Merge branch 'busybox-shell-fixes/v1' into 'master'

lib.cli-std: fix two shell errors when AUTOMAKE is false

See merge request shorewall/code!14

Shorewall-core/Shorewall-core-targetname

@@ -1 +1 @@
-5.2.8-Beta1
+5.2.8-RC1

Shorewall-core/install.sh

@@ -324,6 +324,15 @@ install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
 
 echo
 echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
+#
+# Install stop_service
+#
+if [ -n "${STOPSERVICEFILE}" ]; then
+    install_file ${STOPSERVICEFILE} ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service 0755
+
+    echo
+    echo "${STOPSERVICEFILE} installed in ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service"
+fi
 
 #
 # Install the libraries

Shorewall-core/lib.cli

@@ -3605,7 +3605,7 @@ status_command() {
 
     [ $# -eq 0 ] || missing_argument
 
-    [ $VERBOSITY -ge 1 ] && echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
+    [ $VERBOSITY -ge 1 ] && echo "${g_product} $SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
     show_status
     [ -n "$interfaces" ] && show_interfaces
     exit $status
@@ -4019,9 +4019,15 @@ setup_dbl() {
 # the Standard CLI by loading lib.cli-std
 ################################################################################
 #
-# Set the configuration variables from shorewall[6]-lite.conf.
+# Set the configuration variables from shorewall[6]-lite.conf. This function
+# is replaced by the one in lib.cli-std (Shorewall product) when Shorewall or
+# Shorewall6 is being run.
 #
-get_config() {
+#     $1 = Yes: read the params file
+#     $2 = Yes: check for STARTUP_ENABLED
+#     $3 = Yes: Check for LOGFILE
+#
+lite_get_config() {
     local config
     local lib
 
@@ -4170,7 +4176,7 @@ get_config() {
 
 	    [ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
 
-	    g_pager="| $g_pager"
+	    g_pager="2>&1 | $g_pager"
 	fi
     fi
 
@@ -4183,10 +4189,22 @@ get_config() {
     [ -f $lib ] && . $lib
 
 }
+
+#
+# get_config() -- calls the appropriate xxx_get_config()
+#
+get_config() {
+    if [ -z "$g_lite" ]; then
+	std_get_config $@
+    else
+	lite_get_config $@
+    fi
+}
+
 #
 # Start Command Executor
 #
-start_command() {
+lite_start_command() {
     local finished
     finished=0
 
@@ -4273,10 +4291,21 @@ start_command() {
     do_it
 }
 
+#
+# start_command() -- calls the appropriate xxx_start_command()
+#
+start_command() {
+    if [ -z "$g_lite" ]; then
+	std_start_command $@
+    else
+	lite_start_command $@
+    fi
+}
+
 #
 # Reload/Restart Command Executor
 #
-restart_command() {
+lite_restart_command() {
     local finished
     finished=0
     local rc
@@ -4345,6 +4374,17 @@ restart_command() {
     return $rc
 }
 
+#
+# restart_command() -- calls the appropriate xxx_restart_command()
+#
+restart_command() {
+    if [ -z "$g_lite" ]; then
+	std_restart_command $@
+    else
+	lite_restart_command $@
+    fi
+}
+
 run_command() {
     if [ -x $g_firewall ] ; then
 	run_it $g_firewall $@
@@ -4713,7 +4753,7 @@ shorewall_cli() {
 	exit 1
     fi
 
-    banner="${g_product}-${SHOREWALL_VERSION} Status at $g_hostname -"
+    banner="${g_product} ${SHOREWALL_VERSION} Status at $g_hostname -"
 
     COMMAND=$1
 
@@ -4803,7 +4843,7 @@ shorewall_cli() {
 	logwatch)
 	    only_root
 	    get_config Yes Yes Yes
-	    banner="${g_product}-$SHOREWALL_VERSION Logwatch at $g_hostname -"
+	    banner="${g_product} $SHOREWALL_VERSION Logwatch at $g_hostname -"
 	    logwatch_command $@
 	    ;;
 	drop)

Shorewall-core/manpages/shorewall.xml

@@ -981,7 +981,22 @@
               <td><command>shorewall -6</command> or <command>shorewall
               -6l</command></td>
             </tr>
+
+            <tr>
+              <td><command>shorewall</command></td>
+
+              <td><command>shorewall -l</command></td>
+            </tr>
           </table>
+
+          <para>Note that when Shorewall isn't installed, the 'shorewall'
+          command behaves like shorewall-lite. The same is not true with
+          respect to Shorewall6, "shorewall6" and 'shorewall6-lite". You can
+          make 'shorewall6' behave like 'shorewallt-lite' by adding the
+          following command to root's .profile file (or to .bashrc, if root's
+          shell is bash):</para>
+
+          <programlisting>    alias shorewall6=shorewall6-lite</programlisting>
         </listitem>
       </varlistentry>
 
@@ -2458,8 +2473,8 @@
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">bl|blacklists</emphasis>
-              [-<option>x</option>]</term>
+              <term><emphasis role="bold">[-<option>x</option>]
+              bl|blacklists</emphasis></term>
 
               <listitem>
                 <para>Added in Shorewall 4.6.2. Displays the dynamic chain
@@ -2906,9 +2921,9 @@
           listed in <ulink
           url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
           or permitted by the ADMINISABSENTMINDED option in <ulink
-          url="/manpages/shorewall.conf.html">shorewall.conf</ulink> The only
-          new traffic permitted through the firewall is from systems listed in
-          <ulink
+          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>, are taken
+          down. The only new traffic permitted through the firewall is from
+          systems listed in <ulink
           url="/manpages/shorewall-stoppedrules.html">shorewall-stoppedrules</ulink>(5)
           or by ADMINISABSENTMINDED.</para>
         </listitem>

Shorewall-core/shorewallrc.debian.systemd

@@ -22,3 +22,4 @@ SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf
+STOPSERVICEFILE=stop_service.debian	#Name of script to stop systemd service that honours `SAFESTOP`.

Shorewall-core/stop_service.debian

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+PRODUCT=$1
+
+. /etc/default/${PRODUCT}
+
+if [ "$SAFESTOP" = 1 ]; then
+  COMMAND=stop
+else
+  COMMAND=clear
+fi
+
+if [ "${PRODUCT}" = shorewall6 ]; then
+  EXEC="/sbin/shorewall -6"
+else
+  EXEC="/sbin/${PRODUCT}"
+fi
+
+exec ${EXEC} ${OPTIONS} ${COMMAND}

Shorewall-core/uninstall.sh

@@ -134,6 +134,7 @@ fi
 
 remove_directory ${SHAREDIR}/shorewall
 remove_file ~/.shorewallrc
+remove_file ${SBINDIR}/shorewall
 
 #
 # Report Success

Shorewall-init/shorewall-init.service

@@ -12,7 +12,7 @@ Wants=network-pre.target
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
-StandardOutput=syslog
+StandardOutput=journal
 ExecStart=/sbin/shorewall-init start
 ExecStop=/sbin/shorewall-init stop
 

Shorewall-init/shorewall-init.service.debian

@@ -6,6 +6,7 @@
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
+Documentation=man:shorewall-init(8)
 Before=network.target
 
 [Service]

Shorewall-lite/init.debian.sh

@@ -13,8 +13,8 @@
 
 . /lib/lsb/init-functions
 
-SRWL='/sbin/shorewall -l'
-SRWL_OPTS="-tvv"
+SRWL=/sbin/shorewall
+SRWL_OPTS="-ltvv"
 test -n ${INITLOG:=/var/log/shorewall-lite-init.log}
 
 [ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0

Shorewall-lite/shorewall-lite.service

@@ -13,7 +13,7 @@ Conflicts=iptables.service firewalld.service
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
-StandardOutput=syslog
+StandardOutput=journal
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 

Shorewall-lite/shorewall-lite.service.debian

@@ -6,6 +6,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
+Documentation=man:shorewall-lite(8)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
@@ -16,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall-lite
 ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 
 [Install]

Shorewall/Actions/action.AllowICMPs

@@ -20,22 +20,23 @@ DEFAULTS ACCEPT
 
 # The following should have a ttl of 255 and must be allowed to transit a bridge
     @1	-		-	ipv6-icmp	router-solicitation
-    @1	-		-	ipv6-icmp	router-advertisement
     @1	-		-	ipv6-icmp	neighbour-solicitation
     @1	-		-	ipv6-icmp	neighbour-advertisement
-    @1	-		-	ipv6-icmp	137	# Redirect
     @1	-		-	ipv6-icmp	141	# Inverse neighbour discovery solicitation
     @1	-		-	ipv6-icmp	142	# Inverse neighbour discovery advertisement
 
-# The following should have a link local source address and must be allowed to transit a bridge
+# The following must have a link local source address and must be allowed to transit a bridge
     @1	fe80::/10	-	ipv6-icmp	130	# Listener query
     @1	fe80::/10	-	ipv6-icmp	131	# Listener report
     @1	fe80::/10	-	ipv6-icmp	132	# Listener done
+    @1	fe80::/10	-	ipv6-icmp	router-advertisement
+    @1	::		-	ipv6-icmp	143	# Listener report v2
     @1	fe80::/10	-	ipv6-icmp	143	# Listener report v2
 
 # The following should be received with a ttl of 255 and must be allowed to transit a bridge
-    @1	-		-	ipv6-icmp	148	# Certificate path solicitation
-    @1	-		-	ipv6-icmp	149	# Certificate path advertisement
+    @1	::		-	ipv6-icmp	148	# Certificate path solicitation
+    @1	fe80::/10	-	ipv6-icmp	148	# Certificate path solicitation
+    @1	fe80::/10	-	ipv6-icmp	149	# Certificate path advertisement
 
 # The following should have a link local source address and a ttl of 1 and must be allowed to transit a bridge
     @1	fe80::/10	-	ipv6-icmp	151	# Multicast router advertisement

Shorewall/Macros/macro.NFS

@@ -0,0 +1,12 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.NFS
+#
+# This macro handles NFS v4.1+ traffic with default ports.
+# You should only allow NFS traffic between hosts you fully trust.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	111		# portmapper, rpcbind
+PARAM	-	-	tcp	2049		# nfs
+PARAM	-	-	tcp	20048		# mountd

Shorewall/Macros/macro.TorMetrics

@@ -0,0 +1,8 @@
+#
+# Shorewall --/usr/share/shorewall/macro.TorMetrics
+#
+# Macro for handling Tor Onion Network traffic
+#
+##############################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
+PARAM		-		-		tcp	9035	

Shorewall/Perl/Shorewall/Chains.pm

@@ -7478,9 +7478,9 @@ sub have_address_variables() {
 #
 # Generate setting of run-time global shell variables
 #
-sub set_global_variables( $$ ) {
+sub set_global_variables( $$$ ) {
 
-    my ( $setall, $conditional ) = @_;
+    my ( $setall, $conditional, $call_generate_all_acasts ) = @_;
 
     if ( $conditional ) {
 	my ( $interface, @interfaces );
@@ -7513,16 +7513,17 @@ sub set_global_variables( $$ ) {
     }
 
     if ( $setall ) {
-	emit $interfaceaddr{$_}         for sortkeysiftest %interfaceaddr;
-	emit $interfacenets{$_}         for sortkeysiftest %interfacenets;
+	if ( $conditional ) {
+	    emit $interfaceaddr{$_}         for sortkeysiftest %interfaceaddr;
+	    emit $interfacenets{$_}         for sortkeysiftest %interfacenets;
+	}
 
 	unless ( have_capability( 'ADDRTYPE' ) ) {
-
 	    if ( $family == F_IPV4 ) {
 		emit 'ALL_BCASTS="$(get_all_bcasts) 255.255.255.255"';
 		emit $interfacebcasts{$_} for sortkeysiftest %interfacebcasts;
 	    } else {
-		generate_all_acasts;
+		emit $call_generate_all_acasts;
 		emit $interfaceacasts{$_} for sortkeysiftest %interfaceacasts;
 	    }
 	}

Shorewall/Perl/Shorewall/Compiler.pm

@@ -276,12 +276,18 @@ sub generate_script_2() {
 
     emit "}\n"; # End of initialize()
 
+    #
+    # Conditionally emit the 'generate_all_acasts() function
+    #
+    my $call_generate_all_acasts = $family == F_IPV6 && ! have_capability( 'ADDRTYPE' ) ? generate_all_acasts : '';
+
     emit( '' ,
 	  '#' ,
 	  '# Set global variables holding detected IP information' ,
 	  '#' ,
 	  'detect_configuration()',
-	  '{' );
+	  '{'
+	);
 
     my $global_variables    = have_global_variables;
     my $optional_interfaces = find_interfaces_by_option( 'optional' );
@@ -312,7 +318,7 @@ sub generate_script_2() {
 
 	    if ( $global_variables == ( ALL_COMMANDS | NOT_RESTORE ) ) {
 		verify_required_interfaces(0);
-		set_global_variables(0, 0);
+		set_global_variables( $family == F_IPV6, 0, $call_generate_all_acasts );
 		handle_optional_interfaces;
 	    }
 
@@ -326,7 +332,7 @@ sub generate_script_2() {
 	}
 
 	verify_required_interfaces(1);
-	set_global_variables(1,1);
+	set_global_variables(1, 1, $call_generate_all_acasts );
 	handle_optional_interfaces;
 
 	if ( $global_variables & NOT_RESTORE ) {

Shorewall/Perl/Shorewall/Config.pm

@@ -884,7 +884,7 @@ sub initialize($;$$$$) {
 		    TC_SCRIPT               => '',
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
-		    VERSION                 => '5.2.7-Beta1',
+		    VERSION                 => '5.2.8-RC1',
 		    CAPVERSION              => 50207 ,
 		    BLACKLIST_LOG_TAG       => '',
 		    RELATED_LOG_TAG         => '',
@@ -1507,7 +1507,7 @@ sub qt1( $ ) {
 }
 
 #
-# Delete the test chains
+# Delete the test chains and IP sets
 #
 sub cleanup_iptables() {
     qt1( "$iptables $iptablesw -F $sillyname" );
@@ -1530,6 +1530,12 @@ sub cleanup_iptables() {
 	qt1( "$iptables $iptablesw -t raw -X $sillyname" );
     }
 
+    my $ipset  = $config{IPSET} || 'ipset';
+    $ipset = which( $ipset ) unless $ipset =~ '/';
+    if ( $ipset && -x $ipset ) {
+	qt( "$ipset -X $sillyname" );
+    }
+
     $sillyname = $sillyname1 = '';
 }
 
@@ -1574,7 +1580,7 @@ sub cleanup() {
     unlink ( $perlscriptname ), $perlscriptname = undef if $perlscriptname;
     unlink ( @tempfiles ), @tempfiles = ()              if @tempfiles;
     #
-    # Delete temporary chains
+    # Delete temporary chains and IP sets
     #
     cleanup_iptables if $sillyname;
 }
@@ -5683,6 +5689,11 @@ sub process_shorewall_conf( $$ ) {
 	$globals{CONFIGDIR} =  $configfile = $file;
 	$globals{CONFIGDIR} =~ s/$product.conf//;
 
+	if ( $export ) {
+	    use Sys::Hostname;
+	    $globals{CONFIGDIR} = join( ':', hostname, $globals{CONFIGDIR} );
+	}
+
 	if ( -r _ ) {
 	    open_file $file;
 
@@ -5811,9 +5822,10 @@ sub get_capabilities($)
 	fatal_error "Can't find $toolname executable" unless $iptables = which $toolname;
     }
     #
-    # Determine if iptables supports the -w option
+    # Determine if iptables supports the -w option unless we already have
+    # existing capabilities
     #
-    $iptablesw = qt1( "$iptables -w -L -n") ? '-w' : '';
+    $iptablesw = qt1( "$iptables -w -n -L INPUT") ? '-w' : '' unless $_[0];
 
     my $iptables_restore=$iptables . '-restore';
 

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -149,14 +149,13 @@ sub validate_4address( $$ ) {
 
     unless ( valid_4address $addr ) {
 	fatal_error "Invalid IP Address ($addr)" unless $allow_name;
-	fatal_error "Unknown Host ($addr)" unless  @addrs = gethostbyname( $addr );
+	my ( $err, @addr_structs ) = Socket::getaddrinfo( $addr, 0, {
+	    family => Socket::AF_INET,
+	    protocol => Socket::IPPROTO_TCP,
+	} );
+	fatal_error "Unknown Host ($addr)" if $err != 0;
 
-	if ( defined wantarray ) {
-	    shift @addrs for (1..4);
-	    for ( @addrs ) {
-		$_ = ( inet_ntoa( $_ ) );
-	    }
-	}
+	@addrs = translate_addr_structs( @addr_structs );
     }
 
     defined wantarray ? wantarray ? @addrs : $addrs[0] : undef;
@@ -164,14 +163,14 @@ sub validate_4address( $$ ) {
 
 sub resolve_4dnsname( $ ) {
     my $net = $_[0];
-    my @addrs;
 
-    fatal_error "Unknown Host ($net)" unless  @addrs = gethostbyname( $net );
+    my ( $err, @addr_structs ) = Socket::getaddrinfo( $net, 0, {
+	family => Socket::AF_INET,
+	protocol => Socket::IPPROTO_TCP,
+    } );
+    fatal_error "Unknown Host ($net)" if $err != 0;
 
-    shift @addrs for (1..4);
-    for ( @addrs ) {
-	$_ = ( inet_ntoa( $_ ) );
-    }
+    my @addrs = translate_addr_structs( @addr_structs );
 
     @addrs;
 } 
@@ -508,15 +507,13 @@ sub validate_6address( $$ ) {
 
     unless ( valid_6address $addr ) {
 	fatal_error "Invalid IPv6 Address ($addr)" unless $allow_name;
-	require Socket6;
-	fatal_error "Unknown Host ($addr)" unless (@addrs = Socket6::gethostbyname2( $addr, Socket6::AF_INET6()));
+	my ( $err, @addr_structs ) = Socket::getaddrinfo( $addr, 0, {
+	    family => Socket::AF_INET6,
+	    protocol => Socket::IPPROTO_TCP,
+	} );
+	fatal_error "Unknown Host ($addr)" if $err != 0;
 
-	if ( defined wantarray ) {
-	    shift @addrs for (1..4);
-	    for ( @addrs ) {
-		$_ = Socket6::inet_ntop( Socket6::AF_INET6(), $_ );
-	    }
-	}
+	@addrs = translate_addr_structs( @addr_structs );
     }
 
     defined wantarray ? wantarray ? @addrs : $addrs[0] : undef;
@@ -524,15 +521,14 @@ sub validate_6address( $$ ) {
 
 sub resolve_6dnsname( $ ) {
     my $net = $_[0];
-    my @addrs;
     
-    require Socket6;
-    fatal_error "Unknown Host ($net)" unless (@addrs = Socket6::gethostbyname2( $net, Socket6::AF_INET6()));
+    my ( $err, @addr_structs ) = Socket::getaddrinfo( $net, 0, {
+	family => Socket::AF_INET6,
+	protocol => Socket::IPPROTO_TCP,
+    } );
+    fatal_error "Unknown Host ($net)" if $err != 0;
 
-    shift @addrs for (1..4);
-    for ( @addrs ) {
-	$_ = Socket6::inet_ntop( Socket6::AF_INET6(), $_ );
-    }
+    my @addrs = translate_addr_structs( @addr_structs );
 
     @addrs;
 }
@@ -661,6 +657,19 @@ sub validate_6host( $$ ) {
     }
 }
 
+sub translate_addr_structs {
+    my @addr_structs = @_;
+
+    my @addrs;
+    foreach my $addr_struct ( @addr_structs ) {
+	my ( $err, $ip_addr ) = Socket::getnameinfo( $addr_struct->{addr},
+	    Socket::NI_NUMERICHOST, Socket::NIx_NOSERV );
+        push @addrs, $ip_addr if $err == 0;
+    }
+
+    return @addrs;
+}
+
 my %ipv6_icmp_types = ( any                          => 'any',
 			'destination-unreachable'    => 1,
 			'no-route'                   => '1/0',

Shorewall/Perl/Shorewall/Tc.pm

@@ -72,6 +72,9 @@ our %flow_keys = ( 'src'            => 1,
 #                              out_bandwidth => <value> ,
 #                              number        => <number>,
 #                              classify      => 0|1
+#                              flow          => Comma-separated flow tupple
+#                              classify      => 0|1
+#                              pfifo         => 0|1
 #                              tablenumber   => <next u32 table to be allocated for this device>
 #                              default       => <default class mark value>
 #                              redirected    => [ <dev1>, <dev2>, ... ]
@@ -80,6 +83,13 @@ our %flow_keys = ( 'src'            => 1,
 #                              qdisc         => htb|hfsc
 #                              guarantee     => <total RATE of classes seen so far>
 #                              name          => <interface>
+#                              filters       => [ filter, ... ]
+#                              linklayer     => <type> (optional)
+#                              overhead      => <number>
+#                              mtu           => <number>
+#                              tsize         => <number>
+#                              filterpri     => <number> (initially 0)
+#                              connmark      => 0|1
 #                                               }
 #
 our @tcdevices;
@@ -139,12 +149,14 @@ sub initialize( $ ) {
 sub rate_to_kbit( $ ) {
     my $rate = $_[0];
 
-    return 0           if $rate eq '-';
-    return $1          if $rate =~ /^((\d+)(\.\d+)?)kbit$/i;
-    return $1 * 1000   if $rate =~ /^((\d+)(\.\d+)?)mbit$/i;
-    return $1 * 8000   if $rate =~ /^((\d+)(\.\d+)?)mbps$/i;
-    return $1 * 8      if $rate =~ /^((\d+)(\.\d+)?)kbps$/i;
-    return ($1/125)    if $rate =~ /^((\d+)(\.\d+)?)(bps)?$/;
+    return 0              if $rate eq '-';
+    return $1             if $rate =~ /^((\d+)(\.\d+)?)kbit$/i;
+    return $1 * 1000      if $rate =~ /^((\d+)(\.\d+)?)mbit$/i;
+    return $1 * 1000000   if $rate =~ /^((\d+)(\.\d+)?)gbit$/i;
+    return $1 * 8000000   if $rate =~ /^((\d+)(\.\d+)?)gbps$/i;
+    return $1 * 8000      if $rate =~ /^((\d+)(\.\d+)?)mbps$/i;
+    return $1 * 8         if $rate =~ /^((\d+)(\.\d+)?)kbps$/i;
+    return ($1/125)       if $rate =~ /^((\d+)(\.\d+)?)(bps)?$/;
     fatal_error "Invalid Rate ($rate)";
 }
 
@@ -202,7 +214,7 @@ sub process_in_bandwidth( $ ) {
     } else {
 	if ( $in_band =~ /:/ ) {
 	    ( $in_band, $burst ) = split /:/, $in_rate, 2;
-	    fatal_error "Invalid burst ($burst)" unless $burst  =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
+	    fatal_error "Invalid burst ($burst)" unless $burst  =~ /^\d+(k|kb|m|mb|g|gb|gbit|mbit|kbit|b)?$/;
 	    $in_burst = $burst;
 	}
 
@@ -314,7 +326,7 @@ sub process_simple_device() {
 	my $command = "run_tc qdisc add dev $physical root handle $number: tbf rate ${out_bandwidth}kbit";
 
 	if ( supplied $burst ) {
-	    fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
+	    fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|g|gb|gbit|mbit|kbit|b)?$/;
 	    $command .= " burst $burst";
 	} else {
 	    $command .= ' burst 10kb';
@@ -330,12 +342,12 @@ sub process_simple_device() {
 	$command .= ' mpu 64'; #Assume Ethernet
 
 	if ( supplied $peak ) {
-	    fatal_error "Invalid peak ($peak)" unless $peak =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
+	    fatal_error "Invalid peak ($peak)" unless $peak =~ /^\d+(?:\.\d+)?(k|kb|m|mb|g|gb|gbit|mbit|kbit|b)?$/;
 	    $command .= " peakrate $peak";
 	}
 
 	if ( supplied $minburst ) {
-	    fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|mbit|kbit|b)?$/;
+	    fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(?:\.\d+)?(k|kb|m|mb|g|gb|gbit|mbit|kbit|b)?$/;
 	    $command .= " minburst $minburst";
 	}
 
@@ -2392,7 +2404,6 @@ sub setup_tc( $ ) {
     }
 
     if ( $config{MANGLE_ENABLED} ) {
-
 	if ( $convert ) {
 	    my $have_tcrules;
 

Shorewall/Perl/Shorewall/Zones.pm

@@ -75,7 +75,6 @@ our @EXPORT = ( qw( NOTHING
 		    all_interfaces
 		    all_real_interfaces
 		    all_plain_interfaces
-		    interface_is_plain
 		    all_bridges
 		    managed_interfaces
 		    unmanaged_interfaces
@@ -178,7 +177,8 @@ our %reservedName = ( all => 1,
 #				      number	  => <ordinal position in the interfaces file>
 #				      physical	  => <physical interface name>
 #				      base	  => <shell variable base representing this interface>
-#				      wildcard	  => undef|1 # Wildcard Name
+#				      wildcard	  => undef|1 # Wildcard Logical Name
+#				      physwild	  => undef|1 # Wildcard Physical Name
 #				      zones	  => { zone1 => 1, ... }
 #				      origin	  => <where defined>
 #				    }
@@ -431,9 +431,9 @@ sub initialize( $$ ) {
 				    loopback    => BINARY_IF_OPTION,
 				    maclist     => SIMPLE_IF_OPTION + IF_OPTION_HOST,
 				    nets        => IPLIST_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_VSERVER,
-				    noanycast	=> SIMPLE_IF_OPTION + IF_OPTION_WILDOK,
 				    nodbl       => SIMPLE_IF_OPTION,
 				    nosmurfs    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
+				    omitanycast	=> SIMPLE_IF_OPTION + IF_OPTION_WILDOK,
 				    optional    => SIMPLE_IF_OPTION,
 				    proxyndp    => BINARY_IF_OPTION,
 				    required    => SIMPLE_IF_OPTION,
@@ -1374,7 +1374,7 @@ sub process_interface( $$ ) {
 		$hostoptions{$option} = $value if $hostopt;
 	    } elsif ( $type == ENUM_IF_OPTION ) {
 		if ( $option eq 'arp_ignore' ) {
-		    fatal_error q(The 'arp_ignore' option may not be used with a wild-card interface name) if $wildcard;
+		    fatal_error q(The 'arp_ignore' option may not be used with a wild-card interface name) if $physwild;
 		    if ( defined $value ) {
 			if ( $value =~ /^[1-3,8]$/ ) {
 			    $options{arp_ignore} = $value;
@@ -1491,7 +1491,7 @@ sub process_interface( $$ ) {
 
 	if ( $options{bridge} ) {
 	    require_capability( 'PHYSDEV_MATCH', 'The "bridge" option', 's');
-	    fatal_error "Bridges may not have wildcard names" if $wildcard;
+	    fatal_error "Bridges may not have wildcard names" if $physwild;
 	    $hostoptions{routeback} = $options{routeback} = 1 unless supplied $options{routeback};
 	}
 
@@ -1721,6 +1721,7 @@ sub known_interface($)
 					       physical => $physical ,
 					       base     => $interfaceref->{base} ,
 					       wildcard => $interfaceref->{wildcard} ,
+					       physwild => $interfaceref->{physwild} ,
 					       zones    => $interfaceref->{zones} ,
 		                              };
 		return $interfaceref;
@@ -2400,10 +2401,13 @@ sub generate_all_acasts() {
 	my $interfaceref = $interfaces{$interface};
 	my $physical     = $interfaceref->{physical};
 
+	next if ( $interfaceref->{options}{port} ||
+		  $interfaceref->{options}{unmanaged} );
+
 	if ( $interfaceref->{physwild} ) {
 	    $physical =~ s/\+/*/;
 
-	    if ( $interfaceref->{options}{noanycast} ) {
+	    if ( $interfaceref->{options}{omitanycast} ) {
 		if ( $physical eq '*' ) {
 		    @wildnoacasts = ( '*' );
 		} else {
@@ -2417,7 +2421,7 @@ sub generate_all_acasts() {
 		}
 	    }
 	} else {
-	    if ( $interfaceref->{options}{noanycast} ) {
+	    if ( $interfaceref->{options}{omitanycast} ) {
 		push @noacasts, $physical;
 	    } else {
 		push @acasts, $physical;
@@ -2425,16 +2429,16 @@ sub generate_all_acasts() {
 	}
     }
 
-    unless( @noacasts || @wildnoacasts ) {
-	emit( 'ALL_ACASTS="$(get_all_acasts)"' );
-	return;
-    }
+    return 'ALL_ACASTS="$(get_all_acasts)"' unless @noacasts || @wildnoacasts;
 
     @wildacasts = '*' unless @wildacasts;
 
-    emit( 'local iface',
-	  '',
-	  'ALL_ACASTS=',
+    emit( "#\n# Populate the ALL_ACASTS variable\n#",
+	  'generate_all_acasts()',
+	  '{' );
+    push_indent;
+
+    emit( 'ALL_ACASTS=',
 	  '',
 	  'for iface in $(find_all_interfaces1); do' );
 
@@ -2467,22 +2471,29 @@ sub generate_all_acasts() {
 
 	emit( join( '|', @wildnoacasts) . ')',
 	      '    ;;' );
+
     } else {
 	@wildacasts = ( '*' );
     }
 
-    emit( join( '|', @wildacasts ) . ')',
-	  '    if [ -n "$ALL_ACASTS" ]; then',
-	  '        ALL_ACASTS="$ALL_ACASTS $(get_interface_acasts $iface)"',
-	  '    else',
-	  '        ALL_ACASTS="$(get_interface_acasts $iface)"',
-	  '    fi',
-	  '    ;;' );
+    if ( @wildacasts ) {
+	emit( join( '|', @wildacasts ) . ')',
+	      '    if [ -n "$ALL_ACASTS" ]; then',
+	      '        ALL_ACASTS="$ALL_ACASTS $(get_interface_acasts $iface)"',
+	      '    else',
+	      '        ALL_ACASTS="$(get_interface_acasts $iface)"',
+	      '    fi',
+	      '    ;;' );
+    }
 
     pop_indent;
     emit( 'esac');
     pop_indent;
     emit( 'done');
+    pop_indent;
+    emit( "}\n" );
+
+    return 'generate_all_acasts';
 }
 
 1;

Shorewall/Perl/compiler.pl

@@ -47,7 +47,7 @@
 #
 use strict;
 use FindBin;
-use lib "$FindBin::Bin";
+use lib "$FindBin::Bin"; # Required to allow modules to reside in ${BASEDIR}/Shorewall/
 use Shorewall::Compiler;
 use Getopt::Long;
 

Shorewall/Shorewall-targetname

@@ -1 +1 @@
-5.2.8-Beta2
+5.2.8-base

Shorewall/lib.cli-std

@@ -29,7 +29,7 @@
 #     $2 = Yes: check for STARTUP_ENABLED
 #     $3 = Yes: Check for LOGFILE
 #
-get_config() {
+std_get_config() {
     local prog
     local lib
 
@@ -216,6 +216,8 @@ get_config() {
 		echo "   WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2
 		SHOREWALL_SHELL=/bin/sh
 	    fi
+	else
+	    SHOREWALL_SHELL=/bin/sh
 	fi
 
 	if [ -n "$IP" ]; then
@@ -332,7 +334,7 @@ get_config() {
 
 	    [ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
 
-	    g_pager="| $g_pager"
+	    g_pager="2>&1 | $g_pager"
 	fi
     fi
 
@@ -379,36 +381,33 @@ uptodate() {
     [ -x $1 ] || return 1
 
     local dir
-    local busybox
     local find
+    local quit
+    local maxdepth
 
     find=$(mywhich find)
 
     [ -n "${find}" ] || return 1
-    [ -h "${find}" ] && busybox=Yes
-    find="${find} -L"
+
+    if [ -h "${find}" ]; then
+	#
+	# 'Find' is provided by Busybox and doesn't support -quit.
+	#
+        quit=
+    else
+        quit=-quit
+    fi
+
+    if [ "$AUTOMAKE" = recursive ]; then
+	maxdepth=
+    elif [ -z "$AUTOMAKE" ]; then
+	maxdepth="-maxdepth 1"
+    else
+	maxdepth="-maxdepth $AUTOMAKE"
+    fi
 
     for dir in $g_shorewalldir $(split $CONFIG_PATH); do
-	if [ -n "${busybox}" ]; then
-	    #
-	    # Busybox 'find' doesn't support -quit.
-	    #
-	    if [ $AUTOMAKE = recursive ]; then
-		if [ -n "$(${find} ${dir} -newer $1 -print)" ]; then
-		    return 1;
-		fi
-	    elif  [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print)" ]; then
-		return 1;
-	    fi
-	elif [ "$AUTOMAKE" = recursive ]; then
-	    if [ -n "$(${find} ${dir} -newer $1 -print -quit)" ]; then
-		return 1;
-	    fi
-	elif [ -z "$AUTOMAKE" ]; then
-	    if [ -n "$(${find} ${dir} -maxdepth 1 -type f -newer $1 -print -quit)" ]; then
-		return 1;
-	    fi
-	elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print -quit)" ]; then
+	if [ -n "$(${find} -L ${dir} ${maxdepth} -newer $1 -print ${quit})" ]; then
 	    return 1;
 	fi
     done
@@ -566,7 +565,7 @@ compiler() {
 #
 # Start Command Executor
 #
-start_command() {
+std_start_command() {
     local finished
     finished=0
     local rc
@@ -965,7 +964,7 @@ update_command() {
 #
 # Reload/Restart Command Executor
 #
-restart_command() {
+std_restart_command() {
     local finished
     finished=0
     local rc

Shorewall/manpages/shorewall-interfaces.xml

@@ -628,7 +628,33 @@ loc     eth2            -</programlisting>
             </varlistentry>
 
             <varlistentry>
-              <term>noanycast</term>
+              <term><emphasis role="bold">nodbl</emphasis></term>
+
+              <listitem>
+                <para>Added in Shorewall 5.0.8. When specified, dynamic
+                blacklisting is disabled on the interface. Beginning with
+                Shorewall 5.0.10, <emphasis role="bold">nodbl</emphasis> is
+                equivalent to <emphasis
+                role="bold">dbl=none</emphasis>.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term><emphasis role="bold">nosmurfs</emphasis></term>
+
+              <listitem>
+                <para>IPv4 only. Filter packets for smurfs (packets with a
+                broadcast address as the source).</para>
+
+                <para>Smurfs will be optionally logged based on the setting of
+                SMURF_LOG_LEVEL in <ulink
+                url="shorewall.conf.html">shorewall.conf</ulink>(5). After
+                logging, the packets are dropped.</para>
+              </listitem>
+            </varlistentry>
+
+            <varlistentry>
+              <term>omitanycast</term>
 
               <listitem>
                 <para>IPv6 only. Added in Shorewall 5.2.8.</para>
@@ -639,12 +665,12 @@ loc     eth2            -</programlisting>
 
                 <orderedlist numeration="loweralpha">
                   <listitem>
-                    <para> Packets with these destination IP addresses are
+                    <para>Packets with these destination IP addresses are
                     dropped by REJECT rules.</para>
                   </listitem>
 
                   <listitem>
-                    <para> Packets with these source IP addresses are dropped
+                    <para>Packets with these source IP addresses are dropped
                     by the 'nosmurfs' interface option and by the 'dropSmurfs'
                     action.</para>
                   </listitem>
@@ -677,32 +703,6 @@ loc     eth2            -</programlisting>
               </listitem>
             </varlistentry>
 
-            <varlistentry>
-              <term><emphasis role="bold">nodbl</emphasis></term>
-
-              <listitem>
-                <para>Added in Shorewall 5.0.8. When specified, dynamic
-                blacklisting is disabled on the interface. Beginning with
-                Shorewall 5.0.10, <emphasis role="bold">nodbl</emphasis> is
-                equivalent to <emphasis
-                role="bold">dbl=none</emphasis>.</para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
-              <term><emphasis role="bold">nosmurfs</emphasis></term>
-
-              <listitem>
-                <para>IPv4 only. Filter packets for smurfs (packets with a
-                broadcast address as the source).</para>
-
-                <para>Smurfs will be optionally logged based on the setting of
-                SMURF_LOG_LEVEL in <ulink
-                url="shorewall.conf.html">shorewall.conf</ulink>(5). After
-                logging, the packets are dropped.</para>
-              </listitem>
-            </varlistentry>
-
             <varlistentry>
               <term><emphasis role="bold">optional</emphasis></term>
 

Shorewall/manpages/shorewall-snat.xml

@@ -207,9 +207,6 @@
                 the IP addresses configured on the interface named in the DEST
                 column and substitute them in this column.</para>
 
-                <para>Finally, you may also specify a comma-separated list of
-                ranges and/or addresses in this column.</para>
-
                 <para>DNS Names names are not allowed.</para>
 
                 <para>Normally, Netfilter will attempt to retain the source
@@ -805,21 +802,16 @@
         <term>IPv4 Example 6:</term>
 
         <listitem>
-          <para>SNAT outgoing connections on eth0 from 192.168.1.0/24 in
-          round-robin fashion between addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9
-          (Shorewall 4.5.9 and later).</para>
+          <para>SNAT outgoing connections on eth0 from 192.168.1.0/24 randomly
+          to addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 (Shorewall 5.0.0 and
+          later).</para>
 
-          <programlisting>/etc/shorewall/tcrules:
-
-       #ACTION   SOURCE         DEST         PROTO   DPORT         SPORT    USER    TEST
-       1-3:CF    192.168.1.0/24 eth0 ; state=NEW
-
-/etc/shorewall/snat:
+          <programlisting>/etc/shorewall/snat:
 
        #ACTION                 SOURCE          DEST
-       SNAT(1.1.1.1)           192.168.1.0/24  eth0  { mark=1:C }
-       SNAT(1.1.1.3)           192.168.1.0/24  eth0  { mark=2:C }
-       SNAT(1.1.1.9)           192.168.1.0/24  eth0  { mark=3:C }</programlisting>
+       SNAT(1.1.1.1)           192.168.1.0/24  eth0  { probability=0.33 }
+       SNAT(1.1.1.3)           192.168.1.0/24  eth0  { probability=0.50 }
+       SNAT(1.1.1.9)           192.168.1.0/24  eth0</programlisting>
         </listitem>
       </varlistentry>
 

Shorewall/manpages/shorewall-tcclasses.xml

@@ -54,6 +54,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbps</emphasis></term>
+
+            <listitem>
+              <para>Gigabytes per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">kbit</emphasis></term>
 
@@ -70,6 +78,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbit</emphasis></term>
+
+            <listitem>
+              <para>Gigabits per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">bps</emphasis> or <emphasis
             role="bold">number</emphasis></term>

Shorewall/manpages/shorewall-tcdevices.xml

@@ -61,6 +61,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbps</emphasis></term>
+
+            <listitem>
+              <para>Gigabytes per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">kbit</emphasis></term>
 
@@ -77,6 +85,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbit</emphasis></term>
+
+            <listitem>
+              <para>Gigabits per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">bps</emphasis> or <emphasis
             role="bold">number</emphasis></term>

Shorewall/manpages/shorewall-tcinterfaces.xml

@@ -59,6 +59,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbps</emphasis></term>
+
+            <listitem>
+              <para>Gigabytes per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">kbit</emphasis></term>
 
@@ -75,6 +83,14 @@
             </listitem>
           </varlistentry>
 
+          <varlistentry>
+            <term><emphasis role="bold">gbit</emphasis></term>
+
+            <listitem>
+              <para>Gigabits per second.</para>
+            </listitem>
+          </varlistentry>
+
           <varlistentry>
             <term><emphasis role="bold">bps</emphasis> or <emphasis
             role="bold">number</emphasis></term>
@@ -88,7 +104,7 @@
             <term>k or kb</term>
 
             <listitem>
-              <para>Kilo bytes.</para>
+              <para>Kilobytes.</para>
             </listitem>
           </varlistentry>
 
@@ -99,6 +115,14 @@
               <para>Megabytes.</para>
             </listitem>
           </varlistentry>
+
+          <varlistentry>
+            <term>g or gb</term>
+
+            <listitem>
+              <para>Gigabytes.</para>
+            </listitem>
+          </varlistentry>
         </variablelist>
       </listitem>
 

Shorewall/shorewall.service

@@ -13,7 +13,7 @@ Conflicts=iptables.service firewalld.service
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall
-StandardOutput=syslog
+StandardOutput=journal
 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall $OPTIONS stop
 ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS

Shorewall/shorewall.service.debian

@@ -6,6 +6,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall
+Documentation=man:shorewall(8)
 Wants=network-online.target
 After=network-online.target
 Conflicts=iptables.service firewalld.service
@@ -16,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall
 StandardOutput=syslog
 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall
 ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS
 
 [Install]

Shorewall/uninstall.sh

@@ -149,7 +149,9 @@ if [ $configure -eq 1 ]; then
     fi
 fi
 
-remove_file ${SBINDIR}/$PRODUCT
+if [ $PRODUCT = shorewall6 ]; then
+    remove_file ${SBINDIR}/shorewall6
+fi
 
 if [ -h ${SHAREDIR}/$PRODUCT/init ]; then
     FIREWALL=$(readlink -m -q ${SHAREDIR}/$PRODUCT/init)

Shorewall6-lite/init.debian.sh

@@ -13,8 +13,8 @@
 
 . /lib/lsb/init-functions
 
-SRWL='/sbin/shorewall6-lite -6'
-SRWL_OPTS="-tvv"
+SRWL=/sbin/shorewall
+SRWL_OPTS="-6ltvv"
 test -n ${INITLOG:=/var/log/shorewall6-lite-init.log}
 
 [ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0

Shorewall6-lite/shorewall6-lite.service

@@ -15,7 +15,7 @@ Conflicts=ip6tables.service firewalld.service
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall6-lite
-StandardOutput=syslog
+StandardOutput=journal
 ExecStart=/sbin/shorewall -6l $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall -6l $OPTIONS stop
 ExecReload=/sbin/shorewall -6l $OPTIONS reload $RELOADOPTIONS

Shorewall6-lite/shorewall6-lite.service.debian

@@ -5,6 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall (lite)
+Documentation=man:shorewall6-lite(8)
 Wants=network-online.target
 After=network-online.target
 After=shorewall-lite.service
@@ -16,7 +17,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall6-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall6-lite $OPTIONS start
-ExecStop=/sbin/shorewall6-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6-lite
 ExecReload=/sbin/shorewall6-lite $OPTIONS reload
 
 [Install]

Shorewall6/init.debian.sh

@@ -12,8 +12,8 @@
 
 . /lib/lsb/init-functions
 
-SRWL='/sbin/shorewall -6'
-SRWL_OPTS="-tvv"
+SRWL=/sbin/shorewall
+SRWL_OPTS="-6tvv"
 WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
 test -n ${INITLOG:=/var/log/shorewall6-init.log}
 

Shorewall6/shorewall6.service

@@ -14,7 +14,7 @@ Conflicts=ip6tables.service firewalld.service
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall6
-StandardOutput=syslog
+StandardOutput=journal
 ExecStart=/sbin/shorewall -6 $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall -6 $OPTIONS stop
 ExecReload=/sbin/shorewall -6 $OPTIONS reload $RELOADOPTIONS

Shorewall6/shorewall6.service.debian

@@ -6,6 +6,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall
+Documentation=man:shorewall6(8)
 Wants=network-online.target
 After=network-online.target
 After=shorewall.service
@@ -17,7 +18,7 @@ RemainAfterExit=yes
 EnvironmentFile=-/etc/default/shorewall6
 StandardOutput=syslog
 ExecStart=/sbin/shorewall -6 $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall -6 $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6
 ExecReload=/sbin/shorewall -6 $OPTIONS reload $RELOADOPTIONS
 
 [Install]

docs/6to4.xml

@@ -39,7 +39,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Accounting.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Actions.xml

@@ -41,7 +41,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Anatomy.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Anti-Spoofing.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Audit.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Build.xml

@@ -31,7 +31,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/CompiledPrograms.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ConnectionRate.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Docker.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Documentation_Index.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Dynamic.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ECN.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Events.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/FAQ.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled <quote>
       <ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink>
       </quote>.</para>

docs/FAQ_fr.xml

@@ -56,7 +56,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled <quote>
       <ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink>
       </quote>.</para>
@@ -2458,4 +2458,4 @@ loc                $FW                     ACCEPT           </programlisting>
       avec les deux politiques fix<69>es ci-dessus.</para>
     </section>
   </section>
-</article>
+</article>

docs/FTP.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/FoolsFirewall.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/GenericTunnels.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/GettingStarted.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Helpers.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/IPIP.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/IPP2P.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/IPSEC-2.6.xml

@@ -47,7 +47,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/IPSEC.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/IPv6Support.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ISO-3661.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Install.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Install_fr.xml

@@ -56,7 +56,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>
@@ -712,4 +712,4 @@ tar -xzvf /mnt/package2.lrp
     <para>Voir <quote><ulink url="fallback.htm">Fallback and
     Uninstall</ulink></quote>.</para>
   </section>
-</article>
+</article>

docs/Internals.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Introduction.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink type="" url="Copyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/KVM.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/LXC.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Laptop.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/LennyToSqueeze.xml

@@ -30,7 +30,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/MAC_Validation.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Macros.xml

@@ -35,7 +35,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Manpages.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ManualChains.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/MultiISP.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Multiple_Zones.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/MyNetwork.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/NAT.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/NetfilterOverview.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/NewRelease.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/OPENVPN.xml

@@ -41,7 +41,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/OpenVZ.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/PPTP.xml

@@ -39,7 +39,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/PacketHandling.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/PacketMarking.xml

@@ -30,7 +30,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/PortKnocking.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ProxyARP.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/QOSExample.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/ReleaseModel.xml

@@ -43,7 +43,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/SharedConfig.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall-4.xml

@@ -31,7 +31,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall-5.xml

@@ -33,7 +33,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall-Lite.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>
@@ -547,6 +547,18 @@
             <command>remote-reload</command> command (e.g., <command>shorewall
             remote-reload -c gateway</command>).</para>
           </listitem>
+
+          <listitem>
+            <para>Shorewall6-lite works with Shorewall6 in the same way that
+            Shorewall-lite works with Shorewall. Beginning with Shorewall
+            5.0.0, running 'shorewall &lt;cmd&gt;" is the same as running
+            "shorewall-lite &lt;cmd&gt;" when Shorewall is not installed.. To
+            continue to use the "shorewall6" command after switching to
+            Shoerwall6-lite, you need to add this to your .profile (or to
+            .bashrc if root's shell is bash):</para>
+
+            <programlisting>    alias shorewall6=shorewall6-lite</programlisting>
+          </listitem>
         </orderedlist>
       </section>
     </section>

docs/Shorewall-init.xml

@@ -27,7 +27,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall-perl.xml

@@ -31,7 +31,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall_Doesnt.xml

@@ -25,7 +25,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled
       <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
       License</ulink></quote>.</para>

docs/Shorewall_Squid_Usage.xml

@@ -29,7 +29,7 @@
       <para>Permission is granted to copy, distribute and/or modify this
       document under the terms of the GNU Free Documentation License, Version
       1.2 or any later version published by the Free Software Foundation; with
-      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts. A copy of the license is included in the section entitled <quote>
       <ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink>
       </quote>.</para>