Document correction to startup error logging

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {
@@ -131,6 +131,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 #
 DEBIAN=
 CYGWIN=
+INSTALLD='-D'
 
 case $(uname) in
     CYGWIN*)
@@ -142,6 +143,9 @@ case $(uname) in
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
+    Darwin)
+	INSTALLD=
+	;;	   
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -300,15 +304,17 @@ echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
 
 cd manpages
 
+[ -n "$INSTALLD" ] || mkdir -p ${PREFIX}/usr/share/man/man5/ ${PREFIX}/usr/share/man/man8/
+
 for f in *.5; do
     gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
+    run_install $INSTALLD -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man5/$f.gz"
 done
 
 for f in *.8; do
     gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
+    run_install $INSTALLD -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man8/$f.gz"
 done
 

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.9
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -101,6 +101,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun May 09 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.9-1
 * Mon May 03 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.9-0base
 * Sun May 02 2010 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Chains.pm

@@ -580,6 +580,8 @@ sub add_rule($$;$)
     } else {
 	push_rule( $chainref, $rule );
     }
+
+    1;
 }
 
 #

Shorewall/Perl/Shorewall/Config.pm

@@ -341,7 +341,7 @@ sub initialize( $ ) {
 		    EXPORT => 0,
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED => 0,
-		    VERSION => "4.4.9",
+		    VERSION => "4.4.9.1",
 		    CAPVERSION => 40408 ,
 		  );
 

Shorewall/Perl/prog.header

@@ -656,7 +656,7 @@ fatal_error()
 {
     echo "   ERROR: $@" >&2
 
-    if [ $LOG_VERBOSITY -gt 1 ]; then
+    if [ $LOG_VERBOSITY -ge 0 ]; then
         timestamp="$(date +'%_b %d %T') "
         echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
     fi
@@ -672,6 +672,12 @@ fatal_error()
 startup_error() # $* = Error Message
 {
     echo "   ERROR: $@: Firewall state not changed" >&2
+
+    if [ $LOG_VERBOSITY -ge 0 ]; then
+        timestamp="$(date +'%_b %d %T') "
+        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
+    fi
+
     case $COMMAND in
         start)
 	    logger -p kern.err "ERROR:$g_product start failed:Firewall state not changed"

Shorewall/Perl/prog.header6

@@ -178,7 +178,7 @@ find_default_interface() {
 # Determine if Interface is up
 #
 interface_is_up() {
-    [ -n "$($IP link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
+    [ -n "$($IP -6 link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
 }
 
 #
@@ -626,6 +626,12 @@ fatal_error()
 startup_error() # $* = Error Message
 {
     echo "   ERROR: $@: Firewall state not changed" >&2
+
+    if [ $LOG_VERBOSITY -ge 0 ]; then
+        timestamp="$(date +'%_b %d %T') "
+        echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
+    fi
+
     case $COMMAND in
         start)
 	    logger -p kern.err "ERROR:$g_product start failed:Firewall state not changed"

Shorewall/changelog.txt

@@ -1,3 +1,9 @@
+Changes in Shorewall 4.4.9.1
+
+1)  Avoid 'regression' in return value from add_rule()
+
+2)  Log startup errors
+
 Changes in Shorewall 4.4.9
 
 1)  Auto-detection of bridges.
@@ -43,6 +49,8 @@ Changes in Shorewall 4.4.9
 20) In the routestopped file, assume 'routeback' if the interface has
     'routeback'.
 
+21) Make Shorewall and Shorewall6 installable on OS X.
+
 Changes in Shorewall 4.4.8
 
 1)  Correct handling of RATE LIMIT on NAT rules.

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {
@@ -109,8 +109,10 @@ fi
 
 DEBIAN=
 CYGWIN=
+MAC=
 SPARSE=
 MANDIR=${MANDIR:-"/usr/share/man"}
+INSTALLD='-D'
 
 case $(uname) in
     CYGWIN*)
@@ -124,6 +126,18 @@ case $(uname) in
 	CYGWIN=Yes
 	SPARSE=Yes
 	;;
+    Darwin)
+	if [ -z "$PREFIX" ]; then
+	    DEST=
+	    INIT=
+	    SPARSE=Yes
+	fi
+
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	MAC=Yes
+	INSTALLD=
+	;;	
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -170,6 +184,7 @@ if [ -n "$PREFIX" ]; then
     install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
     
     CYGWIN=
+    MAC=
 else
     #
     # Verify that Perl is installed
@@ -182,6 +197,8 @@ else
 
     if [ -n "$CYGWIN" ]; then
 	echo "Installing Cygwin-specific configuration..."
+    elif [ -n "$MAC" ]; then
+	echo "Installing Mac-specific configuration..."	
     else
 	if [ -f /etc/debian_version ]; then
 	    echo "Installing Debian-specific configuration..."
@@ -239,7 +256,7 @@ elif [ -n "$INIT" ]; then
     install_file init.sh ${PREFIX}${DEST}/$INIT 0544
 fi
 
-[ -n "$CYGWIN" ] || echo  "Shorewall script installed in ${PREFIX}${DEST}/$INIT"
+[ -n "$INIT" ] && echo  "Shorewall script installed in ${PREFIX}${DEST}/$INIT"
 
 #
 # Create /etc/shorewall, /usr/share/shorewall and /var/shorewall if needed
@@ -819,15 +836,17 @@ fi
 
 cd manpages
 
+[ -n "$INSTALLD" ] || mkdir -p ${PREFIX}${MANDIR}/man5/ ${PREFIX}${MANDIR}/man8/
+
 for f in *.5; do
     gzip -c $f > $f.gz
-    run_install -D  -m 0644 $f.gz ${PREFIX}${MANDIR}/man5/$f.gz
+    run_install $INSTALLD  -m 0644 $f.gz ${PREFIX}${MANDIR}/man5/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}${MANDIR}/man5/$f.gz"
 done
 
 for f in *.8; do
     gzip -c $f > $f.gz
-    run_install -D  -m 0644 $f.gz ${PREFIX}${MANDIR}/man8/$f.gz
+    run_install $INSTALLD  -m 0644 $f.gz ${PREFIX}${MANDIR}/man8/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}${MANDIR}/man8/$f.gz"
 done
 
@@ -845,7 +864,7 @@ if [ -z "$PREFIX" ]; then
     rm -rf /usr/share/shorewall-shell
 fi
 
-if [ -z "$PREFIX" -a -n "$first_install" -a -z "$CYGWIN" ]; then
+if [ -z "$PREFIX" -a -n "$first_install" -a -z "${CYGWIN}${MAC}" ]; then
     if [ -n "$DEBIAN" ]; then
 	run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall
 	ln -s ../init.d/shorewall /etc/rcS.d/S40shorewall

Shorewall/known_problems.txt

@@ -1 +1,13 @@
-There are no known problems in Shorewall 4.4.9
+1)  Under Shorewall 4.4.9, if a Perl extension script ends with a call
+    to add_rule(), that script will fail unless 'trace' is specified
+    for the command.
+
+    Your Perl extension scripts should always end with a line that
+    consists of '1;' to ensure that your script doesn't inadvertently
+    return 'false'.
+
+2)  In all Shorewall 4.4 versions, startup errors (those occuring
+    before the state of the firewall is changed) are not logged to the
+    STARTUP_LOG.
+
+    Corrected in Shorewall 4.4.9.1

Shorewall/releasenotes.txt

@@ -1,5 +1,6 @@
 ----------------------------------------------------------------------------
                        S H O R E W A L L  4 . 4 . 9
+		        P A T C H  R E L E A S E  1
 ----------------------------------------------------------------------------
 
 I.    RELEASE 4.4 HIGHLIGHTS
@@ -217,6 +218,24 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 ----------------------------------------------------------------------------
 I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
+4.4.9.1
+
+1)  A regression of sorts occurred in 4.4.9; previously, if a Perl
+    extension script ended with an 'add_rule()' call, the script would
+    previous return true. In 4.4.9, such scripts would normally fail
+    since add_rule() was returning false. add_rule() now
+    unconditionally returns true.
+
+    NOTE: You should not depend on the return value from Shorewall Perl
+    functions unless the return value is explicitly documented. It is
+    always best practice to conclude your Perl extension scripts with a
+    line consisting of ';'.
+
+2)  In all Shorewall 4.4 versions, startup errors (those occuring
+    before the state of the firewall is changed) are were logged to the
+    STARTUP_LOG.
+
+4.4.9
 
 1)  Logical interface names in the EXTERNAL column of
     /etc/shorewall/proxyarp were previously not mapped to their
@@ -397,6 +416,9 @@ None.
     if the interface has 'routeback' specified (either explicitly or
     detected).
 
+9)  Apple Macs running OS X may now be used as a Shorewall
+    administrative system. Simply install using the tarball installer.
+
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
       I N   P R I O R  R E L E A S E S

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.9
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -108,6 +108,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 
 %changelog
+* Sun May 09 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.9-1
 * Mon May 03 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.9-0base
 * Sun May 02 2010 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {
@@ -130,6 +130,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 # Determine where to install the firewall script
 #
 DEBIAN=
+INSTALLD='-D'
 
 case $(uname) in
     CYGWIN*)
@@ -141,6 +142,9 @@ case $(uname) in
 	OWNER=$(id -un)
 	GROUP=$(id -gn)
 	;;
+     Darwin)
+	INSTALLD=
+	;;	   
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -299,15 +303,17 @@ echo "Modules file installed as ${PREFIX}/usr/share/shorewall6-lite/modules"
 
 cd manpages
 
+[ -n "$INSTALLD" ] || mkdir -p ${PREFIX}/usr/share/man/man5/ ${PREFIX}/usr/share/man/man8/
+
 for f in *.5; do
     gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
+    run_install $INSTALLD -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man5/$f.gz"
 done
 
 for f in *.8; do
     gzip -c $f > $f.gz
-    run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
+    run_install $INSTALLD -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}/usr/share/man/man8/$f.gz"
 done
 

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.9
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -92,6 +92,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun May 09 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.9-1
 * Mon May 03 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.9-0base
 * Sun May 02 2010 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {
@@ -109,8 +109,10 @@ fi
 
 DEBIAN=
 CYGWIN=
+MAC=
 MANDIR=${MANDIR:-"/usr/share/man"}
 SPARSE=
+INSTALLD='-D'
 
 case $(uname) in
     CYGWIN*)
@@ -124,6 +126,18 @@ case $(uname) in
 	CYGWIN=Yes
 	SPARSE=Yes
 	;;
+    Darwin)
+	if [ -z "$PREFIX" ]; then
+	    DEST=
+	    INIT=
+	    SPARSE=Yes
+	fi
+
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
+	MAC=Yes
+	INSTALLD=
+	;;	
     *)
 	[ -z "$OWNER" ] && OWNER=root
 	[ -z "$GROUP" ] && GROUP=root
@@ -170,11 +184,14 @@ if [ -n "$PREFIX" ]; then
     install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
    
     CYGWIN=
+    MAC=
 else
     [ -x /usr/share/shorewall/compiler.pl ] || \
 	{ echo "   ERROR: Shorewall >= 4.3.5 is not installed" >&2; exit 1; }
     if [ -n "$CYGWIN" ]; then
 	echo "Installing Cygwin-specific configuration..."
+    elif [ -n "$MAC" ]; then
+	echo "Installing Mac-specific configuration..."	
     else
 	if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
 	    echo "Installing Debian-specific configuration..."
@@ -232,7 +249,7 @@ elif [ -n "$INIT" ]; then
     install_file init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall6-${VERSION}.bkout
 fi
 
-[ -n "$CYGWIN" ] || echo  "Shorewall6 script installed in ${PREFIX}${DEST}/$INIT"
+[ -n "$INIT" ] && echo  "Shorewall6 script installed in ${PREFIX}${DEST}/$INIT"
 
 #
 # Create /etc/shorewall, /usr/share/shorewall and /var/shorewall if needed
@@ -678,15 +695,17 @@ fi
 
 cd manpages
 
+[ -n "$INSTALLD" ] || mkdir -p ${PREFIX}${MANDIR}/man5/ ${PREFIX}${MANDIR}/man8/
+
 for f in *.5; do
     gzip -c $f > $f.gz
-    run_install -D  -m 0644 $f.gz ${PREFIX}${MANDIR}/man5/$f.gz
+    run_install $INSTALLD  -m 0644 $f.gz ${PREFIX}${MANDIR}/man5/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}${MANDIR}/man5/$f.gz"
 done
 
 for f in *.8; do
     gzip -c $f > $f.gz
-    run_install -D  -m 0644 $f.gz ${PREFIX}${MANDIR}/man8/$f.gz
+    run_install $INSTALLD  -m 0644 $f.gz ${PREFIX}${MANDIR}/man8/$f.gz
     echo "Man page $f.gz installed to ${PREFIX}${MANDIR}/man8/$f.gz"
 done
 
@@ -699,7 +718,7 @@ if [ -d ${PREFIX}/etc/logrotate.d ]; then
     echo "Logrotate file installed as ${PREFIX}/etc/logrotate.d/shorewall6"
 fi
 
-if [ -z "$PREFIX" -a -n "$first_install" -a -z "$CYGWIN" ]; then
+if [ -z "$PREFIX" -a -n "$first_install" -a -z "${CYGWIN}${MAC}" ]; then
     if [ -n "$DEBIAN" ]; then
 	run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall6
 	ln -s ../init.d/shorewall6 /etc/rcS.d/S40shorewall6

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.9
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -97,6 +97,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Sun May 09 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.9-1
 * Mon May 03 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.9-0base
 * Sun May 02 2010 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.9
+VERSION=4.4.9.1
 
 usage() # $1 = exit status
 {

docs/CompiledPrograms.xml

@@ -179,6 +179,13 @@
         network. You need not configure Shorewall there and you may totally
         disable startup of Shorewall in your init scripts. For ease of
         reference, we call this system the 'administrative system'.</para>
+
+        <para>The administrative system may be a Windows system running <ulink
+        url="http://www.cygwin.com/">Cygwin</ulink> or an <ulink
+        url="http://www.apple.com/mac/">Apple MacIntosh</ulink> running OS X.
+        Install from a shell prompt <ulink url="Install.htm">using the
+        install.sh script</ulink> (Mac supported was added in Shorewall
+        4.4.9).</para>
       </listitem>
 
       <listitem>

docs/FAQ.xml

@@ -506,6 +506,11 @@ net        eth0          detect               <emphasis role="bold">routeback</e
         <para>And in <filename>/etc/shorewall/masq</filename>;<programlisting>#INTERFACE          SOURCE      ADDRESS          PROTO        PORT
 eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlisting></para>
 
+        <para>And finally, in
+        <filename>/etc/shorewall/shorewall.conf</filename> you need:</para>
+
+        <programlisting>IP_FORWARDING=On</programlisting>
+
         <para>Like the hack in FAQ 2, this one results in all forwarded
         connections looking to the server (66.249.93.11) as if they originated
         on your firewall (206.124.146.176).</para>

docs/LennyToSqueeze.xml

@@ -165,8 +165,9 @@
         not feasible to install Perl on your firewall, then you should
         consider installing Shorewall on another system in your network (may
         be a <trademark>Windows</trademark> system running
-        <trademark>Cygwin</trademark>) and installing Shorewall-lite on your
-        firewall.</para>
+        <trademark>Cygwin</trademark> or, beginnins with Shorewall 4.4.9, an
+        <trademark>Apple</trademark> <trademark>MacIntosh</trademark> running
+        OS X) and installing Shorewall-lite on your firewall.</para>
       </footnote>. While the two compilers are highly compatible, there are
     some differences. Those differences are detailed in the following
     sections.</para>

docs/Shorewall-perl.xml

@@ -583,8 +583,10 @@ DNAT-              net                192.168.1.3      tcp          21</programl
       environment. The best way to work around this limitation is to install
       Shorewall-perl on an administrative system and employ Shorewall-lite on
       your embedded systems. Shorewall-perl will run on Windows under <ulink
-      url="http://www.cygwin.com/">Cygwin</ulink>. Install using the
-      install.sh script.</para>
+      url="http://www.cygwin.com/">Cygwin</ulink> and on an <ulink
+      url="http://www.apple.com/mac/">Apple MacIntosh</ulink> running OS X
+      (Mac support was added in Shorewall 4.4.9). Install from a shell prompt
+      <ulink url="Install.htm">using the install.sh script</ulink>.</para>
     </section>
   </section>
 

docs/shorewall_features.xml

@@ -87,7 +87,9 @@
           <listitem>
             <para>Shorewall installed on a single administrative system. May
             be a <trademark>Windows</trademark> PC running
-            <trademark>Cygwin</trademark>.</para>
+            <trademark>Cygwin</trademark> or an <trademark>Apple
+            MacIntosh</trademark> running OS X (Mac support was added in
+            Shorewall 4.4.9).</para>
           </listitem>
 
           <listitem>