Clean up column/value pair editing.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Set $parmsmodified on ?reset
2017-03-22 09:47:48 -07:00 · 2017-03-18 12:39:33 -07:00
473 changed files with 24270 additions and 12707 deletions
--- a/Shorewall-core/INSTALL
+++ b/Shorewall-core/INSTALL
@@ -18,7 +18,7 @@ Shoreline Firewall (Shorewall) Version 5
 ---------------------------------------------------------------------------
-Please see https://shorewall.org/Install.htm for installation
+Please see http://www.shorewall.net/Install.htm for installation
 instructions.
--- a/Shorewall-core/Shorewall-core-targetname
+++ b/Shorewall-core/Shorewall-core-targetname
@@ -1 +0,0 @@
 5.2.4.1
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -1,10 +1,10 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall configuration program - V5.2
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
 #
-#     (c) 2012,2014,2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at https://shorewall.org
+#	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -109,9 +109,6 @@ if [ -z "$vendor" ]; then
 	    opensuse)
 		vendor=suse
 		;;
 	    alt|basealt|altlinux)
 		vendor=alt
 		;;
 	    *)
 		vendor="$ID"
 		;;
@@ -135,8 +132,6 @@ if [ -z "$vendor" ]; then
 	    if [ -f /etc/debian_version ]; then
 		params[HOST]=debian
 		ls -l /sbin/init | fgrep -q systemd &&  rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
 	    elif [ -f /etc/altlinux-release ] ; then
 		params[HOST]=alt
 	    elif [ -f /etc/redhat-release ]; then
 		params[HOST]=redhat
 		rcfile=shorewallrc.redhat
@@ -195,7 +190,7 @@ for p in ${!params[@]}; do
 done
 echo '#'                                                                 > shorewallrc
-echo "# Created by Shorewall Core version $VERSION configure - " `date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}"` >> shorewallrc
+echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc
 echo "# rc file: $rcfile"                                               >> shorewallrc
 echo '#'                                                                >> shorewallrc
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -1,10 +1,10 @@
 #! /usr/bin/perl -w
 #
-#     Shorewall Packet Filtering Firewall configuration program - V5.2
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
 #     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at https://shorewall.org
+#	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -74,8 +74,6 @@ unless ( defined $vendor ) {
 	} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
 	    my $init = `ls -l /sbin/init`;
 	    $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
 	} elsif ( $id eq 'alt' || $id eq 'basealt' || $id eq 'altlinux' ) {
 	    $vendor = 'alt';
 	} else {
 	    $vendor = $id;
 	}
@@ -119,9 +117,6 @@ if ( defined $vendor ) {
 	} else {
 	    $rcfilename = 'shorewallrc.debian.sysvinit';
 	}
    } elsif ( -f '/etc/altlinux-release' ){
 	$vendor = 'alt';
 	$rcfilename = 'shorewallrc.alt';
    } elsif ( -f '/etc/redhat-release' ){
 	$vendor = 'redhat';
 	$rcfilename = 'shorewallrc.redhat';
@@ -178,12 +173,7 @@ my $outfile;
 open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
 if ( $ENV{SOURCE_DATE_EPOCH} ) {
    printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s\n", VERSION, `date  --utc --date=\"\@$ENV{SOURCE_DATE_EPOCH}\"`;
 } else {
 printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
 }
 print $outfile "# rc file: $rcfilename\n#\n";
 print  $outfile "# Input: @ARGV\n#\n" if @ARGV;
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,9 +2,9 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2018 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -172,9 +172,6 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -183,8 +180,6 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/slackware-version ] ; then
@@ -243,7 +238,7 @@ case "$HOST" in
    apple)
 	echo "Installing Mac-specific configuration...";
 	;;
-    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt|alt)
+    debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt)
 	;;
    *)
 	fatal_error "Unknown HOST \"$HOST\""
@@ -340,8 +335,9 @@ for f in lib.* ; do
 done
 if [ $SHAREDIR != /usr/share ]; then
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.base
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
-    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.cli
+    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.core
    eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.cli
 fi
 #
--- a/Shorewall-core/lib.base
+++ b/Shorewall-core/lib.base
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.base
+# Shorewall 5.0 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.cli
+# Shorewall 5.0 -- /usr/share/shorewall/lib.cli.
 #
-#     (c) 1999-2018 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -25,7 +25,7 @@
 # loaded after this one and replaces some of the functions declared here.
 #
-SHOREWALL_CAPVERSION=50200
+SHOREWALL_CAPVERSION=50100
 if [ -z "$g_basedir" ]; then
    #
@@ -47,10 +47,6 @@ startup_error() {
    exit 1
 }
 only_root() {
    [ "$(id -u)" != 0 ] && fatal_error "The '$COMMAND' command may only be run by root"
 }
 #
 # Display a chain if it exists
 #
@@ -87,8 +83,6 @@ showchain() # $1 = name of chain
 #
 validate_restorefile() # $* = label
 {
    [ -n "$RESTOREFILE" ] || RESTOREFILE=restore
    case $RESTOREFILE in
 	*/*)
 	    error_message "ERROR: $@ must specify a simple file name: $RESTOREFILE"
@@ -417,9 +411,9 @@ resolve_arptables() {
 savesets() {
    local supported
-    supported=$(run_it $g_firewall help | fgrep savesets )
+    supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
-    [ -n "$supported" ] && run_it $g_firewall savesets ${g_restorepath}-ipsets 
+    [ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets 
 }
 #
@@ -428,9 +422,9 @@ savesets() {
 savesets1() {
    local supported
-    supported=$(run_it $g_firewall help | fgrep savesets )
+    supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
-    [ -n "$supported" ] && run_it $g_firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"
+    [ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"
 }
 #
@@ -441,9 +435,9 @@ do_save() {
    local arptables
    status=0
-    if [ -f $g_firewall ]; then
+    if [ -f ${VARDIR}/firewall ]; then
 	if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
-	    cp -f $g_firewall $g_restorepath
+	    cp -f ${VARDIR}/firewall $g_restorepath
 	    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
 	    chmod 700 $g_restorepath
 	    chmod 600 ${g_restorepath}-iptables
@@ -455,7 +449,7 @@ do_save() {
 	    status=1
 	fi
    else
-	echo "   ERROR: $g_firewall does not exist" >&2
+	echo "   ERROR: ${VARDIR}/firewall does not exist" >&2
 	status=1
    fi
@@ -640,7 +634,7 @@ show_routing() {
 	ip -$g_family rule list | find_tables | sort -u | while read table; do
 	    heading "Table $table:"
 	    if [ $g_family -eq 6 ]; then
-		ip -6 -o route list table $table | grep -vF cache | sort_routes
+		ip -$g_family -o route list table $table | grep -vF cache | sort_routes
 	    else
 		ip -4 -o route list table $table | sort_routes
 	    fi
@@ -653,7 +647,7 @@ show_routing() {
    else
 	heading "Routing Table"
 	if [ $g_family -eq 6 ]; then
-	    ip -6 -o route list | grep -vF cache | sort_routes
+	    ip -$g_family -o route list | grep -vF cache | sort_routes
 	else
 	    ip -4 -o route list table $table | sort_routes
 	fi
@@ -1143,31 +1137,16 @@ show_a_macro() {
    cat ${directory}/macro.$1
 }
 #
-# Don't dump empty SPD entries or entries from the other address family
+# Don't dump empty SPD entries
 #
-spd_filter() {
+spd_filter()
-    #
+{
-    # af   = Address Family (4 or 6)
+    awk \
-    # afok = Address Family of entry matches af
+    'BEGIN            { skip=0; }; \
-    # p    = print the contents of A (entry is not empty)
+    /^src/            { skip=0; }; \
-    # i    = Number of lines stored in A
+    /^src 0.0.0.0\/0/ { skip=1; }; \
-    #
+    /^src ::\/0/      { skip=1; }; \
-    awk -v af=$g_family \
+                      { if ( skip == 0 ) print; };'
 	'function prnt(A,i,    j) { while ( j < i ) print A[j++]; };\
 \
 	 /^src / { if (p) prnt( A, i );\
 		   afok = 1;\
 		   p	= 0;\
 		   i	= 0;\
 		   if ( af == 4 )\
 		       { if ( /:/ )  afok = 0; }\
 		   else\
 		       { if ( /\./ ) afok = 0; }\
 		 };\
 		 { if ( afok ) A[i++] = $0; };\
 	 /tmpl/	 { p = afok; };\
 \
 	 END	 { if (p) prnt( A, i ); }'
 }
 #
 # Print a heading with leading and trailing black lines
@@ -1180,8 +1159,7 @@ heading() {
 show_ipsec() {
    heading "PFKEY SPD"
-    $IP -s -$g_family xfrm policy | spd_filter
+    $IP -s xfrm policy | spd_filter
    heading "PFKEY SAD"
    $IP -s -$g_family xfrm state | egrep -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
 }
@@ -1191,32 +1169,6 @@ show_ipsec_command() {
    show_ipsec
 }
 show_saves_command() {
    local f
    local fn
    local mtime
    echo "$g_product $SHOREWALL_VERSION Saves at $g_hostname - $(date)"
    echo "Saved snapshots are:"
    echo
    for f in ${VARDIR}/*-iptables; do
 	case $f in
 	    *\**)
 	        ;;
 	    *)
 		fn=$(basename $f)
 		fn=${fn%-iptables}
 		mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' )
 		[ $fn = "$RESTOREFILE" ] && fn="$fn (default)"
 		echo "   $mtime ${fn%-iptables}"
 		;;
 	esac
    done
    echo
 }
 #
 # Show Command Executor
 #
@@ -1235,7 +1187,6 @@ show_command() {
    show_macro() {
 	foo=`grep 'This macro' $macro | sed 's/This macro //'`
 	if [ -n "$foo" ]; then
 	    macro=$(basename $macro)
 	    macro=${macro#*.}
 	    foo=${foo%.*}
 	    if [ ${#macro} -gt 5 ]; then
@@ -1330,47 +1281,37 @@ show_command() {
    [ -n "$g_debugging" ] && set -x
    COMMAND="$COMMAND $1"
    case "$1" in
 	connections)
 	    only_root
 	    eval show_connections $@ $g_pager
 	    ;;
 	nat)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_nat $g_pager
 	    ;;
 	raw)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_raw $g_pager
 	    ;;
 	tos|mangle)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_mangle $g_pager
 	    ;;
 	log)
 	    [ $# -gt 2 ] && too_many_arguments $2
 	    only_root
 	    setup_logread
 	    eval show_log $g_pager
 	    ;;
 	tc)
 	    only_root
 	    [ $# -gt 2 ] && too_many_arguments $2
 	    eval show_tc $@ $g_pager
 	    ;;
 	classifiers|filters)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_classifiers_command $g_pager
 	    ;;
 	zones)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    if [ -f ${VARDIR}/zones ]; then
 		echo "$g_product $SHOREWALL_VERSION Zones at $g_hostname - $(date)"
@@ -1394,7 +1335,6 @@ show_command() {
 	    fi
 	    ;;
 	capabilities)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    determine_capabilities
 	    VERBOSITY=2
@@ -1431,50 +1371,33 @@ show_command() {
 	    fi
 	    ;;
 	chain)
 	    only_root
 	    shift
 	    eval show_chain $@ $g_pager
 	    ;;
 	vardir)
 	    echo $VARDIR;
 	    ;;
        rc)
            shift
 	    [ $# -gt 1 ] && too_many_arguments $2
            if [ -n "$1" -a -d "$1" ]; then
                cat $1/shorewallrc
            elif [ -n "$g_basedir" -a -d "$g_basedir" ]; then
                cat $g_basedir/shorewallrc
            else
                fatal_error "Can not determine the location of the shorewallrc file."
            fi
            ;;
 	policies)
 	    only_root
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_policies $g_pager
 	    ;;
 	ipa)
 	    only_root
 	    [ $g_family -eq 4 ] || fatal_error "'show ipa' is now available in $g_product"
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    eval show_ipa $g_pager
 	    ;;
 	marks)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    echo "$g_product $SHOREWALL_VERSION Mark Layout at $g_hostname - $(date)"
 	    echo
 	    [ -f ${VARDIR}/marks ] && cat ${VARDIR}/marks;
 	    ;;
 	nfacct)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    eval show_nfacct_command $g_pager
 	    ;;
 	arptables)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    resolve_arptables
 	    if [ -n "$arptables" -a -x $arptables ]; then
 		eval show_arptables $g_pager
@@ -1484,7 +1407,6 @@ show_command() {
 	    ;;
 	event)
 	    [ $# -gt 1 ] || too_many_arguments $2
 	    only_root
 	    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
 	    echo
 	    shift
@@ -1492,18 +1414,14 @@ show_command() {
 	    ;;
 	events)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    eval show_events_command $g_pager
 	    ;;
 	bl|blacklists)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    setup_dbl
 	    eval show_blacklists $g_pager
 	    ;;
 	opens)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    echo "$g_product $SHOREWALL_VERSION Temporarily opened connections at $g_hostname - $(date)"
 	    if chain_exists dynamic; then
@@ -1514,13 +1432,8 @@ show_command() {
 	    ;;
 	ipsec)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    only_root
 	    eval show_ipsec_command $g_pager
 	    ;;
 	saves)
 	    [ $# -gt 1 ] && too_many_arguments $2
 	    show_saves_command
 	    ;;
 	*)
 	    case "$PRODUCT" in
 		*-lite)
@@ -1567,8 +1480,6 @@ show_command() {
 		    ;;
 	    esac
 	    only_root
 	    if [ $# -gt 0 ]; then
 		if [ $1 = dynamic -a $# -gt 1 ]; then
 		    shift
@@ -1886,7 +1797,7 @@ do_dump_command() {
    echo
-    qt mywhich ss && ss -${g_family}tunap || { qt mywhich netstat && netstat -tunap; }
+    qt mywhich ss && ss -${g_family}tunap || { qt mywhich netstat && netatat -tunap; }
    if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
@@ -2000,6 +1911,41 @@ show_proc() # $1 = name of a file
    [ -f $1 ] && echo "   $1 = $(cat $1)"
 }
 read_yesno_with_timeout() {
    local timeout
    timeout=${1:-60}
    case $timeout in
 	*s)
 	    ;;
 	*m)
 	    timeout=$((${timeout%m} * 60))
 	    ;;
 	*h)
 	    timeout=$((${timeout%h} * 3600))
 	    ;;
    esac
    read -t $timeout yn 2> /dev/null
    if [ $? -eq 2 ]
    then
 	# read doesn't support timeout
 	test -x /bin/bash || return 2 # bash is not installed so the feature is not available
 	/bin/bash -c "read -t $timeout yn ; if [ \"\$yn\" == \"y\" ] ; then exit 0 ; else exit 1 ; fi" # invoke bash and use its version of read
 	return $?
    else
 	# read supports timeout
 	case "$yn" in
 	    y|Y)
 		return 0
 		;;
 	    *)
 		return 1
 		;;
 	esac
    fi
 }
 #
 # Create the appropriate -q option to pass onward
 #
@@ -2583,21 +2529,15 @@ hits_command() {
    fi
 }
 #
 # Issue an error message and terminate if the firewall isn't started
 #
 require_started() {
    if ! product_is_started; then
 	error_message "ERROR: $g_product is not started"
 	exit 2
    fi
 }
 #
 # 'allow' command executor
 #
 allow_command() {
    [ -n "$g_debugging" ] && set -x
    [ $# -eq 1 ] && missing_argument
    if product_is_started ; then
 	local allowed
 	local which
 	which='-s'
@@ -2605,10 +2545,8 @@ allow_command() {
 	range='--src-range'
 	local dynexists
    [ -n "$g_debugging" ] && set -x
    [ $# -eq 1 ] && missing_argument
 	if [ -n "$g_blacklistipset" ]; then
 	    case ${IPSET:=ipset} in
 		*/*)
 		    if [ ! -x "$IPSET" ]; then
@@ -2625,7 +2563,6 @@ allow_command() {
 	if chain_exists dynamic; then
 	    dynexists=Yes
 	elif [ -z "$g_blacklistipset" ]; then
 	require_started
 	    fatal_error "Dynamic blacklisting is not enabled in the current $g_product configuration"
 	fi
@@ -2691,6 +2628,10 @@ allow_command() {
 	done
 	[ -n "$g_nolock" ] || mutex_off
    else
 	error_message "ERROR: $g_product is not started"
 	exit 2
    fi
 }
 #
@@ -2766,7 +2707,7 @@ determine_capabilities() {
 	g_tool=$(mywhich $tool)
 	if [ -z "$g_tool" ]; then
-	    fatal_error "No executable $tool binary can be found on your PATH"
+	    fatal-error "No executable $tool binary can be found on your PATH"
 	fi
    fi
@@ -2810,6 +2751,7 @@ determine_capabilities() {
    LENGTH_MATCH=
    CLASSIFY_TARGET=
    ENHANCED_REJECT=
    USEPKTTYPE=
    KLUDGEFREE=
    MARK=
    XMARK=
@@ -2828,7 +2770,7 @@ determine_capabilities() {
    GOTO_TARGET=
    LOGMARK_TARGET=
    IPMARK_TARGET=
-    LOG_TARGET=
+    LOG_TARGET=Yes
    ULOG_TARGET=
    NFLOG_TARGET=
    PERSISTENT_SNAT=
@@ -2861,8 +2803,6 @@ determine_capabilities() {
    WAIT_OPTION=
    CPU_FANOUT=
    NETMAP_TARGET=
    NFLOG_SIZE=
    RESTORE_WAIT_OPTION=
    AMANDA_HELPER=
    FTP_HELPER=
@@ -2886,11 +2826,9 @@ determine_capabilities() {
 	qt $arptables -L OUT && ARPTABLESJF=Yes
    fi
    [ -z "$(${g_tool}-restore --wait < /dev/null 2>&1)" ] && RESTORE_WAIT_OPTION=Yes
    if qt $g_tool --wait -t filter -L INPUT -n -v; then
 	WAIT_OPTION=Yes
-	g_tool="$g_tool --wait"
+	tool="$tool --wait"
    fi
    chain=fooX$$
@@ -2905,7 +2843,6 @@ determine_capabilities() {
 		qt $g_tool -t nat -A $chain -j NETMAP --to 2001:470:B:227::/64 && NETMAP_TARGET=Yes
 	    fi
 	    qt $g_tool -t nat -A $chain -j MASQUERADE && MASQUERADE_TGT=Yes
 	    qt $g_tool -t nat -L INPUT -n && NAT_INPUT_CHAIN=Yes
 	    qt $g_tool -t nat -A $chain -p udplite -m multiport --dport 33 -j REDIRECT --to-port 22 && UDPREDIRECT=Yes
 	    qt $g_tool -t nat -F $chain
 	    qt $g_tool -t nat -X $chain
@@ -3156,6 +3093,7 @@ determine_capabilities() {
 	fi
    fi
    qt $g_tool -A $chain -m pkttype --pkt-type broadcast -j ACCEPT && USEPKTTYPE=Yes
    qt $g_tool -A $chain -m addrtype --src-type BROADCAST -j ACCEPT && ADDRTYPE=Yes
    qt $g_tool -A $chain -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT && TCPMSS_MATCH=Yes
    qt $g_tool -A $chain -m hashlimit --hashlimit-upto 4 --hashlimit-burst 5 --hashlimit-name $chain --hashlimit-mode dstip -j ACCEPT && HASHLIMIT_MATCH=Yes
@@ -3196,15 +3134,12 @@ determine_capabilities() {
    qt $g_tool -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes
    qt $g_tool -A $chain -g $chain1 && GOTO_TARGET=Yes
    qt $g_tool -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
-    qt $g_tool -A $chain -j LOG && LOG_TARGET=Yes
+    qt $g_tool -A $chain -j LOG || LOG_TARGET=
    qt $g_tool -A $chain -j ULOG && ULOG_TARGET=Yes
    qt $g_tool -A $chain -j NFLOG && NFLOG_TARGET=Yes
    qt $g_tool -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
    qt $g_tool -A $chain -m statistic --mode nth --every 2 --packet 1 && STATISTIC_MATCH=Yes
    qt $g_tool -A $chain -m geoip --src-cc US && GEOIP_MATCH=Yes
    if qt $g_tool -A $chain -j NFLOG; then
 	NFLOG_TARGET=Yes
 	qt $g_tool -A $chain -j NFLOG --nflog-size 64 && NFLOG_SIZE=Yes
    fi
    if [ $g_family -eq 4 ]; then
 	qt $g_tool -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
@@ -3269,6 +3204,7 @@ report_capabilities_unsorted() {
 	report_capability "Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH)" $NEW_CONNTRACK_MATCH
 	[ -n "$OLD_CONNTRACK_MATCH" ] && report_capability "Old Connection Tracking Match Syntax (OLD_CONNTRACK_MATCH)" $OLD_CONNTRACK_MATCH
    fi
    report_capability "Packet Type Match (USEPKTTYPE)" $USEPKTTYPE
    report_capability "Policy Match (POLICY_MATCH)" $POLICY_MATCH
    report_capability "Physdev Match (PHYSDEV_MATCH)" $PHYSDEV_MATCH
    report_capability "Physdev-is-bridged Support (PHYSDEV_BRIDGE)" $PHYSDEV_BRIDGE
@@ -3278,8 +3214,8 @@ report_capabilities_unsorted() {
    [ -n "$RECENT_MATCH" ] && report_capability 'Recent Match "--reap" option (REAP_OPTION)' $REAP_OPTION
    report_capability "Owner Match (OWNER_MATCH)" $OWNER_MATCH
    report_capability "Owner Name Match (OWNER_NAME_MATCH)" $OWNER_NAME_MATCH
    report_capability "Ipset Match (IPSET_MATCH)" $IPSET_MATCH
    if [ -n "$IPSET_MATCH" ]; then
 	report_capability "Ipset Match (IPSET_MATCH)" $IPSET_MATCH
 	[ -n "$OLD_IPSET_MATCH" ]     && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)"           $OLD_IPSET_MATCH
 	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Nomatch (IPSET_MATCH_NOMATCH)"   $IPSET_MATCH_NOMATCH
 	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Counters (IPSET_MATCH_COUNTERS)" $IPSET_MATCH_COUNTERS
@@ -3359,11 +3295,9 @@ report_capabilities_unsorted() {
    if [ $g_family -eq 4 ]; then
 	report_capability "iptables -S (IPTABLES_S)" $IPTABLES_S
 	report_capability "iptables --wait option (WAIT_OPTION)" $WAIT_OPTION
 	report_capability "iptables-restore --wait option (RESTORE_WAIT_OPTION)" $RESTORE_WAIT_OPTION
    else
 	report_capability "ip6tables -S (IPTABLES_S)" $IPTABLES_S
 	report_capability "ip6tables --wait option (WAIT_OPTION)" $WAIT_OPTION
 	report_capability "ip6tables-restore --wait option (RESTORE_WAIT_OPTION)" $RESTORE_WAIT_OPTION
    fi
    report_capability "Basic Filter (BASIC_FILTER)" $BASIC_FILTER
@@ -3371,8 +3305,6 @@ report_capabilities_unsorted() {
    report_capability "CT Target (CT_TARGET)" $CT_TARGET
    report_capability "NFQUEUE CPU Fanout (CPU_FANOUT)" $CPU_FANOUT
    report_capability "NETMAP Target (NETMAP_TARGET)" $NETMAP_TARGET
    report_capability "--nflog-size support (NFLOG_SIZE)" $NFLOG_SIZE
    report_capability "INPUT chain in nat table (NAT_INPUT_CHAIN)" $NAT_INPUT_CHAIN
    echo "   Kernel Version (KERNELVERSION): $KERNELVERSION"
    echo "   Capabilities Version (CAPVERSION): $CAPVERSION"
@@ -3385,6 +3317,8 @@ report_capabilities() {
 	report_capabilities_unsorted | sort
    fi
    [ -n "$PKTTYPE" ] || USEPKTTYPE=
 }
 report_capabilities_unsorted1() {
@@ -3401,6 +3335,7 @@ report_capabilities_unsorted1() {
    report_capability1 CONNTRACK_MATCH
    report_capability1 NEW_CONNTRACK_MATCH
    report_capability1 OLD_CONNTRACK_MATCH
    report_capability1 USEPKTTYPE
    report_capability1 POLICY_MATCH
    report_capability1 PHYSDEV_MATCH
    report_capability1 PHYSDEV_BRIDGE
@@ -3476,9 +3411,6 @@ report_capabilities_unsorted1() {
    report_capability1 WAIT_OPTION
    report_capability1 CPU_FANOUT
    report_capability1 NETMAP_TARGET
    report_capability1 NFLOG_SIZE
    report_capability1 RESTORE_WAIT_OPTION
    report_capability1 NAT_INPUT_CHAIN
    report_capability1 AMANDA_HELPER
    report_capability1 FTP_HELPER
@@ -3775,7 +3707,7 @@ ipcalc_command() {
    elif [ $# -eq 3 ]; then
 	address=$2
 	vlsm=$(ip_vlsm $3)
-    elif [ $# -eq 1 ]; then
+    elif [ $# -eq 0 ]; then
 	missing_argument
    else
 	too_many_arguments $4
@@ -3783,7 +3715,7 @@ ipcalc_command() {
    valid_address $address || fatal_error "Invalid IP address: $address"
    [ -z "$vlsm" ] && fatal_error "Missing VLSM"
-    [ "x$address" = "x$vlsm" ] && fatal_error "Invalid VLSM"
+    [ "x$address" = "x$vlsm" ] && "Invalid VLSM"
    [ $vlsm -gt 32 ] && fatal_error "Invalid VLSM: /$vlsm"
    address=$address/$vlsm
@@ -3821,7 +3753,7 @@ iprange_command() {
 }
 ipdecimal_command() {
-    if [ $# -eq 1 ]; then
+    if [ $# eq 1 ]; then
 	missing_argument
    else
 	[ $# -eq 2 ] || too_many_arguments $3
@@ -3864,7 +3796,7 @@ noiptrace_command() {
 verify_firewall_script() {
    if [ ! -f $g_firewall ]; then
 	echo "   ERROR: $g_product is not properly installed" >&2
-	if [ -h $g_firewall ]; then
+	if [ -L $g_firewall ]; then
 	    echo "          $g_firewall is a symbolic link to a" >&2
 	    echo "          non-existant file" >&2
 	else
@@ -3964,7 +3896,7 @@ get_config() {
    ensure_config_path
-    [ -f $g_firewall.conf ] && . ${VARDIR}/firewall.conf
+    [ -f ${VARDIR}/firewall.conf ] && . ${VARDIR}/firewall.conf
    [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
@@ -4118,15 +4050,15 @@ start_command() {
 	rc=0
 	[ -n "$g_nolock" ] || mutex_on
-	if [ -x $g_firewall ]; then
+	if [ -x ${VARDIR}/firewall ]; then
-	    if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! $g_firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
+	    if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! ${VARDIR}/firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
-		run_it ${VARDIR}/${RESTOREFILE} restore
+		run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore
 	    else
-		run_it $g_firewall start
+		run_it ${VARDIR}/firewall $g_debugging start
 	    fi
 	    rc=$?
 	else
-	    error_message "$g_firewall is missing or is not executable"
+	    error_message "${VARDIR}/firewall is missing or is not executable"
 	    mylogger kern.err "ERROR:$g_product start failed"
 	    rc=6
 	fi
@@ -4255,11 +4187,11 @@ restart_command() {
    [ -n "$g_nolock" ] || mutex_on
-    if [ -x $g_firewall ]; then
+    if [ -x ${VARDIR}/firewall ]; then
-	run_it $g_firewall $COMMAND
+	run_it ${VARDIR}/firewall $g_debugging $COMMAND
 	rc=$?
    else
-	error_message "$g_firewall is missing or is not executable"
+	error_message "${VARDIR}/firewall is missing or is not executable"
 	mylogger kern.err "ERROR:$g_product $COMMAND failed"
 	rc=6
    fi
@@ -4269,10 +4201,10 @@ restart_command() {
 }
 run_command() {
-    if [ -x $g_firewall ] ; then
+    if [ -x ${VARDIR}/firewall ] ; then
-	run_it $g_firewall $@
+	run_it ${VARDIR}/firewall $g_debugging $@
    else
-	fatal_error "$g_firewall does not exist or is not executable"
+	fatal_error "${VARDIR}/firewall does not exist or is not executable"
    fi
 }
@@ -4287,13 +4219,7 @@ ecko() {
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [ -T ] [ -D ] [ -N ] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
    echo "   -T : Direct the generated script to produce a shell trace to standard error"
    echo "   -D : Debug iptables commands"
    echo "   -N : Don't take the master shorewall lock"
    echo "   -q : Standard Shorewall verbosity control"
    echo "   -v : Standard Shorewall verbosity control"
    echo "   -t : Timestamp all messages"
    echo "where <command> is one of:"
    echo "   add <interface>[:<host-list>] ... <zone>"
    echo "   allow <address> ..."
@@ -4323,6 +4249,7 @@ usage() # $1 = exit status
 	echo "   iptrace <ip6tables match expression>"
    fi
    ecko "   load [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
    echo "   logdrop <address> ..."
    echo "   logreject <address> ..."
    echo "   logwatch [<refresh interval>]"
@@ -4335,6 +4262,7 @@ usage() # $1 = exit status
    echo "   open <source> <dest> [ <protocol> [ <port> ] ]" 
    echo "   reenable <interface>"
    ecko "   refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
    echo "   reject <address> ..."
    if [ -n "$g_lite" ]; then
@@ -4344,11 +4272,9 @@ usage() # $1 = exit status
    fi
    if [ -z "$g_lite" ]; then
-	echo "   remote-getrc [ -T ] [ -c ] [ -r <root-name> ] [ [ -D ] <directory> ] [ <system> ]"
+	echo "   remote-reload [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
-	echo "   remote-getcaps [ -T ] [ -R ] [ -r <root-name> ] [ [ -D ] <directory> ] [ <system> ]"
+	echo "   remote-restart [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
-	echo "   remote-reload [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
+	echo "   remote-start [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
 	echo "   remote-restart [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
 	echo "   remote-start [ -n ] [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] [ <system> ]"
    fi
    echo "   reset [ <chain> ... ]"
@@ -4391,9 +4317,7 @@ usage() # $1 = exit status
    echo "   [ show | list | ls ] nfacct"
    echo "   [ show | list | ls ] opens"
    echo "   [ show | list | ls ] policies"
    echo "   [ show | list | ls ] rc"
    echo "   [ show | list | ls ] routing"
    echo "   [ show | list | ls ] saves"
    echo "   [ show | list | ls ] tc [ device ]"
    echo "   [ show | list | ls ] vardir"
    echo "   [ show | list | ls ] zones"
@@ -4420,16 +4344,20 @@ usage() # $1 = exit status
 # here if that lib is loaded below.
 #
 shorewall_cli() {
    g_debugging=
    if [ $# -gt 0 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then
 	g_debugging=$1
 	shift
    fi
    g_nolock=
-    #
+
    # We'll keep this around for a while so we don't break people's started scripts
    #
    if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 	g_nolock=nolock
 	shift
    fi
    g_debugging=
    g_noroutes=
    g_purge=
    g_ipt_options="-nv"
@@ -4438,6 +4366,7 @@ shorewall_cli() {
    g_use_verbosity=
    g_debug=
    g_export=
    g_refreshchains=:none:
    g_confess=
    g_update=
    g_annotate=
@@ -4456,8 +4385,6 @@ shorewall_cli() {
    g_nopager=
    g_blacklistipset=
    g_disconnect=
    g_havemutex=
    g_trace=
    VERBOSE=
    VERBOSITY=1
@@ -4589,17 +4516,6 @@ shorewall_cli() {
 			    finished=1
 			    option=
 			    ;;
 			T*)
 			    g_debugging=trace
 			    option=${option#T}
 			    ;;
 			D*)
 			    g_debugging=debug
 			    option=${option#D}
 			    ;;
 			N*)
 			    g_nolock=nolock
 			    ;;
 			*)
 			    option_error $option
 			    ;;
@@ -4641,46 +4557,40 @@ shorewall_cli() {
    case "$COMMAND" in
 	start)
 	    only_root
 	    get_config Yes Yes
 	    shift
 	    start_command $@
 	    ;;
 	stop|clear)
 	    [ $# -ne 1 ] && too_many_arguments $2
 	    only_root
 	    get_config
 	    [ -x $g_firewall ] || fatal_error "$g_product has never been started"
 	    [ -n "$g_nolock" ] || mutex_on
-	    run_it $g_firewall $COMMAND
+	    run_it $g_firewall $g_debugging $COMMAND
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
 	reset)
 	    only_root
 	    get_config
 	    shift
 	    [ -n "$g_nolock" ] || mutex_on
 	    [ -x $g_firewall ] || fatal_error "$g_product has never been started"
-	    run_it $g_firewall reset $@
+	    run_it $g_firewall $g_debugging reset $@
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
 	reload|restart)
 	    only_root
 	    get_config Yes Yes
 	    shift
 	    restart_command $@
 	    ;;
 	disable|enable|reenable)
 	    only_root
 	    get_config Yes
 	    if product_is_started; then
-		run_it $g_firewall $@
+		run_it ${VARDIR}/firewall $g_debugging $@
 	    else
 		fatal_error "$g_product is not running"
 	    fi
 	    ;;
 	blacklist)
 	    only_root
 	    get_config Yes
 	    shift
 	    [ -n "$g_nolock" ] || mutex_on
@@ -4689,7 +4599,6 @@ shorewall_cli() {
 	    ;;
 	run)
 	    [ $# -gt 1 ] || fatal_error "Missing function name"
 	    only_root
 	    get_config Yes
 	    run_command $@
 	    ;;
@@ -4699,20 +4608,18 @@ shorewall_cli() {
    	    show_command $@
 	    ;;
 	status)
-	    only_root
+	    [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
 	    get_config
 	    shift
 	    status_command $@
 	    ;;
 	dump)
 	    only_root
 	    get_config Yes No Yes
    	    shift
    	    dump_command $@
 	    ;;
 	hits)
 	    [ $g_family -eq 6 ] && fatal_error "$g_product does not support the hits command"
 	    only_root
 	    get_config Yes No Yes
 	    [ -n "$g_debugging" ] && set -x
 	    shift
@@ -4723,63 +4630,53 @@ shorewall_cli() {
 	    version_command $@
 	    ;;
 	logwatch)
 	    only_root
 	    get_config Yes Yes Yes
 	    banner="${g_product}-$SHOREWALL_VERSION Logwatch at $g_hostname -"
 	    logwatch_command $@
 	    ;;
 	drop)
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    [ $# -eq 1 ] && missing_argument
 	    drop_command $@
 	    ;;
 	logdrop)
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    [ $# -eq 1 ] && missing_argument
 	    logdrop_command $@
 	    ;;
 	reject|logreject)
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    [ $# -eq 1 ] && missing_argument
 	    reject_command $@
 	    ;;
 	open|close)
 	    only_root
 	    get_config
 	    shift
 	    open_close_command $@
 	    ;;
 	allow)
 	    only_root
 	    get_config
 	    allow_command $@
 	    ;;
 	add)
 	    only_root
 	    get_config
 	    shift
 	    add_command $@
 	    ;;
 	delete)
 	    only_root
 	    get_config
 	    shift
 	    delete_command $@
 	    ;;
 	save)
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    save_command $@
 	    ;;
 	forget)
 	    only_root
 	    get_config
 	    forget_command $@
 	    ;;
@@ -4796,13 +4693,11 @@ shorewall_cli() {
 	    ipdecimal_command $@
 	    ;;
 	restore)
 	    only_root
 	    get_config
 	    shift
 	    restore_command $@
            ;;
 	call)
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    #
@@ -4829,7 +4724,7 @@ shorewall_cli() {
 		    # It isn't a function visible to this script -- try
 		    # the compiled firewall
 		    #
-		    run_it $g_firewall call $@
+		    run_it $g_firewall $g_debugging call $@
 		fi
 	    else
 		missing_argument
@@ -4840,20 +4735,17 @@ shorewall_cli() {
 	    usage
 	    ;;
 	iptrace)
 	    only_root
 	    get_config
 	    shift
 	    iptrace_command $@
 	    ;;
 	noiptrace)
 	    only_root
 	    get_config
 	    shift
 	    noiptrace_command $@
 	    ;;
 	savesets)
 	    [ $# -eq 1 ] || too_many_arguments $2
 	    only_root
 	    get_config
 	    [ -n "$g_debugging" ] && set -x
 	    savesets1
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.common
+# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2018 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -92,20 +92,18 @@ startup_error() # $* = Error Message
 #
 run_it() {
    local script
-    local options='-'
+    local options
    export VARDIR
    script=$1
    shift
-
+    if [ x$1 = xtrace -o x$1 = xdebug ]; then
-    if [ "$g_debugging" = debug ]; then
+	options="$1 -"
-	options='-D'
+	shift;
    elif [ "$g_debugging" = trace ]; then
 	options='-T'
    else
-	options='-';
+	options='-'
    fi
    [ -n "$g_noroutes" ]   && options=${options}n
@@ -271,48 +269,53 @@ loadmodule() # $1 = module name, $2 - * arguments
 {
    local modulename
    modulename=$1
    shift
    local moduleoptions
    moduleoptions=$*
    local modulefile
    local suffix
    if [ -d /sys/module/ ]; then
 	if ! list_search $modulename $DONT_LOAD; then
 	    if [ ! -d /sys/module/$modulename ]; then
 		shift
 		for suffix in $MODULE_SUFFIX ; do
 		    for directory in $moduledirectories; do
 			modulefile=$directory/${modulename}.${suffix}
 			if [ -f $modulefile ]; then
 			    case $moduleloader in
 				insmod)
-			for directory in $moduledirectories; do
+				    insmod $modulefile $*
-			    for modulefile in $directory/${modulename}.*; do
+				    ;;
-				if [ -f $modulefile ]; then
+				*)
-				    insmod $modulefile $moduleoptions
+				    modprobe $modulename $*
-				    return
+				    ;;
 			    esac
 			    break 2
 			fi
 		    done
 		done
 			;;
 		    *)
 			modprobe -q $modulename $moduleoptions
 			;;
 		esac
 	    fi
 	fi
    elif ! list_search $modulename $DONT_LOAD $MODULES; then
 	shift
 	for suffix in $MODULE_SUFFIX ; do
 	    for directory in $moduledirectories; do
 		modulefile=$directory/${modulename}.${suffix}
 		if [ -f $modulefile ]; then
 		    case $moduleloader in
 			insmod)
-		for directory in $moduledirectories; do
+			    insmod $modulefile $*
-		    for modulefile in $directory/${modulename}.*; do
+			    ;;
-			if [ -f $modulefile ]; then
+			*)
-			    insmod $modulefile $moduleoptions
+			    modprobe $modulename $*
-			    return
+			    ;;
 		    esac
 		    break 2
 		fi
 	    done
 	done
 		;;
 	    *)
 		modprobe -q $modulename $moduleoptions
 		;;
 	esac
    fi
 }
@@ -335,6 +338,8 @@ reload_kernel_modules() {
 	moduleloader=insmod
    fi
    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
    if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)
@@ -389,6 +394,8 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	moduleloader=insmod
    fi
    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
    if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)
@@ -413,7 +420,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
    done
-    modules=$(find_file helpers)
+    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
    if [ -f $modules -a -n "$moduledirectories" ]; then
 	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
@@ -421,7 +428,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	. $modules
 	if [ $savemoduleinfo = Yes ]; then
 	    [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-	    echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir
+	    echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir
 	    cp -f $modules ${VARDIR}/.modules
 	fi
    elif [ $savemoduleinfo = Yes ]; then
@@ -503,7 +510,7 @@ ip_network() {
 #
 # The following hack is supplied to compensate for the fact that many of
-# the popular light-weight Bourne shell derivatives do not support XOR ("^").
+# the popular light-weight Bourne shell derivatives don't support XOR ("^").
 #
 ip_broadcast() {
    local x
@@ -738,8 +745,8 @@ truncate() # $1 = length
 #
 # Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass -N as
+# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall -N refresh"
+# the first argument. Example "shorewall nolock refresh"
 #
 # This function uses the lockfile utility from procmail if it exists.
 # Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
@@ -753,44 +760,36 @@ mutex_on()
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    local lockd
    local lockbin
    local openwrt
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-    if [ -z "$g_havemutex" -a $MUTEX_TIMEOUT -gt 0 ]; then
+    if [ $MUTEX_TIMEOUT -gt 0 ]; then
 	lockd=$(dirname $LOCKFILE)
 	[ -d "$lockd" ] || mkdir -p "$lockd"
 	lockbin=$(mywhich lock)
 	[ -n "$lockbin" -a -h "$lockbin" ] && openwrt=Yes
 	if [ -f $lockf ]; then
 	    lockpid=`cat ${lockf} 2> /dev/null`
-	    if [ -z "$lockpid" ] || [ $lockpid = 0 ]; then
+	    if [ -z "$lockpid" -o $lockpid = 0 ]; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} removed"
-	    elif [ -z "$openwrt" ]; then
+	    elif [ $lockpid -eq $$ ]; then
-		if [ $lockpid -eq $$ ]; then
+                return 0
-                    fatal_error "Mutex_on confusion"
+	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
 		elif ! qt ps --pid ${lockpid}; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 	    fi
 	fi
 	fi
-	if [ -n "$openwrt" ]; then
+	if qt mywhich lockfile; then
-	    lock ${lockf} || fatal_error "Can't lock ${lockf}"
+	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
 	    g_havemutex="lock -u ${lockf}"
 	elif qt mywhich lockfile; then
 	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} || fatal_error "Can't lock ${lockf}"
 	    g_havemutex="rm -f ${lockf}"
 	    chmod u+w ${lockf}
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
            lock ${lockf}
            chmod u=r ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
@@ -800,15 +799,10 @@ mutex_on()
 	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
 	        # Create the lockfile
 		echo $$ > ${lockf}
 		g_havemutex="rm -f ${lockf}"
 	    else
 		echo "Giving up on lock file ${lockf}" >&2
 	    fi
 	fi
 	if [ -n "$g_havemutex" ]; then
 	    trap mutex_off EXIT
 	fi
    fi
 }
@@ -817,10 +811,7 @@ mutex_on()
 #
 mutex_off()
 {
-    if [ -n "$g_havemutex" ]; then
+    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
-	eval $g_havemutex
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
 	g_havemutex=
 	trap '' exit
    fi
 }
--- a/Shorewall-core/lib.core
+++ b/Shorewall-core/lib.core
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.core
+# Shorewall 5.0 -- /usr/share/shorewall/lib.core
 #
-#     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -24,7 +24,7 @@
 # generated scripts.
 #
-SHOREWALL_LIBVERSION=50108
+SHOREWALL_LIBVERSION=50100
 #
 # Fatal Error
--- a/Shorewall-core/lib.installer
+++ b/Shorewall-core/lib.installer
@@ -1,10 +1,11 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
+#
 # Shorewall 5.0 -- /usr/share/shorewall/lib.installer.
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/lib.uninstaller
+++ b/Shorewall-core/lib.uninstaller
@@ -1,10 +1,11 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
+#
 # Shorewall 5.0 -- /usr/share/shorewall/lib.installer.
 #
 #     (c) 2017 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -60,7 +61,7 @@ mywhich() {
 remove_file() # $1 = file to remove
 {
    if [ -n "$1" ] ; then
-        if [ -f $1 -o -h $1 ] ; then
+        if [ -f $1 -o -L $1 ] ; then
            rm -f $1
            echo "$1 Removed"
        fi
@@ -84,7 +85,7 @@ remove_file_with_wildcard() # $1 = file with wildcard to remove
            if [ -d $f ] ; then
                rm -rf $f
                echo "$f Removed"
-            elif [ -f $f -o -h $f ] ; then
+            elif [ -f $f -o -L $f ] ; then
                rm -f $f
                echo "$f Removed"
            fi
--- a/Shorewall-core/manpages/shorewall.xml
+++ b/Shorewall-core/manpages/shorewall.xml
--- a/Shorewall-core/shorewall
+++ b/Shorewall-core/shorewall
@@ -1,11 +1,11 @@
 #!/bin/sh
 #
-#     Shorewall Packet Filtering Firewall Control Program - V5.2
+#     Shorewall Packet Filtering Firewall Control Program - V5.0
 #
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015-2017
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015 -
 #         Tom Eastep (teastep@shorewall.net)
 #
-#	Shorewall documentation is available at https://shorewall.org
+#	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -25,10 +25,6 @@
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #
 ################################################################################################
 #
 # Default product is Shorewall. PRODUCT will be set based on $0 and on passed -[46] and -l
 # options
 #
 PRODUCT=shorewall
 #
--- a/Shorewall-core/shorewallrc.alt
+++ b/Shorewall-core/shorewallrc.alt
@@ -1,25 +0,0 @@
 #
 # ALT/BaseALT/ALTLinux Shorewall 5.2 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=alt
 PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/libexec            #Directory for executable scripts.
 PERLLIBDIR=${SHAREDIR}/perl5            #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                            #Directory where subsystem configurations are installed
 SBINDIR=/sbin                           #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man                  #Directory where manpages are installed.
 INITDIR=${CONFDIR}/rc.d/init.d          #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.alt.sh                  #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
 SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
 SERVICEDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less             #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.2 rc file
+# Apple OS X Shorewall 5.0 rc file
 #
 BUILD=apple
 HOST=apple
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.2 rc file
+# Arch Linux Shorewall 5.0 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.2 rc file
+# Cygwin Shorewall 5.0 rc file
 #
 BUILD=cygwin
 HOST=cygwin
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.2 rc file
+# Debian Shorewall 5.0 rc file
 #
 BUILD=					#Default is to detect the build system
 HOST=debian
@@ -13,7 +13,7 @@ MANDIR=${PREFIX}/share/man		#Directory where manpages are installed.
 INITDIR=				#Directory where SysV init scripts are installed.
 INITFILE=				#Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh		#Name of the distributed file to be installed as the SysV init script
-ANNOTATED=				#If non-empty, annotated configuration files are installed
+ANNOTATED=				#If non-zero, annotated configuration files are installed
 SYSCONFFILE=default.debian.systemd		#Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=$PRODUCT.service.debian     #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default			#Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -1,5 +1,5 @@
 #
-# Debian Shorewall 5.2 rc file
+# Debian Shorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=debian
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.2 rc file
+# Default Shorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=linux                              #Generic Linux
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -1,5 +1,5 @@
 #
-# OpenWRT/LEDE Shorewall 5.2 rc file
+# OpenWRT Shorewall 5.0 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=openwrt
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.2 rc file
+# RedHat/FedoraShorewall 5.0 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat
--- a/Shorewall-core/shorewallrc.sandbox
+++ b/Shorewall-core/shorewallrc.sandbox
@@ -1,28 +0,0 @@
 #
 # Shorewall 5.2 rc file for installing into a Sandbox
 #
 BUILD=                                       # Default is to detect the build system
 HOST=linux
 INSTALLDIR=				     # Set this to the directory where you want Shorewall installed
 PREFIX=${INSTALLDIR}/usr		     # Top-level directory for shared files, libraries, etc.
 SHAREDIR=${PREFIX}/share		     # Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/share		     # Directory for executable scripts.	
 PERLLIBDIR=${PREFIX}/share/shorewall	     # Directory to install Shorewall Perl module directory	
 CONFDIR=${INSTALLDIR}/etc		     # Directory where subsystem configurations are installed				
 SBINDIR=${INSTALLDIR}/sbin		     # Directory where system administration programs are installed			
 MANDIR=		     			     # Leave empty
 INITDIR=				     # Leave empty				     				
 INITSOURCE=				     # Leave empty
 INITFILE=				     # Leave empty
 AUXINITSOURCE=				     # Leave empty
 AUXINITFILE=				     # Leave empty
 SERVICEDIR=				     # Leave empty
 SERVICEFILE=    			     # Leave empty
 SYSCONFFILE=				     # Leave empty
 SYSCONFDIR=				     # Leave empty			
 SPARSE=					     # Leave empty			
 ANNOTATED=				     # If non-empty, annotated configuration files are installed				
 VARLIB=${INSTALLDIR}/var/lib		     # Directory where product variable data is stored.				
 VARDIR=${VARLIB}/$PRODUCT		     # Directory where product variable data is stored.		
 DEFAULT_PAGER=/usr/bin/less		     # Pager to use if none specified in shorewall[6].conf
 SANDBOX=Yes				     # Indicates SANDBOX installation
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.2 rc file
+# Slackware Shorewall 5.0 rc file
 #
 BUILD=slackware
 HOST=slackware
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.2 rc file
+# SuSE Shorewall 5.0 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -4,7 +4,7 @@
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-core/wait4ifup
+++ b/Shorewall-core/wait4ifup
@@ -1,12 +1,12 @@
 #!/bin/sh
 #
-#     Shorewall interface helper utility - V5.2
+#     Shorewall interface helper utility - V4.2
 #
 #     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
-#	Shorewall documentation is available at https://shorewall.org
+#	Shorewall documentation is available at http://www.shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-init/ifupdown.debian.sh
+++ b/Shorewall-init/ifupdown.debian.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -110,7 +110,7 @@ case $0 in
 	;;
    *)
        #
-        # Debian ifupdown system - MODE and INTERFACE inherited from the environment
+        # Debian ifupdown system
        #
 	INTERFACE="$IFACE"
--- a/Shorewall-init/ifupdown.fedora.sh
+++ b/Shorewall-init/ifupdown.fedora.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -90,8 +90,6 @@ case $0 in
 		COMMAND=down
 		;;
 	    *dispatcher.d*)
 		case "$2" in
 		    up|down)
 		COMMAND="$2"
 		;;
 	    *)
@@ -99,11 +97,6 @@ case $0 in
 		;;
 	esac
 	;;
 	    *)
 		exit 0
 		;;
 	esac
 	;;
 esac
 [ -n "$LOGFILE" ] || LOGFILE=/dev/null
--- a/Shorewall-init/ifupdown.suse.sh
+++ b/Shorewall-init/ifupdown.suse.sh
@@ -6,7 +6,7 @@
 #
 #     (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -120,15 +120,8 @@ case $0 in
 	case $0 in
 	    *dispatcher.d*)
 		INTERFACE="$1"
 		case "$2" in
 		    up|down)
 		COMMAND="$2"
 		;;
 		    *)
 			exit 0
 			;;
 		esac
 		;;
 	    *if-up.d*)
 		COMMAND=up
 		;;
--- a/Shorewall-init/init.alt.sh
+++ b/Shorewall-init/init.alt.sh
@@ -1,150 +0,0 @@
 #!/bin/sh
 #
 # Shorewall init script
 #
 # chkconfig: - 09 91
 # description: Initialize the shorewall firewall at boot time
 #
 ### BEGIN INIT INFO
 # Provides: shorewall-init
 # Required-Start: $local_fs
 # Required-Stop: $local_fs
 # Default-Start: 3 4 5
 # Default-Stop:  0 1 2 6
 # Short-Description: Initialize the shorewall firewall at boot time
 # Description:       Place the firewall in a safe state at boot time
 #                    prior to bringing up the network.
 ### END INIT INFO
 # Do not load RH compatibility interface.
 WITHOUT_RC_COMPAT=1
 # Source function library.
 . /etc/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 NAME="Shorewall-init firewall"
 PROG="shorewall-init"
 SHOREWALL="$SBINDIR/$PROG"
 LOGGER="logger -i -t $PROG"
 # Get startup options (override default)
 OPTIONS=
 LOCKFILE=/var/lock/subsys/shorewall-init
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]; then
 	. /etc/sysconfig/shorewall-init
 	if [ -z "$PRODUCTS" ]; then
 		echo "No PRODUCTS configured"
 		exit 6
 	fi
 else
 	echo "/etc/sysconfig/shorewall-init not found"
 	exit 6
 fi
 RETVAL=0
 # set the STATEDIR variable
 setstatedir() {
 	local statedir
 	if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
 		statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
 	fi
 	[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
 	if [ -x ${STATEDIR}/firewall ]; then
 		return 0
 	elif [ $PRODUCT = shorewall ]; then
 		${SBINDIR}/shorewall compile
 	elif [ $PRODUCT = shorewall6 ]; then
 		${SBINDIR}/shorewall -6 compile
 	else
 		return 1
 	fi
 }
 start() {
 	local PRODUCT
 	local STATEDIR
 	printf "Initializing \"Shorewall-based firewalls\": "
 	for PRODUCT in $PRODUCTS; do
 		if setstatedir; then
 			$STATEDIR/$PRODUCT/firewall ${OPTIONS} stop 2>&1 | "$LOGGER"
 			RETVAL=$?
 		else
 			RETVAL=6
 			break
 		fi
 	done
 	if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 		ipset -R < "$SAVE_IPSETS"
 	fi
 	[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
 	return $RETVAL
 }
 stop() {
 	local PRODUCT
 	local STATEDIR
 	printf "Clearing \"Shorewall-based firewalls\": "
 	for PRODUCT in $PRODUCTS; do
 		if setstatedir; then
 			${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | "$LOGGER"
 			RETVAL=$?
 		else
 			RETVAL=6
 			break
 		fi
 	done
 	if [ -n "$SAVE_IPSETS" ]; then
 		mkdir -p $(dirname "$SAVE_IPSETS")
 		if ipset -S > "${SAVE_IPSETS}.tmp"; then
 			grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 		else
 			rm -f "${SAVE_IPSETS}.tmp"
 		fi
 	fi
 	[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
 	start)
 	    start
 	    ;;
 	stop)
 	    stop
 	    ;;
 	restart|reload|condrestart|condreload)
 	    # "Not implemented"
 	    ;;
 	condstop)
 	    if [ -e "$LOCKFILE" ]; then
 		stop
 	    fi
 	    ;;
 	status)
 	    status "$PROG"
 	     RETVAL=$?
 	    ;;
 	*)
 	    echo $"Usage: ${0##*/}  {start|stop|restart|reload|condrestart|condstop|status}"
 	    RETVAL=1
 esac
 exit $RETVAL
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -8,7 +8,7 @@
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       Complete documentation is available at https://shorewall.org
+#       Complete documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -73,16 +73,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
    if [ -x ${STATEDIR}/firewall ]; then
        return 0
    else
    if [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-            return 1
+	return 0
        fi
    fi
 }
@@ -112,6 +108,7 @@ shorewall_start () {
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
              #
 	      # Run in a sub-shell to avoid name collisions
 	      #
@@ -121,6 +118,7 @@ shorewall_start () {
 		  fi
 	      )
 	  fi
      fi
  done
  echo "done."
@@ -147,8 +145,10 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
  echo "done."
@@ -159,9 +159,8 @@ shorewall_stop () {
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
 	  echo_notdone
      fi
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -44,14 +44,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 1
+	return 0
    fi
 }
@@ -68,15 +66,12 @@ start () {
    printf "Initializing \"Shorewall-based firewalls\": "
    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
 	ipset -R < "$SAVE_IPSETS"
    fi
    for PRODUCT in $PRODUCTS; do
 	setstatedir
 	retval=$?
 	if [ $retval -eq 0 ]; then
 	    if [ -x "${STATEDIR}/firewall" ]; then
 		${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
@@ -84,6 +79,9 @@ start () {
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    break
 	fi
    done
    if [ $retval -eq 0 ]; then
@@ -108,6 +106,7 @@ stop () {
 	retval=$?
 	if [ $retval -eq 0 ]; then
 	    if [ -x "${STATEDIR}/firewall" ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
 		retval=${PIPESTATUS[0]}
 		[ $retval -ne 0 ] && break
@@ -115,18 +114,12 @@ stop () {
 		retval=6 #Product not configured
 		break
 	    fi
 	else
 	    break
 	fi
    done
    if [ $retval -eq 0 ]; then
 	if [ -n "$SAVE_IPSETS" ]; then
 	    mkdir -p $(dirname "$SAVE_IPSETS")
 	    if ipset -S > "${SAVE_IPSETS}.tmp"; then
 		grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
 	    else
 		rm -f "${SAVE_IPSETS}.tmp"
 	    fi
 	fi
 	rm -f $lockfile
 	success
    else
--- a/Shorewall-init/init.openwrt.sh
+++ b/Shorewall-init/init.openwrt.sh
@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
@@ -75,14 +75,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 1
+	return 0
    fi
 }
@@ -94,17 +92,17 @@ start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
 	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  ${STATEDIR}/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
      ipset -R < "$SAVE_IPSETS"
  fi
  return 0
 }
 boot () {
@@ -119,19 +117,17 @@ stop () {
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    if [ -x ${STATEDIR}/firewall ]; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
    return 0
 }
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
@@ -69,12 +69,10 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	return 0
    elif [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
    else
-	return 1
+	return 0
    fi
 }
@@ -86,10 +84,12 @@ shorewall_start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
 	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  ${STATEDIR}/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
@@ -107,16 +107,16 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
      fi
  fi
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -7,7 +7,7 @@
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       Complete documentation is available at https://shorewall.org
+#       Complete documentation is available at http://shorewall.net
 #
 #       This program is free software; you can redistribute it and/or modify
 #       it under the terms of Version 2 of the GNU General Public License
@@ -79,14 +79,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
 	return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
-	return 6
+	return 0
    fi
 }
@@ -98,10 +96,12 @@ shorewall_start () {
  printf "Initializing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x $STATEDIR/firewall ]; then
 	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
 		  $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
 	      fi
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
@@ -117,16 +117,16 @@ shorewall_stop () {
  printf "Clearing \"Shorewall-based firewalls\": "
  for PRODUCT in $PRODUCTS; do
      if setstatedir; then
 	  if [ -x ${STATEDIR}/firewall ]; then
 	      ${STATEDIR}/firewall ${OPTIONS} clear
 	  fi
      fi
  done
  if [ -n "$SAVE_IPSETS" ]; then
      mkdir -p $(dirname "$SAVE_IPSETS")
      if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
      else
 	  rm -f "${SAVE_IPSETS}.tmp"
      fi
  fi
 }
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -5,7 +5,7 @@
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -181,9 +181,6 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -194,8 +191,6 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f /etc/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f /etc/SuSE-release ]; then
@@ -258,9 +253,6 @@ case "$HOST" in
    openwrt)
 	echo "Installing Openwrt-specific configuration..."
 	;;
    alt)
 	echo "Installing ALT-specific configuration...";
 	;;
    linux)
 	fatal_error "Shorewall-init is not supported on this system"
 	;;
--- a/Shorewall-init/shorewall-init
+++ b/Shorewall-init/shorewall-init
@@ -1,12 +1,12 @@
 #!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
 #
 #	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called
 #	/etc/init.d/shorewall.
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #	This program is part of Shorewall.
 #
@@ -33,12 +33,12 @@ setstatedir() {
    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
-    if [ -x ${STATEDIR}/firewall ]; then
+    if [ $PRODUCT = shorewall ]; then
        return 0
    elif [ $PRODUCT = shorewall ]; then
 	${SBINDIR}/shorewall compile
    elif [ $PRODUCT = shorewall6 ]; then
 	${SBINDIR}/shorewall -6 compile
    else
 	return 0
    fi
 }
@@ -67,6 +67,7 @@ shorewall_start () {
    printf "Initializing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
 	    if [ -x ${STATEDIR}/firewall ]; then
 		#
 		# Run in a sub-shell to avoid name collisions
 		#
@@ -76,6 +77,7 @@ shorewall_start () {
 		    fi
 		)
 	    fi
 	fi
    done
    if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
@@ -93,23 +95,16 @@ shorewall_stop () {
    printf "Clearing \"Shorewall-based firewalls\": "
    for PRODUCT in $PRODUCTS; do
 	if setstatedir; then
-	    #
+	    if [ -x ${STATEDIR}/firewall ]; then
 	    # Run in sub-shell to avoid name collisions
 	    #
 	    (
 		if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
 		${STATEDIR}/firewall ${OPTIONS} clear
 	    fi
 	    )
 	fi
    done
    if [ -n "$SAVE_IPSETS" ]; then
 	mkdir -p $(dirname "$SAVE_IPSETS")
 	if ipset -S > "${SAVE_IPSETS}.tmp"; then
-	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
 	else
 	    rm -f "${SAVE_IPSETS}.tmp"
 	fi
    fi
--- a/Shorewall-lite/Shorewall-lite-targetname
+++ b/Shorewall-lite/Shorewall-lite-targetname
@@ -1 +0,0 @@
 5.2.4.1
--- a/Shorewall-lite/init.alt.sh
+++ b/Shorewall-lite/init.alt.sh
@@ -1,117 +0,0 @@
 #!/bin/sh
 #
 # Shorewall-Lite init script
 #
 # chkconfig: - 28 90
 # description: Packet filtering firewall
 #
 ### BEGIN INIT INFO
 # Provides: shorewall-lite
 # Required-Start: $local_fs $remote_fs $syslog $network
 # Should-Start: $time $named
 # Required-Stop:
 # Default-Start: 3 4 5
 # Default-Stop:  0 1 2 6
 # Short-Description: Packet filtering firewall
 # Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
 #              Netfilter (iptables) based firewall
 ### END INIT INFO
 # Do not load RH compatibility interface.
 WITHOUT_RC_COMPAT=1
 # Source function library.
 . /etc/init.d/functions
 #
 # The installer may alter this
 #
 . /usr/share/shorewall/shorewallrc
 NAME="Shorewall-Lite firewall"
 PROG="shorewall"
 SHOREWALL="$SBINDIR/$PROG -l"
 LOGGER="logger -i -t $PROG"
 # Get startup options (override default)
 OPTIONS=
 SourceIfNotEmpty $SYSCONFDIR/${PROG}-lite
 LOCKFILE="/var/lock/subsys/${PROG}-lite"
 RETVAL=0
 start() {
 	action $"Applying $NAME rules:" "$SHOREWALL" "$OPTIONS" start "$STARTOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
 	return $RETVAL
 }
 stop() {
 	action $"Stoping $NAME :" "$SHOREWALL" "$OPTIONS" stop "$STOPOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
 	return $RETVAL
 }
 restart() {
 	action $"Restarting $NAME rules: " "$SHOREWALL" "$OPTIONS" restart "$RESTARTOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 reload() {
 	action $"Reloadinging $NAME rules: " "$SHOREWALL" "$OPTIONS" reload "$RELOADOPTIONS" 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 clear() {
 	action $"Clearing $NAME rules: " "$SHOREWALL" "$OPTIONS" clear 2>&1 | "$LOGGER"
 	RETVAL=$?
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
 	start)
 	    start
 	    ;;
 	stop)
 	    stop
 	    ;;
 	restart)
 	    restart
 	    ;;
 	reload)
 	    reload
 	    ;;
 	clear)
 	    clear
 	    ;;
 	condrestart)
 	    if [ -e "$LOCKFILE" ]; then
 		restart
 	    fi
 	    ;;
 	condreload)
 	    if [ -e "$LOCKFILE" ]; then
 		restart
 	    fi
 	    ;;
 	condstop)
 	    if [ -e "$LOCKFILE" ]; then
 		stop
 	    fi
 	    ;;
 	status)
 	    "$SHOREWALL" status
 	     RETVAL=$?
 	    ;;
 	*)
 	    echo $"Usage: ${0##*/}  {start|stop|restart|reload|clear|condrestart|condstop|status}"
 	    RETVAL=1
 esac
 exit $RETVAL
--- a/Shorewall-lite/init.openwrt.sh
+++ b/Shorewall-lite/init.openwrt.sh
@@ -1,13 +1,13 @@
 #!/bin/sh /etc/rc.common
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/init.sh
+++ b/Shorewall-lite/init.sh
@@ -1,13 +1,13 @@
 #!/bin/sh
 RCDLINKS="2,S41 3,S41 6,K41"
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -8,7 +8,7 @@
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -4,7 +4,7 @@
 #
 #     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
-#       Shorewall documentation is available at https://shorewall.org
+#       Shorewall documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
@@ -190,9 +190,6 @@ if [ -z "$BUILD" ]; then
 		    opensuse)
 			BUILD=suse
 			;;
 		    alt|basealt|altlinux)
 			BUILD=alt
 			;;
 		    *)
 			BUILD="$ID"
 			;;
@@ -201,8 +198,6 @@ if [ -z "$BUILD" ]; then
 		BUILD=debian
 	    elif [ -f /etc/gentoo-release ]; then
 		BUILD=gentoo
 	    elif [ -f /etc/altlinux-release ]; then
 		BUILD=alt
 	    elif [ -f ${CONFDIR}/redhat-release ]; then
 		BUILD=redhat
 	    elif [ -f ${CONFDIR}/SuSE-release ]; then
@@ -271,9 +266,6 @@ case "$HOST" in
    openwrt)
 	echo "Installing OpenWRT-specific configuration..."
 	;;
    alt)
 	echo "Installing ALT-specific configuration...";
 	;;
    linux)
 	;;
    *)
@@ -426,11 +418,6 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
 if [ -f modules ]; then
    install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
    echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
    for f in modules.*; do
 	install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
 	echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
    done
 fi
 if [ -f helpers ]; then
@@ -438,6 +425,11 @@ if [ -f helpers ]; then
    echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
 fi
 for f in modules.*; do
    install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
    echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
 done
 #
 # Install the Man Pages
 #
--- a/Shorewall-lite/lib.base
+++ b/Shorewall-lite/lib.base
@@ -1,9 +1,9 @@
 #
-# Shorewall 5.2 -- /usr/share/shorewall-lite/lib.base
+# Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
 #     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #       This program is part of Shorewall.
 #
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@@ -183,7 +183,7 @@
    <title>See ALSO</title>
    <para><ulink
-    url="https://shorewall.org/Documentation_Index.html">https://shorewall.org/Documentation_Index.html</ulink></para>
+    url="http://www.shorewall.net/Documentation_Index.html">http://www.shorewall.net/Documentation_Index.html</ulink></para>
    <para>shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
--- a/Shorewall-lite/shorecap
+++ b/Shorewall-lite/shorecap
@@ -28,7 +28,7 @@
 #
 #   On the target system (the system where the firewall program is to run):
 #
-#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
+#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities
 #
 #    Now move the capabilities file to the compilation system. The file must
 #    be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
@@ -38,6 +38,7 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
 #        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not
--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@@ -8,7 +8,7 @@
 #  "man shorewall-lite.conf"
 #
 #  Manpage also online at
-#  https://shorewall.org/manpages/shorewall-lite.conf.html
+#  http://www.shorewall.net/manpages/shorewall-lite.conf.html
 ###############################################################################
 #                                   N 0 T E
 ###############################################################################
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -151,7 +151,7 @@ fi
 remove_file ${SBINDIR}/$PRODUCT
-if [ -h ${SHAREDIR}/$PRODUCT/init ]; then
+if [ -L ${SHAREDIR}/$PRODUCT/init ]; then
    if [ $HOST = openwrt ]; then
 	if [ $configure -eq 1 ] && /etc/init.d/$PRODUCT enabled; then
 	    /etc/init.d/$PRODUCT disable
--- a/Shorewall/Actions/action.A_Drop.deprecated
+++ b/Shorewall/Actions/action.A_Drop.deprecated
@@ -0,0 +1,56 @@
 #
 # Shorewall -- /usr/share/shorewall/action.A_Drop
 #
 # The audited default DROP common rules
 #
 # This action is invoked before a DROP policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
 ?require AUDIT_TARGET
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special Handling for Auth
 #
 Auth(A_DROP)
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before broadcast Drop.
 #
 A_AllowICMPs	-	-	icmp
 #
 # Don't log broadcasts and multicasts
 #
 dropBcast(audit)
 dropMcast(audit)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
 dropInvalid(audit)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(A_DROP)
 A_DropUPnP
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn(audit)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 A_DropDNSrep
--- a/Shorewall/Actions/action.A_REJECT
+++ b/Shorewall/Actions/action.A_REJECT
@@ -1,13 +1,13 @@
 #
-# Shorewall -- /usr/share/shorewall/action.A_REJECT
+# Shorewall -- /usr/share/shorewall/action.A_REJECTWITH
 #
 # A_REJECT Action.
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.A_REJECT!
+++ b/Shorewall/Actions/action.A_REJECT!
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.A_Reject.deprecated
+++ b/Shorewall/Actions/action.A_Reject.deprecated
@@ -0,0 +1,52 @@
 #
 # Shorewall -- /usr/share/shorewall/action.A_Reject
 #
 # The audited default REJECT action common rules
 #
 # This action is invoked before a REJECT policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
 #ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #
 COUNT
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before broadcast Drop.
 #
 A_AllowICMPs	-	-	icmp
 #
 # Drop Broadcasts and multicasts so they don't clutter up the log
 # (these must *not* be rejected).
 #
 dropBcast(audit)
 dropMcast(audit)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 dropInvalid(audit)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(A_REJECT)
 A_DropUPnP
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 dropNotSyn(audit)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 A_DropDNSrep
--- a/Shorewall/Actions/action.AllowICMPs
+++ b/Shorewall/Actions/action.AllowICMPs
@@ -7,38 +7,5 @@
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 DEFAULTS ACCEPT
 ?if __IPV4
@1	-	-	icmp	fragmentation-needed	{comment="Needed ICMP types"}
@1	-	-	icmp	time-exceeded		{comment="Needed ICMP types"}
 ?else
 ?COMMENT Needed ICMP types (RFC4890)
    @1	-		-	ipv6-icmp	destination-unreachable
    @1	-		-	ipv6-icmp	packet-too-big
    @1	-		-	ipv6-icmp	time-exceeded
    @1	-		-	ipv6-icmp	parameter-problem
 # The following should have a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	router-solicitation
    @1	-		-	ipv6-icmp	router-advertisement
    @1	-		-	ipv6-icmp	neighbour-solicitation
    @1	-		-	ipv6-icmp	neighbour-advertisement
    @1	-		-	ipv6-icmp	137	# Redirect
    @1	-		-	ipv6-icmp	141	# Inverse neighbour discovery solicitation
    @1	-		-	ipv6-icmp	142	# Inverse neighbour discovery advertisement
 # The following should have a link local source address and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	130	# Listener query
    @1	fe80::/10	-	ipv6-icmp	131	# Listener report
    @1	fe80::/10	-	ipv6-icmp	132	# Listener done
    @1	fe80::/10	-	ipv6-icmp	143	# Listener report v2
 # The following should be received with a ttl of 255 and must be allowed to transit a bridge
    @1	-		-	ipv6-icmp	148	# Certificate path solicitation
    @1	-		-	ipv6-icmp	149	# Certificate path advertisement
 # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
    @1	fe80::/10	-	ipv6-icmp	151	# Multicast router advertisement
    @1	fe80::/10	-	ipv6-icmp	152	# Multicast router solicitation
    @1	fe80::/10	-	ipv6-icmp	153	# Multicast router termination
 ?endif
--- a/Shorewall/Actions/action.Broadcast
+++ b/Shorewall/Actions/action.Broadcast
@@ -3,9 +3,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
@@ -20,7 +20,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-# Broadcast[([<action>|[,{audit|-}])]
+# Broadcast[([<action>|-[,{audit|-}])]
 #
 # Default action is DROP
 #
@@ -34,28 +34,18 @@ DEFAULTS DROP,-
 ?else
 ?begin perl;
    use strict;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
-    my ( $action, $audit ) = get_action_params( 2 );
+my ( $action )         = get_action_params( 1 );
 my $chainref           = get_action_chain;
 my ( $level, $tag )    = get_action_logging;
    fatal_error "Invalid parameter to action Broadcast" if supplied $audit && $audit ne 'audit';
    my $target             = require_audit ( $action , $audit );
    if ( $family == F_IPV4 ) {
 add_commands $chainref, 'for address in $ALL_BCASTS; do';
    } elsif ($family == F_IPV6 ) {
        add_commands $chainref, 'for address in $ALL_ACASTS; do';
    }
 incr_cmd_level $chainref;
 log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d $address ' if $level ne '';
-    add_jump $chainref, $target, 0, "-d \$address ";
+add_jump $chainref, $action, 0, "-d \$address ";
 decr_cmd_level $chainref;
 add_commands $chainref, 'done';
--- a/Shorewall/Actions/action.DNSAmp
+++ b/Shorewall/Actions/action.DNSAmp
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Drop.deprecated
+++ b/Shorewall/Actions/action.Drop.deprecated
@@ -0,0 +1,84 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Drop
 #
 # The former default DROP common rules. Use of this action is now deprecated
 #
 # This action is invoked before a DROP policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # The action accepts six optional parameters:
 #
 # 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
 #     actions.
 # 2 - Action to take with Auth requests. Default is to do nothing special
 #     with them.
 # 3 - Action to take with SMB requests. Default is DROP or A_DROP,
 #     depending on the setting of the first parameter.
 # 4 - Action to take with required ICMP packets. Default is ACCEPT or
 #     A_ACCEPT depending on the first parameter.
 # 5 - Action to take with late DNS replies (UDP source port 53). Default
 #     is DROP or A_DROP depending on the first parameter.
 # 6 - Action to take with UPnP packets. Default is DROP or A_DROP
 #     depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
 ###############################################################################
 ?warning "You are using the deprecated Drop default action. Please see http://www.shorewall.net/Actions.html#Default"
 ?if passed(@1)
    ?if @1 eq 'audit'
 DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP,A_DROP
    ?else
        ?error The first parameter to Drop must be 'audit' or '-'
    ?endif
 ?else
 DEFAULTS -,-,DROP,ACCEPT,DROP,DROP
 ?endif
 #ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special Handling for Auth
 #
 ?if passed(@2)
 Auth(@2)
 ?endif
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before silent broadcast Drop.
 #
 AllowICMPs(@4)	-	-	icmp
 #
 # Don't log broadcasts or multicasts
 #
 Broadcast(DROP,@1)
 Multicast(DROP,@1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log.
 #
 Invalid(DROP,@1)
 #
 # Drop Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(@3)
 DropUPnP(@6)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 NotSyn(DROP,@1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DropDNSrep(@5)
--- a/Shorewall/Actions/action.Established
+++ b/Shorewall/Actions/action.Established
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.FIN
+++ b/Shorewall/Actions/action.FIN
@@ -1,33 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.FIN
 #
 # FIN Action
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # FIN[([<action>])]
 #
 # Default action is ACCEPT
 #
 ###############################################################################
 DEFAULTS ACCEPT,-
@1	 -	-	;;+ -p 6 --tcp-flags ACK,FIN ACK,FIN
--- a/Shorewall/Actions/action.GlusterFS
+++ b/Shorewall/Actions/action.GlusterFS
@@ -13,9 +13,9 @@
 DEFAULTS 2,0
 ?if @1 !~ /^\d+/ || ! @1 || @1 > 1024
-    ?error Invalid value (@1) for the GlusterFS Bricks argument
+    ?error Invalid value for Bricks (@1)
 ?elsif @2 !~ /^[01]$/
-    ?error Invalid value (@2) for the GlusterFS IB argument
+    ?error Invalid value for IB (@2)
 ?endif
 #ACTION		SOURCE		DEST		PROTO	DPORT
--- a/Shorewall/Actions/action.IfEvent
+++ b/Shorewall/Actions/action.IfEvent
@@ -27,7 +27,7 @@
 #                the IP address that are older than <duration> seconds.
 # Disposition  - Disposition for any event generated.
 #
-# For additional information, see https://shorewall.org/Events.html
+# For additional information, see http://www.shorewall.net/Events.html
 #
 ###############################################################################
 #                                         DO NOT REMOVE THE FOLLOWING LINE
@@ -107,14 +107,11 @@ if ( $command & $REAP_OPT ) {
 $duration .= '--rttl ' if $command & $TTL_OPT;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "-m recent --rcheck ${duration}--hitcount $hitcount" );
    $action = 'ACCEPT';
 }
 if ( $command & $RESET_CMD ) {
    require_capability 'MARK_ANYWHERE', '"reset"', 's';
    print "Resetting....\n";
    my $mark = $globals{EVENT_MARK};
    #
    # The event mark bit must be within 32 bits
@@ -133,7 +130,7 @@ if ( $command & $RESET_CMD ) {
    #
    # if the event is armed, remove it and perform the action
    #
-    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event $srcdst" );
+    perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event" );
 } elsif ( $command & $UPDATE_CMD ) {
    perl_action_helper( $action, "-m recent --update ${duration}--hitcount $hitcount --name $event $srcdst" );
 } else {
--- a/Shorewall/Actions/action.Invalid
+++ b/Shorewall/Actions/action.Invalid
@@ -4,9 +4,9 @@
 # Invalid Action
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Limit
+++ b/Shorewall/Actions/action.Limit
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Multicast
+++ b/Shorewall/Actions/action.Multicast
@@ -3,9 +3,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
@@ -33,22 +33,16 @@ DEFAULTS DROP,-
 ?else
 ?begin perl;
    use strict;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
-    my ( $action, $audit ) = get_action_params( 2 );
+my ( $action )         = get_action_params( 1 );
 my $chainref           = get_action_chain;
 my ( $level, $tag )    = get_action_logging;
-    fatal_error "Invalid parameter to action Multicast" if supplied $audit && $audit ne 'audit';
+log_rule_limit $level, $chainref, 'Multicast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
-
+add_jump $chainref, $action, 0, '-d 224.0.0.0/4 ';
    my $target = require_audit ( $action , $audit );
    my $dest   = ( $family == F_IPV4 ) ? join( ' ', '-d', IPv4_MULTICAST . ' ' ) : join( ' ', '-d', IPv6_MULTICAST . ' ' );
    log_rule_limit( $level, $chainref, 'Multicast' , $action, '', $tag, 'add', $dest ) if $level ne '';
    add_jump $chainref, $target, 0, $dest;
 1;
--- a/Shorewall/Actions/action.New
+++ b/Shorewall/Actions/action.New
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.NotSyn
+++ b/Shorewall/Actions/action.NotSyn
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.RST
+++ b/Shorewall/Actions/action.RST
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2012-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.Reject.deprecated
+++ b/Shorewall/Actions/action.Reject.deprecated
@@ -0,0 +1,85 @@
 #
 # Shorewall -- /usr/share/shorewall/action.Reject
 #
 # The former default REJECT action common rules. Use of this action is deprecated.
 #
 # This action is invoked before a REJECT policy is enforced. The purpose
 # of the action is:
 #
 # a) Avoid logging lots of useless cruft.
 # b) Ensure that certain ICMP packets that are necessary for successful
 #    internet operation are always ACCEPTed.
 #
 # The action accepts six optional parameters:
 #
 # 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
 #     actions.
 # 2 - Action to take with Auth requests. Default is to do nothing
 #     special with them.
 # 3 - Action to take with SMB requests. Default is REJECT or A_REJECT,
 #     depending on the setting of the first parameter.
 # 4 - Action to take with required ICMP packets. Default is ACCEPT or
 #     A_ACCEPT depending on the first parameter.
 # 5 - Action to take with late DNS replies (UDP source port 53). Default
 #     is DROP or A_DROP depending on the first parameter.
 # 6 - Action to take with UPnP packets. Default is DROP or A_DROP
 #     depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
 ?warning "You are using the deprecated Reject default action. Please see http://www.shorewall.net/Actions.html#Default"
 ?if passed(@1)
    ?if @1 eq 'audit'
 DEFAULTS -,-,A_REJECT,A_ACCEPT,A_DROP,A_DROP
    ?else
 	?error The first parameter to Reject must be 'audit' or '-'
    ?endif
 ?else
 DEFAULTS -,-,REJECT,ACCEPT,DROP,DROP
 ?endif
 #ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #
 COUNT
 #
 # Special handling for Auth
 #
 ?if passed(@2)
 Auth(@2)
 ?endif
 #
 # ACCEPT critical ICMP types
 #
 # For IPv6 connectivity ipv6-icmp broadcasting is required so
 # AllowICMPs must be before silent broadcast Drop.
 #
 AllowICMPs(@4)	-	-	icmp
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).
 #
 Broadcast(DROP,@1)
 Multicast(DROP,@1)
 #
 # Drop packets that are in the INVALID state -- these are usually ICMP packets
 # and just confuse people when they appear in the log (these ICMPs cannot be
 # rejected).
 #
 Invalid(DROP,@1)
 #
 # Reject Microsoft noise so that it doesn't clutter up the log.
 #
 SMB(@3)
 DropUPnP(@6)
 #
 # Drop 'newnotsyn' traffic so that it doesn't get logged.
 #
 NotSyn(DROP,@1)	-	-	tcp
 #
 # Drop late-arriving DNS replies. These are just a nuisance and clutter up
 # the log.
 #
 DropDNSrep(@5)
--- a/Shorewall/Actions/action.Related
+++ b/Shorewall/Actions/action.Related
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.ResetEvent
+++ b/Shorewall/Actions/action.ResetEvent
@@ -13,7 +13,7 @@
 #               address (dst)
 # Disposition - Disposition for any rule generated.
 #
-# For additional information, see https://shorewall.org/Events.html
+# For additional information, see http://www.shorewall.net/Events.html
 #
 ###############################################################################
 #                        DO NOT REMOVE THE FOLLOWING LINE
@@ -41,11 +41,6 @@ fatal_error "Invalid Src or Dest ($destination)" unless $destination =~ /^(?:src
 set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "" );
    $action = 'ACCEPT';
 }
 if ( $destination eq 'dst' ) {
    perl_action_helper( $action, '', '', "-m recent --name $event --remove --rdest" );
 } else {
--- a/Shorewall/Actions/action.SetEvent
+++ b/Shorewall/Actions/action.SetEvent
@@ -13,7 +13,7 @@
 #               address (dst)
 # Disposition - Disposition for any event generated.
 #
-# For additional information, see https://shorewall.org/Events.html
+# For additional information, see http://www.shorewall.net/Events.html
 #
 DEFAULTS -,ACCEPT,src
@@ -37,11 +37,6 @@ fatal_error "Invalid Src or Dest ($destination)" unless $destination =~ /^(?:src
 set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;
 if ( ( $targets{$action} || 0 ) & NATRULE ) {
    perl_action_helper( "${action}-", "" );
    $action = 'ACCEPT';
 }
 if ( $destination eq 'dst' ) {
    perl_action_helper( $action, '', '', "-m recent --name $event --set --rdest" );
 } else {
--- a/Shorewall/Actions/action.TCPFlags
+++ b/Shorewall/Actions/action.TCPFlags
@@ -26,4 +26,4 @@ $tcpflags_action	-	-	;;+ -p 6 --tcp-flags ALL FIN,URG,PSH
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags ALL NONE
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags SYN,RST SYN,RST
 $tcpflags_action	-	-	;;+ -p 6 --tcp-flags SYN,FIN SYN,FIN
-$tcpflags_action	-	-	;;+ -p 6 --syn --sport 0
+$tcpflags_action	-	-	;;+ -p tcp --syn --sport 0
--- a/Shorewall/Actions/action.Untracked
+++ b/Shorewall/Actions/action.Untracked
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowBcast
+++ b/Shorewall/Actions/action.allowBcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowInvalid
+++ b/Shorewall/Actions/action.allowInvalid
@@ -3,9 +3,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowMcast
+++ b/Shorewall/Actions/action.allowMcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.allowinUPnP
+++ b/Shorewall/Actions/action.allowinUPnP
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropBcast
+++ b/Shorewall/Actions/action.dropBcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropBcasts
+++ b/Shorewall/Actions/action.dropBcasts
@@ -1,39 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/action.dropBcasts
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
 # Complete documentation is available at https://shorewall.org
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # dropBcasts[([audit])]
 #
 ###############################################################################
 DEFAULTS -
 ?if passed(@1)
    ?if @1 eq 'audit'
 	?require AUDIT_TARGET
 	Broadcast(A_DROP)
    ?else
 	?error "Invalid argument (@1) to dropBcasts"
    ?endif
 ?else
    Broadcast(DROP)
 ?endif
--- a/Shorewall/Actions/action.dropInvalid
+++ b/Shorewall/Actions/action.dropInvalid
@@ -5,9 +5,9 @@
 #
 # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-# (c) 2011-2017 Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropMcast
+++ b/Shorewall/Actions/action.dropMcast
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.dropNotSyn
+++ b/Shorewall/Actions/action.dropNotSyn
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.forwardUPnP
+++ b/Shorewall/Actions/action.forwardUPnP
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.mangletemplate
+++ b/Shorewall/Actions/action.mangletemplate
@@ -13,7 +13,7 @@
 # 2. Copy this file to /etc/shorewall/action.<action name>
 # 3. Add the desired rules to that file.
 #
-# Please see https://shorewall.org/Actions.html for additional
+# Please see http://shorewall.net/Actions.html for additional
 # information.
 #
 # Columns are the same as in /etc/shorewall/mangle.
--- a/Shorewall/Actions/action.rejNotSyn
+++ b/Shorewall/Actions/action.rejNotSyn
@@ -5,7 +5,7 @@
 #
 # (c) 2017 Tom Eastep (teastep@shorewall.net)
 #
-# Complete documentation is available at https://shorewall.org
+# Complete documentation is available at http://shorewall.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/Actions/action.template
+++ b/Shorewall/Actions/action.template
@@ -13,7 +13,7 @@
 # 2. Copy this file to /etc/shorewall/action.<action name>
 # 3. Add the desired rules to that file.
 #
-# Please see https://shorewall.org/Actions.html for additional
+# Please see http://shorewall.net/Actions.html for additional
 # information.
 #
 # Columns are the same as in /etc/shorewall/rules.
--- a/Shorewall/Contrib/swping
+++ b/Shorewall/Contrib/swping
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     Shorewall WAN Interface monitor - V5.2
+#     Shorewall WAN Interface monitor - V4.4
 #
 #     Inspired by Angsuman Chakraborty's gwping script.
 #
@@ -21,7 +21,7 @@
 #	along with this program; if not, write to the Free Software
 #	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#  For information about this script, see  https://shorewall.org/MultiISP.html#swping.
+#  For information about this script, see  http://www.shorewall.net/MultiISP.html#swping.
 #
 ###########################################################################################
 #
--- a/Shorewall/Contrib/swping.init
+++ b/Shorewall/Contrib/swping.init
@@ -1,5 +1,5 @@
 #!/bin/sh
-#     Shorewall WAN Interface monitor - V5.2
+#     Shorewall WAN Interface monitor - V4.4
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -7,7 +7,7 @@
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#	Complete documentation is available at https://shorewall.org
+#	Complete documentation is available at http://shorewall.net
 #
 #	This program is free software; you can redistribute it and/or modify
 #	it under the terms of Version 2 of the GNU General Public License
--- a/Shorewall/INSTALL
+++ b/Shorewall/INSTALL
@@ -18,7 +18,7 @@ Shoreline Firewall (Shorewall) Version 5
 ---------------------------------------------------------------------------
-Please see https://shorewall.org/Install.htm for installation
+Please see http://www.shorewall.net/Install.htm for installation
 instructions.
--- a/Shorewall/Macros/IPFS-swarm
+++ b/Shorewall/Macros/IPFS-swarm
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-swarm
 #
 # This macro handles IPFS data traffic (the connection to IPFS swarm).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     4001
--- a/Shorewall/Macros/macro.Bitcoin
+++ b/Shorewall/Macros/macro.Bitcoin
@@ -1,8 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.Bitcoin
 #
 # Macro for handling Bitcoin P2P traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	8333
--- a/Shorewall/Macros/macro.BitcoinRPC
+++ b/Shorewall/Macros/macro.BitcoinRPC
@@ -1,8 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinRPC
 #
 # Macro for handling Bitcoin RPC traffic
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	8332
--- a/Shorewall/Macros/macro.BitcoinRegtest
+++ b/Shorewall/Macros/macro.BitcoinRegtest
@@ -1,8 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinRegtest
 #
 # Macro for handling Bitcoin P2P traffic (Regtest mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18444
--- a/Shorewall/Macros/macro.BitcoinTestnet
+++ b/Shorewall/Macros/macro.BitcoinTestnet
@@ -1,8 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinTestnet
 #
 # Macro for handling Bitcoin P2P traffic (Testnet mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18333
--- a/Shorewall/Macros/macro.BitcoinTestnetRPC
+++ b/Shorewall/Macros/macro.BitcoinTestnetRPC
@@ -1,8 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinTestnetRPC
 #
 # Macro for handling Bitcoin RPC traffic (Testnet and Regtest mode)
 #
 ##############################################################################################################################################################
 #ACTION     SOURCE      DEST        PROTO   DPORT   SPORT   ORIGDEST    RATE    USER    MARK    CONNLIMIT   TIME    HEADERS SWITCH  HELPER
 PARAM       -           -           tcp     18332
--- a/Shorewall/Macros/macro.BitcoinZMQ
+++ b/Shorewall/Macros/macro.BitcoinZMQ
@@ -1,9 +0,0 @@
 #
 # Shorewall --/usr/share/shorewall/macro.BitcoinZMQ
 #
 # Macro for handling Bitcoin ZMQ traffic
 # See https://github.com/bitcoin/bitcoin/blob/master/doc/zmq.md
 #
 ##############################################################################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
 PARAM		-		-		tcp	28332
--- a/Shorewall/Macros/macro.Cockpit
+++ b/Shorewall/Macros/macro.Cockpit
@@ -1,12 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.Cockpit
 #
 # This macro handles Time protocol (RFC868).
 # Unless you are supporting extremely old hardware or software,
 # you shouldn't be using this.  NTP is a superior alternative.
 #
 #		By Eric Teeter
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	9090
--- a/Shorewall/Macros/macro.FreeIPA
+++ b/Shorewall/Macros/macro.FreeIPA
@@ -1,16 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.FreeIPA
 #
 # This macro handles FreeIPA server traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 DNS
 HTTP
 HTTPS
 Kerberos
 Kpasswd
 LDAP
 LDAPS
 NTP
--- a/Shorewall/Macros/macro.IPFS-API
+++ b/Shorewall/Macros/macro.IPFS-API
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-API
 #
 # This macro handles IPFS API port (commands for the IPFS daemon).
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     5001
--- a/Shorewall/Macros/macro.IPFS-gateway
+++ b/Shorewall/Macros/macro.IPFS-gateway
@@ -1,9 +0,0 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.IPFS-gateway
 #
 # This macro handles the IPFS gateway to HTTP.
 #
 ###############################################################################
 #ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE   USER
 PARAM   -       -       tcp     8080
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	e8b90f89a3	Clean up column/value pair editing. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-22 09:47:48 -07:00
Tom Eastep	870f6130ee	Set $parmsmodified on ?reset Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-18 12:39:33 -07:00