Add target file(s) 5.2.8-base

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Add NFS V1.4 macro
2020-09-24 15:16:51 -07:00 · 2020-09-24 14:46:24 -07:00 · 2020-09-24 11:19:46 -07:00 · 2020-09-19 11:38:41 -07:00 · 2020-09-19 11:20:10 -07:00 · 2020-09-18 13:44:41 -07:00
386 changed files with 7727 additions and 4524 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 *targetname export-ignore
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -18,7 +18,7 @@ Shoreline Firewall (Shorewall) Version 5
 ---------------------------------------------------------------------------
-Please see http://www.shorewall.net/Install.htm for installation
+Please see https://shorewall.org/Install.htm for installation
 instructions.
--- a/Shorewall-core/Shorewall-core-targetname
+++ b/Shorewall-core/Shorewall-core-targetname
@@ -0,0 +1 @@
 5.2.8-RC1
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,10 +1,10 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
+#     Shorewall Packet Filtering Firewall configuration program - V5.2
 #
 #     (c) 2012,2014,2017 - Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at http://www.shorewall.net
+#	Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -109,6 +109,9 @@ if [ -z "$vendor" ]; then
 	    opensuse)
 		vendor=suse
 		;;
 	    alt|basealt|altlinux)
 		vendor=alt
 		;;
 	    *)
 		vendor="$ID"
 		;;
@@ -132,6 +135,8 @@ if [ -z "$vendor" ]; then
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
 		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
 	    elif [ -f /etc/altlinux-release ] ; then
 		params[HOST]=alt
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -1,10 +1,10 @@
 #! /usr/bin/perl -w
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
+#     Shorewall Packet Filtering Firewall configuration program - V5.2
 #
 #     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at http://www.shorewall.net
+#	Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -74,6 +74,8 @@ unless ( defined $vendor ) {
 	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
 	    my $init = `ls -l /sbin/init`;
 	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
 	} elsif ( $id eq 'alt' || $id eq 'basealt' || $id eq 'altlinux' ) {
 	    $vendor = 'alt';
 	} else {
 	    $vendor = $id;
 	}
@@ -117,6 +119,9 @@ if ( defined $vendor ) {
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } elsif ( -f '/etc/altlinux-release' ){
 	$vendor = 'alt';
 	$rcfilename = 'shorewallrc.alt';
    } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -4,7 +4,7 @@
 #
 #     (c) 2000-2018 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -172,6 +172,9 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -180,6 +183,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -238,7 +243,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt|alt)
 	;;
    *)
 	fatal_error "Unknown HOST \"$HOST\""
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.1 -- /usr/share/shorewall/lib.base
+# Shorewall 5.2 -- /usr/share/shorewall/lib.base
 #
 #     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.1 -- /usr/share/shorewall/lib.cli.
+# Shorewall 5.2 -- /usr/share/shorewall/lib.cli
 #
 #     (c) 1999-2018 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -25,7 +25,7 @@
 # loaded after this one and replaces some of the functions declared here.
 #
-SHOREWALL_CAPVERSION=50200
+SHOREWALL_CAPVERSION=50207
 if [ -z "$g_basedir" ]; then
    #
@@ -247,10 +247,39 @@ search_log() # $1 = IP address to search for
 #
 # Show traffic control information
 #
-show_tc1() {
+show_one_classifier() {
    local class
    qt tc -s filter ls root dev $1 && tc -s filter ls root dev $device | grep -v '^$'
    tc filter show dev $1
    tc class show dev $1 | fgrep 'leaf ' | fgrep -v ' hfsc' | sed 's/^.*leaf //;s/ .*//' | while read class; do
 	if [ -n "$class" ]; then
 	    echo
 	    echo Node $class
 	    tc filter show dev $device parent $class
 	fi
    done
    echo
 }
 show_classifier1() {
    local device
    local qdisc
    device=${1%@*}
    qdisc=$(tc qdisc list dev $device)
    if [ -n "$qdisc" ]; then
 	echo Device $device:
 	show_one_classifier $device
    fi
 }
 show_tc1() {
    show_one_tc() {
 	local device
 	local qdisc
 	local ingress
 	device=${1%@*}
 	qdisc=$(tc qdisc list dev $device)
@@ -260,6 +289,7 @@ show_tc1() {
 	    echo
 	    tc -s -d class show dev $device
 	    echo
 	    show_one_classifier $device "$qdisc"
 	fi
    }
@@ -270,7 +300,6 @@ show_tc1() {
 	    show_one_tc ${interface%:}
 	done
    fi
 }
 show_tc() {
@@ -291,28 +320,8 @@ show_tc() {
 #
 show_classifiers() {
    show_one_classifier() {
 	local device
 	device=${1%@*}
 	qdisc=$(tc qdisc list dev $device)
 	if [ -n "$qdisc" ]; then
 	    echo Device $device:
 	    qt tc -s filter ls root dev $device && tc -s filter ls root dev $device | grep -v '^$'
 	    tc filter show dev $device
 	    tc class show dev $device | fgrep 'leaf ' | fgrep -v ' hfsc' | sed 's/^.*leaf //;s/ .*//' | while read class; do
 		if [ -n "$class" ]; then
 		    echo
 		    echo Node $class
 		    tc filter show dev $device parent $class
 		fi
 	    done
 	    echo
 	fi
    }
    ip -o link list | while read inx interface details; do
-	show_one_classifier ${interface%:}
+	show_classifier1 ${interface%:}
    done
 }
@@ -937,11 +946,28 @@ show_events() {
    fi
 }
 sort_actions() {
    local sep #separates sort keys from the action[.std] record
    sep="##"
    awk -v sep="$sep" \
         'BEGIN		  { action = ""; ifrec = ""; nr = 0; };\
 	  /^#/	  	  { next; };\
 	  /^\?(if|IF|If)/ { ifrec = $0; nr = NR; next; };\
 	  /^( |\t|\?)/	  { if ( action != "" ) print action, NR, sep $0; next; };\
 			  { action = $1; };\
 	  nr != 0	  { print action , nr, sep ifrec; nr = 0; };\
 			  { print action , NR, sep $0; }' | sort -k 1,2 | sed "s/^.*${sep}//"
 }
 show_actions() {
-    if [ -f ${g_confdir}/actions ]; then
+    local actions
-	cat ${g_sharedir}/actions.std ${g_confdir}/actions | grep -Ev '^[#?[:space:]]|^$'
+    actions=$(find_file actions)
    if [ -f ${actions} ]; then
 	cat ${actions} ${g_sharedir}/actions.std | sort_actions
    else
-	grep -Ev '^[#?[:space:]]|^$' ${g_sharedir}/actions.std
+        sort_actions < ${g_sharedir}/actions.std
    fi
 }
@@ -1000,6 +1026,8 @@ show_mangle() {
 show_classifiers_command() {
    echo "$g_product $SHOREWALL_VERSION Classifiers at $g_hostname - $(date)"
    echo
    echo "Warning: This command is deprecated in favor of the 'show tc' command"
    echo
    show_classifiers
 }
@@ -1108,10 +1136,6 @@ show_blacklists() {
    show_bl;
 }
 show_actions_sorted() {
    show_actions | sort
 }
 show_macros() {
    for directory in $(split $CONFIG_PATH); do
 	temp=
@@ -1201,11 +1225,17 @@ show_saves_command() {
    echo
    for f in ${VARDIR}/*-iptables; do
-	fn=$(basename $f)
+	case $f in
-	fn=${fn%-iptables}
+	    *\**)
-	mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' )
+	        ;;
-	[ $fn = "$RESTOREFILE" ] && fn="$fn (default)"
+	    *)
-	echo "   $mtime ${fn%-iptables}"
+		fn=$(basename $f)
 		fn=${fn%-iptables}
 		mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' )
 		[ $fn = "$RESTOREFILE" ] && fn="$fn (default)"
 		echo "   $mtime ${fn%-iptables}"
 		;;
 	esac
    done
    echo
@@ -1432,6 +1462,17 @@ show_command() {
 	vardir)
 	    echo $VARDIR;
 	    ;;
        rc)
            shift
 	    [ $# -gt 1 ] && too_many_arguments $2
            if [ -n "$1" -a -d "$1" ]; then
                cat $1/shorewallrc
            elif [ -n "$g_basedir" -a -d "$g_basedir" ]; then
                cat $g_basedir/shorewallrc
            else
                fatal_error "Can not determine the location of the shorewallrc file."
            fi
            ;;
 	policies)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
@@ -1526,7 +1567,7 @@ show_command() {
 			    ;;
 			actions)
 			    [ $# -gt 1 ] && too_many_arguments $2
-			    eval show_actions_sorted $g_pager
+			    eval show_actions $g_pager
 			    return
 			    ;;
 			macro)
@@ -1874,8 +1915,6 @@ do_dump_command() {
    if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
 	show_tc1
 	heading "TC Filters"
 	show_classifiers
 	fi
 }
@@ -2634,6 +2673,7 @@ allow_command() {
 		if [ -n "$g_blacklistipset" ]; then
 		    if qt $IPSET -D $g_blacklistipset $1; then
 			allowed=Yes
 			[ -n "$g_dbllog" ] && mylogger daemon.info "$g_product: $1 Allowed"
 		    fi
 		fi
@@ -2650,6 +2690,7 @@ allow_command() {
 	    *)
 		if [ -n "$g_blacklistipset" ]; then
 		    if qt $IPSET -D $g_blacklistipset $1; then
 			[ -n "$g_dbllog" ] && mylogger daemon.info "$g_product: $1 Allowed"
 			allowed=Yes
 		    fi
 		fi
@@ -2749,7 +2790,7 @@ determine_capabilities() {
 	g_tool=$(mywhich $tool)
 	if [ -z "$g_tool" ]; then
-	    fatal-error "No executable $tool binary can be found on your PATH"
+	    fatal_error "No executable $tool binary can be found on your PATH"
 	fi
    fi
@@ -2846,6 +2887,7 @@ determine_capabilities() {
    NETMAP_TARGET=
    NFLOG_SIZE=
    RESTORE_WAIT_OPTION=
    CONNMARK_ACTION=
    AMANDA_HELPER=
    FTP_HELPER=
@@ -3213,6 +3255,10 @@ determine_capabilities() {
 	    BASIC_FILTER=Yes
 	    $TC filter add basic help 2>&1 | egrep -q match && BASIC_EMATCH=Yes
 	fi
 	if $TC action add connmark help 2>&1 | grep -q ^Usage; then
 	    CONNMARK_ACTION=Yes
 	fi
    fi
    [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
@@ -3356,6 +3402,7 @@ report_capabilities_unsorted() {
    report_capability "NETMAP Target (NETMAP_TARGET)" $NETMAP_TARGET
    report_capability "--nflog-size support (NFLOG_SIZE)" $NFLOG_SIZE
    report_capability "INPUT chain in nat table (NAT_INPUT_CHAIN)" $NAT_INPUT_CHAIN
    report_capability "TC connmark support (CONNMARK_ACTION)" $CONNMARK_ACTION
    echo "   Kernel Version (KERNELVERSION): $KERNELVERSION"
    echo "   Capabilities Version (CAPVERSION): $CAPVERSION"
@@ -3462,6 +3509,7 @@ report_capabilities_unsorted1() {
    report_capability1 NFLOG_SIZE
    report_capability1 RESTORE_WAIT_OPTION
    report_capability1 NAT_INPUT_CHAIN
    report_capability1 CONNMARK_ACTION
    report_capability1 AMANDA_HELPER
    report_capability1 FTP_HELPER
@@ -3557,7 +3605,7 @@ status_command() {
    [ $# -eq 0 ] || missing_argument
-    [ $VERBOSITY -ge 1 ] && echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
+    [ $VERBOSITY -ge 1 ] && echo "${g_product} $SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
    show_status
    [ -n "$interfaces" ] && show_interfaces
    exit $status
@@ -3605,6 +3653,7 @@ reject_command() {
 blacklist_command() {
    local family
    local timeout
    [ $# -gt 0 ] || fatal_error "Missing address"
@@ -3622,10 +3671,17 @@ blacklist_command() {
 	    ;;
    esac
-    if $IPSET -A $g_blacklistipset $@ -exist; then
+    if [ $COMMAND = 'blacklist!' ]; then
 	timeout='timeout 0'
    else
 	echo "$@" | fgrep -q ' timeout ' || timeout="timeout $g_dbltimeout"
    fi
    if $IPSET -A $g_blacklistipset $@ $timeout -exist; then
 	local message
 	progress_message2 "$1 Blacklisted"
 	[ -n "$g_dbllog" ] && mylogger daemon.info "$g_product: $1 Blacklisted"
 	if [ -n "$g_disconnect" ]; then
 	    message="$(conntrack -D -s $1 2>&1)"
@@ -3758,7 +3814,7 @@ ipcalc_command() {
    elif [ $# -eq 3 ]; then
 	address=$2
 	vlsm=$(ip_vlsm $3)
-    elif [ $# -eq 0 ]; then
+    elif [ $# -eq 1 ]; then
 	missing_argument
    else
 	too_many_arguments $4
@@ -3804,7 +3860,7 @@ iprange_command() {
 }
 ipdecimal_command() {
-    if [ $# eq 1 ]; then
+    if [ $# -eq 1 ]; then
 	missing_argument
    else
 	[ $# -eq 2 ] || too_many_arguments $3
@@ -3847,7 +3903,7 @@ noiptrace_command() {
 verify_firewall_script() {
    if [ ! -f $g_firewall ]; then
 	echo "   ERROR: $g_product is not properly installed" >&2
-	if [ -L $g_firewall ]; then
+	if [ -h $g_firewall ]; then
 	    echo "          $g_firewall is a symbolic link to a" >&2
 	    echo "          non-existant file" >&2
 	else
@@ -3880,7 +3936,7 @@ setup_dbl() {
    case $DYNAMIC_BLACKLIST in
 	ipset*,src-dst*)
 	    #
-	    # This utility doesn't need to know about 'src-dst'
+	    # Capture 'src-dst'
 	    #
 	    DYNAMIC_BLACKLIST=$(echo $DYNAMIC_BLACKLIST | sed 's/,src-dst//')
@@ -3888,11 +3944,49 @@ setup_dbl() {
 	    ;;
    esac
    case $DYNAMIC_BLACKLIST in
 	ipset*,log*)
 	    #
 	    # Capture 'log'
 	    #
 	    DYNAMIC_BLACKLIST=$(echo $DYNAMIC_BLACKLIST | sed 's/,log//')
 	    g_dbllog=Yes
 	    ;;
    esac
    case $DYNAMIC_BLACKLIST in
 	ipset*,noupdate*)
 	    #
 	    # This utility doesn't use this option
 	    #
 	    DYNAMIC_BLACKLIST=$(echo $DYNAMIC_BLACKLIST | sed 's/,noupdate//')
 	    ;;
    esac
    case $DYNAMIC_BLACKLIST in
 	ipset*,timeout*)
 	    #
-	    # This utility doesn't need to know about 'timeout=nnn'
+	    # Capture timeout
 	    #
 	    local ifs
 	    local f
 	    ifs=$IFS
 	    IFS=','
 	    for f in $DYNAMIC_BLACKLIST; do
 		case $f in
 		    timeout=*)
 			g_dbltimeout=${f#timeout=}
 			g_dbltimeout=${g_dbltimeout%%:*}
 			break
 			;;
 		esac
 	    done
 	    IFS=$ifs
 	    DYNAMIC_BLACKLIST=$(echo $DYNAMIC_BLACKLIST | sed -r 's/,timeout=[[:digit:]]+//')
 	    ;;
    esac
@@ -3925,9 +4019,15 @@ setup_dbl() {
 # the Standard CLI by loading lib.cli-std
 ################################################################################
 #
-# Set the configuration variables from shorewall[6]-lite.conf.
+# Set the configuration variables from shorewall[6]-lite.conf. This function
 # is replaced by the one in lib.cli-std (Shorewall product) when Shorewall or
 # Shorewall6 is being run.
 #
-get_config() {
+#     $1 = Yes: read the params file
 #     $2 = Yes: check for STARTUP_ENABLED
 #     $3 = Yes: Check for LOGFILE
 #
 lite_get_config() {
    local config
    local lib
@@ -3947,7 +4047,7 @@ get_config() {
    ensure_config_path
-    [ -f $g_firewall.conf ] && . ${VARDIR}/firewall.conf
+    [ -f ${VARDIR}/firewall.conf ] && . ${VARDIR}/firewall.conf
    [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
@@ -4076,7 +4176,7 @@ get_config() {
 	    [ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
-	    g_pager="| $g_pager"
+	    g_pager="2>&1 | $g_pager"
 	fi
    fi
@@ -4089,10 +4189,22 @@ get_config() {
    [ -f $lib ] && . $lib
 }
 #
 # get_config() -- calls the appropriate xxx_get_config()
 #
 get_config() {
    if [ -z "$g_lite" ]; then
 	std_get_config $@
    else
 	lite_get_config $@
    fi
 }
 #
 # Start Command Executor
 #
-start_command() {
+lite_start_command() {
    local finished
    finished=0
@@ -4103,14 +4215,14 @@ start_command() {
 	if [ -x $g_firewall ]; then
 	    if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! $g_firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
-		run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore
+		run_it ${VARDIR}/${RESTOREFILE} restore
 	    else
-		run_it $g_firewall $g_debugging start
+		run_it $g_firewall start
 	    fi
 	    rc=$?
 	else
 	    error_message "$g_firewall is missing or is not executable"
-	    mylogger kern.err "ERROR:$g_product start failed"
+	    mylogger daemon.err "ERROR:$g_product start failed"
 	    rc=6
 	fi
@@ -4179,10 +4291,21 @@ start_command() {
    do_it
 }
 #
 # start_command() -- calls the appropriate xxx_start_command()
 #
 start_command() {
    if [ -z "$g_lite" ]; then
 	std_start_command $@
    else
 	lite_start_command $@
    fi
 }
 #
 # Reload/Restart Command Executor
 #
-restart_command() {
+lite_restart_command() {
    local finished
    finished=0
    local rc
@@ -4239,11 +4362,11 @@ restart_command() {
    [ -n "$g_nolock" ] || mutex_on
    if [ -x $g_firewall ]; then
-	run_it $g_firewall $g_debugging $COMMAND
+	run_it $g_firewall $COMMAND
 	rc=$?
    else
 	error_message "$g_firewall is missing or is not executable"
-	mylogger kern.err "ERROR:$g_product $COMMAND failed"
+	mylogger daemon.err "ERROR:$g_product $COMMAND failed"
 	rc=6
    fi
@@ -4251,9 +4374,20 @@ restart_command() {
    return $rc
 }
 #
 # restart_command() -- calls the appropriate xxx_restart_command()
 #
 restart_command() {
    if [ -z "$g_lite" ]; then
 	std_restart_command $@
    else
 	lite_restart_command $@
    fi
 }
 run_command() {
    if [ -x $g_firewall ] ; then
-	run_it $g_firewall $g_debugging $@
+	run_it $g_firewall $@
    else
 	fatal_error "$g_firewall does not exist or is not executable"
    fi
@@ -4270,14 +4404,20 @@ ecko() {
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
+    echo "Usage: $(basename $0) [ -T ] [ -D ] [ -N ] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
    echo "   -T : Direct the generated script to produce a shell trace to standard error"
    echo "   -D : Debug iptables commands"
    echo "   -N : Don't take the master shorewall lock"
    echo "   -q : Standard Shorewall verbosity control"
    echo "   -v : Standard Shorewall verbosity control"
    echo "   -t : Timestamp all messages"
    echo "where <command> is one of:"
    echo "   add <interface>[:<host-list>] ... <zone>"
    echo "   allow <address> ..."
    echo "   blacklist <address> [ <option> ... ]"
-    ecko "   [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ -i ] [ <directory> ]"
+    ecko "   [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ -i ] [ -D ] [ <directory> ]"
    echo "   clear"
-    ecko "   [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ -i ] [ <directory name> ] [ <path name> ]"
+    ecko "   [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ -i ] [ -D ] [ <directory name> ] [ <path name> ]"
    echo "   close <source> <dest> [ <protocol> [ <port> ] ]" 
    echo "   delete <interface>[:<host-list>] ... <zone>"
    echo "   disable <interface>"
@@ -4300,7 +4440,6 @@ usage() # $1 = exit status
 	echo "   iptrace <ip6tables match expression>"
    fi
    ecko "   load [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
    echo "   logdrop <address> ..."
    echo "   logreject <address> ..."
    echo "   logwatch [<refresh interval>]"
@@ -4318,13 +4457,15 @@ usage() # $1 = exit status
    if [ -n "$g_lite" ]; then
 	echo "   reload [ -n ] [ -p ] [ -f ] [ -C ] [ <directory> ]"
    else
-	echo "   reload [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ -C ] [ <directory> ]"
+	echo "   reload [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ -C ] [ -D ] [ <directory> ]"
    fi
    if [ -z "$g_lite" ]; then
-	echo "   remote-reload [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+	echo "   remote-getrc [ -T ] [ -c ] [ -r <root-name> ] [ [ -D ] <directory> ] [ <system> ]"
-	echo "   remote-restart [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+	echo "   remote-getcaps [ -T ] [ -R ] [ -r <root-name> ] [ [ -D ] <directory> ] [ <system> ]"
-	echo "   remote-start [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
+	echo "   remote-reload [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
 	echo "   remote-restart [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
 	echo "   remote-start [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
    fi
    echo "   reset [ <chain> ... ]"
@@ -4332,7 +4473,7 @@ usage() # $1 = exit status
    if [ -n "$g_lite" ]; then
 	echo "   restart [ -n ] [ -p ] [ -f ] [ -C ] [ <directory> ]"
    else
-	echo "   restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ -C ] [ <directory> ]"
+	echo "   restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ -C ] [ -D ] [ <directory> ]"
    fi
    echo "   restore [ -n ] [ -p ] [ -C ] [ <file name> ]"
@@ -4347,12 +4488,11 @@ usage() # $1 = exit status
    echo "   [ show | list | ls ] arptables"
    echo "   [ show | list | ls ] [ -f ] capabilities"
    echo "   [ show | list | ls ] [ -x ] {bl|blacklists}"
-    echo "   [ show | list | ls ] classifiers"
+    echo "   [ show | list | ls ] {classifiers|filters)"
    echo "   [ show | list | ls ] config"
    echo "   [ show | list | ls ] connections"
    echo "   [ show | list | ls ] event [ <event> ...]"
    echo "   [ show | list | ls ] events"
    echo "   [ show | list | ls ] filters"
    echo "   [ show | list | ls ] ip"
    if [ $g_family -eq 4 ]; then
@@ -4367,6 +4507,7 @@ usage() # $1 = exit status
    echo "   [ show | list | ls ] nfacct"
    echo "   [ show | list | ls ] opens"
    echo "   [ show | list | ls ] policies"
    echo "   [ show | list | ls ] rc"
    echo "   [ show | list | ls ] routing"
    echo "   [ show | list | ls ] saves"
    echo "   [ show | list | ls ] tc [ device ]"
@@ -4395,20 +4536,16 @@ usage() # $1 = exit status
 # here if that lib is loaded below.
 #
 shorewall_cli() {
    g_debugging=
    if [ $# -gt 0 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then
 	g_debugging=$1
 	shift
    fi
    g_nolock=
-
+    #
    # We'll keep this around for a while so we don't break people's started scripts
    #
    if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 	g_nolock=nolock
 	shift
    fi
    g_debugging=
    g_noroutes=
    g_purge=
    g_ipt_options="-nv"
@@ -4435,6 +4572,10 @@ shorewall_cli() {
    g_nopager=
    g_blacklistipset=
    g_disconnect=
    g_havemutex=
    g_trace=
    g_dbltimeout=
    g_dbllog=
    VERBOSE=
    VERBOSITY=1
@@ -4566,6 +4707,17 @@ shorewall_cli() {
 			    finished=1
 			    option=
 			    ;;
 			T*)
 			    g_debugging=trace
 			    option=${option#T}
 			    ;;
 			D*)
 			    g_debugging=debug
 			    option=${option#D}
 			    ;;
 			N*)
 			    g_nolock=nolock
 			    ;;
 			*)
 			    option_error $option
 			    ;;
@@ -4601,7 +4753,7 @@ shorewall_cli() {
 	exit 1
    fi
-    banner="${g_product}-${SHOREWALL_VERSION} Status at $g_hostname -"
+    banner="${g_product} ${SHOREWALL_VERSION} Status at $g_hostname -"
    COMMAND=$1
@@ -4618,7 +4770,7 @@ shorewall_cli() {
 	    get_config
 	    [ -x $g_firewall ] || fatal_error "$g_product has never been started"
 	    [ -n "$g_nolock" ] || mutex_on
-	    run_it $g_firewall $g_debugging $COMMAND
+	    run_it $g_firewall $COMMAND
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
 	reset)
@@ -4627,7 +4779,7 @@ shorewall_cli() {
 	    shift
 	    [ -n "$g_nolock" ] || mutex_on
 	    [ -x $g_firewall ] || fatal_error "$g_product has never been started"
-	    run_it $g_firewall $g_debugging reset $@
+	    run_it $g_firewall reset $@
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
 	reload|restart)
@@ -4640,12 +4792,12 @@ shorewall_cli() {
 	    only_root
 	    get_config Yes
 	    if product_is_started; then
-		run_it $g_firewall $g_debugging $@
+		run_it $g_firewall $@
 	    else
 		fatal_error "$g_product is not running"
 	    fi
 	    ;;
-	blacklist)
+	blacklist|blacklist!)
 	    only_root
 	    get_config Yes
 	    shift
@@ -4691,7 +4843,7 @@ shorewall_cli() {
 	logwatch)
 	    only_root
 	    get_config Yes Yes Yes
-	    banner="${g_product}-$SHOREWALL_VERSION Logwatch at $g_hostname -"
+	    banner="${g_product} $SHOREWALL_VERSION Logwatch at $g_hostname -"
 	    logwatch_command $@
 	    ;;
 	drop)
@@ -4723,7 +4875,7 @@ shorewall_cli() {
 	    ;;
 	allow)
 	    only_root
-	    get_config
+	    get_config Yes
 	    allow_command $@
 	    ;;
 	add)
@@ -4795,7 +4947,7 @@ shorewall_cli() {
 		    # It isn't a function visible to this script -- try
 		    # the compiled firewall
 		    #
-		    run_it $g_firewall $g_debugging call $@
+		    run_it $g_firewall call $@
 		fi
 	    else
 		missing_argument
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.1 -- /usr/share/shorewall/lib.common.
+# Shorewall 5.2 -- /usr/share/shorewall/lib.common
 #
-#     (c) 2010-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2018 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -55,13 +55,13 @@ startup_error() # $* = Error Message
    case $COMMAND in
        start)
-	    mylogger kern.err "ERROR:$g_product start failed:Firewall state not changed"
+	    mylogger daemon.err "ERROR:$g_product start failed:Firewall state not changed"
 	    ;;
 	restart)
-	    mylogger kern.err "ERROR:$g_product restart failed:Firewall state not changed"
+	    mylogger daemon.err "ERROR:$g_product restart failed:Firewall state not changed"
 	    ;;
 	restore)
-	    mylogger kern.err "ERROR:$g_product restore failed:Firewall state not changed"
+	    mylogger daemon.err "ERROR:$g_product restore failed:Firewall state not changed"
 	    ;;
    esac
@@ -92,18 +92,20 @@ startup_error() # $* = Error Message
 #
 run_it() {
    local script
-    local options
+    local options='-'
    export VARDIR
    script=$1
    shift
-    if [ x$1 = xtrace -o x$1 = xdebug ]; then
+
-	options="$1 -"
+    if [ "$g_debugging" = debug ]; then
-	shift;
+	options='-D'
    elif [ "$g_debugging" = trace ]; then
 	options='-T'
    else
-	options='-'
+	options='-';
    fi
    [ -n "$g_noroutes" ]   && options=${options}n
@@ -411,7 +413,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
    done
-    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
+    modules=$(find_file helpers)
    if [ -f $modules -a -n "$moduledirectories" ]; then
 	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
@@ -419,7 +421,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	. $modules
 	if [ $savemoduleinfo = Yes ]; then
 	    [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-	    echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir
+	    echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir
 	    cp -f $modules ${VARDIR}/.modules
 	fi
    elif [ $savemoduleinfo = Yes ]; then
@@ -501,7 +503,7 @@ ip_network() {
 #
 # The following hack is supplied to compensate for the fact that many of
-# the popular light-weight Bourne shell derivatives don't support XOR ("^").
+# the popular light-weight Bourne shell derivatives do not support XOR ("^").
 #
 ip_broadcast() {
    local x
@@ -736,8 +738,8 @@ truncate() # $1 = length
 #
 # Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
+# /sbin/shorewall program while holding mutual exclusion, you should pass -N as
-# the first argument. Example "shorewall nolock refresh"
+# the first argument. Example "shorewall -N refresh"
 #
 # This function uses the lockfile utility from procmail if it exists.
 # Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
@@ -751,36 +753,44 @@ mutex_on()
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    local lockd
    local lockbin
    local openwrt
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-    if [ $MUTEX_TIMEOUT -gt 0 ]; then
+    if [ -z "$g_havemutex" -a $MUTEX_TIMEOUT -gt 0 ]; then
 	lockd=$(dirname $LOCKFILE)
 	[ -d "$lockd" ] || mkdir -p "$lockd"
 	lockbin=$(mywhich lock)
 	[ -n "$lockbin" -a -h "$lockbin" ] && openwrt=Yes
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
+	    if [ -z "$lockpid" ] || [ $lockpid = 0 ]; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} removed"
-	    elif [ $lockpid -eq $$ ]; then
+	    elif [ -z "$openwrt" ]; then
-                return 0
+		if [ $lockpid -eq $$ ]; then
-	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
+                    fatal_error "Mutex_on confusion"
-		rm -f ${lockf}
+		elif ! qt ps --pid ${lockpid}; then
-		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
+		    rm -f ${lockf}
 		    error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 		fi
 	    fi
 	fi
-	if qt mywhich lockfile; then
+	if [ -n "$openwrt" ]; then
-	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
+	    lock ${lockf} || fatal_error "Can't lock ${lockf}"
 	    g_havemutex="lock -u ${lockf}"
 	elif qt mywhich lockfile; then
 	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} || fatal_error "Can't lock ${lockf}"
 	    g_havemutex="rm -f ${lockf}"
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
            lock ${lockf}
            chmod u=r ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
@@ -790,10 +800,15 @@ mutex_on()
 	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
 	        # Create the lockfile
 		echo $$ > ${lockf}
 		g_havemutex="rm -f ${lockf}"
 	    else
 		echo "Giving up on lock file ${lockf}" >&2
 	    fi
 	fi
 	if [ -n "$g_havemutex" ]; then
 	    trap mutex_off EXIT
 	fi
    fi
 }
@@ -802,7 +817,10 @@ mutex_on()
 #
 mutex_off()
 {
-    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
+    if [ -n "$g_havemutex" ]; then
-    rm -f ${LOCKFILE:=${VARDIR}/lock}
+	eval $g_havemutex
 	g_havemutex=
 	trap '' exit
    fi
 }
--- a/Shorewall-core/lib.core
+++ b/Shorewall-core/lib.core
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.1 -- /usr/share/shorewall/lib.core
+# Shorewall 5.2 -- /usr/share/shorewall/lib.core
 #
 #     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -337,8 +337,15 @@ ensure_config_path() {
 	. $F
    fi
-    if [ -n "$g_shorewalldir" ]; then
+    if [ -n "$g_shorewalldir" ] && [ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ];then
-	[ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ] || CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
+	case $CONFIG_PATH in
 	    :*)
 		CONFIG_PATH=${g_shorewalldir}${CONFIG_PATH}
 		;;
 	    *)
 		CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
 		;;
 	esac
    fi
 }
--- a/Shorewall-core/lib.installer
+++ b/Shorewall-core/lib.installer
@@ -1,11 +1,10 @@
 #
-#
+# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
 # Shorewall 5.1 -- /usr/share/shorewall/lib.installer.
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/lib.uninstaller
+++ b/Shorewall-core/lib.uninstaller
@@ -1,11 +1,10 @@
 #
-#
+# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
 # Shorewall 5.1 -- /usr/share/shorewall/lib.installer.
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -61,7 +60,7 @@ mywhich() {
 remove_file() # $1 = file to remove
 {
    if [ -n "$1" ] ; then
-        if [ -f $1 -o -L $1 ] ; then
+        if [ -f $1 -o -h $1 ] ; then
            rm -f $1
            echo "$1 Removed"
        fi
@@ -85,7 +84,7 @@ remove_file_with_wildcard() # $1 = file with wildcard to remove
            if [ -d $f ] ; then
                rm -rf $f
                echo "$f Removed"
-            elif [ -f $f -o -L $f ] ; then
+            elif [ -f $f -o -h $f ] ; then
                rm -f $f
                echo "$f Removed"
            fi
--- a/Shorewall-core/manpages/shorewall.xml
+++ b/Shorewall-core/manpages/shorewall.xml
--- a/Shorewall-core/shorewall
+++ b/Shorewall-core/shorewall
@@ -1,11 +1,11 @@
 #!/bin/sh
 #
-#     Shorewall Packet Filtering Firewall Control Program - V5.1
+#     Shorewall Packet Filtering Firewall Control Program - V5.2
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015-2017
 #         Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at http://www.shorewall.net
+#	Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/shorewallrc.alt
+++ b/Shorewall-core/shorewallrc.alt
@@ -0,0 +1,25 @@
 #
 # ALT/BaseALT/ALTLinux Shorewall 5.2 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=alt
 PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/libexec            #Directory for executable scripts.
 PERLLIBDIR=${SHAREDIR}/perl5            #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                            #Directory where subsystem configurations are installed
 SBINDIR=/sbin                           #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                  #Directory where manpages are installed.
 INITDIR=${CONFDIR}/rc.d/init.d          #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.alt.sh                  #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less             #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.0 rc file
+# Apple OS X Shorewall 5.2 rc file
 #
 BUILD=apple
 HOST=apple
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.0 rc file
+# Arch Linux Shorewall 5.2 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.0 rc file
+# Cygwin Shorewall 5.2 rc file
 #
 BUILD=cygwin
 HOST=cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.0 rc file
+# Debian Shorewall 5.2 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.0 rc file
+# Debian Shorewall 5.2 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.0 rc file
+# Default Shorewall 5.2 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=linux                              #Generic Linux
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -1,5 +1,5 @@
 #
-# OpenWRT Shorewall 5.0 rc file
+# OpenWRT/LEDE Shorewall 5.2 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=openwrt
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.0 rc file
+# RedHat/FedoraShorewall 5.2 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.0 rc file
+# Slackware Shorewall 5.2 rc file
 #
 BUILD=slackware
 HOST=slackware
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.0 rc file
+# SuSE Shorewall 5.2 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -4,7 +4,7 @@
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://www.shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -134,6 +134,7 @@ fi
 remove_directory ${SHAREDIR}/shorewall
 remove_file ~/.shorewallrc
 remove_file ${SBINDIR}/shorewall
 #
 # Report Success
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -1,12 +1,12 @@
 #!/bin/sh
 #
-#     Shorewall interface helper utility - V4.2
+#     Shorewall interface helper utility - V5.2
 #
 #     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
-#	Shorewall documentation is available at http://www.shorewall.net
+#	Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -110,7 +110,7 @@ case $0 in
 	;;
    *)
        #
-        # Debian ifupdown system
+        # Debian ifupdown system - MODE and INTERFACE inherited from the environment
        #
 	INTERFACE="$IFACE"
@@ -127,6 +127,17 @@ esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
 for PRODUCT in $PRODUCTS; do
    if [ -n "$ADDRFAM" -a ${COMMAND} = up ]; then
 	case $PRODUCT in
 	    *6*)
 		[ ${ADDRFAM} = inet6 ] || continue
 		;;
 	    *)
 		[ ${ADDRFAM} = inet ] || continue
 		;;
 	esac
    fi
    setstatedir
    if [ -x $VARLIB/$PRODUCT/firewall ]; then
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -90,7 +90,14 @@ case $0 in
 		COMMAND=down
 		;;
 	    *dispatcher.d*)
-		COMMAND="$2"
+		case "$2" in
 		    up|down)
 			COMMAND="$2"
 			;;
 		    *)
 			exit 0
 			;;
 		esac
 		;;
 	    *)
 		exit 0
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -120,7 +120,14 @@ case $0 in
 	case $0 in
 	    *dispatcher.d*)
 		INTERFACE="$1"
-		COMMAND="$2"
+		case "$2" in
 		    up|down)
 			COMMAND="$2"
 			;;
 		    *)
 			exit 0
 			;;
 		esac
 		;;
 	    *if-up.d*)
 		COMMAND=up
--- a/Shorewall-init/init.alt.sh
+++ b/Shorewall-init/init.alt.sh
@@ -0,0 +1,150 @@
 #!/bin/sh
 #
 # Shorewall init script
 #
 # chkconfig: - 09 91
 # description: Initialize the shorewall firewall at boot time
 #
 ### BEGIN INIT INFO
 # Provides: shorewall-init
 # Required-Start: $local_fs
 # Required-Stop: $local_fs
 # Default-Start: 3 4 5
 # Default-Stop:  0 1 2 6
 # Short-Description: Initialize the shorewall firewall at boot time
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.
 ### END INIT INFO
 # Do not load RH compatibility interface.
 WITHOUT_RC_COMPAT=1
 # Source function library.
 . /etc/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 NAME="Shorewall-init firewall"
 PROG="shorewall-init"
 SHOREWALL="$SBINDIR/$PROG"
 LOGGER="logger -i -t $PROG"
 # Get startup options (override default)
 OPTIONS=
 LOCKFILE=/var/lock/subsys/shorewall-init
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]; then
 	. /etc/sysconfig/shorewall-init
 	if [ -z "$PRODUCTS" ]; then
 		echo "No PRODUCTS configured"
 		exit 6
 	fi
 else
 	echo "/etc/sysconfig/shorewall-init not found"
 	exit 6
 fi
 RETVAL=0
 # set the STATEDIR variable
 setstatedir() {
 	local statedir
 	if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 		statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
 	fi
 	[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
 	if [ -x ${STATEDIR}/firewall ]; then
 		return 0
 	elif [ $PRODUCT = shorewall ]; then
 		${SBINDIR}/shorewall compile
 	elif [ $PRODUCT = shorewall6 ]; then
 		${SBINDIR}/shorewall -6 compile
 	else
 		return 1
 	fi
 }
 start() {
 	local PRODUCT
 	local STATEDIR
 	printf "Initializing \"Shorewall-based firewalls\": "
 	for PRODUCT in $PRODUCTS; do
 		if setstatedir; then
 			$STATEDIR/$PRODUCT/firewall ${OPTIONS} stop 2>&1 | "$LOGGER"
 			RETVAL=$?
 		else
 			RETVAL=6
 			break
 		fi
 	done
 	if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 		ipset -R < "$SAVE_IPSETS"
 	fi
 	[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
 	return $RETVAL
 }
 stop() {
 	local PRODUCT
 	local STATEDIR
 	printf "Clearing \"Shorewall-based firewalls\": "
 	for PRODUCT in $PRODUCTS; do
 		if setstatedir; then
 			${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | "$LOGGER"
 			RETVAL=$?
 		else
 			RETVAL=6
 			break
 		fi
 	done
 	if [ -n "$SAVE_IPSETS" ]; then
 		mkdir -p $(dirname "$SAVE_IPSETS")
 		if ipset -S > "${SAVE_IPSETS}.tmp"; then
 			grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 		else
 			rm -f "${SAVE_IPSETS}.tmp"
 		fi
 	fi
 	[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
 	start)
 	    start
 	    ;;
 	stop)
 	    stop
 	    ;;
 	restart|reload|condrestart|condreload)
 	    # "Not implemented"
 	    ;;
 	condstop)
 	    if [ -e "$LOCKFILE" ]; then
 		stop
 	    fi
 	    ;;
 	status)
 	    status "$PROG"
 	     RETVAL=$?
 	    ;;
 	*)
 	    echo $"Usage: ${0##*/}  {start|stop|restart|reload|condrestart|condstop|status}"
 	    RETVAL=1
 esac
 exit $RETVAL
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -8,7 +8,7 @@
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       Complete documentation is available at http://shorewall.net
+#       Complete documentation is available at https://shorewall.org
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall-init/init.openwrt.sh
+++ b/Shorewall-init/init.openwrt.sh
@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -7,7 +7,7 @@
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       Complete documentation is available at http://shorewall.net
+#       Complete documentation is available at https://shorewall.org
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -5,7 +5,7 @@
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -169,7 +169,7 @@ if [ -z "$BUILD" ]; then
 	    ;;
 	*)
 	    if [ -f /etc/os-release ]; then
-		eval $(cat /etc/os-release | grep ^ID=)
+		ID=$(grep '^ID=' /etc/os-release | sed 's/ID=//; s/"//g;')
 		case $ID in
 		    fedora|rhel|centos|foobar)
@@ -181,6 +181,9 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -191,6 +194,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -253,6 +258,9 @@ case "$HOST" in
    openwrt)
 	echo "Installing Openwrt-specific configuration..."
 	;;
    alt)
 	echo "Installing ALT-specific configuration...";
 	;;
    linux)
 	fatal_error "Shorewall-init is not supported on this system"
 	;;
@@ -349,12 +357,11 @@ fi
 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
 	make_parent_directory ${DESTDIR}${ETC}/network/if-up.d 0755
 	make_parent_directory ${DESTDIR}${ETC}/network/if-down.d 0755
 	make_parent_directory ${DESTDIR}${ETC}/network/if-post-down.d 0755
    elif [ $configure -eq 0 ]; then
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-up.d 0755
+	make_parent_directory ${CONFDIR}/network/if-up.d 0755
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-down.d 0755
+	make_parent_directory ${CONFDIR}/network/if-post-down.d 0755
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-post-down.d 0755
+	rm -f ${CONFDIR}/network/if-down.d/shorewall
    fi
    if [ ! -f ${DESTDIR}${CONFDIR}/default/$PRODUCT ]; then
@@ -380,7 +387,7 @@ else
 	    elif [ $HOST = openwrt ]; then
 		# Not implemented on OpenWRT
 		/bin/true
-	    else
+	    elif [ "$HOST" != debian ]; then
 		make_parent_directory ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d 0755
 	    fi
 	fi
@@ -409,19 +416,22 @@ if [ $HOST != openwrt ]; then
 fi
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d 0755
+    if [ "$HOST" = debian ]; then
-    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
+	rm -f ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall
    else
 	[ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d 0755
 	install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
    fi
 fi
 case $HOST in
    debian)
 	if [ $configure -eq 1 ]; then
 	    install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
 	    rm -f ${DESTDIR}/etc/network/if-down.d/shorewall
 	else
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-down.d/shorewall 0544
 	    install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
 	fi
 	;;
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,12 +1,12 @@
 #!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called
 #	/etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #	This program is part of Shorewall.
 #
@@ -25,6 +25,7 @@
 #
 ###############################################################################
 # set the STATEDIR variable
 setstatedir() {
    local statedir
    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
@@ -42,6 +43,67 @@ setstatedir() {
    fi
 }
 # Initialize the firewalls
 shorewall_init_start () {
    local PRODUCT
    local STATEDIR
    printf "Initializing \"Shorewall-based firewalls\": "
    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 	ipset -R < "$SAVE_IPSETS"
    fi
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    #
 	    # Run in a sub-shell to avoid name collisions
 	    #
 	    (
 		if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 		    ${STATEDIR}/firewall ${OPTIONS} stop
 		fi
 	    )
 	fi
    done
    return 0
 }
 # Clear the firewalls
 shorewall_init_stop () {
    local PRODUCT
    local STATEDIR
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    #
 	    # Run in sub-shell to avoid name collisions
 	    #
 	    (
 		if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 		    ${STATEDIR}/firewall ${OPTIONS} clear
 		fi
 	    )
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
    return 0
 }
 #
 # This is modified by the installer when ${SHAREDIR} <> /usr/share
 #
@@ -59,62 +121,12 @@ else
    exit 1
 fi
 # Initialize the firewall
 shorewall_start () {
    local PRODUCT
    local STATEDIR
    printf "Initializing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    #
 	    # Run in a sub-shell to avoid name collisions
 	    #
 	    (
 		if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 		    ${STATEDIR}/firewall ${OPTIONS} stop
 		fi
 	    )
 	fi
    done
    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 	ipset -R < "$SAVE_IPSETS"
    fi
    return 0
 }
 # Clear the firewall
 shorewall_stop () {
    local PRODUCT
    local STATEDIR
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    ${STATEDIR}/firewall ${OPTIONS} clear
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
 	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
    return 0
 }
 case "$1" in
    start)
-	shorewall_start
+	shorewall_init_start
 	;;
    stop)
-	shorewall_stop
+	shorewall_init_stop
 	;;
    *)
 	echo "Usage: $0 {start|stop}"
--- a/Shorewall-lite/Shorewall-lite-targetname
+++ b/Shorewall-lite/Shorewall-lite-targetname
@@ -0,0 +1 @@
 5.2.4.1
--- a/Shorewall-lite/init.alt.sh
+++ b/Shorewall-lite/init.alt.sh
@@ -0,0 +1,117 @@
 #!/bin/sh
 #
 # Shorewall-Lite init script
 #
 # chkconfig: - 28 90
 # description: Packet filtering firewall
 #
 ### BEGIN INIT INFO
 # Provides: shorewall-lite
 # Required-Start: $local_fs $remote_fs $syslog $network
 # Should-Start: $time $named
 # Required-Stop:
 # Default-Start: 3 4 5
 # Default-Stop:  0 1 2 6
 # Short-Description: Packet filtering firewall
 # Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
 #              Netfilter (iptables) based firewall
 ### END INIT INFO
 # Do not load RH compatibility interface.
 WITHOUT_RC_COMPAT=1
 # Source function library.
 . /etc/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 NAME="Shorewall-Lite firewall"
 PROG="shorewall"
 SHOREWALL="$SBINDIR/$PROG -l"
 LOGGER="logger -i -t $PROG"
 # Get startup options (override default)
 OPTIONS=
 SourceIfNotEmpty $SYSCONFDIR/${PROG}-lite
 LOCKFILE="/var/lock/subsys/${PROG}-lite"
 RETVAL=0
 start() {
 	action $"Applying $NAME rules:" "$SHOREWALL" "$OPTIONS" start "$STARTOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
 	return $RETVAL
 }
 stop() {
 	action $"Stoping $NAME :" "$SHOREWALL" "$OPTIONS" stop "$STOPOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
 	return $RETVAL
 }
 restart() {
 	action $"Restarting $NAME rules: " "$SHOREWALL" "$OPTIONS" restart "$RESTARTOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 reload() {
 	action $"Reloadinging $NAME rules: " "$SHOREWALL" "$OPTIONS" reload "$RELOADOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 clear() {
 	action $"Clearing $NAME rules: " "$SHOREWALL" "$OPTIONS" clear 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
 	start)
 	    start
 	    ;;
 	stop)
 	    stop
 	    ;;
 	restart)
 	    restart
 	    ;;
 	reload)
 	    reload
 	    ;;
 	clear)
 	    clear
 	    ;;
 	condrestart)
 	    if [ -e "$LOCKFILE" ]; then
 		restart
 	    fi
 	    ;;
 	condreload)
 	    if [ -e "$LOCKFILE" ]; then
 		restart
 	    fi
 	    ;;
 	condstop)
 	    if [ -e "$LOCKFILE" ]; then
 		stop
 	    fi
 	    ;;
 	status)
 	    "$SHOREWALL" status
 	     RETVAL=$?
 	    ;;
 	*)
 	    echo $"Usage: ${0##*/}  {start|stop|restart|reload|clear|condrestart|condstop|status}"
 	    RETVAL=1
 esac
 exit $RETVAL
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -1,13 +1,13 @@
 #!/bin/sh /etc/rc.common
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -1,13 +1,13 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -8,7 +8,7 @@
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -4,7 +4,7 @@
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at http://shorewall.net
+#       Shorewall documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
@@ -190,6 +190,9 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -198,6 +201,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -266,6 +271,9 @@ case "$HOST" in
    openwrt)
 	echo "Installing OpenWRT-specific configuration..."
 	;;
    alt)
 	echo "Installing ALT-specific configuration...";
 	;;
    linux)
 	;;
    *)
@@ -418,6 +426,11 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 if [ -f modules ]; then
    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
    for f in modules.*; do
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
 	echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
    done
 fi
 if [ -f helpers ]; then
@@ -425,11 +438,6 @@ if [ -f helpers ]; then
    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 #
 # Install the Man Pages
 #
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,9 +1,9 @@
 #
-# Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
+# Shorewall 5.2 -- /usr/share/shorewall-lite/lib.base
 #
 #     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -183,7 +183,7 @@
    <title>See ALSO</title>
    <para><ulink
-    url="http://www.shorewall.net/Documentation_Index.html">http://www.shorewall.net/Documentation_Index.html</ulink></para>
+    url="https://shorewall.org/Documentation_Index.html">https://shorewall.org/Documentation_Index.html</ulink></para>
    <para>shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -8,7 +8,7 @@
 #  "man shorewall-lite.conf"
 #
 #  Manpage also online at
-#  http://www.shorewall.net/manpages/shorewall-lite.conf.html
+#  https://shorewall.org/manpages/shorewall-lite.conf.html
 ###############################################################################
 #                                   N 0 T E
 ###############################################################################
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -151,7 +151,7 @@ fi
 remove_file ${SBINDIR}/$PRODUCT
-if [ -L ${SHAREDIR}/$PRODUCT/init ]; then
+if [ -h ${SHAREDIR}/$PRODUCT/init ]; then
    if [ $HOST = openwrt ]; then
 	if [ $configure -eq 1 ] && /etc/init.d/$PRODUCT enabled; then
 	    /etc/init.d/$PRODUCT disable
--- a/Shorewall/Actions/action.A_REJECT
+++ b/Shorewall/Actions/action.A_REJECT
@@ -7,7 +7,7 @@
 #
 # (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.A_REJECT!
+++ b/Shorewall/Actions/action.A_REJECT!
@@ -7,7 +7,7 @@
 #
 # (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Broadcast
+++ b/Shorewall/Actions/action.Broadcast
@@ -5,7 +5,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.DNSAmp
+++ b/Shorewall/Actions/action.DNSAmp
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Established
+++ b/Shorewall/Actions/action.Established
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.FIN
+++ b/Shorewall/Actions/action.FIN
@@ -7,7 +7,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.IfEvent
+++ b/Shorewall/Actions/action.IfEvent
@@ -27,7 +27,7 @@
 #                the IP address that are older than <duration> seconds.
 # Disposition  - Disposition for any event generated.
 #
-# For additional information, see http://www.shorewall.net/Events.html
+# For additional information, see https://shorewall.org/Events.html
 #
 ###############################################################################
 #                                         DO NOT REMOVE THE FOLLOWING LINE
@@ -114,8 +114,6 @@ if ( ( $targets{$action} || 0 ) & NATRULE ) {
 if ( $command & $RESET_CMD ) {
    require_capability 'MARK_ANYWHERE', '"reset"', 's';
    print "Resetting....\n";
    my $mark = $globals{EVENT_MARK};
    #
@@ -135,7 +133,7 @@ if ( $command & $RESET_CMD ) {
    #
    # if the event is armed, remove it and perform the action
    #
-    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event" );
+    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event $srcdst" );
 } elsif ( $command & $UPDATE_CMD ) {
    perl_action_helper( $action, "-m recent --update ${duration}--hitcount $hitcount --name $event $srcdst" );
 } else {
--- a/Shorewall/Actions/action.Invalid
+++ b/Shorewall/Actions/action.Invalid
@@ -6,7 +6,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Limit
+++ b/Shorewall/Actions/action.Limit
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Multicast
+++ b/Shorewall/Actions/action.Multicast
@@ -5,7 +5,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.New
+++ b/Shorewall/Actions/action.New
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.NotSyn
+++ b/Shorewall/Actions/action.NotSyn
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.RST
+++ b/Shorewall/Actions/action.RST
@@ -7,7 +7,7 @@
 #
 # (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Related
+++ b/Shorewall/Actions/action.Related
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.ResetEvent
+++ b/Shorewall/Actions/action.ResetEvent
@@ -13,7 +13,7 @@
 #               address (dst)
 # Disposition - Disposition for any rule generated.
 #
-# For additional information, see http://www.shorewall.net/Events.html
+# For additional information, see https://shorewall.org/Events.html
 #
 ###############################################################################
 #                        DO NOT REMOVE THE FOLLOWING LINE
--- a/Shorewall/Actions/action.SetEvent
+++ b/Shorewall/Actions/action.SetEvent
@@ -13,7 +13,7 @@
 #               address (dst)
 # Disposition - Disposition for any event generated.
 #
-# For additional information, see http://www.shorewall.net/Events.html
+# For additional information, see https://shorewall.org/Events.html
 #
 DEFAULTS -,ACCEPT,src
--- a/Shorewall/Actions/action.Untracked
+++ b/Shorewall/Actions/action.Untracked
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowBcast
+++ b/Shorewall/Actions/action.allowBcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowInvalid
+++ b/Shorewall/Actions/action.allowInvalid
@@ -5,7 +5,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowMcast
+++ b/Shorewall/Actions/action.allowMcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowinUPnP
+++ b/Shorewall/Actions/action.allowinUPnP
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropBcast
+++ b/Shorewall/Actions/action.dropBcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropBcasts
+++ b/Shorewall/Actions/action.dropBcasts
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropInvalid
+++ b/Shorewall/Actions/action.dropInvalid
@@ -7,7 +7,7 @@
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropMcast
+++ b/Shorewall/Actions/action.dropMcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropNotSyn
+++ b/Shorewall/Actions/action.dropNotSyn
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.forwardUPnP
+++ b/Shorewall/Actions/action.forwardUPnP
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.mangletemplate
+++ b/Shorewall/Actions/action.mangletemplate
@@ -13,7 +13,7 @@
 # 2. Copy this file to /etc/shorewall/action.<action name>
 # 3. Add the desired rules to that file.
 #
-# Please see http://shorewall.net/Actions.html for additional
+# Please see https://shorewall.org/Actions.html for additional
 # information.
 #
 # Columns are the same as in /etc/shorewall/mangle.
--- a/Shorewall/Actions/action.rejNotSyn
+++ b/Shorewall/Actions/action.rejNotSyn
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at http://shorewall.net
+# Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.template
+++ b/Shorewall/Actions/action.template
@@ -13,7 +13,7 @@
 # 2. Copy this file to /etc/shorewall/action.<action name>
 # 3. Add the desired rules to that file.
 #
-# Please see http://shorewall.net/Actions.html for additional
+# Please see https://shorewall.org/Actions.html for additional
 # information.
 #
 # Columns are the same as in /etc/shorewall/rules.
--- a/Shorewall/Contrib/swping
+++ b/Shorewall/Contrib/swping
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     Shorewall WAN Interface monitor - V4.4
+#     Shorewall WAN Interface monitor - V5.2
 #
 #     Inspired by Angsuman Chakraborty's gwping script.
 #
@@ -21,7 +21,7 @@
 #	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#  For information about this script, see  http://www.shorewall.net/MultiISP.html#swping.
+#  For information about this script, see  https://shorewall.org/MultiISP.html#swping.
 #
 ###########################################################################################
 #
--- a/Shorewall/Contrib/swping.init
+++ b/Shorewall/Contrib/swping.init
@@ -1,5 +1,5 @@
 #!/bin/sh
-#     Shorewall WAN Interface monitor - V4.4
+#     Shorewall WAN Interface monitor - V5.2
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -7,7 +7,7 @@
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at http://shorewall.net
+#	Complete documentation is available at https://shorewall.org
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -18,7 +18,7 @@ Shoreline Firewall (Shorewall) Version 5
 ---------------------------------------------------------------------------
-Please see http://www.shorewall.net/Install.htm for installation
+Please see https://shorewall.org/Install.htm for installation
 instructions.
--- a/Shorewall/Macros/IPFS-swarm
+++ b/Shorewall/Macros/IPFS-swarm
@@ -0,0 +1,9 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-swarm
 #
 # This macro handles IPFS data traffic (the connection to IPFS swarm).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     4001
--- a/Shorewall/Macros/macro.Bitcoin
+++ b/Shorewall/Macros/macro.Bitcoin
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.Bitcoin
 #
 # Macro for handling Bitcoin P2P traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	8333
--- a/Shorewall/Macros/macro.BitcoinRPC
+++ b/Shorewall/Macros/macro.BitcoinRPC
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinRPC
 #
 # Macro for handling Bitcoin RPC traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	8332
--- a/Shorewall/Macros/macro.BitcoinRegtest
+++ b/Shorewall/Macros/macro.BitcoinRegtest
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinRegtest
 #
 # Macro for handling Bitcoin P2P traffic (Regtest mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18444
--- a/Shorewall/Macros/macro.BitcoinTestnet
+++ b/Shorewall/Macros/macro.BitcoinTestnet
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinTestnet
 #
 # Macro for handling Bitcoin P2P traffic (Testnet mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18333
--- a/Shorewall/Macros/macro.BitcoinTestnetRPC
+++ b/Shorewall/Macros/macro.BitcoinTestnetRPC
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinTestnetRPC
 #
 # Macro for handling Bitcoin RPC traffic (Testnet and Regtest mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18332
--- a/Shorewall/Macros/macro.BitcoinZMQ
+++ b/Shorewall/Macros/macro.BitcoinZMQ
@@ -0,0 +1,9 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinZMQ
 #
 # Macro for handling Bitcoin ZMQ traffic
 # See https://github.com/bitcoin/bitcoin/blob/master/doc/zmq.md
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	28332
--- a/Shorewall/Macros/macro.Cockpit
+++ b/Shorewall/Macros/macro.Cockpit
@@ -0,0 +1,12 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Cockpit
 #
 # This macro handles Time protocol (RFC868).
 # Unless you are supporting extremely old hardware or software,
 # you shouldn't be using this.  NTP is a superior alternative.
 #
 #		By Eric Teeter
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	9090
--- a/Shorewall/Macros/macro.IPFS-API
+++ b/Shorewall/Macros/macro.IPFS-API
@@ -0,0 +1,9 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-API
 #
 # This macro handles IPFS API port (commands for the IPFS daemon).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     5001
--- a/Shorewall/Macros/macro.IPFS-gateway
+++ b/Shorewall/Macros/macro.IPFS-gateway
@@ -0,0 +1,9 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-gateway
 #
 # This macro handles the IPFS gateway to HTTP.
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     8080
--- a/Shorewall/Macros/macro.IPFS-swarm
+++ b/Shorewall/Macros/macro.IPFS-swarm
@@ -0,0 +1,9 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-swarm
 #
 # This macro handles IPFS data traffic (the connection to IPFS swarm).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     4001
--- a/Shorewall/Macros/macro.NFS
+++ b/Shorewall/Macros/macro.NFS
@@ -0,0 +1,12 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.NFS
 #
 # This macro handles NFS v4.1+ traffic with default ports.
 # You should only allow NFS traffic between hosts you fully trust.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	111		# portmapper, rpcbind
 PARAM	-	-	tcp	2049		# nfs
 PARAM	-	-	tcp	20048		# mountd
--- a/Shorewall/Macros/macro.ONCRPC
+++ b/Shorewall/Macros/macro.ONCRPC
@@ -0,0 +1,8 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.ONCRPC
 #
 # This macro handles ONC RCP traffic (for rpcbind on Linux, etc).
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp,udp	111
--- a/Shorewall/Macros/macro.Tor
+++ b/Shorewall/Macros/macro.Tor
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.Tor
 #
 # Macro for handling Tor Onion Network traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	9001	
--- a/Shorewall/Macros/macro.TorBrowserBundle
+++ b/Shorewall/Macros/macro.TorBrowserBundle
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.TorBrowserBundle
 #
 # Macro for handling Tor Onion Network traffic provided by Tor Browser Bundle
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	9150
--- a/Shorewall/Macros/macro.TorControl
+++ b/Shorewall/Macros/macro.TorControl
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.TorControl
 #
 # Macro for handling Tor Controller Applications traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	9051	
--- a/Shorewall/Macros/macro.TorDirectory
+++ b/Shorewall/Macros/macro.TorDirectory
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.TorDirectory
 #
 # Macro for handling Tor Directory traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	9030
--- a/Shorewall/Macros/macro.TorSocks
+++ b/Shorewall/Macros/macro.TorSocks
@@ -0,0 +1,8 @@
 #
 # Shorewall --/usr/share/shorewall/macro.TorSocks
 #
 # Macro for handling Tor Socks Proxy traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	9050	
--- a/Shorewall/Macros/macro.WUDO
+++ b/Shorewall/Macros/macro.WUDO
@@ -0,0 +1,9 @@
 # Shorewall -- /usr/share/shorewall/macro.WUDO
 #
 # This macro handles WUDO (Windows Update Delivery Optimization)
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	7680
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -1,11 +1,11 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/Shorewall/ARP.pm
+# Shorewall 5.2 -- /usr/share/shorewall/Shorewall/ARP.pm
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+#       Complete documentation is available at https://shorewall.org
 #
 #       This program is part of Shorewall.
 #
--- a/Show More
+++ b/Show More