-# Remove and create the symbolic link to the init script
-#
-if [ -z "$DESTDIR" ]; then
-    rm -f ${SHAREDIR}/shorewall-init/init
-    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
-fi
-
-if [ $HOST = debian ]; then
-    if [ -n "${DESTDIR}" ]; then
-	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
-	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
-    elif [ $configure -eq 0 ]; then
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
-	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
-    fi
-
-    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
-	if [ -n "${DESTDIR}" ]; then
-	    mkdir -p ${DESTDIR}${ETC}/default
-	fi
-
-	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
-	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
-	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-    fi
-
-    IFUPDOWN=ifupdown.debian.sh
-else
-    if [ -n "$DESTDIR" ]; then
-	mkdir -p ${DESTDIR}${SYSCONFDIR}
-
-	if [ -z "$RPM" ]; then
-	    if [ $HOST = suse ]; then
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
-		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
-	    elif [ $HOST = gentoo ]; then
-		# Gentoo does not support if-{up,down}.d
-		/bin/true
-	    elif [ $HOST = openwrt ]; then
-		# Not implemented on openwrt
-		/bin/true
-	    else
-		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
-	    fi
-	fi
-    fi
-
-    if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-	install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT 0644
-	echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-    fi
-
-    [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
-fi
-
-#
-# Install the ifupdown script
-#
-
-if [ $HOST != openwrt ]; then
-    cp $IFUPDOWN ifupdown
-
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
-
-    mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
-
-    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
-fi
-
-if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
-    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
-fi
-
-case $HOST in
-    debian)
-	if [ $configure -eq 1 ]; then
-	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
-	else
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
-	fi
-	;;
-    suse)
-	if [ -z "$RPM" ]; then
-	    if [ $configure -eq 0 ]; then
-		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
-		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
-	    fi
-
-	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
-	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
-	fi
-	;;
-    redhat)
-	if [ -z "$DESTDIR" ]; then
-	    install_local=
-
-	    if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
-		if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
-		    echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
-		else
-		    install_local=Yes
-		fi
-	    else
-		install_local=Yes
-	    fi
-
-	    if [ -n "$install_local" ]; then
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
-		install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
-	    fi
-	fi
-	;;
-esac
-
-if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "first_install" ]; then
-	if [ $HOST = debian ]; then
-	    if [ -n "$SERVICEDIR" ]; then
-		if systemctl enable ${PRODUCT}.service; then
-                    echo "Shorewall Init will start automatically at boot"
-		fi
-	    elif mywhich insserv; then
-		if insserv ${INITDIR}/shorewall-init; then
-		    echo "Shorewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif mywhich update-rc.d ; then
-		if update-rc.d $PRODUCT enable; then
-		    echo "$PRODUCT will start automatically at boot"
-		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		else
-		    cant_autostart
-		fi
-	    else
-		cant_autostart
-	    fi
-	elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-	    /etc/init.d/$PRODUCT enable
-	    if /etc/init.d/$PRODUCT enabled; then
-		echo "$Product will start automatically at boot"
-	    else
-		cant_autostart
-	    fi
-	elif [ $HOST = gentoo ]; then
-	    # On Gentoo, a service must be enabled manually by the user,
-	    # not by the installer
-	    /bin/true
-	else
-	    if [ -n "$SERVICEDIR" ]; then
-		if systemctl enable shorewall-init.service; then
-		    echo "Shorewall Init will start automatically at boot"
-		fi
-	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
-		if insserv ${INITDIR}/shorewall-init ; then
-		    echo "Shorewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
-		if chkconfig --add shorewall-init ; then
-		    echo "Shorewall Init will start automatically in run levels as follows:"
-		    chkconfig --list shorewall-init
-		else
-		    cant_autostart
-		fi
-	    elif [ -x ${SBINDIR}/rc-update ]; then
-		if rc-update add shorewall-init default; then
-		    echo "Shorewall Init will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-		/etc/init.d/$PRODUCT enable
-		if /etc/init.d/shorewall-init enabled; then
-		    echo "$Product will start automatically at boot"
-		else
-		    cant_autostart
-		fi
-	    else
-		cant_autostart
-	    fi
-	fi
-    fi
-else
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
-	if [ $HOST = debian -a -z "$SERVICEDIR" ]; then
-	    if [ -n "${DESTDIR}" ]; then
-		mkdir -p ${DESTDIR}/etc/rcS.d
-	    fi
-
-	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
-	    echo "Shorewall Init will start automatically at boot"
-	fi
-    fi
-fi
-
-[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
-
-if [ -d ${DESTDIR}/etc/ppp ]; then
-    case $HOST in
-	debian|suse)
-	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
-	    done
-	    ;;
-	redhat)
-	    #
-	    # Must use the dreaded ip_xxx.local file
-	    #
-	    for file in ip-up.local ip-down.local; do
-		FILE=${DESTDIR}/etc/ppp/$file
-		if [ -f $FILE ]; then
-		    if grep -qF Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
-		    else
-			echo "$FILE already exists -- ppp devices will not be handled"
-			break
-		    fi
-		else
-		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
-		fi
-	    done
-	    ;;
-    esac
-fi
-#
-#  Report Success
-#
-echo "shorewall Init Version $VERSION Installed"

Shorewall-init/logrotate

@@ -1,5 +0,0 @@
-/var/log/shorewall-ifupdown.log {
-  missingok
-  notifempty
-  create 0600 root root
-}

Shorewall-init/shorewall-init

@@ -1,126 +0,0 @@
-#!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
-#
-#	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	On most distributions, this file should be called
-#	/etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#	This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by
-#	the Free Software Foundation, either version 2 of the license or,
-#	at your option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-###############################################################################
-# set the STATEDIR variable
-setstatedir() {
-    local statedir
-    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
-	statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
-    fi
-
-    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-
-    if [ $PRODUCT = shorewall ]; then
-	${SBINDIR}/shorewall compile
-    elif [ $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/shorewall -6 compile
-    else
-	return 0
-    fi
-}
-
-#
-# This is modified by the installer when ${SHAREDIR} <> /usr/share
-#
-. /usr/share/shorewall/shorewallrc
-
-# check if shorewall-init is configured or not
-if [ -f "$SYSCONFDIR/shorewall-init" ]; then
-    . $SYSCONFDIR/shorewall-init
-    if [ -z "$PRODUCTS" ]; then
-	echo "ERROR: No products configured" >&2
-	exit 1
-    fi
-else
-    echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
-    exit 1
-fi
-
-# Initialize the firewall
-shorewall_start () {
-    local PRODUCT
-    local STATEDIR
-
-    printf "Initializing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		#
-		# Run in a sub-shell to avoid name collisions
-		#
-		(
-		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-			${STATEDIR}/firewall ${OPTIONS} stop
-		    fi
-		)
-	    fi
-	fi
-    done
-
-    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
-	ipset -R < "$SAVE_IPSETS"
-    fi
-
-    return 0
-}
-
-# Clear the firewall
-shorewall_stop () {
-    local PRODUCT
-    local STATEDIR
-
-    printf "Clearing \"Shorewall-based firewalls\": "
-    for PRODUCT in $PRODUCTS; do
-	if setstatedir; then
-	    if [ -x ${STATEDIR}/firewall ]; then
-		${STATEDIR}/firewall ${OPTIONS} clear
-	    fi
-	fi
-    done
-
-    if [ -n "$SAVE_IPSETS" ]; then
-	mkdir -p $(dirname "$SAVE_IPSETS")
-	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
-	fi
-    fi
-
-    return 0
-}
-
-case "$1" in
-    start)
-	shorewall_start
-	;;
-    stop)
-	shorewall_stop
-	;;
-    *)
-	echo "Usage: $0 {start|stop}"
-	exit 1
-esac
-
-exit 0

Shorewall-init/shorewall-init.service

@@ -1,20 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#
-[Unit]
-Description=Shorewall firewall (bootup security)
-Before=network-pre.target
-Wants=network-pre.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/sysconfig/shorewall-init
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
-
-[Install]
-WantedBy=basic.target

Shorewall-init/shorewall-init.service.debian

@@ -1,20 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
-#
-[Unit]
-Description=Shorewall firewall (bootup security)
-Before=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/default/shorewall-init
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
-
-[Install]
-WantedBy=basic.target

Shorewall-init/sysconfig

@@ -1,26 +0,0 @@
-# List the Shorewall products that Shorewall-init is to
-# initialize (space-separated list).
-#
-# Sample: PRODUCTS="shorewall shorewall6"
-#
-PRODUCTS=""
-
-#
-# Set this to 1 if you want Shorewall-init to react to 
-# ifup/ifdown and NetworkManager events
-#
-IFUPDOWN=0
-#
-# Set this to the name of the file that is to hold
-# ipset contents. Shorewall-init will load those ipsets
-# during 'start' and will save them there during 'stop'.
-#
-SAVE_IPSETS=""
-#
-# Where Up/Down events get logged
-#
-LOGFILE=/var/log/shorewall-ifupdown.log
-
-# Startup options - set verbosity to 0 (minimal reporting)
-OPTIONS="-V0"
-

Shorewall-init/uninstall.sh

@@ -1,236 +0,0 @@
-#!/bin/sh
-#
-# Script to back uninstall Shoreline Firewall
-#
-#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
-#
-#       Shorewall documentation is available at http://shorewall.sourceforge.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#    Usage:
-#
-#       You may only use this script to uninstall the version
-#       shown below. Simply run this script to remove Shorewall Firewall
-
-VERSION=xxx  #The Build script inserts the actual version
-PRODUCT=shorewall-init
-Product="Shorewall Init"
-
-usage() # $1 = exit status
-{
-    ME=$(basename $0)
-    echo "usage: $ME [ <shorewallrc file> ]"
-    exit $1
-}
-
-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
-qt()
-{
-    "$@" >/dev/null 2>&1
-}
-
-split() {
-    local ifs
-    ifs=$IFS
-    IFS=:
-    set -- $1
-    echo $*
-    IFS=$ifs
-}
-
-mywhich() {
-    local dir
-
-    for dir in $(split $PATH); do
-	if [ -x $dir/$1 ]; then
-	    return 0
-	fi
-    done
-
-    return 2
-}
-
-remove_file() # $1 = file to restore
-{
-    if [ -f $1 -o -L $1 ] ; then
-	rm -f $1
-	echo "$1 Removed"
-    fi
-}
-
-#
-# Change to the directory containing this script
-#
-cd "$(dirname $0)"
-
-finished=0
-configure=1
-
-while [ $finished -eq 0 ]; do
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc || exit 1
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file || exit 1
-else
-    usage 1
-fi
-
-if [ -f ${SHAREDIR}/shorewall-init/version ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
-    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
-	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
-	echo "         and this is the $VERSION uninstaller."
-	VERSION="$INSTALLED_VERSION"
-    fi
-else
-    echo "WARNING: Shorewall Init Version $VERSION is not installed"
-    VERSION=""
-fi
-
-[ -n "${LIBEXEC:=${SHAREDIR}}" ]
-
-echo "Uninstalling Shorewall Init $VERSION"
-
-[ -n "$SANDBOX" ] && configure=0
-
-INITSCRIPT=${CONFDIR}/init.d/shorewall-init
-
-if [ -f "$INITSCRIPT" ]; then
-    if [ $configure -eq 1 ]; then
-	if [ $HOST = openwrt ]; then
-	    if /etc/init.d/shorewall-init enabled; then
-		/etc/init.d/shorewall-init disable
-	    fi
-	elif mywhich updaterc.d ; then
-	    updaterc.d shorewall-init remove
-	elif mywhich insserv ; then
-            insserv -r $INITSCRIPT
-	elif mywhich chkconfig ; then
-	    chkconfig --del $(basename $INITSCRIPT)
-	fi
-    fi
-
-    remove_file $INITSCRIPT
-fi
-
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
-fi
-
-if [ -n "$SERVICEDIR" ]; then
-    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
-    rm -f $SERVICEDIR/shorewall-init.service
-fi
-
-if [ $HOST = openwrt ]; then
-    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
-else
-    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
-fi
-
-remove_file ${CONFDIR}/default/shorewall-init
-remove_file ${CONFDIR}/sysconfig/shorewall-init
-
-remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
-
-remove_file ${CONFDIR}/network/if-up.d/shorewall
-remove_file ${CONFDIR}/network/if-down.d/shorewall
-remove_file ${CONFDIR}/network/if-post-down.d/shorewall
-
-remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
-remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
-
-if [ -d ${CONFDIR}/ppp ]; then
-    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-	remove_file ${CONFDIR}/ppp/$directory/shorewall
-    done
-
-    for file in if-up.local if-down.local; do
-	if [ -f ${CONFDIR}/ppp/$file ]; then
-	    if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then
-		remove_file ${CONFDIR}/ppp/$FILE
-	    fi
-	fi
-    done
-fi
-
-rm -f  ${SBINDIR}/shorewall-init
-rm -rf ${SHAREDIR}/shorewall-init
-rm -rf ${LIBEXECDIR}/shorewall-init
-
-echo "Shorewall Init Uninstalled"
-
-

Shorewall-lite/COPYING

@@ -2,8 +2,7 @@
 		       Version 2, June 1991
 
  Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          51 Franklin Street, Fifth Floor,
-			  Boston, MA 02110-1301 USA
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 

Shorewall-lite/Makefile

@@ -0,0 +1,18 @@
+# Shorewall Lite Makefile to restart if firewall script is newer than last restart
+VARDIR=$(shell /sbin/shorewall-lite show vardir)
+SHAREDIR=/usr/share/shorewall-lite
+RESTOREFILE?=.restore
+
+all: $(VARDIR)/${RESTOREFILE}
+
+$(VARDIR)/${RESTOREFILE}: $(VARDIR)/firewall
+	@/sbin/shorewall-lite -q save >/dev/null; \
+	if \
+	    /sbin/shorewall-lite -q restart >/dev/null 2>&1; \
+	then \
+	    /sbin/shorewall-lite -q save >/dev/null; \
+	else \
+	    /sbin/shorewall-lite -q restart 2>&1 | tail >&2; \
+	fi
+
+# EOF

Shorewall-lite/README.txt

@@ -0,0 +1 @@
+This is the Shorewall-lite development 4.3 branch of SVN.

Shorewall-lite/configpath

@@ -1,7 +1,7 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #
 
-CONFIG_PATH=${CONFDIR}/shorewall-lite:${SHAREDIR}/shorewall-lite:${SHAREDIR}/shorewall
+CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite

Shorewall-lite/default.debian

@@ -18,27 +18,12 @@ startup=0
 #
 # Startup options
 #
+
 OPTIONS=""
 
-#
-# Start options
-#
-STARTOPTIONS=""
-
-#
-# Restart options
-#
-RESTARTOPTIONS=""
-
 #
 # Init Log -- if /dev/null, use the STARTUP_LOG defined in shorewall.conf
 #
 INITLOG=/dev/null
 
-#
-# Set this to 1 to cause '/etc/init.d/shorewall-lite stop' to place the firewall in
-# a safe state rather than to open it
-#
-SAFESTOP=0
-
 # EOF

Shorewall-lite/fallback.sh

@@ -0,0 +1,104 @@
+#!/bin/sh
+#
+# Script to back out the installation of Shorewall Lite and to restore the previous version of
+# the program
+#
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2006,2007 - Tom Eastep (teastep@shorewall.net)
+#
+#       Shorewall documentation is available at http://shorewall.net
+#
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
+#
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#    Usage:
+#
+#       You may only use this script to back out the installation of the version
+#       shown below. Simply run this script to revert to your prior version of
+#       Shoreline Firewall.
+
+VERSION=4.5.4
+
+usage() # $1 = exit status
+{
+    echo "usage: $(basename $0)"
+    exit $1
+}
+
+restore_directory() # $1 = directory to restore
+{
+    if [ -d ${1}-${VERSION}.bkout ]; then
+	if mv -f $1 ${1}-${VERSION} && mv ${1}-${VERSION}.bkout $1; then
+	    echo
+	    echo "$1 restored"
+	    rm -rf ${1}-${VERSION}
+	else
+	    echo "ERROR: Could not restore $1"
+	    exit 1
+	fi
+    fi
+}
+
+restore_file() # $1 = file to restore, $2 = (Optional) Directory to restore from
+{
+    if [ -n "$2" ]; then
+	local file
+	file=$(basename $1)
+
+	if [ -f $2/$file ]; then
+	    if mv -f $2/$file $1 ; then
+		echo
+		echo "$1 restored"
+		return
+	    fi
+
+	    echo "ERROR: Could not restore $1"
+	    exit 1
+        fi
+    fi
+
+    if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
+	if (mv -f ${1}-${VERSION}.bkout $1); then
+	    echo
+	    echo "$1 restored"
+        else
+	    echo "ERROR: Could not restore $1"
+	    exit 1
+        fi
+    fi
+}
+
+if [ ! -f /usr/share/shorewall-lite-${VERSION}.bkout/version ]; then
+    echo "Shorewall Version $VERSION is not installed"
+    exit 1
+fi
+
+echo "Backing Out Installation of Shorewall $VERSION"
+
+if [ -L /usr/share/shorewall-lite/init ]; then
+    FIREWALL=$(ls -l /usr/share/shorewall-lite/init | sed 's/^.*> //')
+    restore_file $FIREWALL /usr/share/shorewall-lite-${VERSION}.bkout
+else
+    restore_file /etc/init.d/shorewall /usr/share/shorewall-lite-${VERSION}.bkout
+fi
+
+restore_file /sbin/shorewall /var/lib/shorewall-lite-${VERSION}.bkout
+
+restore_directory /etc/shorewall-lite
+restore_directory /usr/share/shorewall-lite
+restore_directory /var/lib/shorewall-lite
+
+echo "Shorewall Lite Restored to Version $(cat /usr/share/shorewall-lite/version)"
+
+

Shorewall-lite/init.archlinux.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+OPTIONS="-f"
+
+if [ -f /etc/sysconfig/shorewall ] ; then
+	. /etc/sysconfig/shorewall
+elif [ -f /etc/default/shorewall ] ; then
+	. /etc/default/shorewall
+fi
+
+# if you want to override options, do so in /etc/sysconfig/shorewall or
+# in /etc/default/shorewall --
+# i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
+
+case "$1" in
+	start)
+		stat_busy "Starting $DAEMON_NAME"
+		/sbin/shorewall-lite $OPTIONS start &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			add_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+
+	stop)
+		stat_busy "Stopping $DAEMON_NAME"
+		/sbin/shorewall-lite stop &>/dev/null
+		if [ $? -gt 0 ]; then
+			stat_fail
+		else
+			rm_daemon $DAEMON_NAME
+			stat_done
+		fi
+		;;
+
+	restart|reload)
+		stat_busy "Restarting $DAEMON_NAME"
+		/sbin/shorewall-lite restart &>/dev/null
+		if [ $? -gt 0  ]; then
+			stat_fail
+		else
+			stat_done
+		fi
+		;;
+
+	*)
+		echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
+

Shorewall-lite/init.debian.sh

@@ -2,28 +2,29 @@
 
 ### BEGIN INIT INFO
 # Provides:          shorewall-lite
-# Required-Start:    $network $remote_fs
-# Required-Stop:     $network $remote_fs
+# Required-Start:    $network
+# Required-Stop:     $network
 # Default-Start:     S
-# Default-Stop:      0 1 6
+# Default-Stop:      0 6
 # Short-Description: Configure the firewall at boot time
 # Description:       Configure the firewall according to the rules specified in
 #                    /etc/shorewall-lite
 ### END INIT INFO
 
-. /lib/lsb/init-functions
 
-SRWL='/sbin/shorewall -l'
+
+SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
 test -n ${INITLOG:=/var/log/shorewall-lite-init.log}
 
-[ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0
+[ "$INITLOG" eq "/dev/null" && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0
 
 export SHOREWALL_INIT_SCRIPT
+
 test -x $SRWL || exit 0
 test -x $WAIT_FOR_IFUP || exit 0
 test -n "$INITLOG" || {
-	echo "INITLOG cannot be empty, please configure $0" ;
+	echo "INITLOG cannot be empty, please configure $0" ; 
 	exit 1;
 }
 
@@ -35,13 +36,12 @@ fi
 
 echo_notdone () {
 
-  if [ "$INITLOG" = "/dev/null" ] ; then
+  if [ "$INITLOG" = "/dev/null" ] ; then 
 	  echo "not done."
-  else
+  else 
 	  echo "not done (check $INITLOG)."
   fi
 
-  exit 1
 }
 
 not_configured () {
@@ -57,23 +57,17 @@ not_configured () {
 	exit 0
 }
 
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
 # parse the shorewall params file in order to use params in
 # /etc/default/shorewall
-
-if [ -f "$CONFDIR/shorewall-lite/params" ]
+if [ -f "/etc/shorewall-lite/params" ]
 then
-	. $CONFDIR/shorewall-lite/params
+	. /etc/shorewall-lite/params
 fi
 
 # check if shorewall is configured or not
-if [ -f "$SYSCONFDIR/shorewall-lite" ]
+if [ -f "/etc/default/shorewall-lite" ]
 then
-	. $SYSCONFDIR/shorewall-lite
+	. /etc/default/shorewall-lite
 	SRWL_OPTS="$SRWL_OPTS $OPTIONS"
 	if [ "$startup" != "1" ]
 	then
@@ -85,42 +79,32 @@ fi
 
 # start the firewall
 shorewall_start () {
-  printf "Starting \"Shorewall firewall\": "
-  $SRWL $SRWL_OPTS start $STARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  echo -n "Starting \"Shorewall firewall\": "
+  $SRWL $SRWL_OPTS start >> $INITLOG 2>&1 && echo "done." || echo_notdone
   return 0
 }
 
 # stop the firewall
 shorewall_stop () {
-  if [ "$SAFESTOP" = 1 ]; then
-      printf "Stopping \"Shorewall Lite firewall\": "
-      $SRWL $SRWL_OPTS stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
-  else
-      printf "Clearing all \"Shorewall Lite firewall\" rules: "
-      $SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
-  fi
+  echo -n "Stopping \"Shorewall firewall\": "
+  $SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
   return 0
 }
 
 # restart the firewall
 shorewall_restart () {
-  printf "Restarting \"Shorewall firewall\": "
-  $SRWL $SRWL_OPTS restart $RESTARTOPTIONS >> $INITLOG 2>&1 && echo "done." || echo_notdone
+  echo -n "Restarting \"Shorewall firewall\": "
+  $SRWL $SRWL_OPTS restart >> $INITLOG 2>&1 && echo "done." || echo_notdone
   return 0
 }
 
 # refresh the firewall
 shorewall_refresh () {
-  printf "Refreshing \"Shorewall firewall\": "
+  echo -n "Refreshing \"Shorewall firewall\": "
   $SRWL $SRWL_OPTS refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
   return 0
 }
 
-# status of the firewall
-shorewall_status () {
-  $SRWL $SRWL_OPTS status && exit 0 || exit $?
-}
-
 case "$1" in
   start)
      shorewall_start
@@ -134,11 +118,8 @@ case "$1" in
   force-reload|restart)
      shorewall_restart
      ;;
-  status)
-     shorewall_status
-     ;;
   *)
-     echo "Usage: /etc/init.d/shorewall-lite {start|stop|refresh|restart|force-reload|status}"
+     echo "Usage: /etc/init.d/shorewall-lite {start|stop|refresh|restart|force-reload}"
      exit 1
 esac
 

Shorewall-lite/init.fedora.sh

@@ -1,117 +0,0 @@
-#!/bin/sh
-#
-# Shorewall init script
-#
-# chkconfig: - 28 90
-# description: Packet filtering firewall
-
-### BEGIN INIT INFO
-# Provides: shorewall-lite
-# Required-Start: $local_fs $remote_fs $syslog $network
-# Should-Start: VMware $time $named
-# Required-Stop:
-# Default-Start:
-# Default-Stop:	  0 1 2 3 4 5 6
-# Short-Description: Packet filtering firewall
-# Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
-#              Netfilter (iptables) based firewall
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-prog="shorewall -l"
-shorewall="${SBINDIR}/$prog"
-logger="logger -i -t $prog"
-lockfile="/var/lock/subsys/$prog"
-
-# Get startup options (override default)
-OPTIONS=
-
-if [ -f ${SYSCONFDIR}/$prog ]; then
-    . ${SYSCONFDIR}/$prog
-fi
-
-start() {
-    printf $"Starting Shorewall: "
-    $shorewall $OPTIONS start $STARTOPTIONS 2>&1 | $logger
-    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
-	touch $lockfile
-	success
-    else
-	failure
-    fi
-    echo
-    return $retval
-}
-
-stop() {
-    printf $"Stopping Shorewall: "
-    $shorewall $OPTIONS stop 2>&1 | $logger
-    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
-	rm -f $lockfile
-	success
-    else
-	failure
-    fi
-    echo
-    return $retval
-}
-
-restart() {
-# Note that we don't simply stop and start since shorewall has a built in
-# restart which stops the firewall if running and then starts it.
-    printf $"Restarting Shorewall: "
-    $shorewall $OPTIONS restart $RESTARTOPTIONS 2>&1 | $logger
-    retval=${PIPESTATUS[0]}
-    if [[ $retval == 0 ]]; then
-	touch $lockfile
-	success
-    else # Failed to start, clean up lock file if present
-	rm -f $lockfile
-	failure
-    fi
-    echo
-    return $retval
-}
-
-status(){
-    $shorewall status
-    return $?
-}
-
-status_q() {
-    status > /dev/null 2>&1
-}
-
-case "$1" in
-    start)
-	status_q && exit 0
-	$1
-	;;
-    stop)
-	status_q || exit 0
-	$1
-	;;
-    restart|reload|force-reload)
-	restart
-	;;
-    condrestart|try-restart)
-        status_q || exit 0
-        restart
-        ;;
-    status)
-	$1
-	;;
-    *)
-	echo "Usage: $0 start|stop|reload|restart|force-reload|status"
-	exit 1
-	;;
-esac

Shorewall-lite/init.openwrt.sh

@@ -1,94 +0,0 @@
-#!/bin/sh /etc/rc.common
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
-#     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
-#
-#	On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-#	If an error occurs while starting or restarting the firewall, the
-#	firewall is automatically stopped.
-#
-#	Commands are:
-#
-#	   shorewall-lite start			  Starts the firewall
-#	   shorewall-lite restart		  Restarts the firewall
-#	   shorewall-lite reload		  Reload the firewall
-#	   shorewall-lite stop			  Stops the firewall
-#	   shorewall-lite status		  Displays firewall status
-#
-
-# description: Packet filtering firewall
-
-# Openwrt related
-# Start and stop runlevel variable
-START=50
-STOP=89
-# Displays the status command
-EXTRA_COMMANDS="status"
-EXTRA_HELP=" status Displays firewall status"
-
-################################################################################
-# Get startup options (override default)
-################################################################################
-OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
-fi
-
-SHOREWALL_INIT_SCRIPT=1
-
-################################################################################
-# E X E C U T I O N    B E G I N S   H E R E				       #
-################################################################################
-# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
-command="$action"
-
-start() {
-	exec ${SBINDIR}/shorewall -l $OPTIONS $command $STARTOPTIONS
-}
-
-boot() {
-	local command="start"
-	start
-}
-
-restart() {
-	exec ${SBINDIR}/shorewall -l $OPTIONS $command $RESTARTOPTIONS
-}
-
-reload() {
-	exec ${SBINDIR}/shorewall -l $OPTIONS $command $RELOADOPTION
-}
-
-stop() {
-	exec ${SBINDIR}/shorewall -l $OPTIONS $command $STOPOPTIONS
-}
-
-status() {
-	exec ${SBINDIR}/shorewall -l $OPTIONS $command $@
-}

Shorewall-lite/init.sh

@@ -1,20 +1,19 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
-#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,7 +21,8 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.
@@ -61,14 +61,10 @@ usage() {
 # Get startup options (override default)
 ################################################################################
 OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
+if [ -f /etc/sysconfig/shorewall ]; then
+    . /etc/sysconfig/shorewall
+elif [ -f /etc/default/shorewall ] ; then
+    . /etc/default/shorewall
 fi
 
 SHOREWALL_INIT_SCRIPT=1
@@ -80,13 +76,14 @@ command="$1"
 
 case "$command" in
     start)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
+	exec /sbin/shorewall-lite $OPTIONS $@
 	;;
-    restart|reload)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+    stop|restart|status)
+	exec /sbin/shorewall-lite $@
 	;;
-    status|stop)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
+    reload)
+	shift
+	exec /sbin/shorewall-lite restart $@
 	;;
     *)
 	usage

Shorewall-lite/init.suse.sh

@@ -1,92 +0,0 @@
-#!/bin/sh
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
-#
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
-#
-#	On most distributions, this file should be called /etc/init.d/shorewall.
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
-#	as published by the Free Software Foundation.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-#	If an error occurs while starting or restarting the firewall, the
-#	firewall is automatically stopped.
-#
-#	Commands are:
-#
-#	   shorewall start			  Starts the firewall
-#	   shorewall restart			  Restarts the firewall
-#	   shorewall reload			  Reload the firewall
-#						  (same as restart)
-#	   shorewall stop			  Stops the firewall
-#	   shorewall status			  Displays firewall status
-#
-
-
-### BEGIN INIT INFO
-# Provides:	  shorewall-lite
-# Required-Start: $network $remote_fs
-# Required-Stop:  
-# Default-Start:  2 3 5
-# Default-Stop:	  0 1 6
-# Description:	  starts and stops the shorewall firewall
-# Short-Description: Packet filtering firewall
-### END INIT INFO
-
-################################################################################
-# Give Usage Information						       #
-################################################################################
-usage() {
-    echo "Usage: $0 start|stop|reload|restart|status"
-    exit 1
-}
-
-################################################################################
-# Get startup options (override default)
-################################################################################
-OPTIONS=
-
-#
-# The installer may alter this
-#
-. /usr/share/shorewall/shorewallrc
-
-if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
-    . ${SYSCONFDIR}/shorewall-lite
-fi
-
-SHOREWALL_INIT_SCRIPT=1
-
-################################################################################
-# E X E C U T I O N    B E G I N S   H E R E				       #
-################################################################################
-command="$1"
-
-case "$command" in
-    start)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
-	;;
-    restart|reload)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
-	;;
-    status|stop)
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
-	;;
-    *)
-	usage
-	;;
-esac

Shorewall-lite/install.sh

@@ -2,44 +2,37 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
+#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+#     (c) 2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+#       This program is free software; you can redistribute it and/or modify
+#       it under the terms of Version 2 of the GNU General Public License
+#       as published by the Free Software Foundation.
 #
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+#       This program is distributed in the hope that it will be useful,
+#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       GNU General Public License for more details.
 #
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=xxx #The Build script inserts the actual version
+VERSION=4.5.4
 
 usage() # $1 = exit status
 {
     ME=$(basename $0)
-    echo "usage: $ME [ <configuration-file> ]"
+    echo "usage: $ME"
     echo "       $ME -v"
     echo "       $ME -h"
-    echo "       $ME -n"
     exit $1
 }
 
-fatal_error()
-{
-    echo "   ERROR: $@" >&2
-    exit 1
-}
-
 split() {
     local ifs
     ifs=$IFS
@@ -67,10 +60,19 @@ mywhich() {
     return 2
 }
 
+run_install()
+{
+    if ! install $*; then
+	echo
+	echo "ERROR: Failed to install $*" >&2
+	exit 1
+    fi
+}
+
 cant_autostart()
 {
     echo
-    echo  "WARNING: Unable to configure $Product to start automatically at boot" >&2
+    echo  "WARNING: Unable to configure shorewall to start automatically at boot" >&2
 }
 
 delete_file() # $1 = file to delete
@@ -80,536 +82,286 @@ delete_file() # $1 = file to delete
 
 install_file() # $1 = source $2 = target $3 = mode
 {
-    if cp -f $1 $2; then
-	if chmod $3 $2; then
-	    if [ -n "$OWNER" ]; then
-		if chown $OWNER:$GROUP $2; then
-		    return
-		fi
-	    else
-		return 0
-	    fi
+    run_install $OWNERSHIP -m $3 $1 ${2}
+}
+
+#
+# Parse the run line
+#
+# DEST is the SysVInit script directory
+# INIT is the name of the script in the $DEST directory
+# RUNLEVELS is the chkconfig parmeters for firewall
+# ARGS is "yes" if we've already parsed an argument
+#
+ARGS=""
+
+if [ -z "$DEST" ] ; then
+	DEST="/etc/init.d"
+fi
+
+if [ -z "$INIT" ] ; then
+	INIT="shorewall-lite"
+fi
+
+if [ -z "$RUNLEVELS" ] ; then
+	RUNLEVELS=""
+fi
+
+while [ $# -gt 0 ] ; do
+    case "$1" in
+	-h|help|?)
+	    usage 0
+	    ;;
+        -v)
+	    echo "Shorewall Lite Firewall Installer Version $VERSION"
+	    exit 0
+	    ;;
+	*)
+	    usage 1
+	    ;;
+    esac
+    shift
+    ARGS="yes"
+done
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+
+#
+# Determine where to install the firewall script
+#
+DEBIAN=
+CYGWIN=
+
+case $(uname) in
+    CYGWIN*)
+	if [ -z "$PREFIX" ]; then
+	    DEST=
+	    INIT=
 	fi
+
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+	;;
+    *)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
+	;;
+esac
+
+OWNERSHIP="-o $OWNER -g $GROUP"
+
+if [ -n "$PREFIX" ]; then
+    if [ `id -u` != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
     fi
-
-    echo "ERROR: Failed to install $2" >&2
-    exit 1
-}
-
-make_directory() # $1 = directory , $2 = mode
-{
-    mkdir -p $1
-    chmod 755 $1
-    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
-
-}
-
-require()
-{
-    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
-}
+    
+    install -d $OWNERSHIP -m 755 ${PREFIX}/sbin
+    install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
+elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
+    DEBIAN=yes
+elif [ -f /etc/slackware-version ] ; then
+    DEST="/etc/rc.d"
+    INIT="rc.firewall"
+elif [ -f /etc/arch-release ] ; then
+      DEST="/etc/rc.d"
+      INIT="shorewall-lite"
+      ARCHLINUX=yes
+fi
 
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 
-if [ -f shorewall-lite.service ]; then
-    PRODUCT=shorewall-lite
-    Product="Shorewall Lite"
-else
-    PRODUCT=shorewall6-lite
-    Product="Shorewall6 Lite"
-fi
+echo "Installing Shorewall Lite Version $VERSION"
 
 #
-# Parse the run line
+# Check for /etc/shorewall-lite
 #
-finished=0
-configure=1
-
-while [ $finished -eq 0 ] ; do
-
-    option=$1
-
-    case "$option" in
-	-*)
-	    option=${option#-}
-
-	    while [ -n "$option" ]; do
-		case $option in
-		    h)
-			usage 0
-			;;
-		    v)
-			echo "$Product Firewall Installer Version $VERSION"
-			exit 0
-			;;
-		    n*)
-			configure=0
-			option=${option#n}
-			;;
-		    *)
-			usage 1
-			;;
-		esac
-	    done
-
-	    shift
-	    ;;
-	*)
-	    finished=1
-	    ;;
-    esac
-done
-
-#
-# Read the RC file
-#
-if [ $# -eq 0 ]; then
-    if [ -f ./shorewallrc ]; then
-	. ./shorewallrc || exit 1
-	file=./shorewallrc
-    elif [ -f ~/.shorewallrc ]; then
-	. ~/.shorewallrc
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	. /usr/share/shorewall/shorewallrc
-    else
-	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
-    fi
-elif [ $# -eq 1 ]; then
-    file=$1
-    case $file in
-	/*|.*)
-	    ;;
-	*)
-	    file=./$file
-	    ;;
-    esac
-
-    . $file
-else
-    usage 1
-fi
-
-if [ -z "${VARLIB}" ]; then
-    VARLIB=${VARDIR}
-    VARDIR=${VARLIB}/${PRODUCT}
-elif [ -z "${VARDIR}" ]; then
-    VARDIR=${VARLIB}/${PRODUCT}
-fi
-
-for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
-    require $var
-done
-
-[ -n "${INITFILE}" ] && require INITSOURCE && require INITDIR
-
-PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
-
-[ -n "$SANDBOX" ] && configure=0
-
-#
-# Determine where to install the firewall script
-#
-cygwin=
-
-if [ -z "$BUILD" ]; then
-    case $(uname) in
-	cygwin*|CYGWIN*)
-	    BUILD=cygwin
-	    ;;
-	Darwin)
-	    BUILD=apple
-	    ;;
-	*)
-	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID)
-
-		case $ID in
-		    fedora|rhel|centos|foobar)
-			BUILD=redhat
-			;;
-		    debian)
-			BUILD=debian
-			;;
-		    gentoo)
-			BUILD=gentoo
-			;;
-		    opensuse)
-			BUILD=suse
-			;;
-		    *)
-			BUILD="$ID"
-			;;
-		esac
-	    elif [ -f ${CONFDIR}/debian_version ]; then
-		BUILD=debian
-	    elif [ -f /etc/gentoo-release ]; then
-		BUILD=gentoo
-	    elif [ -f ${CONFDIR}/redhat-release ]; then
-		BUILD=redhat
-	    elif [ -f ${CONFDIR}/SuSE-release ]; then
-		BUILD=suse
-	    elif [ -f ${CONFDIR}/slackware-version ] ; then
-		BUILD=slackware
-	    elif [ -f ${CONFDIR}/arch-release ] ; then
-		BUILD=archlinux
-	    elif [ -f ${CONFDIR}/openwrt_release ]; then
-		BUILD=openwrt
-	    else
-		BUILD=linux
-	    fi
-	    ;;
-    esac
-fi
-
-case $BUILD in
-    cygwin*|CYGWIN*)
-	OWNER=$(id -un)
-	GROUP=$(id -gn)
-	;;
-    apple)
-	[ -z "$OWNER" ] && OWNER=root
-	[ -z "$GROUP" ] && GROUP=wheel
-	;;
-    *)
-	if [ $(id -u) -eq 0 ]; then
-	    [ -z "$OWNER" ] && OWNER=root
-	    [ -z "$GROUP" ] && GROUP=root
-	fi
-	;;
-esac
-
-[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
-
-[ -n "$HOST" ] || HOST=$BUILD
-
-case "$HOST" in
-    cygwin)
-	echo "$PRODUCT is not supported on Cygwin" >&2
-	exit 1
-	;;
-    apple)
-	echo "$PRODUCT is not supported on OS X" >&2
-	exit 1
-	;;
-    debian)
-	echo "Installing Debian-specific configuration..."
-	;;
-    gentoo)
-	echo "Installing Gentoo-specific configuration..."
-	;;
-    redhat)
-	echo "Installing Redhat/Fedora-specific configuration..."
-	;;
-    slackware)
-	echo "Installing Slackware-specific configuration..."
-	;;
-    archlinux)
-	echo "Installing ArchLinux-specific configuration..."
-	;;
-    suse)
-	echo "Installing Suse-specific configuration..."
-	;;
-    openwrt)
-	echo "Installing OpenWRT-specific configuration..."
-	;;
-    linux)
-	;;
-    *)
-	echo "ERROR: Unknown HOST \"$HOST\"" >&2
-	exit 1;
-	;;
-esac
-
-[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
-
-if [ -n "$DESTDIR" ]; then
-    if [ `id -u` != 0 ] ; then
-	echo "Not setting file owner/group permissions, not running as root."
-	OWNERSHIP=""
-    fi
-
-    make_directory ${DESTDIR}${INITDIR} 755
-
-else
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
-	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
-	exit 1
-    fi
-fi
-
-echo "Installing $Product Version $VERSION"
-
-#
-# Check for ${CONFDIR}/$PRODUCT
-#
-if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
-    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
-	echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
-	exit 1
-    fi
-
-    [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
-	mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-else
-    rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${SHAREDIR}/$PRODUCT
-    rm -rf ${DESTDIR}${VARDIR}
-    [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
-fi
-
-#
-# Check for ${SHAREDIR}/$PRODUCT/version
-#
-if [ -f ${DESTDIR}${SHAREDIR}/$PRODUCT/version ]; then
+if [ -z "$PREFIX" -a -d /etc/shorewall-lite ]; then
     first_install=""
+    [ -f /etc/shorewall-lite/shorewall.conf ] && \
+	mv -f /etc/shorewall-lite/shorewall.conf /etc/shorewall-lite/shorewall-lite.conf
 else
     first_install="Yes"
+    rm -rf ${PREFIX}/etc/shorewall-lite
+    rm -rf ${PREFIX}/usr/share/shorewall-lite
+    rm -rf ${PREFIX}/var/lib/shorewall-lite
 fi
 
-delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
+delete_file ${PREFIX}/usr/share/shorewall-lite/xmodules
 
-[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
+install_file shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
+
+echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite"
 
 #
-# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
+# Install the Firewall Script
 #
-mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
-mkdir -p ${DESTDIR}${SBINDIR}
-mkdir -p ${DESTDIR}${VARDIR}
+if [ -n "$DEBIAN" ]; then
+    install_file init.debian.sh /etc/init.d/shorewall-lite 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
+elif [ -n "$ARCHLINUX" ]; then
+    install_file init.archlinux.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
 
-chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
-chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
-
-if [ -n "$DESTDIR" ]; then
-    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
-    mkdir -p ${DESTDIR}${INITDIR}
-    chmod 755 ${DESTDIR}${INITDIR}
+else
+    install_file init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-lite-${VERSION}.bkout
 fi
 
-if [ -n "$INITFILE" ]; then
-    if [ -f "${INITSOURCE}" ]; then
-	initfile="${DESTDIR}${INITDIR}/${INITFILE}"
-	install_file ${INITSOURCE} "$initfile" 0544
+echo  "Shorewall Lite script installed in ${PREFIX}${DEST}/$INIT"
 
-	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' "$initfile"
-
-	echo  "SysV init script $INITSOURCE installed in $initfile"
-    fi
-fi
 #
-# Install the .service file
+# Create /etc/shorewall-lite, /usr/share/shorewall-lite and /var/lib/shorewall-lite if needed
 #
-if [ -z "${SERVICEDIR}" ]; then
-    SERVICEDIR="$SYSTEMD"
+mkdir -p ${PREFIX}/etc/shorewall-lite
+mkdir -p ${PREFIX}/usr/share/shorewall-lite
+mkdir -p ${PREFIX}/var/lib/shorewall-lite
+
+chmod 755 ${PREFIX}/etc/shorewall-lite
+chmod 755 ${PREFIX}/usr/share/shorewall-lite
+
+if [ -n "$PREFIX" ]; then
+    mkdir -p ${PREFIX}/etc/logrotate.d
+    chmod 755 ${PREFIX}/etc/logrotate.d
 fi
 
-if [ -n "$SERVICEDIR" ]; then
-    mkdir -p ${DESTDIR}${SERVICEDIR}
-    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
-fi
 #
 # Install the config file
 #
-if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
-   install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
-   echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
+if [ ! -f ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf ]; then
+   run_install $OWNERSHIP -m 0744 shorewall-lite.conf ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf
+   echo "Config file installed as ${PREFIX}/etc/shorewall-lite/shorewall-lite.conf"
 fi
 
-if [ $HOST = archlinux ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
-elif [ $HOST = gentoo ]; then
-    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
-    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+if [ -n "$ARCHLINUX" ] ; then
+   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall-lite/shorewall.conf
 fi
+
+#
+# Install the  Makefile
+#
+run_install $OWNERSHIP -m 0600 Makefile ${PREFIX}/etc/shorewall-lite/Makefile
+echo "Makefile installed as ${PREFIX}/etc/shorewall-lite/Makefile"
+
 #
 # Install the default config path file
 #
-install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
-echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
+install_file configpath ${PREFIX}/usr/share/shorewall-lite/configpath 0644
+echo "Default config path file installed as ${PREFIX}/usr/share/shorewall-lite/configpath"
 
 #
 # Install the libraries
 #
 for f in lib.* ; do
     if [ -f $f ]; then
-	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+	install_file $f ${PREFIX}/usr/share/shorewall-lite/$f 0644
+	echo "Library ${f#*.} file installed as ${PREFIX}/usr/share/shorewall-lite/$f"
     fi
 done
 
-ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
+ln -sf lib.base ${PREFIX}/usr/share/shorewall-lite/functions
 
-echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
+echo "Common functions linked through ${PREFIX}/usr/share/shorewall-lite/functions"
 
 #
 # Install Shorecap
 #
 
-install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
-[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
+install_file shorecap ${PREFIX}/usr/share/shorewall-lite/shorecap 0755
 
 echo
-echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
+echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap"
 
 #
-# Install the Modules files
+# Install wait4ifup
 #
 
-if [ -f modules ]; then
-    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
-    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
-fi
+install_file wait4ifup ${PREFIX}/usr/share/shorewall-lite/wait4ifup 0755
 
-if [ -f helpers ]; then
-    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
-    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
-fi
+echo
+echo "wait4ifup installed in ${PREFIX}/usr/share/shorewall-lite/wait4ifup"
 
-for f in modules.*; do
-    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
-    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
-done
+#
+# Install the Modules file
+#
+run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall-lite/modules
+echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
 
 #
 # Install the Man Pages
 #
 
-if [ -d manpages -a -n "$MANDIR" ]; then
-    cd manpages
+cd manpages
 
-    mkdir -p ${DESTDIR}${MANDIR}/man5/
+for f in *.5; do
+    gzip -c $f > $f.gz
+    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
+    echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man5/$f.gz"
+done
 
-    for f in *.5; do
-	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
-    done
+for f in *.8; do
+    gzip -c $f > $f.gz
+    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
+    echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man8/$f.gz"
+done
 
-    mkdir -p ${DESTDIR}${MANDIR}/man8/
+cd ..
 
-    for f in *.8; do
-	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
-	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
-    done
+echo "Man Pages Installed"
 
-    cd ..
-
-    echo "Man Pages Installed"
+if [ -d ${PREFIX}/etc/logrotate.d ]; then
+    run_install $OWNERSHIP -m 0644 logrotate ${PREFIX}/etc/logrotate.d/shorewall-lite
+    echo "Logrotate file installed as ${PREFIX}/etc/logrotate.d/shorewall-lite"
 fi
 
-if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
-    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
-fi
 
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
-chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+echo "$VERSION" > ${PREFIX}/usr/share/shorewall-lite/version
+chmod 644 ${PREFIX}/usr/share/shorewall-lite/version
 #
 # Remove and create the symbolic link to the init script
 #
 
-if [ -z "${DESTDIR}" -a -n "${INITFILE}" ]; then
-    rm -f ${SHAREDIR}/$PRODUCT/init
-    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
+if [ -z "$PREFIX" ]; then
+    rm -f /usr/share/shorewall-lite/init
+    ln -s ${DEST}/${INIT} /usr/share/shorewall-lite/init
 fi
 
-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
-delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
-
-#
-#  Creatae the symbolic link for the CLI
-#
-ln -sf shorewall ${DESTDIR}${SBINDIR}/${PRODUCT}
-
-#
-# Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
-#
-if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-    if [ ${DESTDIR} ]; then
-	mkdir -p ${DESTDIR}${SYSCONFDIR}
-	chmod 755 ${DESTDIR}${SYSCONFDIR}
-    fi
-
-    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
-    echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
-fi
-
-if [ ${SHAREDIR} != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-fi
-
-if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
-	if systemctl enable ${PRODUCT}.service; then
-	    echo "$Product will start automatically at boot"
-	fi
-    elif mywhich insserv; then
-	if insserv ${INITDIR}/${INITFILE} ; then
-	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+if [ -z "$PREFIX" -a -n "$first_install" ]; then
+    if [ -n "$DEBIAN" ]; then
+	run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall-lite
+	ln -s ../init.d/shorewall-lite /etc/rcS.d/S40shorewall-lite
+	echo "Shorewall Lite will start automatically at boot"
+	touch /var/log/shorewall-init.log
+    else
+	if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
+	    if insserv /etc/init.d/shorewall-lite ; then
+		echo "Shorewall Lite will start automatically at boot"
 	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+		cant_autostart
 	    fi
-	else
-	    cant_autostart
-	fi
-    elif mywhich chkconfig; then
-	if chkconfig --add $PRODUCT ; then
-	    echo "$PRODUCT will start automatically in run levels as follows:"
-	    echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
-	    chkconfig --list $PRODUCT
-	else
-	    cant_autostart
-	fi
-    elif mywhich update-rc.d ; then
-	echo "$PRODUCT will start automatically at boot"
-	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
-	update-rc.d $PRODUCT enable
-    elif mywhich rc-update ; then
-	if rc-update add $PRODUCT default; then
-	    echo "$PRODUCT will start automatically at boot"
-	    if [ $HOST = debian ]; then
-		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
-		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
+	    if chkconfig --add shorewall-lite ; then
+		echo "Shorewall Lite will start automatically in run levels as follows:"
+		chkconfig --list shorewall-lite
 	    else
-		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
+		cant_autostart
 	    fi
-	else
+	elif [ -x /sbin/rc-update ]; then
+	    if rc-update add shorewall-lite default; then
+		echo "Shorewall Lite will start automatically at boot"
+	    else
+		cant_autostart
+	    fi
+	elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
 	    cant_autostart
 	fi
-    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
-	/etc/init.d/$PRODUCT enable
-	if /etc/init.d/$PRODUCT enabled; then
-            echo "$PRODUCT will start automatically at boot"
-	else
-            cant_autostart
-	fi
-    elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
-	cant_autostart
     fi
 fi
 
 #
 #  Report Success
 #
-echo "$Product Version $VERSION Installed"
+echo "shorewall Lite Version $VERSION Installed"

Shorewall-lite/lib.base

@@ -1,33 +0,0 @@
-#
-# Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
-#
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#	Complete documentation is available at http://shorewall.net
-#
-#       This program is part of Shorewall.
-#
-#	This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
-#
-#	This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
-#
-#	You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# This library contains the code common to all Shorewall components.
-
-g_program=shorewall-lite
-g_family=4
-#
-# This may be altered by the installer
-#
-g_basedir=/usr/share/shorewall
-
-. ${g_basedir}/lib.base
-

Shorewall-lite/logrotate

@@ -1,4 +1,4 @@
-/var/log/shorewall-lite-init.log {
+/var/log/shorewall-init.log {
   missingok
   notifempty
   create 0600 root root

Shorewall-lite/manpages/shorewall-lite.xml

@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
-<refentry>
-  <refmeta>
-    <refentrytitle>shorewall-lite</refentrytitle>
-
-    <manvolnum>8</manvolnum>
-
-    <refmiscinfo>Administrative Commands</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>shorewall-lite</refname>
-
-    <refpurpose>Administration tool for Shoreline Firewall Lite
-    (Shorewall-lte)</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><replaceable>command</replaceable> [
-      <replaceable>command-arguments</replaceable> ]</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>Description</title>
-
-    <para>The shorewall-lite utility is used to control the Shoreline Firewall
-    Lite (Shorewall-lite).</para>
-
-    <para>Beginning with Shorewall 5.1.0, <command>shorewall6-lite</command>
-    is a symbolic link pointing to the <ulink
-    url="/manpages/shorewall.html">shorewall</ulink>(8) executable who
-    executes the <replaceable>command</replaceable> as if its
-    <option>-6</option> and <option>-l</option> options had been
-    specified.</para>
-  </refsect1>
-</refentry>