Correct 'show macros'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-12 08:39:11 -08:00
299 changed files with 23729 additions and 10165 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -2,7 +2,7 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
 #
-#     (c) 2012,2014,2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
@@ -190,7 +190,7 @@ for p in ${!params[@]}; do
 done
 echo '#'                                                                 > shorewallrc
-echo "# Created by Shorewall Core version $VERSION configure - " `date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}"` >> shorewallrc
+echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
 echo "# rc file: $rcfile"                                               >> shorewallrc
 echo '#'                                                                >> shorewallrc
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -173,12 +173,7 @@ my $outfile;
 open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
-if ( $ENV{SOURCE_DATE_EPOCH} ) {
+printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
    printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s\n", VERSION, `date  --utc --date=\"\@$ENV{SOURCE_DATE_EPOCH}\"`;
 } else {
    printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
 }
 print $outfile "# rc file: $rcfilename\n#\n";
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2018 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -22,20 +22,64 @@
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx #The Build script inserts the actual version
 PRODUCT=shorewall-core
 Product="Shorewall Core"
-
+ 
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <configuration-file> ] "
-    echo "where <option> is one of"
+    echo "       $ME -v"
-    echo "  -h"
+    echo "       $ME -h"
    echo "  -v"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    echo $dir/$1
 	    return 0
 	fi
    done
    return 2
 }
 cant_autostart()
 {
    echo
    echo  "WARNING: Unable to configure shorewall to start automatically at boot" >&2
 }
 delete_file() # $1 = file to delete
 {
    rm -f $1
 }
 install_file() # $1 = source $2 = target $3 = mode
 {
    if cp -f $1 $2; then
@@ -54,16 +98,16 @@ install_file() # $1 = source $2 = target $3 = mode
    exit 1
 }
 require()
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 #
 # Source common functions
 #
 . ./lib.installer || { echo "ERROR: Can not load common functions." >&2; exit 1; }
 #
 # Parse the run line
 #
@@ -82,7 +126,7 @@ while [ $finished -eq 0 ]; do
 			usage 0
 			;;
 		    v)
-			echo "$Product Firewall Installer Version $VERSION"
+			echo "Shorewall Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    *)
@@ -104,14 +148,14 @@ done
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc
 	file=./shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
 	. /usr/share/shorewall/shorewallrc
 	file=/usr/share/shorewall/shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
@@ -125,7 +169,7 @@ elif [ $# -eq 1 ]; then
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file
 else
    usage 1
 fi
@@ -241,12 +285,13 @@ case "$HOST" in
    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
 	;;
    *)
-	fatal_error "Unknown HOST \"$HOST\""
+	echo "ERROR: Unknown HOST \"$HOST\"" >&2
 	exit 1;
 	;;
 esac
 if [ -z "$file" ]; then
-    if [ $HOST = linux ]; then
+    if $HOST = linux; then
 	file=shorewallrc.default
    else
 	file=shorewallrc.${HOST}
@@ -259,8 +304,7 @@ if [ -z "$file" ]; then
    echo "" >&2
    echo "Example:" >&2
    echo "" >&2
-    echo "   ./install.sh $file" >&2
+    echo "   ./install.sh $file" &>2
    exit 1
 fi
 if [ -n "$DESTDIR" ]; then
@@ -271,31 +315,45 @@ if [ -n "$DESTDIR" ]; then
    fi
 fi
-echo "Installing $Product Version $VERSION"
+echo "Installing Shorewall Core Version $VERSION"
 #
 # Create directories
 #
-make_parent_directory ${DESTDIR}${LIBEXECDIR}/shorewall 0755
+mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
 chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
-make_parent_directory ${DESTDIR}${SHAREDIR}/shorewall 0755
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
 chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
-make_parent_directory ${DESTDIR}${CONFDIR} 0755
+mkdir -p ${DESTDIR}${CONFDIR}
 chmod 755 ${DESTDIR}${CONFDIR}
-[ -n "${SYSCONFDIR}" ] && make_parent_directory ${DESTDIR}${SYSCONFDIR} 0755
+if [ -n "${SYSCONFDIR}" ]; then
    mkdir -p ${DESTDIR}${SYSCONFDIR}
    chmod 755 ${DESTDIR}${SYSCONFDIR}
 fi
 if [ -z "${SERVICEDIR}" ]; then
    SERVICEDIR="$SYSTEMD"
 fi
-[ -n "${SERVICEDIR}" ] && make_parent_directory ${DESTDIR}${SERVICEDIR} 0755
+if [ -n "${SERVICEDIR}" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    chmod 755 ${DESTDIR}${SERVICEDIR}
 fi
-make_parent_directory ${DESTDIR}${SBINDIR} 0755
+mkdir -p ${DESTDIR}${SBINDIR}
 chmod 755 ${DESTDIR}${SBINDIR}
-[ -n "${MANDIR}" ] && make_parent_directory ${DESTDIR}${MANDIR} 0755
+if [ -n "${MANDIR}" ]; then
    mkdir -p ${DESTDIR}${MANDIR}
    chmod 755 ${DESTDIR}${MANDIR}
 fi
 if [ -n "${INITFILE}" ]; then
-    make_parent_directory ${DESTDIR}${INITDIR} 0755
+    mkdir -p ${DESTDIR}${INITDIR}
    chmod 755 ${DESTDIR}${INITDIR}
    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
 	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
@@ -311,7 +369,7 @@ fi
 #
 install_file shorewall ${DESTDIR}${SBINDIR}/shorewall 0755
 [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall
-echo "Shorewall CLI program installed in ${DESTDIR}${SBINDIR}/shorewall"
+echo "Shorewall CLI program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 #
 # Install wait4ifup
 #
@@ -324,19 +382,14 @@ echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
 # Install the libraries
 #
 for f in lib.* ; do
-    case $f in
+    install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
-        *installer)
+    echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
            ;;
        *)
            install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
            echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
            ;;
    esac
 done
 if [ $SHAREDIR != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.cli
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.core
    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.cli
 fi
 #
@@ -345,11 +398,11 @@ fi
 if [ -n "$MANDIR" ]; then
    cd manpages
-    [ -n "$INSTALLD" ] || make_parent_directory ${DESTDIR}${MANDIR}/man8 0755
+    [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man8/
    for f in *.8; do
 	gzip -9c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 0644
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
    done
@@ -366,7 +419,7 @@ ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
 # Create the version file
 #
 echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
-chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
+chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
 if [ -z "${DESTDIR}" ]; then
    if [ $update -ne 0 ]; then
@@ -391,20 +444,14 @@ fi
 if [ ${SHAREDIR} != /usr/share ]; then
    for f in lib.*; do
-        case $f in
+	if [ $BUILD != apple ]; then
-            *installer)
+	    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-                ;;
+	else
-            *)
+	    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
-                if [ $BUILD != apple ]; then
+	fi
                    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
                else
                    eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
                fi
                ;;
        esac
    done
 fi
 #
-# Report Success
+#  Report Success
 #
-echo "$Product Version $VERSION Installed"
+echo "Shorewall Core Version $VERSION Installed"
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.base
+# Shorewall 5.0 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.common
+# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -269,48 +269,53 @@ loadmodule() # $1 = module name, $2 - * arguments
 {
    local modulename
    modulename=$1
    shift
    local moduleoptions
    moduleoptions=$*
    local modulefile
    local suffix
    if [ -d /sys/module/ ]; then
 	if ! list_search $modulename $DONT_LOAD; then
 	    if [ ! -d /sys/module/$modulename ]; then
-		case $moduleloader in
+		shift
-		    insmod)
+
-			for directory in $moduledirectories; do
+		for suffix in $MODULE_SUFFIX ; do
-			    for modulefile in $directory/${modulename}.*; do
+		    for directory in $moduledirectories; do
-				if [ -f $modulefile ]; then
+			modulefile=$directory/${modulename}.${suffix}
-				    insmod $modulefile $moduleoptions
+
 				    return
 				fi
 			    done
 			done
 			;;
 		    *)
 			modprobe -q $modulename $moduleoptions
 			;;
 		esac
 	    fi
 	fi
    elif ! list_search $modulename $DONT_LOAD $MODULES; then
 	case $moduleloader in
 	    insmod)
 		for directory in $moduledirectories; do
 		    for modulefile in $directory/${modulename}.*; do
 			if [ -f $modulefile ]; then
-			    insmod $modulefile $moduleoptions
+			    case $moduleloader in
-			    return
+				insmod)
 				    insmod $modulefile $*
 				    ;;
 				*)
 				    modprobe $modulename $*
 				    ;;
 			    esac
 			    break 2
 			fi
 		    done
 		done
-		;;
+	    fi
-	    *)
+	fi
-		modprobe -q $modulename $moduleoptions
+    elif ! list_search $modulename $DONT_LOAD $MODULES; then
-		;;
+	shift
-	esac
+
 	for suffix in $MODULE_SUFFIX ; do
 	    for directory in $moduledirectories; do
 		modulefile=$directory/${modulename}.${suffix}
 		if [ -f $modulefile ]; then
 		    case $moduleloader in
 			insmod)
 			    insmod $modulefile $*
 			    ;;
 			*)
 			    modprobe $modulename $*
 			    ;;
 		    esac
 		    break 2
 		fi
 	    done
 	done
    fi
 }
@@ -333,6 +338,8 @@ reload_kernel_modules() {
 	moduleloader=insmod
    fi
    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
    if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)
@@ -387,6 +394,8 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	moduleloader=insmod
    fi
    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
    if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)
@@ -754,7 +763,7 @@ mutex_on()
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-    if [ -z "$g_havemutex" -a $MUTEX_TIMEOUT -gt 0 ]; then
+    if [ $MUTEX_TIMEOUT -gt 0 ]; then
 	lockd=$(dirname $LOCKFILE)
@@ -762,7 +771,7 @@ mutex_on()
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" ] || [ $lockpid = 0 ]; then
+	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} removed"
 	    elif [ $lockpid -eq $$ ]; then
@@ -775,14 +784,12 @@ mutex_on()
 	if qt mywhich lockfile; then
 	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
 	    g_havemutex="rm -f ${lockf}"
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
-	    lock ${lockf}
+            lock ${lockf}
-	    g_havemutex="lock -u ${lockf} && rm -f ${lockf}"
+            chmod u=r ${lockf}
 	    chmod u=r ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
@@ -792,15 +799,10 @@ mutex_on()
 	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
 	        # Create the lockfile
 		echo $$ > ${lockf}
 		g_havemutex="rm -f ${lockf}"
 	    else
 		echo "Giving up on lock file ${lockf}" >&2
 	    fi
 	fi
 	if [ -n "$g_havemutex" ]; then
 	    trap mutex_off EXIT
 	fi
    fi
 }
@@ -809,10 +811,7 @@ mutex_on()
 #
 mutex_off()
 {
-    if [ -n "$g_havemutex" ]; then
+    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
-	eval $g_havemutex
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
 	g_havemutex=
 	trap '' exit
    fi
 }
--- a/Shorewall-core/lib.core
+++ b/Shorewall-core/lib.core
@@ -1,7 +1,7 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.core
+# Shorewall 5.0 -- /usr/share/shorewall/lib.core
 #
-#     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -24,7 +24,7 @@
 # generated scripts.
 #
-SHOREWALL_LIBVERSION=50108
+SHOREWALL_LIBVERSION=50100
 #
 # Fatal Error
--- a/Shorewall-core/lib.installer
+++ b/Shorewall-core/lib.installer
@@ -1,88 +0,0 @@
 #
 # Shorewall 5.2 -- /usr/share/shorewall/lib.installer
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # The purpose of this library is to hold those functions used by the products installer.
 #
 #########################################################################################
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 delete_file() # $1 = file to delete
 {
    rm -f $1
 }
 require()
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 make_directory() # $1 = directory , $2 = mode
 {
    mkdir $1
    chmod $2 $1
    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
 }
 make_parent_directory() # $1 = directory , $2 = mode
 {
    mkdir -p $1
    chmod $2 $1
    [ -n "$OWNERSHIP" ] && chown $OWNER:$GROUP $1
 }
 cant_autostart()
 {
    echo
    echo  "WARNING: Unable to configure $Product to start automatically at boot" >&2
 }
--- a/Shorewall-core/lib.uninstaller
+++ b/Shorewall-core/lib.uninstaller
@@ -1,105 +0,0 @@
 #
 # Shorewall 5.2 -- /usr/share/shorewall/lib.installer
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
 #	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of the GNU General Public License as published by the
 #       Free Software Foundation, either version 2 of the license or, at your
 #       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # The purpose of this library is to hold those functions used by the products uninstaller.
 #
 #########################################################################################
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to remove
 {
    if [ -n "$1" ] ; then
        if [ -f $1 -o -L $1 ] ; then
            rm -f $1
            echo "$1 Removed"
        fi
    fi
 }
 remove_directory() # $1 = directory to remove
 {
    if [ -n "$1" ] ; then
        if [ -d $1 ] ; then
            rm -rf $1
            echo "$1 Removed"
        fi
    fi
 }
 remove_file_with_wildcard() # $1 = file with wildcard to remove
 {
    if [ -n "$1" ] ; then
        for f in $1; do
            if [ -d $f ] ; then
                rm -rf $f
                echo "$f Removed"
            elif [ -f $f -o -L $f ] ; then
                rm -f $f
                echo "$f Removed"
            fi
        done
    fi
 }
 restore_file() # $1 = file to restore
 {
    if [ -f ${1}-shorewall.bkout ]; then
 	if (mv -f ${1}-shorewall.bkout $1); then
 	    echo
 	    echo "$1 restored"
        else
 	    exit 1
        fi
    fi
 }
--- a/Shorewall-core/manpages/shorewall.xml
+++ b/Shorewall-core/manpages/shorewall.xml
@@ -405,6 +405,20 @@
      <replaceable>provider</replaceable> }</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>options</arg>
      <arg
      choice="plain"><option>refresh</option><arg><option>-n</option></arg><arg><option>-d</option></arg><arg><option>-T</option></arg><arg><option>-i</option></arg><arg>-<option>D</option>
      <replaceable>directory</replaceable> </arg><arg
      rep="repeat"><replaceable>chain</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6][-lite]</command>
@@ -418,81 +432,6 @@
      <arg choice="plain"><replaceable>address</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6][-lite]</command>
      <arg
      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
      <arg>options</arg>
      <arg choice="plain"><option>reload</option></arg>
      <arg><option>-n</option></arg>
      <arg><option>-p</option><arg><option>-d</option></arg></arg>
      <arg><option>-f</option></arg>
      <arg><option>-c</option></arg>
      <arg><option>-T</option></arg>
      <arg><option>-i</option></arg>
      <arg><option>-C</option></arg>
      <arg><replaceable>directory</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>options</arg>
      <arg choice="plain"><option>remote-getcaps</option></arg>
      <arg><option>-s</option></arg>
      <arg><option>-R</option></arg>
      <arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
      <arg><option>-T</option></arg>
      <arg><option>-i</option></arg>
      <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
      <arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>options</arg>
      <arg choice="plain"><option>remote-getrc</option></arg>
      <arg><option>-s</option></arg>
      <arg><option>-c</option></arg>
      <arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
      <arg><option>-T</option></arg>
      <arg><option>-i</option></arg>
      <arg><arg><option>-D</option></arg><replaceable>directory</replaceable></arg>
      <arg choice="plain"><arg><replaceable>system</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
@@ -746,31 +685,6 @@
      <arg choice="plain"><option>capabilities</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
      <arg>options</arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg><option>-f</option></arg>
      <arg choice="plain"><option>{actions|macros}</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6]</command>
      <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
      <arg>options</arg>
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg choice="plain"><option>action</option><arg
      choice="plain"><replaceable>action</replaceable></arg></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>shorewall[6][-lite]</command>
@@ -781,7 +695,7 @@
      <arg choice="req"><option>show | list | ls </option></arg>
      <arg
-      choice="req"><option>classifiers|connections|config|events|filters|ip|ipa|ipsec|zones|policies|marks</option></arg>
+      choice="req"><option>actions|classifiers|connections|config|events|filters|ip|ipa|ipsec|macros|zones|policies|marks</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -847,7 +761,7 @@
      <arg choice="req"><option>show | list | ls </option></arg>
-      <arg choice="plain"><option>saves</option></arg>
+      <arg choice="plain"><option>tc</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
@@ -1350,7 +1264,7 @@
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
-          role="bold">reload</emphasis> command if that script exists.</para>
+          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
      </varlistentry>
@@ -1807,6 +1721,63 @@
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">refresh </emphasis> [-<option>n</option>]
        [-<option>d</option>] [-<option>T</option>] [-i] [-<option>D
        </option><replaceable>directory</replaceable> ] [
        <replaceable>chain</replaceable>... ]</term>
        <listitem>
          <para>Not available with Shorewall[6]-lite.</para>
          <para>All steps performed by <command>restart</command> are
          performed by <command>refresh</command> with the exception that
          <command>refresh</command> only recreates the chains specified in
          the command while <command>restart</command> recreates the entire
          Netfilter ruleset. If no <replaceable>chain</replaceable> is given,
          the static blacklisting chain <emphasis
          role="bold">blacklst</emphasis> is assumed.</para>
          <para>The listed chains are assumed to be in the filter table. You
          can refresh chains in other tables by prefixing the chain name with
          the table name followed by ":" (e.g., nat:net_dnat). Chain names
          which follow are assumed to be in that table until the end of the
          list or until an entry in the list names another table. Built-in
          chains such as FORWARD may not be refreshed.</para>
          <para>The <option>-n</option> option was added in Shorewall 4.5.3
          causes Shorewall to avoid updating the routing table(s).</para>
          <para>The <option>-d</option> option was added in Shorewall 4.5.3
          causes the compiler to run under the Perl debugger.</para>
          <para>The <option>-T</option> option was added in Shorewall 4.5.3
          and causes a Perl stack trace to be included with each
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
          and causes a warning message to be issued if the current line
          contains alternative input specifications following a semicolon
          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
          <para>The <option>-D</option> option was added in Shorewall 4.5.3
          and causes Shorewall to look in the given
          <emphasis>directory</emphasis> first for configuration files.</para>
          <para>Example:<programlisting><command>shorewall refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para>
          <para>The <emphasis role="bold">refresh</emphasis> command has
          slightly different behavior. When no chain name is given to the
          <emphasis role="bold">refresh</emphasis> command, the mangle table
          is refreshed along with the blacklist chain (if any). This allows
          you to modify <filename>/etc/shorewall/tcrules </filename>and
          install the changes using <emphasis
          role="bold">refresh</emphasis>.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">reject</emphasis><replaceable>
        address</replaceable></term>
@@ -1918,64 +1889,12 @@
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">remote-getcaps</emphasis>
        [-<option>R</option>] [-<option>r</option>
        <replaceable>root-user-name</replaceable>] [ [ -D ]
        <replaceable>directory</replaceable> ] [
        <replaceable>system</replaceable> ]</term>
        <listitem>
          <para>Added in Shoreall 5.2.0, this command executes <emphasis
          role="bold">shorewall[6]-lite show capabilities -f &gt;
          /var/lib/shorewall[6]-lite/capabilities</emphasis> on the remote
          <replaceable>system</replaceable> via ssh then the generated file is
          copied to <replaceable>directory</replaceable> on the local system.
          If no <replaceable>directory</replaceable> is given, the current
          working directory is assumed.</para>
          <para>if <emphasis role="bold">-R</emphasis> is included, the remote
          shorewallrc file is also copied to
          <replaceable>directory</replaceable>.</para>
          <para>If <option>-r</option> is included, it specifies that the root
          user on <replaceable>system</replaceable> is named
          <replaceable>root-user-name</replaceable> rather than "root".</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">remote-getrc</emphasis>
        [-<option>c</option>] [-<option>r</option>
        <replaceable>root-user-name</replaceable>] [ [ -D ]
        <replaceable>directory</replaceable> ] [
        <replaceable>system</replaceable> ]</term>
        <listitem>
          <para>Added in Shoreall 5.2.0, this command copies the shorewallrc
          file from the remote <replaceable>system</replaceable> to
          <replaceable>directory</replaceable> on the local system. If no
          <replaceable>directory</replaceable> is given, the current working
          directory is assumed.</para>
          <para>if <emphasis role="bold">-c</emphasis> is included, the remote
          capabilities are also copied to
          <replaceable>directory</replaceable>, as is done by the
          <command>remote-getcaps</command> command.</para>
          <para>If <option>-r</option> is included, it specifies that the root
          user on <replaceable>system</replaceable> is named
          <replaceable>root-user-name</replaceable> rather than "root".</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">remote-start</emphasis>
-        [-<option>n</option>] [-<option>s</option>] [-<option>c</option>]
+        [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
-        [-<option>r</option> <replaceable>root-user-name</replaceable>]
+        <replaceable>root-user-name</replaceable>] [-<option>T</option>]
-        [-<option>T</option>] [-<option>i</option>] [ [ -D ]
+        [-<option>i</option>] [ [ -D ] <replaceable>directory</replaceable> ]
-        <replaceable>directory</replaceable> ] [
+        [ <replaceable>system</replaceable> ]</term>
        <replaceable>system</replaceable> ]</term>
        <listitem>
          <para>This command was renamed from <command>load</command> in
@@ -2011,18 +1930,15 @@
          <replaceable>directory</replaceable>, then the <option>-D</option>
          option must be given.</para>
          <para>The <option>-n</option> option causes Shorewall to avoid
          updating the routing table(s).</para>
          <para>If <emphasis role="bold">-s</emphasis> is specified and the
          <emphasis role="bold">start</emphasis> command succeeds, then the
          remote Shorewall-lite configuration is saved by executing <emphasis
          role="bold">shorewall-lite save</emphasis> via ssh.</para>
          <para>if <emphasis role="bold">-c</emphasis> is included, the
-          command <emphasis role="bold">shorewall[6]-lite show capabilities -f
+          command <emphasis role="bold">shorewall-lite show capabilities -f
-          &gt; /var/lib/shorewall[6]-lite/capabilities</emphasis> is executed
+          &gt; /var/lib/shorewall-lite/capabilities</emphasis> is executed via
-          via ssh then the generated file is copied to
+          ssh then the generated file is copied to
          <replaceable>directory</replaceable> using scp. This step is
          performed before the configuration is compiled.</para>
@@ -2033,6 +1949,13 @@
          <para>The <option>-T</option> option was added in Shorewall 4.5.3
          and causes a Perl stack trace to be included with each
          compiler-generated error and warning message.</para>
          <para>The <option>-i</option> option was added in Shorewall 4.6.0
          and causes a warning message to be issued if the current line
          contains alternative input specifications following a semicolon
          (";"). Such lines will be handled incorrectly if INLINE_MATCHES is
          set to Yes in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
@@ -2451,11 +2374,11 @@
        <replaceable>filename</replaceable> ]</term>
        <listitem>
-          <para>Creates a snapshot of the currently running firewall. The
+          <para>The dynamic blacklist is stored in /var/lib/shorewall/save.
-          dynamic blacklist is stored in /var/lib/shorewall/save. The state of
+          The state of the firewall is stored in
          the firewall is stored in
          /var/lib/shorewall/<emphasis>filename</emphasis> for use by the
-          <emphasis role="bold">shorewall restore</emphasis> command. If
+          <emphasis role="bold">shorewall restore</emphasis> and <emphasis
          role="bold">shorewall -f start</emphasis> commands. If
          <emphasis>filename</emphasis> is not given then the state is saved
          in the file specified by the RESTOREFILE option in <ulink
          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
@@ -2492,23 +2415,12 @@
          arguments:</para>
          <variablelist>
            <varlistentry>
              <term><emphasis role="bold">action
              <replaceable>action</replaceable></emphasis></term>
              <listitem>
                <para>Lists the named action file. Available on Shorewall and
                Shorewall6 only.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">actions</emphasis></term>
              <listitem>
                <para>Produces a report about the available actions (built-in,
-                standard and user-defined). Available on Shorewall and
+                standard and user-defined).</para>
                Shorewall6 only.</para>
              </listitem>
            </varlistentry>
@@ -2758,15 +2670,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">rc</emphasis></term>
              <listitem>
                <para>Added in Shorewall 5.2.0. Displays the contents of
                $SHAREDIR/shorewall/shorewallrc.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>[-<option>c</option>]<emphasis role="bold">
              routing</emphasis></term>
@@ -2792,20 +2695,6 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>saves</term>
              <listitem>
                <para>Added in Shorewall 5.2.0. Lists snapshots created by the
                <command>save</command> command. Each snapshot is listed with
                the date and time when it was taken. If there is a snapshot
                with the name specified in the RESTOREFILE option in <ulink
                url="shorewall.conf.html">shorewall.conf(5</ulink>), that
                snapshot is listed as the <emphasis>default</emphasis>
                snapshot for the <command>restore</command> command.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term><emphasis role="bold">tc</emphasis></term>
@@ -2965,7 +2854,7 @@
          by the compiled script that executed the last successful <emphasis
          role="bold">start</emphasis>, <emphasis
          role="bold">restart</emphasis> or <emphasis
-          role="bold">reload</emphasis> command if that script exists.</para>
+          role="bold">refresh</emphasis> command if that script exists.</para>
        </listitem>
      </varlistentry>
@@ -3217,8 +3106,6 @@
    <title>FILES</title>
    <para>/etc/shorewall/</para>
    <para>/etc/shorewall6/</para>
  </refsect1>
  <refsect1>
@@ -3228,18 +3115,13 @@
    url="/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm</ulink></para>
    <para>shorewall-accounting(5), shorewall-actions(5),
-    shorewall-arprules(5), shorewall-blrules(5), shorewall.conf(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
-    shorewall-conntrack(5), shorewall-ecn(5), shorewall-exclusion(5),
+    shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
-    shorewall-hosts(5), shorewall-init(5), shorewall_interfaces(5),
+    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
-    shorewall-ipsets(5), shorewall-logging(), shorewall-maclist(5),
+    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
-    shorewall-mangle(5), shorewall-masq(5), shorewall-modules(5),
+    shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
-    shorewall-nat(5), shorewall-nesting(5), shorewall-netmap(5),
+    shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5),
-    shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
+    shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
-    shorewall-proxyarp(5), shorewall6-proxyndp(5), shorewall-routes(5),
+    shorewall-tunnels(5), shorewall-zones(5)</para>
    shorewall-rtrules(5), shorewall-rtrules(5), shorewall-rules(5),
    shorewall-secmarks(5), shorewall-snat(5), shorewall-tcclasses(5),
    shorewall-tcdevices(5), shorewall-tcfilters(5), shorewall-tcinterfaces(5),
    shorewall-tcpri(5), shorewall-tunnels(5), shorewall-vardir(5),
    shorewall-zones(5)</para>
  </refsect1>
 </refentry>
--- a/Shorewall-core/shorewall
+++ b/Shorewall-core/shorewall
@@ -1,8 +1,8 @@
 #!/bin/sh
 #
-#     Shorewall Packet Filtering Firewall Control Program - V5.1
+#     Shorewall Packet Filtering Firewall Control Program - V5.0
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015-2017
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
@@ -25,10 +25,6 @@
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
 ################################################################################################
 #
 # Default product is Shorewall. PRODUCT will be set based on $0 and on passed -[46] and -l
 # options
 #
 PRODUCT=shorewall
 #
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.2 rc file
+# Apple OS X Shorewall 5.0 rc file
 #
 BUILD=apple
 HOST=apple
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.2 rc file
+# Arch Linux Shorewall 5.0 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.2 rc file
+# Cygwin Shorewall 5.0 rc file
 #
 BUILD=cygwin
 HOST=cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.2 rc file
+# Debian Shorewall 4.5 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
@@ -13,9 +13,9 @@ MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
 INITDIR=				#Directory where SysV init scripts are installed.
 INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
-ANNOTATED=				#If non-empty, annotated configuration files are installed
+ANNOTATED=				#If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian.systemd	#Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFFILE=default.debian		#Name of the distributed file to be installed in $SYSCONFDIR
-SERVICEFILE=$PRODUCT.service.debian	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.2 rc file
+# Debian Shorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                     #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSCONFFILE=default.debian.sysvinit              #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
 SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,8 +1,8 @@
 #
-# Default Shorewall 5.2 rc file
+# Default Shorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system
 PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -1,8 +1,8 @@
 #
-# OpenWRT/LEDE Shorewall 5.2 rc file
+# Created by Shorewall Core version 5.0.2-RC1 configure -  Fri, Nov 06, 2015 10:02:03 AM
 #
 # Input: host=openwrt
 #
 BUILD=                                 #Default is to detect the build system
 HOST=openwrt
 PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.2 rc file
+# RedHat/FedoraShorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
--- a/Shorewall-core/shorewallrc.sandbox
+++ b/Shorewall-core/shorewallrc.sandbox
@@ -1,28 +0,0 @@
 #
 # Shorewall 5.2 rc file for installing into a Sandbox
 #
 BUILD=                                       # Default is to detect the build system
 HOST=linux
 INSTALLDIR=				     # Set this to the directory where you want Shorewall installed
 PREFIX=${INSTALLDIR}/usr		     # Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share		     # Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share		     # Directory for executable scripts.	
 PERLLIBDIR=${PREFIX}/share/shorewall	     # Directory to install Shorewall Perl module directory	
 CONFDIR=${INSTALLDIR}/etc		     # Directory where subsystem configurations are installed				
 SBINDIR=${INSTALLDIR}/sbin		     # Directory where system administration programs are installed			
 MANDIR=		     			     # Leave empty
 INITDIR=				     # Leave empty				     				
 INITSOURCE=				     # Leave empty
 INITFILE=				     # Leave empty
 AUXINITSOURCE=				     # Leave empty
 AUXINITFILE=				     # Leave empty
 SERVICEDIR=				     # Leave empty
 SERVICEFILE=    			     # Leave empty
 SYSCONFFILE=				     # Leave empty
 SYSCONFDIR=				     # Leave empty			
 SPARSE=					     # Leave empty			
 ANNOTATED=				     # If non-empty, annotated configuration files are installed				
 VARLIB=${INSTALLDIR}/var/lib		     # Directory where product variable data is stored.				
 VARDIR=${VARLIB}/$PRODUCT		     # Directory where product variable data is stored.		
 DEFAULT_PAGER=/usr/bin/less		     # Pager to use if none specified in shorewall[6].conf
 SANDBOX=Yes				     # Indicates SANDBOX installation
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.2 rc file
+# Slackware Shorewall 5.0 rc file
 #
 BUILD=slackware
 HOST=slackware
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.2 rc file
+# SuSE Shorewall 5.0 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Script to back uninstall Shoreline Firewall Core Modules
+# Script to back uninstall Shoreline Firewall
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
@@ -26,75 +26,63 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx #The Build script inserts the actual version
-PRODUCT=shorewall-core
+PRODUCT="shorewall-core"
 Product="Shorewall Core"
-
+ 
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <shorewallrc file> ]"
    echo "where <option> is one of"
    echo "  -h"
    echo "  -v"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 restore_file() # $1 = file to restore
 {
    if [ -f ${1}-shorewall.bkout ]; then
 	if (mv -f ${1}-shorewall.bkout $1); then
 	    echo
 	    echo "$1 restored"
        else
 	    exit 1
        fi
    fi
 }
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
 	rm -f $1
 	echo "$1 Removed"
    fi
 }
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 #
 # Source common functions
 #
 . ./lib.uninstaller || { echo "ERROR: Can not load common functions." >&2; exit 1; }
 #
 # Parse the run line
 #
 finished=0
 while [ $finished -eq 0 ]; do
    option=$1
    case "$option" in
 	-*)
 	    option=${option#-}
 	    while [ -n "$option" ]; do
 		case $option in
 		    h)
 			usage 0
 			;;
 		    v)
 			echo "$Product Firewall Uninstaller Version $VERSION"
 			exit 0
 			;;
 		    *)
 			usage 1
 			;;
 		esac
 	    done
 	    shift
 	    ;;
 	*)
 	    finished=1
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
-        . ./shorewallrc || fatal_error "Can not load the RC file: ./shorewallrc"
+	. ./shorewallrc
    elif [ -f ~/.shorewallrc ]; then
-        . ~/.shorewallrc || fatal_error "Can not load the RC file: ~/.shorewallrc"
+	. ~/.shorewallrc || exit 1
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-        . /usr/share/shorewall/shorewallrc || fatal_error "Can not load the RC file: /usr/share/shorewall/shorewallrc"
+	. /usr/share/shorewall/shorewallrc
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
@@ -104,11 +92,11 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || exit 1
+	    file=./$file
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file
 else
    usage 1
 fi
@@ -116,26 +104,20 @@ fi
 if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
-	echo "WARNING: $Product Version $INSTALLED_VERSION is installed"
+	echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
 	VERSION="$INSTALLED_VERSION"
    fi
 else
-    echo "WARNING: $Product Version $VERSION is not installed"
+    echo "WARNING: Shorewall Core Version $VERSION is not installed"
    VERSION=""
 fi
-echo "Uninstalling $Product $VERSION"
+echo "Uninstalling Shorewall Core $VERSION"
-if [ -n "${MANDIR}" ]; then
+rm -rf ${SHAREDIR}/shorewall
-    remove_file_with_wildcard ${MANDIR}/man5/shorewall\*
+rm -f ~/.shorewallrc
-    remove_file_with_wildcard ${MANDIR}/man8/shorewall\*
+
-fi
+echo "Shorewall Core Uninstalled"
 remove_directory ${SHAREDIR}/shorewall
 remove_file ~/.shorewallrc
 #
 # Report Success
 #
 echo "$Product $VERSION Uninstalled"
--- a/Shorewall-init/default.debian.systemd
+++ b/Shorewall-init/default.debian.systemd
@@ -1,21 +0,0 @@
 # List the Shorewall products that Shorewall-init is to
 # initialize (space-separated list).
 #
 # Sample: PRODUCTS="shorewall shorewall6"
 #
 PRODUCTS=""
 #
 # Set this to 1 if you want Shorewall-init to react to
 # ifup/ifdown and NetworkManager events
 #
 IFUPDOWN=0
 #
 # Where Up/Down events get logged
 #
 LOGFILE=/var/log/shorewall-ifupdown.log
 # Startup options - set verbosity to 0 (minimal reporting)
 OPTIONS="-V0"
 # IOF
--- a/Shorewall-init/default.debian.sysvinit
+++ b/Shorewall-init/default.debian.sysvinit
@@ -1,27 +0,0 @@
 # List the Shorewall products that Shorewall-init is to
 # initialize (space-separated list).
 #
 # Sample: PRODUCTS="shorewall shorewall6"
 #
 PRODUCTS=""
 #
 # Set this to 1 if you want Shorewall-init to react to
 # ifup/ifdown and NetworkManager events
 #
 IFUPDOWN=0
 #
 # Set this to the name of the file that is to hold
 # ipset contents. Shorewall-init will load those ipsets
 # during 'start' and will save them there during 'stop'.
 #
 SAVE_IPSETS=""
 #
 # Where Up/Down events get logged
 #
 LOGFILE=/var/log/shorewall-ifupdown.log
 # Startup options - set verbosity to 0 (minimal reporting)
 OPTIONS="-V0"
 # IOF
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -73,16 +73,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
-        return 0
+	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-        if [ $PRODUCT = shorewall ]; then
+	return 0
            ${SBINDIR}/shorewall compile
        elif [ $PRODUCT = shorewall6 ]; then
            ${SBINDIR}/shorewall -6 compile
        else
            return 1
        fi
    fi
 }
@@ -112,14 +108,16 @@ shorewall_start () {
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-          #
+	  if [ -x ${STATEDIR}/firewall ]; then
-	  # Run in a sub-shell to avoid name collisions
+              #
-	  #
+	      # Run in a sub-shell to avoid name collisions
-	  (
+	      #
-	      if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+	      (
-		  ${STATEDIR}/firewall ${OPTIONS} stop
+		  if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-	      fi
+		      ${STATEDIR}/firewall ${OPTIONS} stop
-	  )
+		  fi
 	      )
 	  fi
      fi
  done
@@ -147,7 +145,9 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear
+	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
@@ -159,9 +159,8 @@ shorewall_stop () {
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
 	  echo_notdone
      fi
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -44,14 +44,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 1
+	return 0
    fi
 }
@@ -68,20 +66,20 @@ start () {
    printf "Initializing \"Shorewall-based firewalls\": "
    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 	ipset -R < "$SAVE_IPSETS"
    fi
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
 	if [ $retval -eq 0 ]; then
-	    ${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
+	    if [ -x "${STATEDIR}/firewall" ]; then
-	    retval=${PIPESTATUS[0]}
+		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
-	    [ $retval -ne 0 ] && break
+		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    retval=6 #Product not configured
 	    break
 	fi
    done
@@ -108,25 +106,20 @@ stop () {
 	retval=$?
 	if [ $retval -eq 0 ]; then
-	    ${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
+	    if [ -x "${STATEDIR}/firewall" ]; then
-	    retval=${PIPESTATUS[0]}
+		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
-	    [ $retval -ne 0 ] && break
+		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
 	    else
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    retval=6 #Product not configured
 	    break
 	fi
    done
    if [ $retval -eq 0 ]; then
 	if [ -n "$SAVE_IPSETS" ]; then
 	    mkdir -p $(dirname "$SAVE_IPSETS")
 	    if ipset -S > "${SAVE_IPSETS}.tmp"; then
 		grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 	    else
 		rm -f "${SAVE_IPSETS}.tmp"
 	    fi
 	fi
 	rm -f $lockfile
 	success
    else
--- a/Shorewall-init/init.openwrt.sh
+++ b/Shorewall-init/init.openwrt.sh
@@ -75,14 +75,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 1
+	return 0
    fi
 }
@@ -94,8 +92,10 @@ start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  ${STATEDIR}/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
@@ -103,8 +103,6 @@ start () {
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 boot () {
@@ -119,19 +117,17 @@ stop () {
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
-	    ${STATEDIR}/firewall ${OPTIONS} clear
+	    if [ -x ${STATEDIR}/firewall ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
    return 0
 }
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -69,12 +69,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	return 0
    elif [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
    else
-	return 1
+	return 0
    fi
 }
@@ -86,8 +84,10 @@ shorewall_start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+	  if [ -x ${STATEDIR}/firewall ]; then
-	      ${STATEDIR}/firewall ${OPTIONS} stop
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  ${STATEDIR}/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
@@ -107,16 +107,16 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear
+	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
      fi
  fi
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -79,14 +79,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 6
+	return 0
    fi
 }
@@ -98,8 +96,10 @@ shorewall_start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+	  if [ -x $STATEDIR/firewall ]; then
-	      $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
@@ -117,16 +117,16 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
-	  ${STATEDIR}/firewall ${OPTIONS} clear
+	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
      fi
  fi
 }
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -27,21 +27,58 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx #The Build script inserts the actual version.
 PRODUCT=shorewall-init
 Product="Shorewall Init"
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <configuration-file> ]"
-    echo "where <option> is one of"
+    echo "       $ME -v"
-    echo "  -h"
+    echo "       $ME -h"
-    echo "  -v"
+    echo "       $ME -n"
    echo "  -n"
    exit $1
 }
 fatal_error() 
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 cant_autostart()
 {
    echo
    echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
 }
 install_file() # $1 = source $2 = target $3 = mode
 {
    if cp -f $1 $2; then
@@ -60,16 +97,23 @@ install_file() # $1 = source $2 = target $3 = mode
    exit 1
 }
 make_directory() # $1 = directory , $2 = mode
 {
    mkdir -p $1
    chmod 0755 $1
    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
 }
 require() 
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 #
 # Source common functions
 #
 . ./lib.installer || { echo "ERROR: Can not load common functions." >&2; exit 1; }
 #
 # Parse the run line
 #
@@ -90,7 +134,7 @@ while [ $finished -eq 0 ] ; do
 			usage 0
 			;;
 		    v)
-			echo "$Product Firewall Installer Version $VERSION"
+			echo "Shorewall-init Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
@@ -115,17 +159,17 @@ done
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    #
    # Load packager's settings if any
    #
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc || exit 1
 	file=./shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    elif [ -f ~/.shorewallrc ]; then
 	. ~/.shorewallrc || exit 1
 	file=~/.shorewallrc
-        . $file || fatal_error "Can not load the RC file: $file"
+     else
-    elif [ -f /usr/share/shorewall/shorewallrc ]; then
+	fatal_error "No configuration file specified and ~/.shorewallrc not found"
 	file=/usr/share/shorewall/shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
 elif [ $# -eq 1 ]; then
    file=$1
@@ -133,11 +177,11 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || exit 1
+	    file=./$file
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file
 else
    usage 1
 fi
@@ -254,10 +298,12 @@ case "$HOST" in
 	echo "Installing Openwrt-specific configuration..."
 	;;
    linux)
-	fatal_error "Shorewall-init is not supported on this system"
+	echo "ERROR: Shorewall-init is not supported on this system" >&2
 	exit 1
 	;;
    *)
-	fatal_error "Unsupported HOST distribution: \"$HOST\""
+	echo "ERROR: Unsupported HOST distribution: \"$HOST\"" >&2
 	exit 1;
 	;;
 esac
@@ -269,27 +315,30 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
    fi
-    make_parent_directory ${DESTDIR}${INITDIR} 0755
+    make_directory ${DESTDIR}${INITDIR} 0755
 fi
-echo "Installing $Product Version $VERSION"
+echo "Installing Shorewall Init Version $VERSION"
 #
 # Check for /usr/share/shorewall-init/version
 #
-if [ -f ${DESTDIR}${SHAREDIR}/$PRODUCT/version ]; then
+if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
    first_install=""
 else
    first_install="Yes"
 fi
-[ -n "$DESTDIR" ] && make_parent_directory ${DESTDIR}${CONFDIR}/logrotate.d 0755
+if [ -n "$DESTDIR" ]; then
    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
    chmod 0755 ${DESTDIR}${CONFDIR}/logrotate.d
 fi
 #
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
-    make_parent_directory ${DESTDIR}${INITDIR} 0755
+    mkdir -p ${DESTDIR}${INITDIR}
    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
@@ -308,21 +357,25 @@ if [ -z "${SERVICEDIR}" ]; then
 fi
 if [ -n "$SERVICEDIR" ]; then
-    make_parent_directory ${DESTDIR}${SERVICEDIR} 0755
+    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
-    [ -n "$DESTDIR" -o $configure -eq 0 ] && make_parent_directory ${DESTDIR}${SBINDIR} 0755
+    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
-    install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0700
+	mkdir -p ${DESTDIR}${SBINDIR}
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
+        chmod 0755 ${DESTDIR}${SBINDIR}
-    echo "CLI installed as ${DESTDIR}${SBINDIR}/$PRODUCT"
+    fi
    install_file shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init 0700
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
    echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
 #
 # Create /usr/share/shorewall-init if needed
 #
-make_parent_directory ${DESTDIR}${SHAREDIR}/$PRODUCT 0755
+mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
 chmod 0755 ${DESTDIR}${SHAREDIR}/shorewall-init
 #
 # Install logrotate file
@@ -335,53 +388,55 @@ fi
 #
 # Create the version file
 #
-echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/$PRODUCT/version
+echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
-chmod 0644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
 #
 # Remove and create the symbolic link to the init script
 #
 if [ -z "$DESTDIR" ]; then
-    rm -f ${SHAREDIR}/$PRODUCT/init
+    rm -f ${SHAREDIR}/shorewall-init/init
-    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
+    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
 fi
 if [ $HOST = debian ]; then
    if [ -n "${DESTDIR}" ]; then
-	make_parent_directory ${DESTDIR}${ETC}/network/if-up.d 0755
+	mkdir -p ${DESTDIR}${ETC}/network/if-up.d/
-	make_parent_directory ${DESTDIR}${ETC}/network/if-down.d 0755
+	mkdir -p ${DESTDIR}${ETC}/network/if-down.d/
-	make_parent_directory ${DESTDIR}${ETC}/network/if-post-down.d 0755
+	mkdir -p ${DESTDIR}${ETC}/network/if-post-down.d/
    elif [ $configure -eq 0 ]; then
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-up.d 0755
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-up.d/
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-down.d 0755
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-down.d/
-	make_parent_directory ${DESTDIR}${CONFDIR}/network/if-post-down.d 0755
+	mkdir -p ${DESTDIR}${CONFDIR}/network/if-post-down.d/
    fi
-    if [ ! -f ${DESTDIR}${CONFDIR}/default/$PRODUCT ]; then
+    if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
-	[ -n "${DESTDIR}" ] && make_parent_directory ${DESTDIR}${ETC}/default 0755
+	if [ -n "${DESTDIR}" ]; then
 	    mkdir -p ${DESTDIR}${ETC}/default
 	fi
-	[ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/default 0755
+	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
-	install_file ${SYSCONFFILE} ${DESTDIR}${ETC}/default/$PRODUCT 0644
+	install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644
-	echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+	echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
    fi
    IFUPDOWN=ifupdown.debian.sh
 else
    if [ -n "$DESTDIR" ]; then
-	make_parent_directory ${DESTDIR}${SYSCONFDIR} 0755
+	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	if [ -z "$RPM" ]; then
 	    if [ $HOST = suse ]; then
-		make_parent_directory ${DESTDIR}${ETC}/sysconfig/network/if-up.d 0755
+		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-up.d
-		make_parent_directory ${DESTDIR}${ETC}/sysconfig/network/if-down.d 0755
+		mkdir -p ${DESTDIR}${ETC}/sysconfig/network/if-down.d
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
 	    elif [ $HOST = openwrt ]; then
-		# Not implemented on OpenWRT
+		# Not implemented on openwrt
 		/bin/true
 	    else
-		make_parent_directory ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d 0755
+		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
 	    fi
 	fi
    fi
@@ -403,13 +458,13 @@ if [ $HOST != openwrt ]; then
    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
-    make_parent_directory ${DESTDIR}${LIBEXECDIR}/$PRODUCT 0755
+    mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
-    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown 0544
+    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
 fi
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
-    [ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d 0755
+    [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
    install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544
 fi
@@ -428,8 +483,8 @@ case $HOST in
    suse)
 	if [ -z "$RPM" ]; then
 	    if [ $configure -eq 0 ]; then
-		make_parent_directory ${DESTDIR}${SYSCONFDIR}/network/if-up.d 0755
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-up.d/
-		make_parent_directory ${DESTDIR}${SYSCONFDIR}/network/if-down.d 0755
+		mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d/
 	    fi
 	    install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
@@ -463,17 +518,17 @@ if [ -z "$DESTDIR" ]; then
 	if [ $HOST = debian ]; then
 	    if [ -n "$SERVICEDIR" ]; then
 		if systemctl enable ${PRODUCT}.service; then
-                    echo "$Product will start automatically at boot"
+                    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif mywhich insserv; then
-		if insserv ${INITDIR}/$PRODUCT; then
+		if insserv ${INITDIR}/shorewall-init; then
-                    echo "$Product will start automatically at boot"
+		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
 	    elif mywhich update-rc.d ; then
 		if update-rc.d $PRODUCT enable; then
-                    echo "$Product will start automatically at boot"
+		    echo "$PRODUCT will start automatically at boot"
 		    echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		else
 		    cant_autostart
@@ -494,31 +549,31 @@ if [ -z "$DESTDIR" ]; then
 	    /bin/true
 	else
 	    if [ -n "$SERVICEDIR" ]; then
-		if systemctl enable ${PRODUCT}.service; then
+		if systemctl enable shorewall-init.service; then
-		    echo "$Product will start automatically at boot"
+		    echo "Shorewall Init will start automatically at boot"
 		fi
 	    elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
-		if insserv ${INITDIR}/$PRODUCT ; then
+		if insserv ${INITDIR}/shorewall-init ; then
-		    echo "$Product will start automatically at boot"
+		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
 	    elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
-		if chkconfig --add $PRODUCT ; then
+		if chkconfig --add shorewall-init ; then
-		    echo "$Product will start automatically at boot"
+		    echo "Shorewall Init will start automatically in run levels as follows:"
-		    chkconfig --list $PRODUCT
+		    chkconfig --list shorewall-init
 		else
 		    cant_autostart
 		fi
 	    elif [ -x ${SBINDIR}/rc-update ]; then
-		if rc-update add $PRODUCT default; then
+		if rc-update add shorewall-init default; then
-		    echo "$Product will start automatically at boot"
+		    echo "Shorewall Init will start automatically at boot"
 		else
 		    cant_autostart
 		fi
 	    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
 		/etc/init.d/$PRODUCT enable
-		if /etc/init.d/$PRODUCT enabled; then
+		if /etc/init.d/shorewall-init enabled; then
 		    echo "$Product will start automatically at boot"
 		else
 		    cant_autostart
@@ -532,11 +587,11 @@ else
    if [ $configure -eq 1 -a -n "$first_install" ]; then
 	if [ $HOST = debian -a -z "$SERVICEDIR" ]; then
 	    if [ -n "${DESTDIR}" ]; then
-		make_parent_directory ${DESTDIR}/etc/rcS.d 0755
+		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi
-	    ln -sf ../init.d/$PRODUCT ${DESTDIR}${CONFDIR}/rcS.d/S38${PRODUCT}
+	    ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
-	    echo "$Product will start automatically at boot"
+	    echo "Shorewall Init will start automatically at boot"
 	fi
    fi
 fi
@@ -547,8 +602,8 @@ if [ -d ${DESTDIR}/etc/ppp ]; then
    case $HOST in
 	debian|suse)
 	    for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
-		make_parent_directory ${DESTDIR}/etc/ppp/$directory 0755 #SuSE doesn't create the IPv6 directories
+		mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
-		cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
+		cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
 	    done
 	    ;;
 	redhat)
@@ -559,19 +614,19 @@ if [ -d ${DESTDIR}/etc/ppp ]; then
 		FILE=${DESTDIR}/etc/ppp/$file
 		if [ -f $FILE ]; then
 		    if grep -qF Shorewall-based $FILE ; then
-			cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown $FILE
+			cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		    else
 			echo "$FILE already exists -- ppp devices will not be handled"
 			break
 		    fi
 		else
-		    cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown $FILE
+		    cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
 		fi
 	    done
 	    ;;
    esac
 fi
 #
-# Report Success
+#  Report Success
 #
 echo "shorewall Init Version $VERSION Installed"
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -33,12 +33,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
        return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
 	return 0
    fi
 }
@@ -67,14 +67,16 @@ shorewall_start () {
    printf "Initializing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
-	    #
+	    if [ -x ${STATEDIR}/firewall ]; then
-	    # Run in a sub-shell to avoid name collisions
+		#
-	    #
+		# Run in a sub-shell to avoid name collisions
-	    (
+		#
-		if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
+		(
-		    ${STATEDIR}/firewall ${OPTIONS} stop
+		    if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
-		fi
+			${STATEDIR}/firewall ${OPTIONS} stop
-	    )
+		    fi
 		)
 	    fi
 	fi
    done
@@ -93,16 +95,16 @@ shorewall_stop () {
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
-	    ${STATEDIR}/firewall ${OPTIONS} clear
+	    if [ -x ${STATEDIR}/firewall ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Script to back uninstall Shoreline Firewall Init
+# Script to back uninstall Shoreline Firewall
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
@@ -26,34 +26,62 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-init
 Product="Shorewall Init"
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <shorewallrc file> ]"
    echo "where <option> is one of"
    echo "  -h"
    echo "  -v"
    echo "  -n"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
 	rm -f $1
 	echo "$1 Removed"
    fi
 }
 #
 # Change to the directory containing this script
 #
 cd "$(dirname $0)"
 #
 # Source common functions
 #
 . ./lib.uninstaller || { echo "ERROR: Can not load common functions." >&2; exit 1; }
 #
 # Parse the run line
 #
 finished=0
 configure=1
@@ -90,17 +118,16 @@ while [ $finished -eq 0 ]; do
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
-        . ./shorewallrc || fatal_error "Can not load the RC file: ./shorewallrc"
+	. ./shorewallrc
    elif [ -f ~/.shorewallrc ]; then
-        . ~/.shorewallrc || fatal_error "Can not load the RC file: ~/.shorewallrc"
+	. ~/.shorewallrc || exit 1
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-        . /usr/share/shorewall/shorewallrc || fatal_error "Can not load the RC file: /usr/share/shorewall/shorewallrc"
+	. /usr/share/shorewall/shorewallrc
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
@@ -110,72 +137,72 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || exit 1
+	    file=./$file
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file || exit 1
 else
    usage 1
 fi
-if [ -f ${SHAREDIR}/$PRODUCT/version ]; then
+if [ -f ${SHAREDIR}/shorewall-init/version ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/$PRODUCT/version)"
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
-	echo "WARNING: $Product Version $INSTALLED_VERSION is installed"
+	echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
 	VERSION="$INSTALLED_VERSION"
    fi
 else
-    echo "WARNING: $Product Version $VERSION is not installed"
+    echo "WARNING: Shorewall Init Version $VERSION is not installed"
    VERSION=""
 fi
-echo "Uninstalling $Product $VERSION"
+[ -n "${LIBEXEC:=${SHAREDIR}}" ]
 echo "Uninstalling Shorewall Init $VERSION"
 [ -n "$SANDBOX" ] && configure=0
-[ -n "${LIBEXEC:=${SHAREDIR}}" ]
+INITSCRIPT=${CONFDIR}/init.d/shorewall-init
-remove_file  ${SBINDIR}/$PRODUCT
+if [ -f "$INITSCRIPT" ]; then
 FIREWALL=${CONFDIR}/init.d/$PRODUCT
 if [ -f "$FIREWALL" ]; then
    if [ $configure -eq 1 ]; then
-	if [ $HOST = openwrt ] ; then
+	if [ $HOST = openwrt ]; then
-	    if /etc/init.d/$PRODUCT enabled; then
+	    if /etc/init.d/shorewall-init enabled; then
-		/etc/init.d/$PRODUCT disable
+		/etc/init.d/shorewall-init disable
 	    fi
 	elif mywhich updaterc.d ; then
 	    updaterc.d shorewall-init remove
 	elif mywhich insserv ; then
-            insserv -r $FIREWALL
+            insserv -r $INITSCRIPT
 	elif mywhich update-rc.d ; then
 	    update-rc.d ${PRODUCT} remove
 	elif mywhich chkconfig ; then
-	    chkconfig --del $(basename $FIREWALL)
+	    chkconfig --del $(basename $INITSCRIPT)
 	fi
    fi
-    remove_file $FIREWALL
+    remove_file $INITSCRIPT
 fi
-[ -z "${SERVICEDIR}" ] && SERVICEDIR="$SYSTEMD"
+if [ -z "${SERVICEDIR}" ]; then
    SERVICEDIR="$SYSTEMD"
 fi
 if [ -n "$SERVICEDIR" ]; then
-    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}.service
+    [ $configure -eq 1 ] && systemctl disable shorewall-init.service
-    remove_file $SERVICEDIR/${PRODUCT}.service
+    rm -f $SERVICEDIR/shorewall-init.service
 fi
 if [ $HOST = openwrt ]; then
-    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/$PRODUCT ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/$PRODUCT ] && remove_file ${SBINDIR}/ifdown-local
+    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
 else
-    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/$PRODUCT ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/$PRODUCT ] && remove_file ${SBINDIR}/ifdown-local
+    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
 fi
-remove_file ${CONFDIR}/default/$PRODUCT
+remove_file ${CONFDIR}/default/shorewall-init
-remove_file ${CONFDIR}/sysconfig/$PRODUCT
+remove_file ${CONFDIR}/sysconfig/shorewall-init
 remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
@@ -200,11 +227,10 @@ if [ -d ${CONFDIR}/ppp ]; then
    done
 fi
-remove_directory ${SHAREDIR}/$PRODUCT
+rm -f  ${SBINDIR}/shorewall-init
-remove_directory ${LIBEXECDIR}/$PRODUCT
+rm -rf ${SHAREDIR}/shorewall-init
-remove_file  ${CONFDIR}/logrotate.d/$PRODUCT
+rm -rf ${LIBEXECDIR}/shorewall-init
 echo "Shorewall Init Uninstalled"
 #
 # Report Success
 #
 echo "$Product $VERSION Uninstalled"
--- a/Shorewall-lite/default.debian.sysvinit
+++ b/Shorewall-lite/default.debian.sysvinit
@@ -1,5 +1,5 @@
 # prevent startup with default configuration
-# set the following variable to 1 in order to allow Shorewall-lite to start
+# set the following varible to 1 in order to allow Shorewall-lite to start
 startup=0
@@ -16,7 +16,7 @@ startup=0
 #    wait_interface=
 #
-# Global start/restart/reload/stop options
+# Startup options
 #
 OPTIONS=""
@@ -30,16 +30,6 @@ STARTOPTIONS=""
 #
 RESTARTOPTIONS=""
 #
 # Reload options
 #
 RELOADOPTIONS=""
 #
 # Stop options
 #
 STOPOPTIONS=""
 #
 # Init Log -- if /dev/null, use the STARTUP_LOG defined in shorewall.conf
 #
--- a/Shorewall-lite/default.debian.systemd
+++ b/Shorewall-lite/default.debian.systemd
@@ -1,26 +0,0 @@
 #
 # Global start/restart/reload/stop options
 #
 OPTIONS=""
 #
 # Start options
 #
 STARTOPTIONS=""
 #
 # Restart options
 #
 RESTARTOPTIONS=""
 #
 # Reload options
 #
 RELOADOPTIONS=""
 #
 # Stop options
 #
 STOPOPTIONS=""
 # EOF
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -22,19 +22,62 @@
 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx #The Build script inserts the actual version
 usage() # $1 = exit status
 {
    ME=$(basename $0)
-    echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
+    echo "usage: $ME [ <configuration-file> ]"
-    echo "where <option> is one of"
+    echo "       $ME -v"
-    echo "  -h"
+    echo "       $ME -h"
-    echo "  -v"
+    echo "       $ME -n"
    echo "  -n"
    exit $1
 }
 fatal_error()
 {
    echo "   ERROR: $@" >&2
    exit 1
 }
 split() {
    local ifs
    ifs=$IFS
    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 qt()
 {
    "$@" >/dev/null 2>&1
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    echo $dir/$1
 	    return 0
 	fi
    done
    return 2
 }
 cant_autostart()
 {
    echo
    echo  "WARNING: Unable to configure $Product to start automatically at boot" >&2
 }
 delete_file() # $1 = file to delete
 {
    rm -f $1
 }
 install_file() # $1 = source $2 = target $3 = mode
 {
    if cp -f $1 $2; then
@@ -53,6 +96,19 @@ install_file() # $1 = source $2 = target $3 = mode
    exit 1
 }
 make_directory() # $1 = directory , $2 = mode
 {
    mkdir -p $1
    chmod 755 $1
    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
 }
 require()
 {
    eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 #
 # Change to the directory containing this script
 #
@@ -66,11 +122,6 @@ else
    Product="Shorewall6 Lite"
 fi
 #
 # Source common functions
 #
 . ./lib.installer || { echo "ERROR: Can not load common functions." >&2; exit 1; }
 #
 # Parse the run line
 #
@@ -117,14 +168,12 @@ done
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
 	. ./shorewallrc || exit 1
 	file=./shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    elif [ -f ~/.shorewallrc ]; then
-	file=~/.shorewallrc
+	. ~/.shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-	file=/usr/share/shorewall/shorewallrc
+	. /usr/share/shorewall/shorewallrc
        . $file || fatal_error "Can not load the RC file: $file"
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
@@ -134,11 +183,11 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || exit 1
+	    file=./$file
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file
 else
    usage 1
 fi
@@ -269,7 +318,8 @@ case "$HOST" in
    linux)
 	;;
    *)
-	fatal_error "ERROR: Unknown HOST \"$HOST\""
+	echo "ERROR: Unknown HOST \"$HOST\"" >&2
 	exit 1;
 	;;
 esac
@@ -281,7 +331,7 @@ if [ -n "$DESTDIR" ]; then
 	OWNERSHIP=""
    fi
-    make_parent_directory ${DESTDIR}${INITDIR} 0755
+    make_directory ${DESTDIR}${INITDIR} 755
 else
    if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
@@ -321,20 +371,25 @@ fi
 delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
-[ -n "${INITFILE}" ] && make_parent_directory ${DESTDIR}${INITDIR} 0755
+[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755
 #
 # Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
 #
-make_parent_directory ${DESTDIR}${CONFDIR}/$PRODUCT 0755
+mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
-make_parent_directory ${DESTDIR}${SHAREDIR}/$PRODUCT 0755
+mkdir -p ${DESTDIR}${SHAREDIR}/$PRODUCT
-make_parent_directory ${DESTDIR}${LIBEXECDIR}/$PRODUCT 0755
+mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
-make_parent_directory ${DESTDIR}${SBINDIR} 0755
+mkdir -p ${DESTDIR}${SBINDIR}
-make_parent_directory ${DESTDIR}${VARDIR} 0755
+mkdir -p ${DESTDIR}${VARDIR}
 chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
 chmod 755 ${DESTDIR}${SHAREDIR}/$PRODUCT
 if [ -n "$DESTDIR" ]; then
-    make_parent_directory ${DESTDIR}${CONFDIR}/logrotate.d 0755
+    mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    make_parent_directory ${DESTDIR}${INITDIR} 0755
+    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
    mkdir -p ${DESTDIR}${INITDIR}
    chmod 755 ${DESTDIR}${INITDIR}
 fi
 if [ -n "$INITFILE" ]; then
@@ -355,9 +410,9 @@ if [ -z "${SERVICEDIR}" ]; then
 fi
 if [ -n "$SERVICEDIR" ]; then
-    make_parent_directory ${DESTDIR}${SERVICEDIR} 0755
+    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
 fi
@@ -386,14 +441,8 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
 #
 for f in lib.* ; do
    if [ -f $f ]; then
-        case $f in
+	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
-            *installer)
+	echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
                ;;
            *)
                install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
                echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
                ;;
        esac
    fi
 done
@@ -421,12 +470,12 @@ if [ -f modules ]; then
 fi
 if [ -f helpers ]; then
-    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 0600
+    install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600
    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
-    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644
    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
@@ -437,19 +486,19 @@ done
 if [ -d manpages -a -n "$MANDIR" ]; then
    cd manpages
-    make_parent_directory ${DESTDIR}${MANDIR}/man5 0755
+    mkdir -p ${DESTDIR}${MANDIR}/man5/
    for f in *.5; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 0644
+	install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
    done
-    make_parent_directory ${DESTDIR}${MANDIR}/man8 0755
+    mkdir -p ${DESTDIR}${MANDIR}/man8/
    for f in *.8; do
 	gzip -c $f > $f.gz
-	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 0644
+	install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644
 	echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
    done
@@ -459,7 +508,7 @@ if [ -d manpages -a -n "$MANDIR" ]; then
 fi
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644
    echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
@@ -467,7 +516,7 @@ fi
 # Create the version file
 #
 echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
-chmod 0644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
+chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
 #
 # Remove and create the symbolic link to the init script
 #
@@ -490,7 +539,10 @@ ln -sf shorewall ${DESTDIR}${SBINDIR}/${PRODUCT}
 # Note -- not all packages will have the SYSCONFFILE so we need to check for its existance here
 #
 if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-    [ ${DESTDIR} ] && make_parent_directory ${DESTDIR}${SYSCONFDIR} 0755
+    if [ ${DESTDIR} ]; then
 	mkdir -p ${DESTDIR}${SYSCONFDIR}
 	chmod 755 ${DESTDIR}${SYSCONFDIR}
    fi
    install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
    echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
@@ -558,6 +610,6 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 fi
 #
-# Report Success
+#  Report Success
 #
 echo "$Product Version $VERSION Installed"
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,5 +1,5 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall-lite/lib.base
+# Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
 #     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
 #
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -28,7 +28,7 @@
 #
 #   On the target system (the system where the firewall program is to run):
 #
-#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
+#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities
 #
 #    Now move the capabilities file to the compilation system. The file must
 #    be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
@@ -38,6 +38,7 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
 #        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
--- a/Shorewall-lite/shorewall-lite.service.debian
+++ b/Shorewall-lite/shorewall-lite.service.debian
@@ -16,7 +16,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS clear
+ExecStop=/sbin/shorewall-lite $OPTIONS stop
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 [Install]
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Script to back uninstall Shoreline Firewall Lite
+# Script to back uninstall Shoreline Firewall
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
@@ -26,7 +26,9 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=xxx # The Build script inserts the actual version
+VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-lite
 Product="Shorewall Lite"
 usage() # $1 = exit status
 {
@@ -39,27 +41,46 @@ usage() # $1 = exit status
    exit $1
 }
-#
+fatal_error()
-# Change to the directory containing this script
+{
-#
+    echo "   ERROR: $@" >&2
-cd "$(dirname $0)"
+    exit 1
 }
-if [ -f shorewall-lite.service ]; then
+qt()
-    PRODUCT=shorewall-lite
+{
-    Product="Shorewall Lite"
+    "$@" >/dev/null 2>&1
-else
+}
    PRODUCT=shorewall6-lite
    Product="Shorewall6 Lite"
 fi
-#
+split() {
-# Source common functions
+    local ifs
-#
+    ifs=$IFS
-. ./lib.uninstaller || { echo "ERROR: Can not load common functions." >&2; exit 1; }
+    IFS=:
    set -- $1
    echo $*
    IFS=$ifs
 }
 mywhich() {
    local dir
    for dir in $(split $PATH); do
 	if [ -x $dir/$1 ]; then
 	    return 0
 	fi
    done
    return 2
 }
 remove_file() # $1 = file to restore
 {
    if [ -f $1 -o -L $1 ] ; then
 	rm -f $1
 	echo "$1 Removed"
    fi
 }
 #
 # Parse the run line
 #
 finished=0
 configure=1
@@ -76,7 +97,7 @@ while [ $finished -eq 0 ]; do
 			usage 0
 			;;
 		    v)
-			echo "$Product Firewall Uninstaller Version $VERSION"
+			echo "$Product Firewall Installer Version $VERSION"
 			exit 0
 			;;
 		    n*)
@@ -96,17 +117,16 @@ while [ $finished -eq 0 ]; do
 	    ;;
    esac
 done
 #
 # Read the RC file
 #
 if [ $# -eq 0 ]; then
    if [ -f ./shorewallrc ]; then
-        . ./shorewallrc || fatal_error "Can not load the RC file: ./shorewallrc"
+	. ./shorewallrc
    elif [ -f ~/.shorewallrc ]; then
-        . ~/.shorewallrc || fatal_error "Can not load the RC file: ~/.shorewallrc"
+	. ~/.shorewallrc || exit 1
    elif [ -f /usr/share/shorewall/shorewallrc ]; then
-        . /usr/share/shorewall/shorewallrc || fatal_error "Can not load the RC file: /usr/share/shorewall/shorewallrc"
+	. /usr/share/shorewall/shorewallrc
    else
 	fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
    fi
@@ -116,50 +136,46 @@ elif [ $# -eq 1 ]; then
 	/*|.*)
 	    ;;
 	*)
-	    file=./$file || exit 1
+	    file=./$file
 	    ;;
    esac
-    . $file || fatal_error "Can not load the RC file: $file"
+    . $file
 else
    usage 1
 fi
-if [ -f ${SHAREDIR}/$PRODUCT/version ]; then
+if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
-    INSTALLED_VERSION="$(cat ${SHAREDIR}/$PRODUCT/version)"
+    INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
    if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
-	echo "WARNING: $Product Version $INSTALLED_VERSION is installed"
+	echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
 	echo "         and this is the $VERSION uninstaller."
 	VERSION="$INSTALLED_VERSION"
    fi
 else
-    echo "WARNING: $Product Version $VERSION is not installed"
+    echo "WARNING: Shorewall Lite Version $VERSION is not installed"
    VERSION=""
 fi
-echo "Uninstalling $Product $VERSION"
+echo "Uninstalling Shorewall Lite $VERSION"
 [ -n "$SANDBOX" ] && configure=0
 if [ $configure -eq 1 ]; then
    if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
-	${SBINDIR}/$PRODUCT clear
+	shorewall-lite clear
    elif qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall6 ]; then
 	${SBINDIR}/$PRODUCT clear
    fi
 fi
-remove_file ${SBINDIR}/$PRODUCT
+if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
 if [ -L ${SHAREDIR}/$PRODUCT/init ]; then
    if [ $HOST = openwrt ]; then
-	if [ $configure -eq 1 ] && /etc/init.d/$PRODUCT enabled; then
+	if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then
-	    /etc/init.d/$PRODUCT disable
+	    /etc/init.d/shorewall-lite disable
 	fi
-	FIREWALL=$(readlink ${SHAREDIR}/$PRODUCT/init)
+	FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
    else
-	FIREWALL=$(readlink -m -q ${SHAREDIR}/$PRODUCT/init)
+	FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
    fi
 elif [ -n "$INITFILE" ]; then
    FIREWALL=${INITDIR}/${INITFILE}
@@ -167,10 +183,10 @@ fi
 if [ -f "$FIREWALL" ]; then
    if [ $configure -eq 1 ]; then
-	if mywhich insserv ; then
+	if mywhich updaterc.d ; then
 	    updaterc.d shorewall-lite remove
 	elif mywhich insserv ; then
            insserv -r $FIREWALL
 	elif mywhich update-rc.d ; then
 	    update-rc.d ${PRODUCT} remove
 	elif mywhich chkconfig ; then
 	    chkconfig --del $(basename $FIREWALL)
 	fi
@@ -179,29 +195,26 @@ if [ -f "$FIREWALL" ]; then
    remove_file $FIREWALL
 fi
-[ -z "${SERVICEDIR}" ] && SERVICEDIR="$SYSTEMD"
+[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD"
 if [ -n "$SERVICEDIR" ]; then
-    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}.service
+    [ $configure -eq 1 ] && systemctl disable ${PRODUCT}
-    remove_file $SERVICEDIR/${PRODUCT}.service
+    rm -f $SERVICEDIR/shorewall-lite.service
 fi
-remove_directory ${CONFDIR}/$PRODUCT
+rm -f ${SBINDIR}/shorewall-lite
 remove_directory ${VARDIR}
 remove_directory ${SHAREDIR}/$PRODUCT
 remove_directory ${LIBEXECDIR}/$PRODUCT
 remove_file  ${CONFDIR}/logrotate.d/$PRODUCT
-if [ -n "$SYSCONFDIR" ]; then
+rm -rf ${CONFDIR}/shorewall-lite
-    [ -n "$SYSCONFFILE" ] && remove_file ${SYSCONFDIR}/${PRODUCT}
+rm -rf ${VARDIR}
-fi
+rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXECDIR}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
 rm -f  ${SYSCONFDIR}/shorewall-lite
 if [ -n "${MANDIR}" ]; then
-    remove_file_with_wildcard ${MANDIR}/man5/${PRODUCT}\*
+    rm -f ${MANDIR}/man5/shorewall-lite*
-    remove_file_with_wildcard ${MANDIR}/man8/${PRODUCT}\*
+    rm -f ${MANDIR}/man8/shorewall-lite*
 fi
-#
+echo "Shorewall Lite Uninstalled"
-# Report Success
+
 #
 echo "$Product $VERSION Uninstalled"
--- a/Shorewall/Actions/action.A_Drop
+++ b/Shorewall/Actions/action.A_Drop
@@ -0,0 +1,54 @@
 #
 # Shorewall -- /usr/share/shorewall/action.A_Drop
 #
 # The audited default DROP common rules
 #
 # This action is invoked before a DROP policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special Handling for Auth
 #
 Auth(A_DROP)
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before broadcast Drop.
 #
 A_AllowICMPs	-	-	icmp
 #
 # Don't log broadcasts
 #
 dropBcast(audit)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
 dropInvalid(audit)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(A_DROP)
 A_DropUPnP
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn(audit)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 A_DropDNSrep
--- a/Shorewall/Actions/action.A_REJECT
+++ b/Shorewall/Actions/action.A_REJECT
@@ -1,11 +1,11 @@
 #
-# Shorewall -- /usr/share/shorewall/action.A_REJECT
+# Shorewall -- /usr/share/shorewall/action.A_REJECTWITH
 #
 # A_REJECT Action.
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
@@ -22,9 +22,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# A_REJECT[([<option>])] where <option> is a valid REJECT option.#
+# A_REJECTWITH[([<option>])] where <option> is a valid REJECT option.#
 ###############################################################################
 ?require AUDIT_TARGET
 DEFAULTS -
--- a/Shorewall/Actions/action.A_REJECT!
+++ b/Shorewall/Actions/action.A_REJECT!
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
@@ -22,9 +22,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# A_REJECT[([<option>])] where <option> is a valid REJECT option.#
+# A_REJECTWITH[([<option>])] where <option> is a valid REJECT option.#
 ###############################################################################
 ?require AUDIT_TARGET
 DEFAULTS -
--- a/Shorewall/Actions/action.A_Reject.deprecated
+++ b/Shorewall/Actions/action.A_Reject.deprecated
@@ -0,0 +1,51 @@
 #
 # Shorewall -- /usr/share/shorewall/action.A_Reject
 #
 # The audited default REJECT action common rules
 #
 # This action is invoked before a REJECT policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #
 COUNT
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before broadcast Drop.
 #
 A_AllowICMPs	-	-	icmp
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 dropBcast(audit)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 dropInvalid(audit)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(A_REJECT)
 A_DropUPnP
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn(audit)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 A_DropDNSrep
--- a/Shorewall/Actions/action.AllowICMPs
+++ b/Shorewall/Actions/action.AllowICMPs
@@ -1,44 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.AllowICMPs
 #
 # This action ACCEPTs needed ICMP types.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 DEFAULTS ACCEPT
 ?if __IPV4
    @1	-	-	icmp	fragmentation-needed	{comment="Needed ICMP types"}
    @1	-	-	icmp	time-exceeded		{comment="Needed ICMP types"}
 ?else
 ?COMMENT Needed ICMP types (RFC4890)
    @1	-		-	ipv6-icmp	destination-unreachable
    @1	-		-	ipv6-icmp	packet-too-big
    @1	-		-	ipv6-icmp	time-exceeded
    @1	-		-	ipv6-icmp	parameter-problem
 # The following should have a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	router-solicitation
    @1	-		-	ipv6-icmp	router-advertisement
    @1	-		-	ipv6-icmp	neighbour-solicitation
    @1	-		-	ipv6-icmp	neighbour-advertisement
    @1	-		-	ipv6-icmp	137	# Redirect
    @1	-		-	ipv6-icmp	141	# Inverse neighbour discovery solicitation
    @1	-		-	ipv6-icmp	142	# Inverse neighbour discovery advertisement
 # The following should have a link local source address and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	130	# Listener query
    @1	fe80::/10	-	ipv6-icmp	131	# Listener report
    @1	fe80::/10	-	ipv6-icmp	132	# Listener done
    @1	fe80::/10	-	ipv6-icmp	143	# Listener report v2
 # The following should be received with a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	148	# Certificate path solicitation
    @1	-		-	ipv6-icmp	149	# Certificate path advertisement
 # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	151	# Multicast router advertisement
    @1	fe80::/10	-	ipv6-icmp	152	# Multicast router solicitation
    @1	fe80::/10	-	ipv6-icmp	153	# Multicast router termination
 ?endif
--- a/Shorewall/Actions/action.BLACKLIST
+++ b/Shorewall/Actions/action.BLACKLIST
@@ -1,50 +0,0 @@
 #
 # Shorewall - /usr/share/shorewall/action.BLACKLIST
 #
 # This action:
 #
 #   - Adds the sender to the dynamic blacklist ipset
 #   - Optionally acts on the packet (default is DROP)
 #
 # Parameters:
 #
 # 1 - Action to take after adding the packet. Default is DROP.
 #     Pass -- if you don't want to take any action.
 # 2 - Timeout for ipset entry. Default is the timeout specified in
 #     DYNAMIC_BLACKLIST or the one specified when the ipset was created.
 #
 ###############################################################################
 # Note -- This action is defined with the 'section' option, so the first
 #         parameter is always the section name. That means that in the
 #         following text, the first parameter passed in the rule is actually
 #         @2.
 ###############################################################################
 ?if $1 eq 'BLACKLIST'
   ?if $BLACKLIST_LOG_LEVEL
       blacklog
   ?else
       $BLACKLIST_DISPOSITION
   ?endif
 ?else
   ?if ! "$SW_DBL_IPSET"
   ?   error The BLACKLIST action may only be used with ipset-based dynamic blacklisting
   ?endif
   DEFAULTS -,DROP,-
   #
   # Add to the blacklist
   #
   ?if passed(@3)
       ADD($SW_DBL_IPSET:src:@3)
   ?elsif $SW_DBL_TIMEOUT
       ADD($SW_DBL_IPSET:src:$SW_DBL_TIMEOUT)
   ?else
       ADD($SW_DBL_IPSET:src)
   ?endif
   #
   # Dispose of the packet if asked
   #
   ?if passed(@2)
      @2
   ?endif
 ?endif
--- a/Shorewall/Actions/action.Broadcast
+++ b/Shorewall/Actions/action.Broadcast
@@ -3,7 +3,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
@@ -20,7 +20,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# Broadcast[([<action>|[,{audit|-}])]
+# Broadcast[([<action>|-[,{audit|-}])]
 #
 # Default action is DROP
 #
@@ -29,37 +29,31 @@
 DEFAULTS DROP,-
 ?if __ADDRTYPE
-    @1	-	-	-	;; -m addrtype --dst-type BROADCAST
+@1	-	-	-	;; -m addrtype --dst-type BROADCAST
-    @1	-	-	-	;; -m addrtype --dst-type ANYCAST
+@1	-	-	-	;; -m addrtype --dst-type MULTICAST
@1	-	-	-	;; -m addrtype --dst-type ANYCAST
 ?else
-    ?begin perl;
+?begin perl;
-    use strict;
+use Shorewall::IPAddrs;
-    use Shorewall::IPAddrs;
+use Shorewall::Config;
-    use Shorewall::Config;
+use Shorewall::Chains;
    use Shorewall::Chains;
-    my ( $action, $audit ) = get_action_params( 2 );
+my ( $action )         = get_action_params( 1 );
-    my $chainref           = get_action_chain;
+my $chainref           = get_action_chain;
-    my ( $level, $tag )    = get_action_logging;
+my ( $level, $tag )    = get_action_logging;
-    fatal_error "Invalid parameter to action Broadcast" if supplied $audit && $audit ne 'audit';
+add_commands $chainref, 'for address in $ALL_BCASTS; do';
 incr_cmd_level $chainref;
 log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d $address ' if $level ne '';
 add_jump $chainref, $action, 0, "-d \$address ";
 decr_cmd_level $chainref;
 add_commands $chainref, 'done';
-    my $target             = require_audit ( $action , $audit );
+log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
 add_jump $chainref, $action, 0, '-d 224.0.0.0/4 ';
-    if ( $family == F_IPV4 ) {
+1;
        add_commands $chainref, 'for address in $ALL_BCASTS; do';
    } elsif ($family == F_IPV6 ) {
        add_commands $chainref, 'for address in $ALL_ACASTS; do';
    }
-    incr_cmd_level $chainref;
+?end perl;
    log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d $address ' if $level ne '';
    add_jump $chainref, $target, 0, "-d \$address ";
    decr_cmd_level $chainref;
    add_commands $chainref, 'done';
    1;
    ?end perl;
 ?endif
--- a/Shorewall/Actions/action.DNSAmp
+++ b/Shorewall/Actions/action.DNSAmp
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.Drop
+++ b/Shorewall/Actions/action.Drop
@@ -0,0 +1,82 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Drop
 #
 # The default DROP common rules
 #
 # This action is invoked before a DROP policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # The action accepts six optional parameters:
 #
 # 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
 #     actions.
 # 2 - Action to take with Auth requests. Default is to do nothing special
 #     with them.
 # 3 - Action to take with SMB requests. Default is DROP or A_DROP,
 #     depending on the setting of the first parameter.
 # 4 - Action to take with required ICMP packets. Default is ACCEPT or
 #     A_ACCEPT depending on the first parameter.
 # 5 - Action to take with late UDP replies (UDP source port 53). Default
 #     is DROP or A_DROP depending on the first parameter.
 # 6 - Action to take with UPnP packets. Default is DROP or A_DROP
 #     depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
 ###############################################################################
 ?if passed(@1)
    ?if @1 eq 'audit'
 DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP,A_DROP
    ?else
        ?error The first parameter to Drop must be 'audit' or '-'
    ?endif
 ?else
 DEFAULTS -,-,DROP,ACCEPT,DROP,DROP
 ?endif
 #ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special Handling for Auth
 #
 ?if passed(@2)
 Auth(@2)
 ?endif
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before silent broadcast Drop.
 #
 AllowICMPs(@4)	-	-	icmp
 #
 # Don't log broadcasts
 #
 Broadcast(DROP,@1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
 Invalid(DROP,@1)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(@3)
 DropUPnP(@6)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 NotSyn(DROP,@1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DropDNSrep(@5)
--- a/Shorewall/Actions/action.DropDNSrep
+++ b/Shorewall/Actions/action.DropDNSrep
@@ -1,10 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.DropDNSrep
 #
 # This macro silently drops DNS UDP replies that are in the New state
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 DEFAULTS DROP
@1	-	-	udp	-	53 { comment="Late DNS Replies" }
--- a/Shorewall/Actions/action.Established
+++ b/Shorewall/Actions/action.Established
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.FIN
+++ b/Shorewall/Actions/action.FIN
@@ -1,33 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.FIN
 #
 # FIN Action
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # FIN[([<action>])]
 #
 # Default action is ACCEPT
 #
 ###############################################################################
 DEFAULTS ACCEPT,-
@1	 -	-	;;+ -p 6 --tcp-flags ACK,FIN ACK,FIN
--- a/Shorewall/Actions/action.GlusterFS
+++ b/Shorewall/Actions/action.GlusterFS
@@ -13,9 +13,9 @@
 DEFAULTS 2,0
 ?if @1 !~ /^\d+/ || ! @1 || @1 > 1024
-    ?error Invalid value (@1) for the GlusterFS Bricks argument
+    ?error Invalid value for Bricks (@1)
 ?elsif @2 !~ /^[01]$/
-    ?error Invalid value (@2) for the GlusterFS IB argument
+    ?error Invalid value for IB (@2)
 ?endif
 #ACTION		SOURCE		DEST		PROTO	DPORT
--- a/Shorewall/Actions/action.IfEvent
+++ b/Shorewall/Actions/action.IfEvent
@@ -107,11 +107,6 @@ if ( $command & $REAP_OPT ) {
 $duration .= '--rttl ' if $command & $TTL_OPT;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "-m recent --rcheck ${duration}--hitcount $hitcount" );
    $action = 'ACCEPT';
 }
 if ( $command & $RESET_CMD ) {
    require_capability 'MARK_ANYWHERE', '"reset"', 's';
@@ -135,7 +130,7 @@ if ( $command & $RESET_CMD ) {
    #
    # if the event is armed, remove it and perform the action
    #
-    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event $srcdst" );
+    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event" );
 } elsif ( $command & $UPDATE_CMD ) {
    perl_action_helper( $action, "-m recent --update ${duration}--hitcount $hitcount --name $event $srcdst" );
 } else {
--- a/Shorewall/Actions/action.Invalid
+++ b/Shorewall/Actions/action.Invalid
@@ -4,7 +4,7 @@
 # Invalid Action
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.Limit
+++ b/Shorewall/Actions/action.Limit
@@ -1,70 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Limit
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Limit(<recent-set>,<num-connections>,<timeout>)
 #
 ###############################################################################
 DEFAULTS -,-,-
 ?begin perl
 use strict;
 use Shorewall::Config;
 use Shorewall::Chains;
 my $chainref        = get_action_chain;
 my @param           = get_action_params(3);
 my ( $level, $tag ) = get_action_logging;
@param = split( ',', $tag ), $tag = $param[0] unless supplied( join '', @param );
 fatal_error 'Limit rules must include <set name>,<max connections>,<interval> as the log tag or as parameters' unless @param == 3;
 my $set   = $param[0];
 for ( @param[1,2] ) {
    fatal_error 'Max connections and interval in Limit rules must be numeric (' . join( ':', 'Limit', $level eq '' ? 'none' : $level, $tag ) . ')' unless /^\d+$/
 }
 my $count = $param[1] + 1;
 require_capability( 'RECENT_MATCH' , 'Limit rules' , '' );
 warning_message "The Limit action is deprecated in favor of per-IP rate limiting using the RATE LIMIT column";
 add_irule $chainref, recent => "--name $set --set";
 if ( $level ne '' ) {
    my $xchainref = new_chain 'filter' , "$chainref->{name}%";
    log_irule_limit( $level, $xchainref, '', 'DROP', [], $tag, 'add' , '' );
    add_ijump $xchainref, j => 'DROP';
    add_ijump $chainref,  j => $xchainref, recent => "--name $set --update --seconds $param[2] --hitcount $count";
 } else {
    add_ijump $chainref, j => 'DROP', recent => "--update --name $set --seconds $param[2] --hitcount $count";
 }
 add_ijump $chainref, j => 'ACCEPT';
 1;
 ?end perl
--- a/Shorewall/Actions/action.Multicast
+++ b/Shorewall/Actions/action.Multicast
@@ -1,56 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Multicast
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Multicast[([<action>|-[,{audit|-}])]
 #
 # Default action is DROP
 #
 ###############################################################################
 DEFAULTS DROP,-
 ?if __ADDRTYPE
    @1	-	-	-	;; -m addrtype --dst-type MULTICAST
 ?else
    ?begin perl;
    use strict;
    use Shorewall::IPAddrs;
    use Shorewall::Config;
    use Shorewall::Chains;
    my ( $action, $audit ) = get_action_params( 2 );
    my $chainref           = get_action_chain;
    my ( $level, $tag )    = get_action_logging;
    fatal_error "Invalid parameter to action Multicast" if supplied $audit && $audit ne 'audit';
    my $target = require_audit ( $action , $audit );
    my $dest   = ( $family == F_IPV4 ) ? join( ' ', '-d', IPv4_MULTICAST . ' ' ) : join( ' ', '-d', IPv6_MULTICAST . ' ' );
    log_rule_limit( $level, $chainref, 'Multicast' , $action, '', $tag, 'add', $dest ) if $level ne '';
    add_jump $chainref, $target, 0, $dest;
    1;
    ?end perl;
 ?endif
--- a/Shorewall/Actions/action.New
+++ b/Shorewall/Actions/action.New
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.NotSyn
+++ b/Shorewall/Actions/action.NotSyn
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.RST
+++ b/Shorewall/Actions/action.RST
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.Reject
+++ b/Shorewall/Actions/action.Reject
@@ -0,0 +1,83 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Reject
 #
 # The default REJECT action common rules
 #
 # This action is invoked before a REJECT policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # The action accepts six optional parameters:
 #
 # 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
 #     actions.
 # 2 - Action to take with Auth requests. Default is to do nothing
 #     special with them.
 # 3 - Action to take with SMB requests. Default is REJECT or A_REJECT,
 #     depending on the setting of the first parameter.
 # 4 - Action to take with required ICMP packets. Default is ACCEPT or
 #     A_ACCEPT depending on the first parameter.
 # 5 - Action to take with late UDP replies (UDP source port 53). Default
 #     is DROP or A_DROP depending on the first parameter.
 # 6 - Action to take with UPnP packets. Default is DROP or A_DROP
 #     depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
 ?if passed(@1)
    ?if @1 eq 'audit'
 DEFAULTS -,-,A_REJECT,A_ACCEPT,A_DROP,A_DROP
    ?else
 	?error The first parameter to Reject must be 'audit' or '-'
    ?endif
 ?else
 DEFAULTS -,-,REJECT,ACCEPT,DROP,DROP
 ?endif
 #ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special handling for Auth
 #
 ?if passed(@2)
 Auth(@2)
 ?endif
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before silent broadcast Drop.
 #
 AllowICMPs(@4)	-	-	icmp
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 Broadcast(DROP,@1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 Invalid(DROP,@1)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(@3)
 DropUPnP(@6)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 NotSyn(DROP,@1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DropDNSrep(@5)
--- a/Shorewall/Actions/action.Related
+++ b/Shorewall/Actions/action.Related
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.ResetEvent
+++ b/Shorewall/Actions/action.ResetEvent
@@ -41,11 +41,6 @@ fatal_error "Invalid Src or Dest ($destination)" unless $destination =~ /^(?:src
 set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "" );
    $action = 'ACCEPT';
 }
 if ( $destination eq 'dst' ) {
    perl_action_helper( $action, '', '', "-m recent --name $event --remove --rdest" );
 } else {
--- a/Shorewall/Actions/action.SetEvent
+++ b/Shorewall/Actions/action.SetEvent
@@ -37,11 +37,6 @@ fatal_error "Invalid Src or Dest ($destination)" unless $destination =~ /^(?:src
 set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "" );
    $action = 'ACCEPT';
 }
 if ( $destination eq 'dst' ) {
    perl_action_helper( $action, '', '', "-m recent --name $event --set --rdest" );
 } else {
--- a/Shorewall/Actions/action.TCPFlags
+++ b/Shorewall/Actions/action.TCPFlags
@@ -26,4 +26,4 @@ $tcpflags_action	-	-	;;+ -p 6 --tcp-flags ALL FIN,URG,PSH
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags ALL NONE
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags SYN,RST SYN,RST
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags SYN,FIN SYN,FIN
-$tcpflags_action	-	-	;;+ -p 6 --syn --sport 0
+$tcpflags_action	-	-	;;+ -p tcp --syn --sport 0
--- a/Shorewall/Actions/action.Untracked
+++ b/Shorewall/Actions/action.Untracked
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.allowBcast
+++ b/Shorewall/Actions/action.allowBcast
@@ -1,38 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.allowBcast
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # allowBcast[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Broadcast(A_ACCEPT)
    ?else
 	?error "Invalid argument (@1) to allowBcast"
    ?endif
 ?else
    Broadcast(ACCEPT)
 ?endif
--- a/Shorewall/Actions/action.allowInvalid
+++ b/Shorewall/Actions/action.allowInvalid
@@ -3,7 +3,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.allowMcast
+++ b/Shorewall/Actions/action.allowMcast
@@ -1,38 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.allowMcast
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # allowMcast[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Multicast(A_ACCEPT)
    ?else
 	?error "Invalid argument (@1) to allowMcast"
    ?endif
 ?else
    Multicast(ACCEPT)
 ?endif
--- a/Shorewall/Actions/action.allowinUPnP
+++ b/Shorewall/Actions/action.allowinUPnP
@@ -1,40 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.allowinUPnP
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # allowinUPnP[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	A_ACCEPT - - 17 1900
 	A_ACCEPT - -  6 49152
    ?else
 	?error "Invalid argument (@1) to allowinUPnP"
    ?endif
 ?else
    ACCEPT - - 17 1900
    ACCEPT - -	6 49152
 ?endif
--- a/Shorewall/Actions/action.dropBcast
+++ b/Shorewall/Actions/action.dropBcast
@@ -1,39 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.dropBcast
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # dropBcast[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Broadcast(A_DROP)
    ?else
 	?error "Invalid argument (@1) to dropBcast"
    ?endif
 ?else
    Broadcast(DROP)
 ?endif
--- a/Shorewall/Actions/action.dropBcasts
+++ b/Shorewall/Actions/action.dropBcasts
@@ -1,39 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.dropBcasts
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # dropBcasts[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Broadcast(A_DROP)
    ?else
 	?error "Invalid argument (@1) to dropBcasts"
    ?endif
 ?else
    Broadcast(DROP)
 ?endif
--- a/Shorewall/Actions/action.dropInvalid
+++ b/Shorewall/Actions/action.dropInvalid
@@ -5,7 +5,7 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
--- a/Shorewall/Actions/action.dropMcast
+++ b/Shorewall/Actions/action.dropMcast
@@ -1,38 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.dropMcast
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # dropMcast[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Multicast(A_DROP)
    ?else
 	?error "Invalid argument (@1) to dropMcast"
    ?endif
 ?else
    Multicast(DROP)
 ?endif
--- a/Shorewall/Actions/action.dropNotSyn
+++ b/Shorewall/Actions/action.dropNotSyn
@@ -1,38 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.dropNotSyn
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # dropNotSyn[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	A_DROP {proto=6:!syn}
    ?else
 	?error "Invalid argument (@1) to dropNotSyn"
    ?endif
 ?else
    DROP {proto=6:!syn}
 ?endif
--- a/Shorewall/Actions/action.forwardUPnP
+++ b/Shorewall/Actions/action.forwardUPnP
@@ -1,43 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.forwardUPnP
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # forwardUPnP
 #
 ###############################################################################
 DEFAULTS -
 ?begin perl
 use strict;
 use Shorewall::Config;
 use Shorewall::Chains;
 my $chainref = get_action_chain;
 set_optflags( $chainref, DONT_OPTIMIZE );
 add_commands( $chainref , '[ -f ${VARDIR}/.forwardUPnP ] && cat ${VARDIR}/.forwardUPnP >&3' );
 1;
 ?end perl
--- a/Shorewall/Actions/action.rejNotSyn
+++ b/Shorewall/Actions/action.rejNotSyn
@@ -1,39 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.rejNotSyn
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # rejNotSyn[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	A_REJECT {proto=6:!syn}
    ?else
 	?error "Invalid argument (@1) to rejNotSyn"
    ?endif
 ?else
    REJECT(tcp-reset) {proto=6:!syn}
 ?endif
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -0,0 +1,13 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
 # This macro ACCEPTs needed ICMP types.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 ?COMMENT Needed ICMP types
 DEFAULT ACCEPT
 PARAM	-	-	icmp	fragmentation-needed
 PARAM	-	-	icmp	time-exceeded
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -0,0 +1,13 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.blacklist
 #
 # This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else
 $BLACKLIST_DISPOSITION
 ?endif
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -0,0 +1,49 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Drop
 #
 # This macro generates the same rules as the Drop default action
 # It is used in place of action.Drop when USE_ACTIONS=No.
 #
 # Example:
 #
 #	Drop	net	all
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' DROP
 #
 DROP	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 dropBcast
 #
 # ACCEPT critical ICMP types
 #
 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 dropInvalid
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
 DROP	-	-	udp	135,445
 DROP	-	-	udp	137:139
 DROP	-	-	udp	1024:	137
 DROP	-	-	tcp	135,139,445
 DROP	-	-	udp	1900
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -0,0 +1,12 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
 # This macro silently drops DNS UDP replies
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 ?COMMENT Late DNS Replies
 DEFAULT DROP
 PARAM	-	-	udp	-	53
--- a/Shorewall/Macros/macro.FreeIPA
+++ b/Shorewall/Macros/macro.FreeIPA
@@ -1,16 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.FreeIPA
 #
 # This macro handles FreeIPA server traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 DNS
 HTTP
 HTTPS
 Kerberos
 Kpasswd
 LDAP
 LDAPS
 NTP
--- a/Shorewall/Macros/macro.IPFS-API
+++ b/Shorewall/Macros/macro.IPFS-API
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-API
 #
 # This macro handles IPFS API port (commands for the IPFS daemon).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     5001
--- a/Shorewall/Macros/macro.IPFS-gateway
+++ b/Shorewall/Macros/macro.IPFS-gateway
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-gateway
 #
 # This macro handles the IPFS gateway to HTTP.
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     8080
--- a/Shorewall/Macros/macro.IPFS-swarm
+++ b/Shorewall/Macros/macro.IPFS-swarm
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-swarm
 #
 # This macro handles IPFS data traffic (the connection to IPFS swarm).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     4001
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -11,20 +11,13 @@
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	udp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
-PARAM	-	-	tcp	5120,5122,5123	# CD,FD,HD (Asus, Aten)
+PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
 PARAM	-	-	tcp	5900,5901	# Remote Console (Aten, Dell)
 PARAM	-	-	tcp	7578		# Remote Console (AMI)
-PARAM	-	-	tcp	8889		# WS-MAN
+PARAM	-	-	udp	623		# RMCP
 HTTP
 Telnet
 SNMP
 # TLS/secure ports
 PARAM	-	-	tcp	3520		# Remote Console (Redfish)
 PARAM	-	-	tcp	3669		# Virtual Media (Dell)
 PARAM	-	-	tcp	5124,5126,5127	# CD,FD,HD (AMI)
 PARAM	-	-	tcp	7582		# Remote Console (AMI)
 HTTPS
 SNMP
 SSH						# Serial over Lan
 Telnet
--- a/Shorewall/Macros/macro.Kpasswd
+++ b/Shorewall/Macros/macro.Kpasswd
@@ -1,10 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Kpasswd
 #
 # This macro handles Kerberos "passwd" traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	464
 PARAM	-	-	udp	464
--- a/Shorewall/Macros/macro.RDP
+++ b/Shorewall/Macros/macro.RDP
@@ -6,5 +6,4 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	udp	3389
 PARAM	-	-	tcp	3389
--- a/Shorewall/Macros/macro.RedisSecure
+++ b/Shorewall/Macros/macro.RedisSecure
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.RedisSecure
 #
 # This macro handles Redis Secure (SSL/TLS) traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	6380
--- a/Shorewall/Macros/macro.Reject
+++ b/Shorewall/Macros/macro.Reject
@@ -0,0 +1,49 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Reject
 #
 # This macro generates the same rules as the Reject default action
 # It is used in place of action.Reject when USE_ACTIONS=No.
 #
 # Example:
 #
 #	Reject	loc	fw
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' REJECT
 #
 REJECT	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 dropBcast
 #
 # ACCEPT critical ICMP types
 #
 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 dropInvalid
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
 REJECT	-	-	udp	135,445
 REJECT	-	-	udp	137:139
 REJECT	-	-	udp	1024:	137
 REJECT	-	-	tcp	135,139,445
 DROP	-	-	udp	1900
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DROP	-	-	udp	-	53
--- a/Shorewall/Macros/macro.Rwhois
+++ b/Shorewall/Macros/macro.Rwhois
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Rwhois
 #
 # This macro handles Remote Who Is (rwhois) traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	4321
--- a/Shorewall/Macros/macro.SNMPTrap.deprecated
+++ b/Shorewall/Macros/macro.SNMPTrap.deprecated
@@ -1,9 +1,9 @@
 #
-# Shorewall -- /usr/share/shorewall/macro.Apcupsd
+# Shorewall - /usr/share/shorewall/macro.SNMPtrap
 #
-# This macro handles apcupsd traffic.
+# This macro deprecated by SNMPtrap.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-PARAM	-	-	tcp	3551
+SNMPtrap
--- a/Shorewall/Macros/macro.SSDP
+++ b/Shorewall/Macros/macro.SSDP
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.SSDP
 #
 # This macro handles SSDP (used by DLNA/UPnP) client traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	udp	1900
--- a/Shorewall/Macros/macro.SSDPserver
+++ b/Shorewall/Macros/macro.SSDPserver
@@ -1,10 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.SSDPserver
 #
 # This macro handles SSDP (used by DLNA/UPnP) server bidirectional traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	udp	1900
 PARAM	DEST	SOURCE	udp	-	1900
--- a/Shorewall/Makefile-lite
+++ b/Shorewall/Makefile-lite
@@ -0,0 +1,82 @@
 #     Shorewall Packet Filtering Firewall Export Directory Makefile - V4.2
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 #     (c) 2006 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
 #	as published by the Free Software Foundation.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
 #	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 ################################################################################
 # Place this file in each export directory. Modify each copy to set HOST
 # to the name of the remote firewall corresponding to the directory.
 #
 #	To make the 'firewall' script, type "make".
 #
 #	Once the script is compiling correctly, you can install it by
 #	typing "make install".
 #
 ################################################################################
 #                             V A R I A B L E S
 #
 # Files in the export directory on which the firewall script does not depend
 #
 IGNOREFILES =  firewall% Makefile% trace% %~
 #
 # Remote Firewall system
 #
 HOST = gateway
 #
 # Save some typing
 #
 LITEDIR = /var/lib/shorewall-lite
 #
 # Set this if the remote system has a non-standard modules directory
 #
 MODULESDIR=
 #
 # Default target is the firewall script
 #
 ################################################################################
 #                                T A R G E T S
 #
 all: firewall
 #
 # Only generate the capabilities file if it doesn't already exist
 #
 capabilities:
 	ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
 	scp root@$(HOST):$(LITEDIR)/capabilities .
 #
 # Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that
 # 'filter-out' will be presented with the list of files in this directory rather than "*"
 #
 firewall: $(filter-out $(IGNOREFILES) capabilities , $(wildcard *) ) capabilities
 	shorewall compile -e . firewall
 #
 # Only reload on demand.
 #
 install: firewall
 	scp firewall firewall.conf root@$(HOST):$(LITEDIR)
 	ssh root@$(HOST) "/sbin/shorewall-lite restart"
 #
 # Save running configuration
 #
 save:
 	ssh root@$(HOST) "/sbin/shorewall-lite save"
 #
 # Remove generated files
 #
 clean:
 	rm -f capabilities firewall firewall.conf reload
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -1,5 +1,5 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/Shorewall/ARP.pm
+# Shorewall 5.0 -- /usr/share/shorewall/Shorewall/ARP.pm
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/Shorewall/Accounting.pm
+# Shorewall 5.0 -- /usr/share/shorewall/Shorewall/Accounting.pm
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2007-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2007-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Complete documentation is available at http://shorewall.net
 #
@@ -195,7 +195,7 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
    $ports  = ''    if $ports  eq 'any' || $ports  eq 'all';
    $sports = ''    if $sports eq 'any' || $sports eq 'all';
-    fatal_error "USER/GROUP may only be specified in the OUTPUT section" unless $user eq '-' || $asection == OUTPUT_SECTION;
+    fatal_error "USER/GROUP may only be specified in the OUTPUT section" unless $user eq '-' || $asection == OUTPUT;
    my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark, $globals{TC_MASK} ) . do_headers( $headers );
    my $prerule = '';
@@ -266,7 +266,7 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
    if ( $source eq 'any' || $source eq 'all' ) {
        $source = ALLIP;
    } else {
-	fatal_error "MAC addresses only allowed in the INPUT and FORWARD sections" if $source =~ /~/ && ( $asection == OUTPUT_SECTION || ! $asection );
+	fatal_error "MAC addresses only allowed in the INPUT and FORWARD sections" if $source =~ /~/ && ( $asection == OUTPUT || ! $asection );
    }
    if ( have_bridges && ! $asection ) {
@@ -282,7 +282,7 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
 	    if ( $dest eq 'any' || $dest eq 'all' || $dest eq ALLIP ) {
 		expand_rule(
-			    ensure_chain ( $config{ACCOUNTING_TABLE}, 'accountout' ) ,
+			    ensure_rules_chain ( 'accountout' ) ,
 			    OUTPUT_RESTRICT ,
 			    $prerule ,
 			    $rule ,
@@ -519,9 +519,9 @@ sub setup_accounting() {
 		while ( $chainswithjumps && $progress ) {
 		    $progress = 0;
-		    for my $chain1 ( keys %accountingjumps ) {
+		    for my $chain1 ( sort  keys %accountingjumps ) {
 			if ( keys %{$accountingjumps{$chain1}} ) {
-			    for my $chain2 ( keys %{$accountingjumps{$chain1}} ) {
+			    for my $chain2 ( sort keys %{$accountingjumps{$chain1}} ) {
 				delete $accountingjumps{$chain1}{$chain2}, $progress = 1 unless $accountingjumps{$chain2};
 			    }
 			} else {
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -4,7 +4,7 @@
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2007-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2007-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -59,7 +59,7 @@ our $have_arptables;
 # Initilize the package-globals in the other modules
 #
 sub initialize_package_globals( $$$ ) {
-    Shorewall::Config::initialize($family, $export, $_[1], $_[2]);
+    Shorewall::Config::initialize($family, $_[1], $_[2]);
    Shorewall::Chains::initialize ($family, 1, $export );
    Shorewall::Zones::initialize ($family, $_[0]);
    Shorewall::Nat::initialize($family);
@@ -93,23 +93,24 @@ sub generate_script_1( $ ) {
 	    my $date = compiletime;
 	    emit "#!$config{SHOREWALL_SHELL}\n#\n# Compiled firewall script generated by Shorewall $globals{VERSION} - $date\n#";
 	    copy  $globals{SHAREDIRPL} . '/lib.runtime', 0;
 	    copy2 $globals{SHAREDIRPL} . '/lib.common' , $debug;
 	}
 	copy  $globals{SHAREDIRPL} . '/lib.runtime', 0;
 	copy2 $globals{SHAREDIRPL} . '/lib.common' , $debug;
    }
    my $lib = find_file 'lib.private';
    copy2( $lib, $debug ) if -f $lib;
-    emithd<<'EOF';
+    emit <<'EOF';
 ################################################################################
 # Functions to execute the various user exits (extension scripts)
 ################################################################################
 EOF
-    for my $exit ( qw/init start tcclear started stop stopped clear restored enabled disabled/ ) {
+    for my $exit ( qw/init start tcclear started stop stopped clear refresh refreshed restored/ ) {
 	emit "\nrun_${exit}_exit() {";
 	push_indent;
 	append_file $exit or emit 'true';
@@ -125,7 +126,7 @@ EOF
 	emit '}';
    }
-    emithd <<'EOF';
+    emit <<'EOF';
 ################################################################################
 # End user exit functions
 ################################################################################
@@ -209,8 +210,6 @@ sub generate_script_2() {
    emit (   '[ -f ${g_confdir}/vardir ] && . ${g_confdir}/vardir' );
    emit ( qq([ -n "\${VARDIR:=$shorewallrc1{VARDIR}}" ]) );
    emit ( qq([ -n "\${VARLIB:=$shorewallrc1{VARLIB}}" ]) );
    emit ( qq([ -n "\${CONFDIR:=$shorewallrc1{CONFDIR}}" ]) );
    emit ( qq([ -n "\${SHAREDIR:=$shorewallrc1{SHAREDIR}}" ]) );
    emit 'TEMPFILE=';
@@ -268,13 +267,13 @@ sub generate_script_2() {
 	emit( '',
 	      'chain_exists DOCKER nat && chain_exists DOCKER && g_docker=Yes',
 	    );
-	emit( 'chain_exists DOCKER-INGRESS   && g_dockeringress=Yes' );
+	emit( 'chain_exists DOCKER-ISOLATION && g_dockernetwork=Yes]' );
-	emit( 'chain_exists DOCKER-ISOLATION && g_dockernetwork=Yes' );
+	emit( '' );
    }
    pop_indent;
-    emit "}\n"; # End of initialize()
+    emit "\n}\n"; # End of initialize()
    emit( '' ,
 	  '#' ,
@@ -311,9 +310,10 @@ sub generate_script_2() {
 	    push_indent;
 	    if ( $global_variables == ( ALL_COMMANDS | NOT_RESTORE ) ) {
-		verify_required_interfaces(0);
+
 		set_global_variables(0, 0);
-		handle_optional_interfaces;
+
 		handle_optional_interfaces(0);
 	    }
 	    emit ';;';
@@ -325,19 +325,19 @@ sub generate_script_2() {
 	    push_indent;
 	}
 	verify_required_interfaces(1);
 	set_global_variables(1,1);
 	handle_optional_interfaces;
 	if ( $global_variables & NOT_RESTORE ) {
 	    handle_optional_interfaces(1);
 	    emit ';;';
 	    pop_indent;
 	    pop_indent;
 	    emit ( 'esac' );
 	} else {
 	    handle_optional_interfaces(1);
 	}
    } else {
-	verify_required_interfaces(1);
+	emit( 'true' ) unless handle_optional_interfaces(1);
 	emit( 'true' ) unless handle_optional_interfaces;
    }
    pop_indent;
@@ -356,7 +356,7 @@ sub generate_script_2() {
 #    Note: This function is not called when $command eq 'check'. So it must have no side effects other
 #          than those related to writing to the output script file.
 #
-sub generate_script_3() {
+sub generate_script_3($) {
    if ( $family == F_IPV4 ) {
 	progress_message2 "Creating iptables-restore input...";
@@ -366,6 +366,7 @@ sub generate_script_3() {
    create_netfilter_load( $test );
    create_arptables_load( $test ) if $have_arptables;
    create_chainlist_reload( $_[0] );
    create_save_ipsets;
    create_load_ipsets;
@@ -397,10 +398,16 @@ sub generate_script_3() {
 	emit 'load_kernel_modules Yes';
    }
-    emit( '' ,
+    emit '';
-	  'run_init_exit',
+
-	  '' ,
+    emit ( 'if [ "$COMMAND" = refresh ]; then' ,
-	  'load_ipsets' ,
+	   '   run_refresh_exit' ,
 	   'else' ,
 	   '    run_init_exit',
 	   'fi',
 	   '' );
    emit( 'load_ipsets' ,
 	  '' );
    create_nfobjects;
@@ -458,6 +465,11 @@ sub generate_script_3() {
    dump_proxy_arp;
    emit_unindented '__EOF__';
    emit( '',
 	  'if [ "$COMMAND" != refresh ]; then' );
    push_indent;
    emit 'cat > ${VARDIR}/zones << __EOF__';
    dump_zone_contents;
    emit_unindented '__EOF__';
@@ -470,6 +482,10 @@ sub generate_script_3() {
    dump_mark_layout;
    emit_unindented '__EOF__';
    pop_indent;
    emit "fi\n";
    emit '> ${VARDIR}/nat';
    add_addresses;
@@ -508,12 +524,29 @@ sub generate_script_3() {
    my $config_dir = $globals{CONFIGDIR};
-    emithd <<"EOF";
+    emit<<"EOF";
    set_state Started $config_dir
    run_restored_exit
-else
+elif [ \$COMMAND = refresh ]; then
-    setup_netfilter
+    chainlist_reload
 EOF
    push_indent;
    setup_load_distribution;
    setup_forwarding( $family , 0 );
    pop_indent;
    #
    # Use a parameter list rather than 'here documents' to avoid an extra blank line
    #
    emit( '    run_refreshed_exit',
 	  '    do_iptables -N shorewall' );
    emit( '    do_iptables -A shorewall -m recent --set --name %CURRENTTIME' ) if have_capability 'RECENT_MATCH';
    emit( "    set_state Started $config_dir",
 	  '    [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
 	  'else',
 	  '    setup_netfilter'	);
    push_indent;
    emit 'setup_arptables' if $have_arptables;
    setup_load_distribution;
@@ -538,7 +571,7 @@ EOF
 	  '    run_started_exit',
 	  "fi\n" );
-    emithd<<'EOF';
+    emit<<'EOF';
 date > ${VARDIR}/restarted
 case $COMMAND in
@@ -548,6 +581,9 @@ case $COMMAND in
    reload)
        mylogger kern.info "$g_product reloaded"
        ;;
    refresh)
        mylogger kern.info "$g_product refreshed"
        ;;
    restore)
        mylogger kern.info "$g_product restored"
        ;;
@@ -582,8 +618,8 @@ sub compile_info_command() {
 #
 sub compiler {
-    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $log , $log_verbosity, $preview, $confess , $update , $annotate , $config_path, $shorewallrc                      , $shorewallrc1 ) =
+    my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $config_path, $shorewallrc                      , $shorewallrc1 , $inline ) =
-       ( '',              '',         -1,         '',          0,      '',    -1,             0,        0,         0,        0,        , ''          , '/usr/share/shorewall/shorewallrc', ''            );
+       ( '',              '',         -1,          '',          0,      '',       '',   -1,             0,        0,         0,        0,        , ''          , '/usr/share/shorewall/shorewallrc', ''            , 0 );
    $export         = 0;
    $test           = 0;
@@ -612,6 +648,7 @@ sub compiler {
 		  timestamp     => { store => \$timestamp,     validate => \&validate_boolean   } ,
 		  debug         => { store => \$debug,         validate => \&validate_boolean   } ,
 		  export        => { store => \$export ,       validate => \&validate_boolean   } ,
 		  chains        => { store => \$chains },
 		  log           => { store => \$log },
 		  log_verbosity => { store => \$log_verbosity, validate => \&validate_verbosity } ,
 		  test          => { store => \$test },
@@ -619,6 +656,7 @@ sub compiler {
 		  confess       => { store => \$confess,       validate=> \&validate_boolean    } ,
 		  update        => { store => \$update,        validate=> \&validate_boolean    } ,
 		  annotate      => { store => \$annotate,      validate=> \&validate_boolean    } ,
 		  inline        => { store => \$inline,        validate=> \&validate_boolean    } ,
 		  config_path   => { store => \$config_path } ,
 		  shorewallrc   => { store => \$shorewallrc } ,
 		  shorewallrc1  => { store => \$shorewallrc1 } ,
@@ -652,10 +690,9 @@ sub compiler {
    set_timestamp( $timestamp );
    set_debug( $debug , $confess );
    #
    #                                      S H O R E W A L L R C ,
    #                      S H O R E W A L L . C O N F  A N D  C A P A B I L I T I E S
    #
-    get_configuration( $export , $update , $annotate );
+    get_configuration( $export , $update , $annotate , $inline );
    #
    # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
    # now when shorewall.conf has been processed and the capabilities have been determined.
@@ -757,10 +794,13 @@ sub compiler {
 	emit '}'; # End of setup_common_rules()
    }
    disable_script;
    #
    #                      R O U T I N G _ A N D _ T R A F F I C _ S H A P I N G
    #         (Writes the setup_routing_and_traffic_shaping() function to the compiled script)
    #
    enable_script;
    #
    # Validate the TC files so that the providers will know what interfaces have TC
    #
    my $tcinterfaces = process_tc;
@@ -778,7 +818,7 @@ sub compiler {
    #
    # Setup Masquerade/SNAT
    #
-    setup_snat;
+    setup_snat( $update );
    #
    # Setup Nat
    #
@@ -859,7 +899,7 @@ sub compiler {
 	optimize_level0;
-	if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) {
+	if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1E ) {
 	    progress_message2 'Optimizing Ruleset...';
 	    #
 	    # Optimize Policy Chains
@@ -881,7 +921,7 @@ sub compiler {
 	#                          N E T F I L T E R   L O A D
 	#    (Produces setup_netfilter(), setup_arptables(), chainlist_reload() and define_firewall() )
 	#
-	generate_script_3();
+	generate_script_3( $chains );
 	#
 	# We must reinitialize Shorewall::Chains before generating the iptables-restore input
 	# for stopping the firewall
@@ -905,7 +945,7 @@ sub compiler {
 	#
 	# Copy the footer to the script
 	#
-	copy $globals{SHAREDIRPL} . 'prog.footer';
+	copy $globals{SHAREDIRPL} . 'prog.footer' unless $test;
 	disable_script;
 	#
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
--- a/Show More
+++ b/Show More